summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.depend316
-rw-r--r--.gitignore4
-rw-r--r--.skipped-commit-ids5
-rw-r--r--ChangeLog5571
-rw-r--r--INSTALL44
-rw-r--r--Makefile.in137
-rw-r--r--PROTOCOL.certkeys9
-rw-r--r--PROTOCOL.u2f337
-rw-r--r--README30
-rw-r--r--README.dns8
-rw-r--r--README.md42
-rw-r--r--auth-krb5.c17
-rw-r--r--auth-options.c38
-rw-r--r--auth-options.h5
-rw-r--r--auth-pam.c14
-rw-r--r--auth-skey.c107
-rw-r--r--auth.c14
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-hostbased.c4
-rw-r--r--auth2-kbdint.c5
-rw-r--r--auth2-pubkey.c39
-rw-r--r--authfd.c63
-rw-r--r--authfd.h7
-rw-r--r--authfile.c108
-rw-r--r--authfile.h5
-rw-r--r--canohost.c12
-rw-r--r--channels.c9
-rw-r--r--channels.h10
-rw-r--r--cipher.c13
-rw-r--r--cipher.h3
-rw-r--r--clientloop.c137
-rw-r--r--config.h.in47
-rwxr-xr-xconfigure598
-rw-r--r--configure.ac255
-rw-r--r--contrib/gnome-ssh-askpass2.c115
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/ssh-copy-id.12
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--debian/.git-dpm16
-rw-r--r--debian/NEWS47
-rw-r--r--debian/changelog103
-rw-r--r--debian/control14
-rw-r--r--debian/openssh-sk-helper.install2
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch6
-rw-r--r--debian/patches/conch-old-privkey-format.patch12
-rw-r--r--debian/patches/debian-banner.patch48
-rw-r--r--debian/patches/debian-config.patch18
-rw-r--r--debian/patches/dnssec-sshfp.patch2
-rw-r--r--debian/patches/doc-hash-tab-completion.patch6
-rw-r--r--debian/patches/gnome-ssh-askpass2-icon.patch6
-rw-r--r--debian/patches/gssapi.patch447
-rw-r--r--debian/patches/keepalive-extensions.patch37
-rw-r--r--debian/patches/mention-ssh-keygen-on-keychange.patch8
-rw-r--r--debian/patches/no-openssl-version-status.patch2
-rw-r--r--debian/patches/openbsd-docs.patch30
-rw-r--r--debian/patches/package-versioning.patch10
-rw-r--r--debian/patches/regress-2020.patch44
-rw-r--r--debian/patches/restore-authorized_keys2.patch2
-rw-r--r--debian/patches/restore-tcp-wrappers.patch24
-rw-r--r--debian/patches/revert-ipqos-defaults.patch18
-rw-r--r--debian/patches/sandbox-seccomp-clock_gettime64.patch30
-rw-r--r--debian/patches/sandbox-seccomp-clock_nanosleep.patch31
-rw-r--r--debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch29
-rw-r--r--debian/patches/sandbox-seccomp-ipc.patch33
-rw-r--r--debian/patches/scp-quoting.patch6
-rw-r--r--debian/patches/selinux-role.patch40
-rw-r--r--debian/patches/series5
-rw-r--r--debian/patches/shell-path.patch12
-rw-r--r--debian/patches/ssh-agent-setgid.patch14
-rw-r--r--debian/patches/ssh-argv0.patch6
-rw-r--r--debian/patches/ssh-vulnkey-compat.patch10
-rw-r--r--debian/patches/syslog-level-silent.patch6
-rw-r--r--debian/patches/systemd-readiness.patch12
-rw-r--r--debian/patches/user-group-modes.patch36
-rwxr-xr-xdebian/rules7
-rw-r--r--defines.h12
-rw-r--r--digest-openssl.c3
-rw-r--r--entropy.c6
-rw-r--r--hash.c34
-rw-r--r--hmac.c1
-rw-r--r--hostfile.c3
-rw-r--r--kex.c11
-rw-r--r--kexgen.c4
-rw-r--r--kexgexc.c4
-rw-r--r--krl.c20
-rw-r--r--mac.c1
-rw-r--r--match.c5
-rw-r--r--misc.c69
-rw-r--r--misc.h11
-rw-r--r--moduli856
-rw-r--r--moduli.c12
-rw-r--r--monitor.c92
-rw-r--r--monitor_wrap.c27
-rw-r--r--monitor_wrap.h7
-rw-r--r--msg.c14
-rw-r--r--mux.c22
-rw-r--r--myproposal.h139
-rw-r--r--openbsd-compat/Makefile.in7
-rw-r--r--openbsd-compat/bsd-misc.c10
-rw-r--r--openbsd-compat/bsd-misc.h31
-rw-r--r--openbsd-compat/bsd-openpty.c8
-rw-r--r--openbsd-compat/bsd-signal.c28
-rw-r--r--openbsd-compat/bsd-signal.h7
-rw-r--r--openbsd-compat/bsd-statvfs.c10
-rw-r--r--openbsd-compat/fnmatch.c495
-rw-r--r--openbsd-compat/fnmatch.h66
-rw-r--r--openbsd-compat/glob.c149
-rw-r--r--openbsd-compat/glob.h9
-rw-r--r--openbsd-compat/openbsd-compat.h8
-rw-r--r--openbsd-compat/openssl-compat.h6
-rw-r--r--openbsd-compat/port-aix.c4
-rw-r--r--openbsd-compat/port-net.c8
-rw-r--r--openbsd-compat/rmd160.c378
-rw-r--r--openbsd-compat/rmd160.h61
-rw-r--r--openbsd-compat/sha2.c2
-rw-r--r--packet.c45
-rw-r--r--pathnames.h9
-rw-r--r--progressmeter.c8
-rw-r--r--readconf.c160
-rw-r--r--readconf.h5
-rw-r--r--readpass.c119
-rw-r--r--regress/Makefile5
-rw-r--r--regress/agent-getpeereid.sh4
-rw-r--r--regress/agent-pkcs11.sh4
-rw-r--r--regress/agent-ptrace.sh2
-rw-r--r--regress/agent-timeout.sh4
-rw-r--r--regress/agent.sh53
-rw-r--r--regress/cert-file.sh4
-rw-r--r--regress/cert-hostkey.sh10
-rw-r--r--regress/cert-userkey.sh14
-rw-r--r--regress/connect.sh11
-rw-r--r--regress/hostkey-agent.sh10
-rw-r--r--regress/hostkey-rotate.sh11
-rw-r--r--regress/integrity.sh4
-rw-r--r--regress/keygen-change.sh7
-rw-r--r--regress/keygen-moduli.sh6
-rw-r--r--regress/keyscan.sh9
-rw-r--r--regress/keytype.sh47
-rw-r--r--regress/krl.sh22
-rw-r--r--regress/limit-keytype.sh17
-rw-r--r--regress/misc/Makefile2
-rw-r--r--regress/misc/fuzz-harness/Makefile31
-rw-r--r--regress/misc/fuzz-harness/privkey_fuzz.cc21
-rw-r--r--regress/misc/fuzz-harness/sig_fuzz.cc24
-rw-r--r--regress/misc/fuzz-harness/ssh-sk-null.cc51
-rw-r--r--regress/misc/fuzz-harness/sshsig_fuzz.cc4
-rw-r--r--regress/misc/kexfuzz/Makefile6
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c8
-rw-r--r--regress/misc/sk-dummy/Makefile66
-rw-r--r--regress/misc/sk-dummy/fatal.c20
-rw-r--r--regress/misc/sk-dummy/sk-dummy.c526
-rw-r--r--regress/multiplex.sh6
-rw-r--r--regress/multipubkey.sh4
-rw-r--r--regress/netcat.c4
-rw-r--r--regress/principals-command.sh6
-rw-r--r--regress/proxy-connect.sh10
-rw-r--r--regress/putty-ciphers.sh4
-rw-r--r--regress/putty-kex.sh4
-rw-r--r--regress/putty-transfer.sh10
-rw-r--r--regress/servcfginclude.sh154
-rwxr-xr-xregress/ssh2putty.sh2
-rw-r--r--regress/sshcfgparse.sh12
-rw-r--r--regress/sshsig.sh4
-rw-r--r--regress/test-exec.sh80
-rw-r--r--regress/unittests/Makefile.inc5
-rw-r--r--regress/unittests/authopt/Makefile26
-rw-r--r--regress/unittests/hostkeys/Makefile9
-rw-r--r--regress/unittests/kex/Makefile9
-rw-r--r--regress/unittests/misc/Makefile16
-rw-r--r--regress/unittests/misc/tests.c79
-rw-r--r--regress/unittests/sshbuf/Makefile6
-rw-r--r--regress/unittests/sshkey/Makefile9
-rw-r--r--regress/unittests/sshkey/common.c11
-rw-r--r--regress/unittests/sshkey/test_fuzz.c9
-rw-r--r--regress/unittests/sshkey/test_sshkey.c14
-rw-r--r--sandbox-darwin.c2
-rw-r--r--sandbox-seccomp-filter.c3
-rw-r--r--sandbox-systrace.c6
-rw-r--r--scp.04
-rw-r--r--scp.16
-rw-r--r--scp.c24
-rw-r--r--servconf.c272
-rw-r--r--servconf.h25
-rw-r--r--serverloop.c26
-rw-r--r--session.c12
-rw-r--r--sftp-glob.c3
-rw-r--r--sftp-server.04
-rw-r--r--sftp-server.86
-rw-r--r--sftp.04
-rw-r--r--sftp.16
-rw-r--r--sftp.c35
-rw-r--r--sk-api.h95
-rw-r--r--sk-usbhid.c1024
-rw-r--r--ssh-add.041
-rw-r--r--ssh-add.133
-rw-r--r--ssh-add.c142
-rw-r--r--ssh-agent.099
-rw-r--r--ssh-agent.1170
-rw-r--r--ssh-agent.c152
-rw-r--r--ssh-ecdsa-sk.c209
-rw-r--r--ssh-ed25519-sk.c166
-rw-r--r--ssh-keygen.0375
-rw-r--r--ssh-keygen.1451
-rw-r--r--ssh-keygen.c828
-rw-r--r--ssh-keyscan.04
-rw-r--r--ssh-keyscan.16
-rw-r--r--ssh-keyscan.c24
-rw-r--r--ssh-keysign.04
-rw-r--r--ssh-keysign.86
-rw-r--r--ssh-keysign.c6
-rw-r--r--ssh-pkcs11-client.c14
-rw-r--r--ssh-pkcs11-helper.04
-rw-r--r--ssh-pkcs11-helper.86
-rw-r--r--ssh-pkcs11-helper.c23
-rw-r--r--ssh-pkcs11.c142
-rw-r--r--ssh-pkcs11.h4
-rw-r--r--ssh-sk-client.c449
-rw-r--r--ssh-sk-helper.034
-rw-r--r--ssh-sk-helper.866
-rw-r--r--ssh-sk-helper.c360
-rw-r--r--ssh-sk.c813
-rw-r--r--ssh-sk.h69
-rw-r--r--ssh.047
-rw-r--r--ssh.136
-rw-r--r--ssh.c121
-rw-r--r--ssh_api.c9
-rw-r--r--ssh_config.0149
-rw-r--r--ssh_config.5101
-rw-r--r--sshbuf-getput-basic.c5
-rw-r--r--sshbuf-getput-crypto.c15
-rw-r--r--sshbuf-io.c117
-rw-r--r--sshbuf-misc.c2
-rw-r--r--sshbuf.c4
-rw-r--r--sshbuf.h18
-rw-r--r--sshconnect.c38
-rw-r--r--sshconnect.h5
-rw-r--r--sshconnect2.c174
-rw-r--r--sshd.052
-rw-r--r--sshd.864
-rw-r--r--sshd.c228
-rw-r--r--sshd_config.0115
-rw-r--r--sshd_config.5121
-rw-r--r--ssherr.c6
-rw-r--r--ssherr.h4
-rw-r--r--sshkey-xmss.c80
-rw-r--r--sshkey.c509
-rw-r--r--sshkey.h53
-rw-r--r--sshsig.c326
-rw-r--r--sshsig.h26
-rw-r--r--umac.c3
-rw-r--r--version.h4
-rw-r--r--xmalloc.c21
-rw-r--r--xmalloc.h4
253 files changed, 16445 insertions, 6068 deletions
diff --git a/.depend b/.depend
index 0ec0736d8..707890f63 100644
--- a/.depend
+++ b/.depend
@@ -1,171 +1,177 @@
1# DO NOT DELETE 1# DO NOT DELETE
2 2
3addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h 3addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
4atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h 4atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
5audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 5audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
6audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 6audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
7audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 7audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
8auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 8auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
9auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h 9auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
10auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h 10auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
11auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 11auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
12auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h 12auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
13auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h 13auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
14auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 14auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
15auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 15auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
16auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 16auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h authfile.h
17auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h authfile.h
18auth.o: monitor_wrap.h ssherr.h compat.h channels.h 17auth.o: monitor_wrap.h ssherr.h compat.h channels.h
19auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h 18auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
20auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 19auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
21auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h 20auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h
22auth2-hostbased.o: ssherr.h match.h 21auth2-hostbased.o: ssherr.h match.h
23auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h 22auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
24auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h 23auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
25auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h 24auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
26auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h 25auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h sk-api.h
27auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h 26auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h
28auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
29auth2.o: digest.h 27auth2.o: digest.h
30authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h 28auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
31authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h 29authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
32bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h 30authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
33canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h 31bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
34chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h 32canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h
35channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h 33chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
36cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h 34channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
37cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h 35cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
38cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h 36cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
39cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 37cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
40cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h 38cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
41cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h 39cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
42clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h 40cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
41clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
43clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h 42clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
44compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h 43compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h
45dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 44dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
46digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h 45digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
47digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 46digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
48dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h 47dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h
49dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h 48dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
50ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h 49ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
51entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 50entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
52fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h 51fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
53fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h 52fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
54ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data 53ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
55groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h 54groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
56gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 55gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
57gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 56gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
58gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 57gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
59hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h 58hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
60hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h 59hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
61hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h 60hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
62kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h 61kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h
63kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h 62kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h
64kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h 63kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
65kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 64kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
66kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h 65kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
67kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h 66kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h
68kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 67kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
69kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 68kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
70kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 69kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
71kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h 70kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h
72krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h 71krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h
73log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h 72log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
74loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h 73loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
75logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h 74logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
76mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h 75mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
77match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h 76match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
78md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 77md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
79misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h 78misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
80moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 79moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
81monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h 80monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h sk-api.h
82monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h 81monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
83monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h 82monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
84monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h 83monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
85monitor_wrap.o: auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h 84monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
86msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h 85msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
87mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h 86mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
88nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h 87nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
89packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h 88packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h
90packet.o: packet.h dispatch.h ssherr.h sshbuf.h 89packet.o: packet.h dispatch.h ssherr.h sshbuf.h
91platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 90platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
92platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 91platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
93platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h 92platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
94platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h 93platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
95poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h 94poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
96progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h 95progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
97readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h 96readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
98readconf.o: uidswap.h myproposal.h digest.h 97readconf.o: uidswap.h myproposal.h digest.h
99readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h 98readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
100rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h 99rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
101sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 100sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
102sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 101sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
103sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 102sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
104sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 103sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
105sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 104sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
106sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 105sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
107sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 106sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
108sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 107sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
109sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h 108sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
110scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h 109scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
111servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h 110servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h
112servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h 111servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
113serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h 112serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
114serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h 113serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
115session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h 114session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
116session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h 115session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
117sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h 116sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
118sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h 117sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
119sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h 118sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
120sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 119sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
121sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h 120sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
122sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h 121sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
123sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h 122sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
124sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h 123sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
125ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h 124sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
126ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h 125ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h ssh-sk.h
127ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 126ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
128ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 127ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
129ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h 128ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
130ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h 129ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
131ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h 130ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h digest.h
131ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
132ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h
132ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h 133ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
133ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h 134ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
134ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 135ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
135ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h 136ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
136ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h 137ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
137ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 138ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h
138ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 139ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
139ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h 140ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
141ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssherr.h ssh-sk.h
142ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
143ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
140ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h 144ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
141ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h 145ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h
146ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h
142ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h 147ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
143sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h 148sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
144sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h 149sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
145sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h 150sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
146sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h 151sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
147sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h 152sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
148sshconnect.o: authfd.h kex.h mac.h crypto_api.h 153sshconnect.o: authfd.h kex.h mac.h crypto_api.h
149sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h myproposal.h 154sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h
150sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h 155sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
151sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h 156sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h ssh-sk.h sk-api.h
152sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h 157sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h sk-api.h
158sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
153ssherr.o: ssherr.h 159ssherr.o: ssherr.h
154sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 160sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
155sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h openbsd-compat/openssl-compat.h 161sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
156sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h 162sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
157sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h 163sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
158sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h 164sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h
159sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h 165sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
160ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h 166ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
161uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h 167uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
162umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h 168umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
163umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h 169umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
164utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h 170utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
165verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h 171verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
166xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h 172xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
167xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 173xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
168xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 174xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
169xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 175xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
170xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 176xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
171xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 177xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
diff --git a/.gitignore b/.gitignore
index e7e02ea72..34a95721d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ Makefile
2buildpkg.sh 2buildpkg.sh
3config.h 3config.h
4config.h.in 4config.h.in
5config.log
5config.status 6config.status
6configure 7configure
7openbsd-compat/Makefile 8openbsd-compat/Makefile
@@ -11,6 +12,8 @@ opensshd.init
11survey.sh 12survey.sh
12**/*.0 13**/*.0
13**/*.o 14**/*.o
15**/*.lo
16**/*.so
14**/*.out 17**/*.out
15**/*.a 18**/*.a
16autom4te.cache/ 19autom4te.cache/
@@ -24,6 +27,7 @@ ssh-keygen
24ssh-keyscan 27ssh-keyscan
25ssh-keysign 28ssh-keysign
26ssh-pkcs11-helper 29ssh-pkcs11-helper
30ssh-sk-helper
27sshd 31sshd
28!regress/misc/fuzz-harness/Makefile 32!regress/misc/fuzz-harness/Makefile
29tags 33tags
diff --git a/.skipped-commit-ids b/.skipped-commit-ids
index dd573532f..ac469cfe3 100644
--- a/.skipped-commit-ids
+++ b/.skipped-commit-ids
@@ -11,6 +11,11 @@ db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
1199dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c 1199dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
129e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress 129e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
13569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl 13569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
1458ec755be4e51978ecfee73539090eb68652a987 moduli update
154bd5551b306df55379afe17d841207990eb773bf Makefile.inc
1614806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc
178ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc
18d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc
14 19
15Old upstream tree: 20Old upstream tree:
16 21
diff --git a/ChangeLog b/ChangeLog
index baa9a3fb1..fbbbca0ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,3885 @@
1commit 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8
2Author: djm@openbsd.org <djm@openbsd.org>
3Date: Fri Feb 14 00:39:20 2020 +0000
4
5 upstream: openssh-8.2
6
7 OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b
8
9commit 72f0ce33f0d5a37f31bad5800d1eb2fbdb732de6
10Author: Damien Miller <djm@mindrot.org>
11Date: Wed Feb 12 09:28:35 2020 +1100
12
13 crank version numbers
14
15commit b763ed05bd1f1f15ae1727c86a4498546bc36ca8
16Author: Darren Tucker <dtucker@dtucker.net>
17Date: Tue Feb 11 12:51:24 2020 +1100
18
19 Minor documentation update:
20
21 - remove duplication of dependency information (it's all in INSTALL).
22 - SSHFP is now an RFC.
23
24commit 14ccfdb7248e33b1dc8bbac1425ace4598e094cb
25Author: Darren Tucker <dtucker@dtucker.net>
26Date: Sun Feb 9 11:23:35 2020 +1100
27
28 Check if UINT32_MAX is defined before redefining.
29
30commit be075110c735a451fd9d79a864e01e2e0d9f19d2
31Author: Damien Miller <djm@mindrot.org>
32Date: Fri Feb 7 15:07:27 2020 +1100
33
34 typo; reported by Phil Pennock
35
36commit 963d71851e727ffdd2a97fe0898fad61d4a70ba1
37Author: djm@openbsd.org <djm@openbsd.org>
38Date: Fri Feb 7 03:57:31 2020 +0000
39
40 upstream: sync the description of the $SSH_SK_PROVIDER environment
41
42 variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive,
43 as the latter was more descriptive.
44
45 OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
46
47commit d4d9e1d40514e2746f9e05335d646512ea1020c6
48Author: dtucker@openbsd.org <dtucker@openbsd.org>
49Date: Fri Feb 7 03:54:44 2020 +0000
50
51 upstream: Add ssh -Q key-sig for all key and signature types.
52
53 Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as
54 an alias for the corresponding query. Man page help jmc@, ok djm@.
55
56 OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
57
58commit fd68dc27864b099b552a6d9d507ca4b83afd6a76
59Author: djm@openbsd.org <djm@openbsd.org>
60Date: Fri Feb 7 03:27:54 2020 +0000
61
62 upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
63
64 than the intended number of prompts (3) and 2) it would SEGV too many
65 incorrect PINs were entered; based on patch by Gabriel Kihlman
66
67 OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
68
69commit 96bd895a0a0b3a36f81c14db8c91513578fc5563
70Author: djm@openbsd.org <djm@openbsd.org>
71Date: Thu Feb 6 22:48:23 2020 +0000
72
73 upstream: When using HostkeyAlgorithms to merely append or remove
74
75 algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
76 default behaviour of preferring those algorithms that have existing keys in
77 known_hosts; ok markus
78
79 OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
80
81commit c7288486731734a864b58d024b1395029b55bbc5
82Author: djm@openbsd.org <djm@openbsd.org>
83Date: Thu Feb 6 22:46:31 2020 +0000
84
85 upstream: expand HostkeyAlgorithms prior to config dump, matching
86
87 other algorithm lists; ok markus@
88
89 OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0
90
91commit a6ac5d36efc072b15690c65039754f8e44247bdf
92Author: naddy@openbsd.org <naddy@openbsd.org>
93Date: Thu Feb 6 22:34:58 2020 +0000
94
95 upstream: Add Include to the list of permitted keywords after a
96
97 Match keyword. ok markus@
98
99 OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
100
101commit a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba
102Author: naddy@openbsd.org <naddy@openbsd.org>
103Date: Thu Feb 6 22:30:54 2020 +0000
104
105 upstream: Replace "security key" with "authenticator" in program
106
107 messages.
108
109 This replaces "security key" in error/usage/verbose messages and
110 distinguishes between "authenticator" and "authenticator-hosted key".
111
112 ok djm@
113
114 OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
115
116commit 849a9b87144f8a5b1771de6c85e44bfeb86be9a9
117Author: Darren Tucker <dtucker@dtucker.net>
118Date: Thu Feb 6 11:28:14 2020 +1100
119
120 Don't look for UINT32_MAX in inttypes.h
121
122 ... unless we are actually going to use it. Fixes build on HP-UX
123 without the potential impact to other platforms of a header change
124 shortly before release.
125
126commit a2437f8ed0c3be54ddd21630a93c68ebd168286f
127Author: Damien Miller <djm@mindrot.org>
128Date: Thu Feb 6 12:02:22 2020 +1100
129
130 depend
131
132commit 9716e8c4956acdd7b223d1642bfa376e07e7503d
133Author: Michael Forney <mforney@mforney.org>
134Date: Wed Nov 27 19:17:26 2019 -0800
135
136 Fix sha2 MAKE_CLONE no-op definition
137
138 The point of the dummy declaration is so that MAKE_CLONE(...) can have
139 a trailing semicolon without introducing an empty declaration. So,
140 the macro replacement text should *not* have a trailing semicolon,
141 just like DEF_WEAK.
142
143commit d596b1d30dc158915a3979fa409d21ff2465b6ee
144Author: djm@openbsd.org <djm@openbsd.org>
145Date: Tue Feb 4 09:58:04 2020 +0000
146
147 upstream: require FIDO application strings to start with "ssh:"; ok
148
149 markus@
150
151 OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
152
153commit 501f3582438cb2cb1cb92be0f17be490ae96fb23
154Author: djm@openbsd.org <djm@openbsd.org>
155Date: Mon Feb 3 23:47:57 2020 +0000
156
157 upstream: revert enabling UpdateHostKeys by default - there are still
158
159 corner cases we need to address; ok markus
160
161 OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
162
163commit 072f3b832d2a4db8d9880effcb6c4d0dad676504
164Author: jmc@openbsd.org <jmc@openbsd.org>
165Date: Mon Feb 3 08:15:37 2020 +0000
166
167 upstream: use better markup for challenge and write-attestation, and
168
169 rejig the challenge text a little;
170
171 ok djm
172
173 OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
174
175commit 262eb05a22cb1fabc3bc1746c220566490b80229
176Author: Damien Miller <djm@mindrot.org>
177Date: Mon Feb 3 21:22:15 2020 +1100
178
179 mention libfido2 in dependencies section
180
181commit ccd3b247d59d3bde16c3bef0ea888213fbd6da86
182Author: Damien Miller <djm@mindrot.org>
183Date: Mon Feb 3 19:40:12 2020 +1100
184
185 add clock_gettime64(2) to sandbox allowed syscalls
186
187 bz3093
188
189commit adffbe1c645ad2887ba0b6d24c194aa7a40c5735
190Author: dtucker@openbsd.org <dtucker@openbsd.org>
191Date: Sun Feb 2 09:45:34 2020 +0000
192
193 upstream: Output (none) in debug in the case in the CheckHostIP=no case
194
195 as suggested by markus@
196
197 OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
198
199commit 58c819096a2167983e55ae686486ce317b69b2d1
200Author: dtucker@openbsd.org <dtucker@openbsd.org>
201Date: Sun Feb 2 09:22:22 2020 +0000
202
203 upstream: Prevent possible null pointer deref of ip_str in debug.
204
205 OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
206
207commit 0facae7bc8d3f8f9d02d0f6bed3d163ff7f39806
208Author: jmc@openbsd.org <jmc@openbsd.org>
209Date: Sun Feb 2 07:36:50 2020 +0000
210
211 upstream: shuffle the challenge keyword to keep the -O list sorted;
212
213 OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
214
215commit 6fb3dd0ccda1c26b06223b87bcd1cab9ec8ec3cc
216Author: jmc@openbsd.org <jmc@openbsd.org>
217Date: Sat Feb 1 06:53:12 2020 +0000
218
219 upstream: tweak previous;
220
221 OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
222
223commit 92725d4d3fde675acc0ca040b48f3d0c7be73b7f
224Author: Darren Tucker <dtucker@dtucker.net>
225Date: Sat Feb 1 17:25:09 2020 +1100
226
227 Use sys-queue.h from compat library.
228
229 Fixes build on platforms that don't have sys/queue.h (eg MUSL).
230
231commit 677d0ece67634262b3b96c3cd6410b19f3a603b7
232Author: djm@openbsd.org <djm@openbsd.org>
233Date: Fri Jan 31 23:25:08 2020 +0000
234
235 upstream: regress test for sshd_config Include directive; from Jakub
236
237 Jelen
238
239 OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
240
241commit d4f4cdd681ab6408a98419f398b75a55497ed324
242Author: djm@openbsd.org <djm@openbsd.org>
243Date: Fri Jan 31 23:13:04 2020 +0000
244
245 upstream: whitespace
246
247 OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
248
249commit 245399dfb3ecebc6abfc2ef4ee2e650fa9f6942b
250Author: djm@openbsd.org <djm@openbsd.org>
251Date: Fri Jan 31 23:11:25 2020 +0000
252
253 upstream: force early logging to stderr if debug_flag (-d) is set;
254
255 avoids missing messages from re-exec config passing
256
257 OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
258
259commit 7365f28a66d1c443723fbe6f4a2612ea6002901e
260Author: djm@openbsd.org <djm@openbsd.org>
261Date: Fri Jan 31 23:08:08 2020 +0000
262
263 upstream: mistake in previous: filling the incorrect buffer
264
265 OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
266
267commit c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf
268Author: djm@openbsd.org <djm@openbsd.org>
269Date: Fri Jan 31 22:42:45 2020 +0000
270
271 upstream: Add a sshd_config "Include" directive to allow inclusion
272
273 of files. This has sensible semantics wrt Match blocks and accepts glob(3)
274 patterns to specify the included files. Based on patch by Jakub Jelen in
275 bz2468; feedback and ok markus@
276
277 OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
278
279commit ba261a1dd33266168ead4f8f40446dcece4d1600
280Author: jmc@openbsd.org <jmc@openbsd.org>
281Date: Fri Jan 31 22:25:59 2020 +0000
282
283 upstream: spelling fix;
284
285 OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
286
287commit 771891a044f763be0711493eca14b6b0082e030f
288Author: djm@openbsd.org <djm@openbsd.org>
289Date: Thu Jan 30 22:25:34 2020 +0000
290
291 upstream: document changed default for UpdateHostKeys
292
293 OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
294
295commit d53a518536c552672c00e8892e2aea28f664148c
296Author: djm@openbsd.org <djm@openbsd.org>
297Date: Thu Jan 30 22:19:32 2020 +0000
298
299 upstream: enable UpdateKnownHosts=yes if the configuration
300
301 specifies only the default known_hosts files, otherwise select
302 UpdateKnownHosts=ask; ok markus@
303
304 OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
305
306commit bb63ff844e818d188da4fed3c016e0a4eecbbf25
307Author: Darren Tucker <dtucker@dtucker.net>
308Date: Thu Jan 30 18:54:42 2020 +1100
309
310 Look in inttypes.h for UINT32_MAX.
311
312 Should prevent warnings on at least some AIX versions.
313
314commit afeb6a960da23f0a5cbc4b80cca107c7504e932a
315Author: djm@openbsd.org <djm@openbsd.org>
316Date: Thu Jan 30 07:21:38 2020 +0000
317
318 upstream: use sshpkt_fatal() instead of plain fatal() for
319
320 ssh_packet_write_poll() failures here too as the former yields better error
321 messages; ok dtucker@
322
323 OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
324
325commit 65d6fd0a8a6f31c3ddf0c1192429a176575cf701
326Author: djm@openbsd.org <djm@openbsd.org>
327Date: Thu Jan 30 07:20:57 2020 +0000
328
329 upstream: check the return value of ssh_packet_write_poll() and
330
331 call sshpkt_fatal() if it fails; avoid potential busy-loop under some
332 circumstances. Based on patch by Mike Frysinger; ok dtucker@
333
334 OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
335
336commit dce74eab0c0f9010dc84c62500a17771d0131ff3
337Author: djm@openbsd.org <djm@openbsd.org>
338Date: Thu Jan 30 07:20:05 2020 +0000
339
340 upstream: have sshpkt_fatal() save/restore errno before we
341
342 potentially call strerror() (via ssh_err()); ok dtucker
343
344 OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787
345
346commit 14ef4efe2bf4180e085ea6738fdbebc199458b0c
347Author: djm@openbsd.org <djm@openbsd.org>
348Date: Wed Jan 29 08:17:49 2020 +0000
349
350 upstream: markus suggests a simplification to previous
351
352 OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
353
354commit 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff
355Author: djm@openbsd.org <djm@openbsd.org>
356Date: Wed Jan 29 07:51:30 2020 +0000
357
358 upstream: give more context to UpdateHostKeys messages, mentioning
359
360 that the changes are validated by the existing trusted host key. Prompted by
361 espie@ feedback and ok markus@
362
363 OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
364
365commit 24c0f752adf9021277a7b0a84931bb5fe48ea379
366Author: djm@openbsd.org <djm@openbsd.org>
367Date: Tue Jan 28 08:01:34 2020 +0000
368
369 upstream: changes to support FIDO attestation
370
371 Allow writing to disk the attestation certificate that is generated by
372 the FIDO token at key enrollment time. These certificates may be used
373 by an out-of-band workflow to prove that a particular key is held in
374 trustworthy hardware.
375
376 Allow passing in a challenge that will be sent to the card during
377 key enrollment. These are needed to build an attestation workflow
378 that resists replay attacks.
379
380 ok markus@
381
382 OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
383
384commit 156bef36f93a48212383235bb8e3d71eaf2b2777
385Author: djm@openbsd.org <djm@openbsd.org>
386Date: Tue Jan 28 07:24:15 2020 +0000
387
388 upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
389
390 me" matthieu@
391
392 OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
393
394commit ec8a759b4045e54d6b38e690ffee4cbffc53c7b7
395Author: Damien Miller <djm@mindrot.org>
396Date: Tue Jan 28 12:57:25 2020 +1100
397
398 compat for missing IPTOS_DSCP_LE in system headers
399
400commit 4594c7627680c4f41c2ad5fe412e55b7cc79b10c
401Author: djm@openbsd.org <djm@openbsd.org>
402Date: Tue Jan 28 01:49:36 2020 +0000
403
404 upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,
405
406 based on patch by veegish AT cyberstorm.mu
407
408 OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
409
410commit da22216b5db3613325aa7b639f40dc017e4c6f69
411Author: markus@openbsd.org <markus@openbsd.org>
412Date: Mon Jan 27 20:51:32 2020 +0000
413
414 upstream: disable UpdateHostKeys=ask if command is specified; ok
415
416 djm@ sthen@
417
418 OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
419
420commit 1e1db0544fdd788e2e3fc21d972a7ccb7de6b4ae
421Author: djm@openbsd.org <djm@openbsd.org>
422Date: Sun Jan 26 00:09:50 2020 +0000
423
424 upstream: unbreak unittests for recent API / source file changes
425
426 OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
427
428commit 0d1144769151edf65f74aee9a4c8545c37861695
429Author: Darren Tucker <dtucker@dtucker.net>
430Date: Sun Jan 26 15:09:15 2020 +1100
431
432 Move definition of UINT32_MAX.
433
434 This allows us to always define it if needed not just if we also
435 define the type ourself.
436
437commit f73ab8a811bc874c2fb403012aa8e4bfdcaf5ec7
438Author: djm@openbsd.org <djm@openbsd.org>
439Date: Sun Jan 26 00:09:50 2020 +0000
440
441 upstream: unbreak unittests for recent API / source file changes
442
443 OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
444
445commit 0373f9eba2b63455dceedbd3ac3d5dca306789ff
446Author: Darren Tucker <dtucker@dtucker.net>
447Date: Sun Jan 26 14:09:17 2020 +1100
448
449 Include signal.h to prevent redefintion of _NSIG.
450
451commit 638a45b5c1e20a8539100ca44166caad8abf26f8
452Author: Darren Tucker <dtucker@dtucker.net>
453Date: Sun Jan 26 13:40:51 2020 +1100
454
455 Wrap stdint.h in tests inside HAVE_STDINT_H.
456
457commit 74dfc2c859c906eaab1f88a27fd883115ffb928f
458Author: djm@openbsd.org <djm@openbsd.org>
459Date: Sun Jan 26 00:14:45 2020 +0000
460
461 upstream: for UpdateHostKeys, don't report errors for unsupported
462
463 key types - just ignore them. spotted by and ok dtucker@
464
465 OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
466
467commit b59618246c332e251160be0f1e0e88a7d4e2b0ae
468Author: djm@openbsd.org <djm@openbsd.org>
469Date: Sun Jan 26 00:13:20 2020 +0000
470
471 upstream: downgrade error() for missing subsequent known_hosts
472
473 files to debug() as it was intended to be; spotted by dtucker@
474
475 OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
476
477commit 469df611f778eec5950d556aabfe1d4efc227915
478Author: djm@openbsd.org <djm@openbsd.org>
479Date: Sat Jan 25 23:33:27 2020 +0000
480
481 upstream: clarify that BatchMode applies to all interactive prompts
482
483 (e.g. host key confirmation) and not just password prompts.
484
485 OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818
486
487commit de40876c4a5d7c519d3d7253557572fdfc13db76
488Author: djm@openbsd.org <djm@openbsd.org>
489Date: Sat Jan 25 23:28:06 2020 +0000
490
491 upstream: tidy headers; some junk snuck into sshbuf-misc.c and
492
493 sshbuf-io.c doesn't need SSHBUF_INTERNAL set
494
495 OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6
496
497commit 6a107606355fa9547884cad6740e6144a7a7955b
498Author: Damien Miller <djm@mindrot.org>
499Date: Sun Jan 26 10:28:21 2020 +1100
500
501 depend
502
503commit 59d01f1d720ebede4da42882f592d1093dac7adc
504Author: djm@openbsd.org <djm@openbsd.org>
505Date: Sat Jan 25 23:13:09 2020 +0000
506
507 upstream: improve the error message for u2f enrollment errors by
508
509 making ssh-keygen be solely responsible for printing the error message and
510 convertint some more common error responses from the middleware to a useful
511 ssherr.h status code. more detail remains visible via -v of course.
512
513 also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
514 and just include it.
515
516 feedback & ok markus@
517
518 OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
519
520commit 99aa8035554ddb976348d2a9253ab3653019728d
521Author: djm@openbsd.org <djm@openbsd.org>
522Date: Sat Jan 25 23:02:13 2020 +0000
523
524 upstream: factor out reading/writing sshbufs to dedicated
525
526 functions; feedback and ok markus@
527
528 OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
529
530commit 065064fcf455778b0918f783033b374d4ba37a92
531Author: djm@openbsd.org <djm@openbsd.org>
532Date: Sat Jan 25 22:49:38 2020 +0000
533
534 upstream: add a comment describing the ranges of channel IDs that
535
536 we use; requested by markus@
537
538 OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b
539
540commit 69334996ae203c51c70bf01d414c918a44618f8e
541Author: djm@openbsd.org <djm@openbsd.org>
542Date: Sat Jan 25 22:41:01 2020 +0000
543
544 upstream: make sshd_config:ClientAliveCountMax=0 disable the
545
546 connection killing behaviour, rather than killing the connection after
547 sending the first liveness test probe (regardless of whether the client was
548 responsive) bz2627; ok markus
549
550 OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf
551
552commit bf986a9e2792555e0879a3145fa18d2b49436c74
553Author: djm@openbsd.org <djm@openbsd.org>
554Date: Sat Jan 25 22:36:22 2020 +0000
555
556 upstream: clarify order of AllowUsers/DenyUsers vs
557
558 AllowGroups/DenyGroups; bz1690, ok markus@
559
560 OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd
561
562commit 022ce92fa0daa9d78830baeb2bd2dc3f83c724ba
563Author: djm@openbsd.org <djm@openbsd.org>
564Date: Sat Jan 25 07:17:18 2020 +0000
565
566 upstream: when AddKeysToAgent=yes is set and the key contains no
567
568 comment, add the key to the agent with the key's path as the comment. bz2564
569
570 OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f
571
572commit 0b813436bbf6546638b10c1fa71f54691bcf5e63
573Author: tedu@openbsd.org <tedu@openbsd.org>
574Date: Sat Jan 25 07:09:14 2020 +0000
575
576 upstream: group14-sha1 is no longer a default algorithm
577
578 OpenBSD-Commit-ID: a96f04d5e9c2ff760c6799579dc44f69b4ff431d
579
580commit 3432b6e05d5c583c91c566c5708fed487cec79ac
581Author: djm@openbsd.org <djm@openbsd.org>
582Date: Sat Jan 25 07:02:51 2020 +0000
583
584 upstream: reword HashKnownHosts description a little more; some
585
586 people found the wording confusing (bz#2560)
587
588 OpenBSD-Commit-ID: ac30896598694f07d498828690aecd424c496988
589
590commit f80d7d6aa98d6eddc5df02412efee6db75673d4c
591Author: djm@openbsd.org <djm@openbsd.org>
592Date: Sat Jan 25 07:01:00 2020 +0000
593
594 upstream: weaken the language for what HashKnownHosts provides with
595
596 regards to known_hosts name privacy, it's not practical for this option to
597 offer any guarantee that hostnames cannot be recovered from a disclosed
598 known_hosts file (e.g. by brute force).
599
600 OpenBSD-Commit-ID: 13f1e3285f8acf7244e9770074296bcf446c6972
601
602commit 846446bf3e7421e6671a4afd074bdf15eecd7832
603Author: djm@openbsd.org <djm@openbsd.org>
604Date: Sat Jan 25 06:40:20 2020 +0000
605
606 upstream: the GatewayPorts vs -R listen address selection logic is
607
608 still confusing people, so add another comment explaining the special
609 handling of "localhost"; bz#3258
610
611 OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
612
613commit 734f2f83f5ff86f2967a99d67be9ce22dd0394dd
614Author: djm@openbsd.org <djm@openbsd.org>
615Date: Sat Jan 25 06:03:10 2020 +0000
616
617 upstream: mention that permitopen=/PermitOpen do no name to address
618
619 translation; prompted by bz3099
620
621 OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23
622
623commit e1e97cae19ff07b7a7f7e82556bc048c3c54af63
624Author: Damien Miller <djm@mindrot.org>
625Date: Sat Jan 25 16:30:22 2020 +1100
626
627 include tunnel device path in error message
628
629commit 0ecd20bc9f0b9c7c697c9eb014613516c8f65834
630Author: djm@openbsd.org <djm@openbsd.org>
631Date: Sat Jan 25 04:48:26 2020 +0000
632
633 upstream: unrevert this:
634
635 > revision 1.217
636 > date: 2019/11/27 03:34:04; author: dtucker; state: Exp; lines: +5 -7; commitid: wkiMn49XJyjzoJIs;
637 > Make channel_id u_int32_t and remove unnecessary check and cast that were
638 > left over from the type conversion. Noted by t-hashida@amiya.co.jp in
639 > bz#3098, ok markus@ djm@
640
641 Darren was right the first time; ok dtucker@ "agreed" markus@
642
643 OpenBSD-Commit-ID: 641dd1b99a6bbd85b7160da462ae1be83432c7c8
644
645commit a0c81d2402eedc514b9c9f25ef9604eb0576b86a
646Author: dtucker@openbsd.org <dtucker@openbsd.org>
647Date: Sat Jan 25 02:57:53 2020 +0000
648
649 upstream: Move setting $NC into test-exec since it's now used by
650
651 multiple tests, and in -portable we use our own local copy to avoid
652 portability problems.
653
654 OpenBSD-Regress-ID: ceb78445fcaac317bec2fc51b3f0d9589048c114
655
656commit e16dfa94f86358033531c4a97dcb51508ef84d49
657Author: Darren Tucker <dtucker@dtucker.net>
658Date: Sat Jan 25 13:05:42 2020 +1100
659
660 Put EC key export inside OPENSSL_HAS_ECC.
661
662 Fixes link error when building against an OpenSSL that does not have
663 ECC.
664
665commit 94a2e5951b374e1a89761ceaff72e66eb1946807
666Author: dtucker@openbsd.org <dtucker@openbsd.org>
667Date: Sat Jan 25 00:27:56 2020 +0000
668
669 upstream: Wait a bit longer for the multiplex master to become ready
670
671 since on very slow hosts the current delay is not sufficient and the test
672 will fail.
673
674 OpenBSD-Regress-ID: 6d90c7475d67ac3a95610b64af700629ece51a48
675
676commit b2df804f571d77b07059f087b90955ffbc2f67d4
677Author: dtucker@openbsd.org <dtucker@openbsd.org>
678Date: Fri Jan 24 10:08:17 2020 +0000
679
680 upstream: Add a connection test for proxycommand. This would have
681
682 caught the problem caused by ssh.c rev 1.507 wherein Host and Hostname were
683 swapped. Prompted by beck@
684
685 OpenBSD-Regress-ID: d218500ae6aca4c479c27318fb5b09ebc00f7aae
686
687commit c6f06fd38a257b9fcc7d6760f8fb6d505dccb628
688Author: djm@openbsd.org <djm@openbsd.org>
689Date: Sat Jan 25 00:22:31 2020 +0000
690
691 upstream: set UpdateKnownHosts=ask by default; bz#2894; ok
692
693 markus@
694
695 OpenBSD-Commit-ID: f09cb3177f3a14c96428e14f347e976a8a531fee
696
697commit 7955633a554397bc24913cec9fd7285002935f7e
698Author: djm@openbsd.org <djm@openbsd.org>
699Date: Sat Jan 25 00:21:08 2020 +0000
700
701 upstream: allow UpdateKnownHosts=yes to function when multiple
702
703 known_hosts files are in use. When updating host keys, ssh will now search
704 subsequent known_hosts files, but will add new/changed host keys to the first
705 specified file only. bz#2738
706
707 ok markus@
708
709 OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c
710
711commit e5a278a62ab49dffe96929fa8d8506c6928dba90
712Author: djm@openbsd.org <djm@openbsd.org>
713Date: Sat Jan 25 00:06:48 2020 +0000
714
715 upstream: process security key provider via realpath() in agent,
716
717 avoids malicious client from being able to cause agent to load arbitrary
718 libraries into ssh-sk-helper.
719
720 reported by puck AT puckipedia.com; ok markus
721
722 OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c
723
724commit 89a8d4525e8edd9958ed3df60cf683551142eae0
725Author: djm@openbsd.org <djm@openbsd.org>
726Date: Sat Jan 25 00:03:36 2020 +0000
727
728 upstream: expose PKCS#11 key labels/X.509 subjects as comments
729
730 Extract the key label or X.509 subject string when PKCS#11 keys
731 are retrieved from the token and plumb this through to places where
732 it may be used as a comment.
733
734 based on https://github.com/openssh/openssh-portable/pull/138
735 by Danielle Church
736
737 feedback and ok markus@
738
739 OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
740
741commit a8c05c640873621681ab64d2e47a314592d5efa2
742Author: djm@openbsd.org <djm@openbsd.org>
743Date: Fri Jan 24 23:56:01 2020 +0000
744
745 upstream: tweak proctitle to include sshd arguments, as these are
746
747 frequently used to distinguish between multiple independent instances of the
748 server. New proctitle looks like this:
749
750 $ pgrep -lf sshd
751 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups
752
753 requested by sthen@ and aja@; ok aja@
754
755 OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e
756
757commit 8075fccbd4f70a4371acabcfb47562471ff0de6f
758Author: djm@openbsd.org <djm@openbsd.org>
759Date: Fri Jan 24 23:54:40 2020 +0000
760
761 upstream: add xextendf() to extend a string with a format
762
763 (reallocating as necessary). ok aja@ as part of a larger diff
764
765 OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
766
767commit d15c8adf2c6f1a6b4845131074383eb9c3d05c3d
768Author: djm@openbsd.org <djm@openbsd.org>
769Date: Fri Jan 24 05:33:01 2020 +0000
770
771 upstream: minor tweaks to ssh-keygen -Y find-principals:
772
773 emit matched principals one per line to stdout rather than as comma-
774 separated and with a free-text preamble (easy confusion opportunity)
775
776 emit "not found" error to stderr
777
778 fix up argument testing for -Y operations and improve error message for
779 unsupported operations
780
781 OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
782
783commit c3368a5d5ec368ef6bdf9971d6330ca0e3bdca06
784Author: djm@openbsd.org <djm@openbsd.org>
785Date: Fri Jan 24 00:28:57 2020 +0000
786
787 upstream: remove ssh-rsa (SHA1) from the list of allowed CA
788
789 signature algorithms ok markus
790
791 OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57
792
793commit 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67
794Author: djm@openbsd.org <djm@openbsd.org>
795Date: Fri Jan 24 00:27:04 2020 +0000
796
797 upstream: when signing a certificate with an RSA key, default to
798
799 a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
800 the user; ok markus@
801
802 OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
803
804commit 8dfb6a202c96cdf037c8ce05e53e32e0e0b7b454
805Author: djm@openbsd.org <djm@openbsd.org>
806Date: Fri Jan 24 00:00:31 2020 +0000
807
808 upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch
809
810 from Jakub Jelen ok markus@
811
812 OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51
813
814commit 72a8bea2d748c8bd7f076a8b39a52082c79ae95f
815Author: djm@openbsd.org <djm@openbsd.org>
816Date: Thu Jan 23 23:31:52 2020 +0000
817
818 upstream: ssh-keygen -Y find-principals fixes based on feedback
819
820 from Markus:
821
822 use "principals" instead of principal, as allowed_signers lines may list
823 multiple.
824
825 When the signing key is a certificate, emit only principals that match
826 the certificate principal list.
827
828 NB. the command -Y name changes: "find-principal" => "find-principals"
829
830 ok markus@
831
832 OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
833
834commit 0585b5697201f5d8b32e6f1b0fee7e188268d30d
835Author: dtucker@openbsd.org <dtucker@openbsd.org>
836Date: Fri Jan 24 01:29:23 2020 +0000
837
838 upstream: Do not warn about permissions on symlinks.
839
840 OpenBSD-Regress-ID: 339d4cbae224bd8743ffad9c3afb0cf3cb66c357
841
842commit 415192348a5737a960f6d1b292a17b64d55b542c
843Author: dtucker@openbsd.org <dtucker@openbsd.org>
844Date: Thu Jan 23 11:19:12 2020 +0000
845
846 upstream: Handle zlib compression being disabled now that it's
847
848 optional.
849
850 OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a
851
852commit fbce7c1a898ae75286349822950682cf46346121
853Author: dtucker@openbsd.org <dtucker@openbsd.org>
854Date: Thu Jan 23 10:53:04 2020 +0000
855
856 upstream: Fix typo in comment.
857
858 OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a
859
860commit ba247af8e9e302910e22881ef9d307a8afeef036
861Author: dtucker@openbsd.org <dtucker@openbsd.org>
862Date: Thu Jan 23 10:19:59 2020 +0000
863
864 upstream: When checking for unsafe directories, ignore non-directories
865
866 (ie symlinks, where permissions are not relevant).
867
868 OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501
869
870commit 74deb7029be4c00810443114aac9308875a81dae
871Author: Darren Tucker <dtucker@dtucker.net>
872Date: Thu Jan 23 22:17:24 2020 +1100
873
874 zlib is now optional.
875
876commit 633a2af47ee90291aaf93969aeee1e5046074c7c
877Author: Darren Tucker <dtucker@dtucker.net>
878Date: Thu Jan 23 22:16:51 2020 +1100
879
880 Plumb WITH_ZLIB into configure.
881
882 This allows zlib support to be disabled by ./configure --without-zlib.
883
884commit 7f8e66fea8c4e2a910df9067cb7638999b7764d5
885Author: dtucker@openbsd.org <dtucker@openbsd.org>
886Date: Thu Jan 23 10:24:29 2020 +0000
887
888 upstream: Make zlib optional. This adds a "ZLIB" build time option
889
890 that allows building without zlib compression and associated options. With
891 feedback from markus@, ok djm@
892
893 OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
894
895commit 69ac4e33023b379e9a8e9b4b6aeeffa6d1fcf6fa
896Author: djm@openbsd.org <djm@openbsd.org>
897Date: Thu Jan 23 07:54:04 2020 +0000
898
899 upstream: remove trailing period characters from pub/priv key
900
901 pathnames - they make them needlessly more difficult to cut and paste without
902 error; ok markus@ & dtucker@
903
904 OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a
905
906commit 945bf52c3c815d95b1e842ebf6c910c3524bd5bb
907Author: Darren Tucker <dtucker@dtucker.net>
908Date: Thu Jan 23 21:06:45 2020 +1100
909
910 Fix a couple of mysig_t leftovers.
911
912commit 84226b447d45fe4542613de68c2ca59a890d7c01
913Author: Darren Tucker <dtucker@dtucker.net>
914Date: Thu Jan 23 18:55:24 2020 +1100
915
916 Remove mysignal wrapper.
917
918 We switched the main code to use sigaction(), so the wrapper is no
919 longer used.
920
921commit 5533c2fb7ef21172fa3708d66b03faa2c6b3d93f
922Author: jmc@openbsd.org <jmc@openbsd.org>
923Date: Thu Jan 23 07:16:38 2020 +0000
924
925 upstream: new sentence, new line;
926
927 OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925
928
929commit 3bf2a6ac791d64046a537335a0f1d5e43579c5ad
930Author: dtucker@openbsd.org <dtucker@openbsd.org>
931Date: Thu Jan 23 07:10:22 2020 +0000
932
933 upstream: Replace all calls to signal(2) with a wrapper around
934
935 sigaction(2). This wrapper blocks all other signals during the handler
936 preventing races between handlers, and sets SA_RESTART which should reduce
937 the potential for short read/write operations.
938
939 OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
940
941commit e027c044c796f3a01081a91bee55741204283f28
942Author: djm@openbsd.org <djm@openbsd.org>
943Date: Thu Jan 23 04:54:34 2020 +0000
944
945 upstream: missing header change from previous; spotted by dtucker@
946
947 OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f
948
949commit 7e1323102b1b04eef391b01e180710a2d408a7ab
950Author: dtucker@openbsd.org <dtucker@openbsd.org>
951Date: Thu Jan 23 03:42:41 2020 +0000
952
953 upstream: Check for and warn about StrictModes permission problems. ok tb@
954
955 OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991
956
957commit 84de1c27f845d15c859db44e7070a46f45504b66
958Author: dtucker@openbsd.org <dtucker@openbsd.org>
959Date: Thu Jan 23 03:35:07 2020 +0000
960
961 upstream: Also test PuTTY chacha20.
962
963 OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040
964
965commit c7ed15a39695ecd5f1f21842d8d9cd22246d4ee2
966Author: dtucker@openbsd.org <dtucker@openbsd.org>
967Date: Thu Jan 23 03:24:38 2020 +0000
968
969 upstream: Also test PuTTY ecdh kex methods.
970
971 OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133
972
973commit c4b3a128954ee1b7fbcbda167baf8aca1a3d1c84
974Author: dtucker@openbsd.org <dtucker@openbsd.org>
975Date: Thu Jan 23 02:46:49 2020 +0000
976
977 upstream: Remove unsupported algorithms from list of defaults at run
978
979 time and remove ifdef and distinct settings for OPENSSL=no case.
980
981 This will make things much simpler for -portable where the exact set
982 of algos depends on the configuration of both OpenSSH and the libcrypto
983 it's linked against (if any). ok djm@
984
985 OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
986
987commit 56cffcc09f8a2e661d2ba02e61364ae6f998b2b1
988Author: djm@openbsd.org <djm@openbsd.org>
989Date: Thu Jan 23 02:43:48 2020 +0000
990
991 upstream: add a new signature operations "find-principal" to look
992
993 up the principal associated with a signature from an allowed-signers file.
994 Work by Sebastian Kinne; ok dtucker@
995
996 OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
997
998commit 65cf8730de6876a56595eef296e07a86c52534a6
999Author: dtucker@openbsd.org <dtucker@openbsd.org>
1000Date: Wed Jan 22 07:38:30 2020 +0000
1001
1002 upstream: Ignore whitespace when checking explict fingerprint.
1003
1004 When confirming a host key using the fingerprint itself, ignore leading and
1005 trailing whitespace. ok deraadt@ djm@
1006
1007 OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
1008
1009commit 8d3af6ebdf524b34087a0a3ae415b5141ba10572
1010Author: dtucker@openbsd.org <dtucker@openbsd.org>
1011Date: Wed Jan 22 07:31:27 2020 +0000
1012
1013 upstream: Increase keyscan timeout from default. On slow hosts 3
1014
1015 concurrent keyscans can hit the default 5 second timeout, so increase to 15
1016 seconds.
1017
1018 OpenBSD-Regress-ID: 16383dec166af369b7fb9948572856f5d544c93f
1019
1020commit 6c30c9adbeeed09a8a9e7a69974cfa1f1ddd1e9e
1021Author: tedu@openbsd.org <tedu@openbsd.org>
1022Date: Wed Jan 22 04:58:23 2020 +0000
1023
1024 upstream: remove diffie-hellman-group14-sha1 from default kex to
1025
1026 see what happens. general mostly ok
1027
1028 OpenBSD-Commit-ID: 216b7b8462d2ef5f4531f26cb2cb839b2153dad9
1029
1030commit 4a32c0ca44a2dc2a358f69b5d43c08e528b44b39
1031Author: claudio@openbsd.org <claudio@openbsd.org>
1032Date: Wed Jan 22 04:51:51 2020 +0000
1033
1034 upstream: For ssh-keygen -lF only add a space after key fingerprint
1035
1036 when there is a comment. This makes copy-paste of fingerprints into ssh
1037 easier. OK djm@
1038
1039 OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd
1040
1041commit 37d3b736506760e4ebc7fe56255f7b8ea823a00c
1042Author: djm@openbsd.org <djm@openbsd.org>
1043Date: Wed Jan 22 04:49:16 2020 +0000
1044
1045 upstream: some __func__ and strerror(errno) here; no functional
1046
1047 change
1048
1049 OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37
1050
1051commit e2031b05c74c98b141179ceab13a323cf17d01e5
1052Author: djm@openbsd.org <djm@openbsd.org>
1053Date: Wed Jan 22 02:25:21 2020 +0000
1054
1055 upstream: factor out parsing of allowed-signers lines
1056
1057 OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
1058
1059commit 47160e1de8c2f638f0ef41cef42c976417b61778
1060Author: Damien Miller <djm@mindrot.org>
1061Date: Wed Jan 22 10:30:13 2020 +1100
1062
1063 unbreak fuzzer support for recent ssh-sk.h changes
1064
1065commit 70d38c3cfd4550e8ee66cc3bf1b91aa339c91df5
1066Author: djm@openbsd.org <djm@openbsd.org>
1067Date: Tue Jan 21 22:39:57 2020 +0000
1068
1069 upstream: expose the number of currently-authenticating connections
1070
1071 along with the MaxStartups limit in the proctitle; suggestion from Philipp
1072 Marek, w/ feedback from Craig Miskell ok dtucker@
1073
1074 OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3
1075
1076commit a78c66d5d2144bd49779bc80a647346bd3d7233d
1077Author: naddy@openbsd.org <naddy@openbsd.org>
1078Date: Tue Jan 21 12:40:04 2020 +0000
1079
1080 upstream: document the default value of the ControlPersist option;
1081
1082 ok dtucker@ djm@
1083
1084 OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66
1085
1086commit b46a6325849e40aa2e4b0d962a6f00f708f6576a
1087Author: Damien Miller <djm@mindrot.org>
1088Date: Wed Jan 22 09:28:32 2020 +1100
1089
1090 remove accidental change in f8c11461
1091
1092commit 80d3bebcab96fe1d177e45906e10db16895da01d
1093Author: djm@openbsd.org <djm@openbsd.org>
1094Date: Tue Jan 21 11:06:09 2020 +0000
1095
1096 upstream: don't #ifdef out the KRL code when compiling without
1097
1098 libcrypto support; it works just fine and disabling it breaks a few tests. ok
1099 dtucker@
1100
1101 OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
1102
1103commit f8c11461aa6db168fc5e7eeae448b4cbbf59642a
1104Author: djm@openbsd.org <djm@openbsd.org>
1105Date: Tue Jan 21 08:06:27 2020 +0000
1106
1107 upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting
1108
1109 cleared; with dtucker@
1110
1111 OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
1112
1113commit b5fcb0ac1cc0ef01aeec1c089146298654ab3ae0
1114Author: djm@openbsd.org <djm@openbsd.org>
1115Date: Tue Jan 21 07:07:31 2020 +0000
1116
1117 upstream: check access(ssh-sk-helper, X_OK) to provide friendly
1118
1119 error message for misconfigured helper paths
1120
1121 OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
1122
1123commit 56bced43c14dc6fa2bfa1816007e441644105609
1124Author: dtucker@openbsd.org <dtucker@openbsd.org>
1125Date: Tue Jan 21 06:09:56 2020 +0000
1126
1127 upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patch
1128
1129 from jtesta@positronsecurity.com via github PR#151.
1130
1131 OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc
1132
1133commit 4a05d789b86314fef7303824f69defbc6b96ed60
1134Author: djm@openbsd.org <djm@openbsd.org>
1135Date: Tue Jan 21 05:56:56 2020 +0000
1136
1137 upstream: fix ssh-keygen not displaying authenticator touch
1138
1139 prompt; reported by jmc@
1140
1141 OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
1142
1143commit 881aded0389d999375f926051491a944c6d8752b
1144Author: djm@openbsd.org <djm@openbsd.org>
1145Date: Tue Jan 21 05:56:27 2020 +0000
1146
1147 upstream: a little more verbosity in sign_and_send_pubkey() debug
1148
1149 messages
1150
1151 OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
1152
1153commit b715fdc71bbd009d0caff691ab3fc04903c4aee8
1154Author: naddy@openbsd.org <naddy@openbsd.org>
1155Date: Sat Jan 18 21:16:43 2020 +0000
1156
1157 upstream: one more replacement "(security) key" -> "(FIDO)
1158
1159 authenticator"
1160
1161 OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd
1162
1163commit 84911da1beeb6ed258a43468efb316cd39fb6855
1164Author: naddy@openbsd.org <naddy@openbsd.org>
1165Date: Sat Jan 18 15:45:41 2020 +0000
1166
1167 upstream: undo merge error and replace the term "security key"
1168
1169 again
1170
1171 OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395
1172
1173commit e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0
1174Author: naddy@openbsd.org <naddy@openbsd.org>
1175Date: Fri Jan 17 20:13:47 2020 +0000
1176
1177 upstream: Document loading of resident keys from a FIDO
1178
1179 authenticator.
1180
1181 * Rename -O to -K to keep "-O option" available.
1182 * Document -K.
1183 * Trim usage() message down to synopsis, like all other commands.
1184
1185 ok markus@
1186
1187 OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
1188
1189commit 0d005d6372a067b59123dec8fc6dc905f2c09e1e
1190Author: naddy@openbsd.org <naddy@openbsd.org>
1191Date: Tue Jan 14 15:07:30 2020 +0000
1192
1193 upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each
1194
1195 other and reality ok markus@
1196
1197 OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
1198
1199commit b8a4ca2ebfddab862f7eb1ea2a07fb9f70330429
1200Author: naddy@openbsd.org <naddy@openbsd.org>
1201Date: Sat Jan 11 16:23:10 2020 +0000
1202
1203 upstream: revise the fix for reversed arguments on
1204
1205 expand_proxy_command()
1206
1207 Always put 'host' before 'host_arg' for consistency. ok markus@ djm@
1208
1209 OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
1210
1211commit 57b181eaf2d34fd0a1b51ab30cb6983df784de5a
1212Author: djm@openbsd.org <djm@openbsd.org>
1213Date: Fri Jan 10 23:43:26 2020 +0000
1214
1215 upstream: pass the log-on-stderr flag and log level through to
1216
1217 ssh-sk-helper, making debugging a bit easier. ok markus@
1218
1219 OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
1220
1221commit a8bd5fdbdb7581afc7123a042a7cd6ca25357388
1222Author: Damien Miller <djm@mindrot.org>
1223Date: Tue Jan 21 12:32:16 2020 +1100
1224
1225 Wrap copy_environment_blacklist() in #ifdef
1226
1227 It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler
1228 warnings otherwise.
1229
1230commit 10ecc647fc1db8d2dde9f6b9b826b201dfc48b62
1231Author: Damien Miller <djm@mindrot.org>
1232Date: Tue Jan 21 12:20:05 2020 +1100
1233
1234 depend
1235
1236commit b3f7009c9ffa5891283ed96e043001e09934a8d4
1237Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1238Date: Mon Jan 20 11:56:48 2020 +0100
1239
1240 Fix missing prototype warning for copy_environment
1241
1242 This function is only used in this file, and only on Cygwin, so make
1243 it static and hide it behind HAVE_CYGWIN. Prevents missing prototype
1244 warning.
1245
1246commit 0c428c0e991e2c4fabc48cf5d9b8f84c9412e0c3
1247Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1248Date: Mon Jan 20 13:58:11 2020 +0100
1249
1250 configure.ac: fix ldns test
1251
1252 When running ./configure --with-ldns, if ldns-config cannot be found, we
1253 add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
1254
1255commit 6089abf715e2784751c9f62697e09bb103295b93
1256Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1257Date: Mon Jan 20 12:13:26 2020 +0100
1258
1259 Make sshpam_password_change_required static.
1260
1261 sshpam_password_change_required is only used in auth-pam.c, so make it
1262 static to prevent a mising prototype warning.
1263
1264commit 5a9b9c82851b7bc219dc3a65962a80803c76c102
1265Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1266Date: Mon Jan 20 12:24:51 2020 +0100
1267
1268 sandbox-darwin.c: fix missing prototypes.
1269
1270 Include the right header just like the other sandbox files.
1271 Fixes missing prototype warnings for ssh_sandbox_* functions.
1272
1273commit 335dc93526942a650f6c69666b3f6ca44d0a2910
1274Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1275Date: Mon Jan 20 11:09:27 2020 +0100
1276
1277 Fix a few warnings when on Mac OS X.
1278
1279 Include stdlib.h for calloc, malloc, free and setenv.
1280
1281commit 0488dc2d3050ea1a99ef5cf44afc50ffbf3f1315
1282Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1283Date: Mon Jan 20 10:32:23 2020 +0100
1284
1285 Fix building without openssl.
1286
1287 This fixes the following when there are no openssl headers on the system:
1288 ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
1289
1290commit e6b7157b4ef29c83ec3a2d1d7c927e4b8898f9bb
1291Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1292Date: Wed Jan 15 16:08:55 2020 +0100
1293
1294 Add config.log to .gitignore
1295
1296commit 515e10ddf9644010b88cfd7ecf601f4306d42232
1297Author: Ruben Kerkhof <ruben@rubenkerkhof.com>
1298Date: Wed Jan 15 16:16:31 2020 +0100
1299
1300 Fix typo in README.md, s/crytpo/crypto/
1301
1302commit 1af3354aea3c4bfa5b5ecfb5d1ff3ad231c2073c
1303Author: Darren Tucker <dtucker@dtucker.net>
1304Date: Wed Jan 15 16:22:36 2020 +1100
1305
1306 Wrap stdint.h in ifdef HAVE_STDINT_H.
1307
1308commit 429170f273ce1b0140f8111a45ba69390d98de3a
1309Author: Darren Tucker <dtucker@dtucker.net>
1310Date: Tue Jan 14 14:41:47 2020 +1100
1311
1312 Wrap stdint.h inside HAVE_STDINT_H.
1313
1314commit a0989b60211b6f1c2313e1397c526d883a23a075
1315Author: Darren Tucker <dtucker@dtucker.net>
1316Date: Tue Jan 14 14:26:41 2020 +1100
1317
1318 Include compat header for definitions.
1319
1320commit e0cedcad51fe02683943bf4f1ad2961aa3f35313
1321Author: Darren Tucker <dtucker@dtucker.net>
1322Date: Tue Jan 14 09:42:52 2020 +1100
1323
1324 Improve search for 'struct timespec'.
1325
1326 Make struct timespec test consistent with existing timeval test.
1327 Include time.h for timespec in compat header where required.
1328
1329commit acaf9e058594310001ce64468ed2923dc6323e81
1330Author: Darren Tucker <dtucker@dtucker.net>
1331Date: Tue Jan 14 12:43:03 2020 +1100
1332
1333 Update depend to remove rmd160.h.
1334
1335commit 26b2675b0c3e3efea11a52609073aec01736ec84
1336Author: Darren Tucker <dtucker@dtucker.net>
1337Date: Tue Jan 14 07:24:46 2020 +1100
1338
1339 Remove configure test & compat code for ripemd160.
1340
1341 RIPEMD160 support was removed upstream in 2017, however we still had
1342 a configure test and compat code for it, so clean those up now.
1343
1344commit ed3ad71b17adcd1fb4431d145f53cee1c6a1135e
1345Author: djm@openbsd.org <djm@openbsd.org>
1346Date: Thu Jan 9 03:28:38 2020 +0000
1347
1348 upstream: fix reversed arguments on expand_proxy_command(); spotted
1349
1350 by anton@
1351
1352 OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775
1353
1354commit cd53476383f0cf475f40ba8ac8deb6b76dd5ce4e
1355Author: jmc@openbsd.org <jmc@openbsd.org>
1356Date: Mon Jan 6 07:43:28 2020 +0000
1357
1358 upstream: put the fido options in a list, and tidy up the text a
1359
1360 little; ok djm
1361
1362 OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb
1363
1364commit 30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89
1365Author: Jeremy Drake <github@jdrake.com>
1366Date: Fri Oct 11 18:31:05 2019 -0700
1367
1368 Deny (non-fatal) ipc in preauth privsep child.
1369
1370 As noted in openssh/openssh-portable#149, i386 does not have have
1371 _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc,
1372 https://linux.die.net/man/2/ipc). Add this syscall, if present, to the
1373 list of syscalls that seccomp will deny non-fatally.
1374
1375commit b110cefdfbf5a20f49b774a55062d6ded2fb6e22
1376Author: Khem Raj <raj.khem@gmail.com>
1377Date: Tue Jan 7 16:26:45 2020 -0800
1378
1379 seccomp: Allow clock_gettime64() in sandbox.
1380
1381 This helps sshd accept connections on mips platforms with
1382 upcoming glibc ( 2.31 )
1383
1384commit 3cc60c899a92a469e5118310ba6b74cb57215618
1385Author: djm@openbsd.org <djm@openbsd.org>
1386Date: Mon Jan 6 02:39:30 2020 +0000
1387
1388 upstream: missing else in check_enroll_options()
1389
1390 OpenBSD-Commit-ID: e058fb918fda56ddbbf0bee910101004cec421d4
1391
1392commit ff5784e2698d6c41e9f39ce4df24968c1beeb2bb
1393Author: djm@openbsd.org <djm@openbsd.org>
1394Date: Mon Jan 6 02:24:28 2020 +0000
1395
1396 upstream: fix error message
1397
1398 OpenBSD-Commit-ID: 1eb52025658eb78ea6223181e552862198d3d505
1399
1400commit dd2acc8b862c09751621995fba2d5fa6f4e24cc9
1401Author: djm@openbsd.org <djm@openbsd.org>
1402Date: Mon Jan 6 02:07:50 2020 +0000
1403
1404 upstream: adapt sk-dummy to SK API changes
1405
1406 also, make it pull prototypes directly from sk-api.c and #error
1407 if the expected version changes. This will make any future regress
1408 test breakage because of SK API changes much more apparent
1409
1410 OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d
1411
1412commit c312ca077cd2a6c15545cd6b4d34ee2f69289174
1413Author: djm@openbsd.org <djm@openbsd.org>
1414Date: Mon Jan 6 02:00:46 2020 +0000
1415
1416 upstream: Extends the SK API to accept a set of key/value options
1417
1418 for all operations. These are intended to future-proof the API a little by
1419 making it easier to specify additional fields for without having to change
1420 the API version for each.
1421
1422 At present, only two options are defined: one to explicitly specify
1423 the device for an operation (rather than accepting the middleware's
1424 autoselection) and another to specify the FIDO2 username that may
1425 be used when generating a resident key. These new options may be
1426 invoked at key generation time via ssh-keygen -O
1427
1428 This also implements a suggestion from Markus to avoid "int" in favour
1429 of uint32_t for the algorithm argument in the API, to make implementation
1430 of ssh-sk-client/helper a little easier.
1431
1432 feedback, fixes and ok markus@
1433
1434 OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc
1435
1436commit 2ab335712d084d9ccaf3f53afc3fa9535329da87
1437Author: beck@openbsd.org <beck@openbsd.org>
1438Date: Sun Jan 5 16:28:22 2020 +0000
1439
1440 upstream: fix CanonicalizeHostname, broken by rev 1.507
1441
1442 Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com>
1443 ok dtucker@ markus@ djm@
1444
1445 OpenBSD-Commit-ID: 749f3168ec520609c35b0c4e1984e5fa47f16094
1446
1447commit 69e44ba701b90b0f530d64c3fe4363ea86e50cd3
1448Author: Darren Tucker <dtucker@dtucker.net>
1449Date: Mon Jan 6 09:02:53 2020 +1100
1450
1451 Fix typo: 'you' -> 'your'.
1452
1453 bz#3108 from jmckitrick@gmail.com.
1454
1455commit 7652a57662969bd5c61448b3843ec6d407ad12be
1456Author: Darren Tucker <dtucker@dtucker.net>
1457Date: Mon Jan 6 08:56:46 2020 +1100
1458
1459 Remove auth-skey.c.
1460
1461 S/Key support was removed in OpenSSH 7.8 but this file was missed.
1462
1463commit c593cc5e826c9f4ec506e22b629d37cabfaacff9
1464Author: jmc@openbsd.org <jmc@openbsd.org>
1465Date: Fri Jan 3 07:33:33 2020 +0000
1466
1467 upstream: the download resident keys option is -K (upper) not -k
1468
1469 (lower); ok djm
1470
1471 OpenBSD-Commit-ID: 71dc28a3e1fa7c553844abc508845bcf5766e091
1472
1473commit ff31f15773ee173502eec4d7861ec56f26bba381
1474Author: djm@openbsd.org <djm@openbsd.org>
1475Date: Fri Jan 3 03:02:26 2020 +0000
1476
1477 upstream: what bozo decided to use 2020 as a future date in a regress
1478
1479 test?
1480
1481 OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
1482
1483commit 680eb7749a39d0e4d046e66cac4e51e8e3640b75
1484Author: djm@openbsd.org <djm@openbsd.org>
1485Date: Fri Jan 3 02:46:19 2020 +0000
1486
1487 upstream: implement recent SK API change to support resident keys
1488
1489 and PIN prompting in the dummy middleware that we use for the tests. Should
1490 fix breakage spotted by dtucker@
1491
1492 OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
1493
1494commit 86834fe6b54ac57b8528c30cf0b27e5cac5b7af7
1495Author: dtucker@openbsd.org <dtucker@openbsd.org>
1496Date: Thu Jan 2 13:25:38 2020 +0000
1497
1498 upstream: Update keygen moduli screen test to match recent command
1499
1500 line option change to ssh-keygen(1).
1501
1502 OpenBSD-Regress-ID: 744a72755004377e9669b662c13c6aa9ead8a0c3
1503
1504commit 9039971887cccd95b209c479296f772a3a93e8e7
1505Author: djm@openbsd.org <djm@openbsd.org>
1506Date: Thu Jan 2 22:40:09 2020 +0000
1507
1508 upstream: ability to download FIDO2 resident keys from a token via
1509
1510 "ssh-keygen -K". This will save public/private keys into the current
1511 directory.
1512
1513 This is handy if you move a token between hosts.
1514
1515 feedback & ok markus@
1516
1517 OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6
1518
1519commit 878ba4350d57e905d6bb1865d8ff31bdfe5deab4
1520Author: djm@openbsd.org <djm@openbsd.org>
1521Date: Thu Jan 2 22:38:33 2020 +0000
1522
1523 upstream: add sshkey_save_public(), to save a public key; ok
1524
1525 markus@
1526
1527 OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076
1528
1529commit 3b1382ffd5e71eff78db8cef0f3cada22ff29409
1530Author: jmc@openbsd.org <jmc@openbsd.org>
1531Date: Mon Dec 30 16:10:00 2019 +0000
1532
1533 upstream: simplify the list for moduli options - no need for
1534
1535 -compact;
1536
1537 OpenBSD-Commit-ID: 6492c72280482c6d072be46236b365cb359fc280
1538
1539commit 0248ec7c763dee9ff730a589e3d166eac5c74d7c
1540Author: Damien Miller <djm@mindrot.org>
1541Date: Thu Jan 2 13:41:31 2020 +1100
1542
1543 ssh-sk-null.cc needs extern "C" {}
1544
1545commit 5ca4b414effe4b56f0cfe3058c92391aa8a43871
1546Author: Damien Miller <djm@mindrot.org>
1547Date: Thu Jan 2 10:56:29 2020 +1100
1548
1549 add dummy ssh-sk API for linking with fuzzers
1550
1551commit c4b2664be7ba25e4c233315b25212dec29b727ab
1552Author: Damien Miller <djm@mindrot.org>
1553Date: Mon Dec 30 21:04:09 2019 +1100
1554
1555 refresh depend
1556
1557commit 3093d12ff80927cf45da08d9f262a26680fb14ee
1558Author: djm@openbsd.org <djm@openbsd.org>
1559Date: Mon Dec 30 09:49:52 2019 +0000
1560
1561 upstream: Remove the -x option currently used for
1562
1563 FIDO/U2F-specific key flags. Instead these flags may be specified via -O.
1564
1565 ok markus@
1566
1567 OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1
1568
1569commit ef65e7dbaa8fac3245aa2bfc9f7e09be7cba0d9d
1570Author: djm@openbsd.org <djm@openbsd.org>
1571Date: Mon Dec 30 09:25:29 2019 +0000
1572
1573 upstream: document SK API changes in PROTOCOL.u2f
1574
1575 ok markus@
1576
1577 OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186
1578
1579commit 43ce96427b76c4918e39af654e2fc9ee18d5d478
1580Author: djm@openbsd.org <djm@openbsd.org>
1581Date: Mon Dec 30 09:24:45 2019 +0000
1582
1583 upstream: translate and return error codes; retry on bad PIN
1584
1585 Define some well-known error codes in the SK API and pass
1586 them back via ssh-sk-helper.
1587
1588 Use the new "wrong PIN" error code to retry PIN prompting during
1589 ssh-keygen of resident keys.
1590
1591 feedback and ok markus@
1592
1593 OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620
1594
1595commit d433596736a2cd4818f538be11fc94783f5c5236
1596Author: djm@openbsd.org <djm@openbsd.org>
1597Date: Mon Dec 30 09:24:03 2019 +0000
1598
1599 upstream: improve some error messages; ok markus@
1600
1601 OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81
1602
1603commit c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0
1604Author: djm@openbsd.org <djm@openbsd.org>
1605Date: Mon Dec 30 09:23:28 2019 +0000
1606
1607 upstream: SK API and sk-helper error/PIN passing
1608
1609 Allow passing a PIN via the SK API (API major crank) and let the
1610 ssh-sk-helper API follow.
1611
1612 Also enhance the ssh-sk-helper API to support passing back an error
1613 code instead of a complete reply. Will be used to signal "wrong PIN",
1614 etc.
1615
1616 feedback and ok markus@
1617
1618 OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
1619
1620commit 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef
1621Author: djm@openbsd.org <djm@openbsd.org>
1622Date: Mon Dec 30 09:22:49 2019 +0000
1623
1624 upstream: implement loading resident keys in ssh-add
1625
1626 "ssh-add -O" will load resident keys from a FIDO2 token and add them
1627 to a ssh-agent.
1628
1629 feedback and ok markus@
1630
1631 OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290
1632
1633commit 27753a8e21887d47fe6b5c78a4aed0efe558a850
1634Author: djm@openbsd.org <djm@openbsd.org>
1635Date: Mon Dec 30 09:21:59 2019 +0000
1636
1637 upstream: implement loading of resident keys in ssh-sk-helper
1638
1639 feedback and ok markus@
1640
1641 OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
1642
1643commit 14cea36df397677b8f8568204300ef654114fd76
1644Author: djm@openbsd.org <djm@openbsd.org>
1645Date: Mon Dec 30 09:21:16 2019 +0000
1646
1647 upstream: resident keys support in SK API
1648
1649 Adds a sk_load_resident_keys() function to the security key
1650 API that accepts a security key provider and a PIN and returns
1651 a list of keys.
1652
1653 Implement support for this in the usbhid middleware.
1654
1655 feedback and ok markus@
1656
1657 OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0
1658
1659commit 2fe05fcb4a2695f190b4fcf27770b655586ab349
1660Author: djm@openbsd.org <djm@openbsd.org>
1661Date: Mon Dec 30 09:20:36 2019 +0000
1662
1663 upstream: Factor out parsing of struct sk_enroll_response
1664
1665 We'll reuse this for extracting resident keys from a device.
1666
1667 feedback and ok markus@
1668
1669 OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273
1670
1671commit 4532bd01d57ee13c3ca881eceac1bf9da96a4d7e
1672Author: djm@openbsd.org <djm@openbsd.org>
1673Date: Mon Dec 30 09:19:52 2019 +0000
1674
1675 upstream: basic support for generating FIDO2 resident keys
1676
1677 "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a
1678 device-resident key.
1679
1680 feedback and ok markus@
1681
1682 OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431
1683
1684commit 3e60d18fba1b502c21d64fc7e81d80bcd08a2092
1685Author: djm@openbsd.org <djm@openbsd.org>
1686Date: Mon Dec 30 03:30:09 2019 +0000
1687
1688 upstream: remove single-letter flags for moduli options
1689
1690 Move all moduli generation options to live under the -O flag.
1691
1692 Frees up seven single-letter flags.
1693
1694 NB. this change break existing ssh-keygen commandline syntax for moduli-
1695 related operations. Very few people use these fortunately.
1696
1697 feedback and ok markus@
1698
1699 OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935
1700
1701commit 1e645fe767f27725dc7fd7864526de34683f7daf
1702Author: djm@openbsd.org <djm@openbsd.org>
1703Date: Mon Dec 30 03:28:41 2019 +0000
1704
1705 upstream: prepare for use of ssh-keygen -O flag beyond certs
1706
1707 Move list of available certificate options in ssh-keygen.1 to the
1708 CERTIFICATES section.
1709
1710 Collect options specified by -O but delay parsing/validation of
1711 certificate options until we're sure that we're acting as a CA.
1712
1713 ok markus@
1714
1715 OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106
1716
1717commit 20ccd854245c598e2b47cc9f8d4955d645195055
1718Author: jmc@openbsd.org <jmc@openbsd.org>
1719Date: Fri Dec 27 08:28:44 2019 +0000
1720
1721 upstream: sort -Y internally in the options list, as is already
1722
1723 done in synopsis;
1724
1725 OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274
1726
1727commit 5b6c954751dd3677466cda7adb92e4f05446c96c
1728Author: jmc@openbsd.org <jmc@openbsd.org>
1729Date: Fri Dec 27 08:25:07 2019 +0000
1730
1731 upstream: in the options list, sort -Y and -y;
1732
1733 OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa
1734
1735commit 141df487ba699cfd1ec3dcd98186e7c956e99024
1736Author: naddy@openbsd.org <naddy@openbsd.org>
1737Date: Sat Dec 21 20:22:34 2019 +0000
1738
1739 upstream: Replace the term "security key" with "(FIDO)
1740
1741 authenticator".
1742
1743 The polysemous use of "key" was too confusing. Input from markus@.
1744 ok jmc@
1745
1746 OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
1747
1748commit fbd9729d4eadf2f7097b6017156387ac64302453
1749Author: djm@openbsd.org <djm@openbsd.org>
1750Date: Sat Dec 21 02:33:07 2019 +0000
1751
1752 upstream: unit tests for ForwardAgent=/path; from Eric Chiang
1753
1754 OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
1755
1756commit e5b7cf8edca7e843adc125621e1dab14507f430a
1757Author: djm@openbsd.org <djm@openbsd.org>
1758Date: Mon Dec 16 02:39:05 2019 +0000
1759
1760 upstream: test security key host keys in addition to user keys
1761
1762 OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1
1763
1764commit 40be78f503277bd91c958fa25ea9ef918a2ffd3d
1765Author: djm@openbsd.org <djm@openbsd.org>
1766Date: Sat Dec 21 02:19:13 2019 +0000
1767
1768 upstream: Allow forwarding a different agent socket to the path
1769
1770 specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
1771 accepting an explicit path or the name of an environment variable in addition
1772 to yes/no.
1773
1774 Patch by Eric Chiang, manpage by me; ok markus@
1775
1776 OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
1777
1778commit 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e
1779Author: naddy@openbsd.org <naddy@openbsd.org>
1780Date: Fri Dec 20 20:28:55 2019 +0000
1781
1782 upstream: SSH U2F keys can now be used as host keys. Fix a garden
1783
1784 path sentence. ok markus@
1785
1786 OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
1787
1788commit 68010acbcfe36167b3eece3115f3a502535f80df
1789Author: dtucker@openbsd.org <dtucker@openbsd.org>
1790Date: Fri Dec 20 02:42:42 2019 +0000
1791
1792 upstream: Move always unsupported keywords to be grouped with the other
1793
1794 ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch
1795 from openbsd@academicsolutions.ch, ok djm@
1796
1797 OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec
1798
1799commit 8784b02dc49e1c98df4e7aca466be2f652ed4ad1
1800Author: dtucker@openbsd.org <dtucker@openbsd.org>
1801Date: Fri Dec 20 02:29:21 2019 +0000
1802
1803 upstream: Remove obsolete opcodes from the configuation enum.
1804
1805 Patch from openbsd@academicsolutions.ch, ok djm@
1806
1807 OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b
1808
1809commit 345be6091bdc9be09c90a937d1320f97c01fab2a
1810Author: dtucker@openbsd.org <dtucker@openbsd.org>
1811Date: Fri Dec 20 02:11:38 2019 +0000
1812
1813 upstream: Remove now-obsolete config options from example in
1814
1815 comment. Patch from openbsd@academicsolutions.ch, ok djm@
1816
1817 OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101
1818
1819commit ae024b22c4fd68e7f39681d605585889f9511108
1820Author: naddy@openbsd.org <naddy@openbsd.org>
1821Date: Thu Dec 19 15:09:30 2019 +0000
1822
1823 upstream: Document that security key-hosted keys can act as host
1824
1825 keys.
1826
1827 Update the list of default host key algorithms in ssh_config.5 and
1828 sshd_config.5. Copy the description of the SecurityKeyProvider
1829 option to sshd_config.5.
1830
1831 ok jmc@
1832
1833 OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0
1834
1835commit bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f
1836Author: dtucker@openbsd.org <dtucker@openbsd.org>
1837Date: Thu Dec 19 03:50:01 2019 +0000
1838
1839 upstream: "Forward security" -> "Forward secrecy" since that's the
1840
1841 correct term. Add "MAC" since we use that acronym in other man pages. ok
1842 naddy@
1843
1844 OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5
1845
1846commit e905f7260d72bc0e33ef5f10a0db737ff6e77ba7
1847Author: naddy@openbsd.org <naddy@openbsd.org>
1848Date: Tue Dec 17 16:21:07 2019 +0000
1849
1850 upstream: cut obsolete lists of crypto algorithms from outline of
1851
1852 how SSH works ok markus@ jmc@
1853
1854 OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160
1855
1856commit f65cf1163ff01531ae02f3f9210391d0d692f699
1857Author: tobhe@openbsd.org <tobhe@openbsd.org>
1858Date: Mon Dec 16 13:58:53 2019 +0000
1859
1860 upstream: strdup may return NULL if memory allocation fails. Use
1861
1862 the safer xstrdup which fatals on allocation failures.
1863
1864 ok markus@
1865
1866 OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
1867
1868commit 57634bfc5708477826c0be265ddc59b9d83e4886
1869Author: djm@openbsd.org <djm@openbsd.org>
1870Date: Mon Dec 16 03:16:58 2019 +0000
1871
1872 upstream: sort sk-* methods behind their plain key methods cousins
1873
1874 for now
1875
1876 OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828
1877
1878commit b8df8fe920e697edcc69c520390b78c3b7ad9d84
1879Author: Darren Tucker <dtucker@dtucker.net>
1880Date: Tue Dec 17 19:46:15 2019 +1100
1881
1882 Mac OS X has PAM too.
1883
1884commit bf8de8b8251af69b5ce96a8faa69145af156af4d
1885Author: Darren Tucker <dtucker@dtucker.net>
1886Date: Tue Dec 17 19:37:06 2019 +1100
1887
1888 Show portable tarball pattern in example.
1889
1890commit a19ef613e98141cc37c8acdeebe285b9dbe2531e
1891Author: Darren Tucker <dtucker@dtucker.net>
1892Date: Tue Dec 17 19:35:59 2019 +1100
1893
1894 OpenSSL is now optional.
1895
1896commit 1a7217ac063e48cf0082895aeee81ed2b8a57191
1897Author: djm@openbsd.org <djm@openbsd.org>
1898Date: Sun Dec 15 18:58:33 2019 +0000
1899
1900 upstream: adapt to ssh-sk-client change
1901
1902 OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
1903
1904commit a7fc1df246e80bfdabd09b069b91c72f9c578ca8
1905Author: djm@openbsd.org <djm@openbsd.org>
1906Date: Wed Dec 11 18:47:14 2019 +0000
1907
1908 upstream: it's no longer possible to disable privilege separation
1909
1910 in sshd, so don't double the tests' work by trying both off/on
1911
1912 OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
1913
1914commit 3145d38ea06820a66c0f5e068f49af14fd2b7ac1
1915Author: djm@openbsd.org <djm@openbsd.org>
1916Date: Sun Dec 15 20:59:23 2019 +0000
1917
1918 upstream: don't treat HostKeyAgent=none as a path either; avoids
1919
1920 spurious warnings from the cfgparse regress test
1921
1922 OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
1923
1924commit 747e25192f436e71dd39e15d65aa32bca967533a
1925Author: djm@openbsd.org <djm@openbsd.org>
1926Date: Sun Dec 15 20:57:15 2019 +0000
1927
1928 upstream: do not attempt to find an absolute path for sshd_config
1929
1930 SecurityKeyProvider=internal - unbreaks cfgparse regress test
1931
1932 OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
1933
1934commit 9b6e30b96b094ad787511a5b989253e3b8fe1789
1935Author: djm@openbsd.org <djm@openbsd.org>
1936Date: Sun Dec 15 19:47:10 2019 +0000
1937
1938 upstream: allow ssh-keyscan to find security key hostkeys
1939
1940 OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
1941
1942commit 56584cce75f3d20aaa30befc7cbd331d922927f3
1943Author: djm@openbsd.org <djm@openbsd.org>
1944Date: Sun Dec 15 18:57:30 2019 +0000
1945
1946 upstream: allow security keys to act as host keys as well as user
1947
1948 keys.
1949
1950 Previously we didn't do this because we didn't want to expose
1951 the attack surface presented by USB and FIDO protocol handling,
1952 but now that this is insulated behind ssh-sk-helper there is
1953 less risk.
1954
1955 ok markus@
1956
1957 OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
1958
1959commit 5af6fd5461bb709304e6979c8b7856c7af921c9e
1960Author: Darren Tucker <dtucker@dtucker.net>
1961Date: Mon Dec 16 13:55:56 2019 +1100
1962
1963 Allow clock_nanosleep_time64 in seccomp sandbox.
1964
1965 Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
1966
1967commit fff8ff6dd580e1a72ba09a6775d185175cdc8d13
1968Author: Darren Tucker <dtucker@dtucker.net>
1969Date: Sun Dec 15 18:27:02 2019 +1100
1970
1971 Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.
1972
1973 Fixes build when linking against OpenSSLs built with no-ec.
1974
1975commit 9244990ecdcfa36bb9371058111685b05f201c1e
1976Author: Damien Miller <djm@mindrot.org>
1977Date: Sat Dec 14 09:21:46 2019 +1100
1978
1979 remove a bunch of ENABLE_SK #ifdefs
1980
1981 The ssh-sk-helper client API gives us a nice place to disable
1982 security key support when it is wasn't enabled at compile time,
1983 so we don't need to check everywere.
1984
1985 Also, verification of security key signatures can remain enabled
1986 all the time - it has no additional dependencies. So sshd can
1987 accept security key pubkeys in authorized_keys, etc regardless of
1988 the host's support for dlopen, etc.
1989
1990commit a33ab1688b5c460a7e2a301418241ce1b13b2638
1991Author: Damien Miller <djm@mindrot.org>
1992Date: Sat Dec 14 09:15:06 2019 +1100
1993
1994 ssh-sk-client.c needs includes.h
1995
1996commit 633778d567ad50b63d2a3bca5e1b97d279d236d9
1997Author: Damien Miller <djm@mindrot.org>
1998Date: Sat Dec 14 08:40:33 2019 +1100
1999
2000 only link ssh-sk-helper against libfido2
2001
2002commit 7b47b40b170db4d6f41da0479575f6d99dd7228a
2003Author: Damien Miller <djm@mindrot.org>
2004Date: Sat Dec 14 08:20:52 2019 +1100
2005
2006 adapt Makefile to ssh-sk-client everywhere
2007
2008commit f45f3a8a12e2bee601046b916e6c5cd6eae08048
2009Author: Damien Miller <djm@mindrot.org>
2010Date: Sat Dec 14 07:53:11 2019 +1100
2011
2012 fixup
2013
2014commit d21434766764d5babf99fc3937c19b625c0f6334
2015Author: djm@openbsd.org <djm@openbsd.org>
2016Date: Fri Dec 13 20:16:56 2019 +0000
2017
2018 upstream: actually commit the ssh-sk-helper client code; ok markus
2019
2020 OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589
2021
2022commit 611073fb40ecaf4ac65094e403edea3a08deb700
2023Author: djm@openbsd.org <djm@openbsd.org>
2024Date: Fri Dec 13 19:11:14 2019 +0000
2025
2026 upstream: perform security key enrollment via ssh-sk-helper too.
2027
2028 This means that ssh-keygen no longer needs to link against ssh-sk-helper, and
2029 only ssh-sk-helper needs libfido2 and /dev/uhid* access;
2030
2031 feedback & ok markus@
2032
2033 OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
2034
2035commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423
2036Author: djm@openbsd.org <djm@openbsd.org>
2037Date: Fri Dec 13 19:09:37 2019 +0000
2038
2039 upstream: allow sshbuf_put_stringb(buf, NULL); ok markus@
2040
2041 OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd
2042
2043commit b52ec0ba3983859514aa7b57d6100fa9759fe696
2044Author: djm@openbsd.org <djm@openbsd.org>
2045Date: Fri Dec 13 19:09:10 2019 +0000
2046
2047 upstream: use ssh-sk-helper for all security key signing operations
2048
2049 This extracts and refactors the client interface for ssh-sk-helper
2050 from ssh-agent and generalises it for use by the other programs.
2051 This means that most OpenSSH tools no longer need to link against
2052 libfido2 or directly interact with /dev/uhid*
2053
2054 requested by, feedback and ok markus@
2055
2056 OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
2057
2058commit c33d46868c3d88e04a92610cdb429094aeeb5847
2059Author: djm@openbsd.org <djm@openbsd.org>
2060Date: Wed Dec 11 22:19:47 2019 +0000
2061
2062 upstream: add a note about the 'extensions' field in the signed
2063
2064 object
2065
2066 OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b
2067
2068commit a62f4e1960691f3aeb1f972e009788b29e2ae464
2069Author: djm@openbsd.org <djm@openbsd.org>
2070Date: Tue Dec 10 23:37:31 2019 +0000
2071
2072 upstream: some more corrections for documentation problems spotted
2073
2074 by Ron Frederick
2075
2076 document certifiate private key format
2077 correct flags type for sk-ssh-ed25519@openssh.com keys
2078
2079 OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74
2080
2081commit 22d4beb79622fc82d7111ac941269861fc7aef8d
2082Author: djm@openbsd.org <djm@openbsd.org>
2083Date: Tue Dec 10 23:21:56 2019 +0000
2084
2085 upstream: loading security keys into ssh-agent used the extension
2086
2087 constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron
2088 Frederick
2089
2090 OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d
2091
2092commit 75f7f22a43799f6d25dffd9d6683de1601da05a3
2093Author: djm@openbsd.org <djm@openbsd.org>
2094Date: Tue Dec 10 22:43:19 2019 +0000
2095
2096 upstream: add security key types to list of keys allowed to act as
2097
2098 CAs; spotted by Ron Frederick
2099
2100 OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3
2101
2102commit 516605f2d596884cedc2beed6b262716ec76f63d
2103Author: djm@openbsd.org <djm@openbsd.org>
2104Date: Tue Dec 10 22:37:20 2019 +0000
2105
2106 upstream: when acting as a CA and using a security key as the CA
2107
2108 key, remind the user to touch they key to authorise the signature.
2109
2110 OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1
2111
2112commit c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2
2113Author: djm@openbsd.org <djm@openbsd.org>
2114Date: Tue Dec 10 22:36:08 2019 +0000
2115
2116 upstream: chop some unnecessary and confusing verbiage from the
2117
2118 security key protocol description; feedback from Ron Frederick
2119
2120 OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42
2121
2122commit 59175a350fe1091af7528b2971e3273aa7ca7295
2123Author: djm@openbsd.org <djm@openbsd.org>
2124Date: Fri Dec 6 03:06:08 2019 +0000
2125
2126 upstream: fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set
2127
2128 when asking passphrases, only when confirming the use of a key (i.e. for
2129 ssh-agent keys added with "ssh-add -c keyfile")
2130
2131 OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89
2132
2133commit 36eaa356d391a23a2d4e3a8aaa0223abc70b9822
2134Author: djm@openbsd.org <djm@openbsd.org>
2135Date: Fri Dec 6 02:55:21 2019 +0000
2136
2137 upstream: bring the __func__
2138
2139 OpenBSD-Commit-ID: 71a3a45b0fe1b8f680ff95cf264aa81f7abbff67
2140
2141commit 483cc723d1ff3b7fdafc6239348040a608ebc78d
2142Author: jmc@openbsd.org <jmc@openbsd.org>
2143Date: Sat Nov 30 07:07:59 2019 +0000
2144
2145 upstream: tweak the Nd lines for a bit of consistency; ok markus
2146
2147 OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
2148
2149commit afffd310360b155df2133d1f5f1ab2f4e939b570
2150Author: Darren Tucker <dtucker@dtucker.net>
2151Date: Wed Dec 11 13:22:06 2019 +1100
2152
2153 Check if memmem is declared in system headers.
2154
2155 If the system (or one of the dependencies) implements memmem but does
2156 not define the header, we would not declare it either resulting in
2157 compiler warnings. Check for declaration explicitly. bz#3102.
2158
2159commit ad8cd420797695f3b580aea1034b9de60bede9b9
2160Author: Darren Tucker <dtucker@dtucker.net>
2161Date: Wed Dec 11 13:12:01 2019 +1100
2162
2163 Sort depends.
2164
2165commit 5e3abff39e01817f6866494416f2ada25c316018
2166Author: Darren Tucker <dtucker@dtucker.net>
2167Date: Wed Dec 11 13:09:34 2019 +1100
2168
2169 Sort .depend when rebuilding.
2170
2171 This makes diffs more stable between makedepend implementations.
2172
2173commit 5df9d1f5c0943367d9b68435f4c82224ce11a73f
2174Author: Darren Tucker <dtucker@dtucker.net>
2175Date: Wed Dec 11 13:06:43 2019 +1100
2176
2177 Update depend to include sk files.
2178
2179commit 9a967c5bbfca35835165f7d8a6165009f5b21872
2180Author: Darren Tucker <dtucker@dtucker.net>
2181Date: Mon Dec 9 20:25:26 2019 +1100
2182
2183 Describe how to build libcrypto as PIC.
2184
2185 While there, move the OpenSSL 1.1.0g caveat closer to the other version
2186 information.
2187
2188commit b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686
2189Author: Darren Tucker <dtucker@dtucker.net>
2190Date: Mon Dec 9 17:23:22 2019 +1100
2191
2192 Recommend running LibreSSL or OpenSSL self-tests.
2193
2194commit fa7924008e838cded7e8a561356ffe5e06e0ed64
2195Author: Darren Tucker <dtucker@dtucker.net>
2196Date: Fri Dec 6 14:17:26 2019 +1100
2197
2198 Wrap ECC specific bits in ifdef.
2199
2200 Fixes tests when built against an OpenSSL configured with no-ec.
2201
2202commit 2ff822eabd7d4461743f22d3b9ba35ab76069df5
2203Author: Darren Tucker <dtucker@dtucker.net>
2204Date: Fri Nov 29 20:21:36 2019 +1100
2205
2206 Wrap sha2.h include in ifdef.
2207
2208 Fixes build --without-openssl on at least Fedora.
2209
2210commit 443848155ffcda65a6077aac118c861b503a093f
2211Author: Damien Miller <djm@mindrot.org>
2212Date: Fri Nov 29 15:10:21 2019 +1100
2213
2214 compile sk-dummy.so with no-PIE version of LDFLAGS
2215
2216 This lets it pick up the -L path to libcrypto for example.
2217
2218commit 37f5b5346e4cc6a894245aa89d2930649bb7045b
2219Author: Damien Miller <djm@mindrot.org>
2220Date: Fri Nov 29 14:48:46 2019 +1100
2221
2222 includes.h for sk-dummy.c, dummy
2223
2224commit b218055e59a7c1a1816f7a55ca18e3f3c05d63a4
2225Author: Damien Miller <djm@mindrot.org>
2226Date: Fri Nov 29 12:32:23 2019 +1100
2227
2228 (yet) another x-platform fix for sk-dummy.so
2229
2230 Check for -fPIC support from compiler
2231
2232 Compile libopenbsd-compat -fPIC
2233
2234 Don't mix -fPIE and -fPIC when compiling
2235
2236commit 0dedb703adcd98d0dbc4479f5f312a2bd3df2850
2237Author: Damien Miller <djm@mindrot.org>
2238Date: Fri Nov 29 11:53:57 2019 +1100
2239
2240 needs includes.h for WITH_OPENSSL
2241
2242commit ef3853bb94c2c72e7eda0de6cec0bcb1da62058f
2243Author: Damien Miller <djm@mindrot.org>
2244Date: Fri Nov 29 11:52:23 2019 +1100
2245
2246 another attempt at sk-dummy.so working x-platform
2247
2248 include a fatal() implementation to satisfy libopenbsd-compat
2249
2250 clean up .lo and .so files
2251
2252 .gitignore .lo and .so files
2253
2254commit d46ac56f1cbd5a855a2d5e7309f90d383dcf6431
2255Author: djm@openbsd.org <djm@openbsd.org>
2256Date: Fri Nov 29 00:13:29 2019 +0000
2257
2258 upstream: lots of dependencies go away here with ed25519 no longer
2259
2260 needing the ssh_digest API.
2261
2262 OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49
2263
2264commit 7404b81f25a4a7847380c0f0cf7f1bea5f0a5cd3
2265Author: djm@openbsd.org <djm@openbsd.org>
2266Date: Fri Nov 29 00:11:21 2019 +0000
2267
2268 upstream: perform hashing directly in crypto_hash_sha512() using
2269
2270 libcrypto or libc SHA512 functions rather than calling ssh_digest_memory();
2271 avoids many dependencies on ssh code that complicate standalone use of
2272 ed25519, as we want to do in sk-dummy.so
2273
2274 OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d
2275
2276commit d39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3
2277Author: jmc@openbsd.org <jmc@openbsd.org>
2278Date: Thu Nov 28 12:24:31 2019 +0000
2279
2280 upstream: improve the text for -A a little; input from naddy and
2281
2282 djm
2283
2284 OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d
2285
2286commit 9a0e01bd0c61f553ead96b5af84abd73865847b8
2287Author: jmc@openbsd.org <jmc@openbsd.org>
2288Date: Thu Nov 28 12:23:25 2019 +0000
2289
2290 upstream: reshuffle the text to read better; input from naddy,
2291
2292 djmc, and dtucker
2293
2294 OpenBSD-Commit-ID: a0b2aca2b67614dda3d6618ea097bf0610c35013
2295
2296commit 5ca52c0f2e5e7f7d01d8d557b994b5c2087bed00
2297Author: Damien Miller <djm@mindrot.org>
2298Date: Thu Nov 28 18:09:07 2019 +1100
2299
2300 $< doesn't work as` I thought; explicily list objs
2301
2302commit 18e84bfdc5906a73405c3b42d7f840013bbffe34
2303Author: djm@openbsd.org <djm@openbsd.org>
2304Date: Thu Nov 28 05:20:54 2019 +0000
2305
2306 upstream: tweak wording
2307
2308 OpenBSD-Commit-ID: bd002ca1599b71331faca735ff5f6de29e32222e
2309
2310commit 8ef5bf9d03aa0f047711cff47f5ffbe3b33ff8c9
2311Author: Damien Miller <djm@mindrot.org>
2312Date: Thu Nov 28 13:12:30 2019 +1100
2313
2314 missing .SUFFIXES line makes make sad
2315
2316commit 323da82b8ea993b7f2c5793fd53b4f5ca105d19d
2317Author: Damien Miller <djm@mindrot.org>
2318Date: Thu Nov 28 09:53:42 2019 +1100
2319
2320 (hopefully) fix out of tree builds of sk-dummy.so
2321
2322commit d8b2838c5d19bf409d44ede4d32df8ee47aeb4cd
2323Author: djm@openbsd.org <djm@openbsd.org>
2324Date: Wed Nov 27 22:32:11 2019 +0000
2325
2326 upstream: remove stray semicolon after closing brace of function;
2327
2328 from Michael Forney
2329
2330 OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7
2331
2332commit 6e1d1bbf5a3eca875005e0c87f341a0a03799809
2333Author: dtucker@openbsd.org <dtucker@openbsd.org>
2334Date: Wed Nov 27 05:38:43 2019 +0000
2335
2336 upstream: Revert previous commit. The channels code still uses int
2337
2338 in many places for channel ids so the INT_MAX check still makes sense.
2339
2340 OpenBSD-Commit-ID: 532e4b644791b826956c3c61d6ac6da39bac84bf
2341
2342commit 48989244658b9748b6801034ff4ffbdfc6b1520f
2343Author: Damien Miller <djm@mindrot.org>
2344Date: Wed Nov 27 16:03:12 2019 +1100
2345
2346 wire sk-dummy.so into test suite
2347
2348commit f79364bacaebde4f1c260318ab460fceacace02f
2349Author: djm@openbsd.org <djm@openbsd.org>
2350Date: Wed Nov 27 05:00:17 2019 +0000
2351
2352 upstream: use error()+_exit() instead of fatal() to avoid running
2353
2354 cleanup handlers in child process; spotted via weird regress failures in
2355 portable
2356
2357 OpenBSD-Commit-ID: 6902a9bb3987c7d347774444f7979b8a9ba7f412
2358
2359commit 70ec5e5e2681bcd409a9df94a2fec6f57a750945
2360Author: dtucker@openbsd.org <dtucker@openbsd.org>
2361Date: Wed Nov 27 03:34:04 2019 +0000
2362
2363 upstream: Make channel_id u_int32_t and remove unnecessary check
2364
2365 and cast that were left over from the type conversion. Noted by
2366 t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@
2367
2368 OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5
2369
2370commit ad44ca81bea83657d558aaef5a1d789a9032bac3
2371Author: djm@openbsd.org <djm@openbsd.org>
2372Date: Tue Nov 26 23:43:10 2019 +0000
2373
2374 upstream: test FIDO2/U2F key types; ok markus@
2375
2376 OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474
2377
2378commit c6efa8a91af1d4fdb43909a23a0a4ffa012155ad
2379Author: djm@openbsd.org <djm@openbsd.org>
2380Date: Tue Nov 26 23:41:23 2019 +0000
2381
2382 upstream: add dummy security key middleware based on work by
2383
2384 markus@
2385
2386 This will allow us to test U2F/FIDO2 support in OpenSSH without
2387 requiring real hardware.
2388
2389 ok markus@
2390
2391 OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
2392
2393commit 8635afa1cdc21366d61730d943f3cf61861899c8
2394Author: jmc@openbsd.org <jmc@openbsd.org>
2395Date: Tue Nov 26 22:42:26 2019 +0000
2396
2397 upstream: tweak previous;
2398
2399 OpenBSD-Commit-ID: a4c097364c75da320f1b291568db830fb1ee4883
2400
2401commit e0d38ae9bc8c0de421605b9021d8144e4d8ff22b
2402Author: djm@openbsd.org <djm@openbsd.org>
2403Date: Tue Nov 26 03:04:27 2019 +0000
2404
2405 upstream: more debugging; behind DEBUG_SK
2406
2407 OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
2408
2409commit 9281d4311b8abc63b88259f354944c53f9b0b3c7
2410Author: Damien Miller <djm@mindrot.org>
2411Date: Mon Nov 25 21:47:49 2019 +1100
2412
2413 unbreak fuzzers for recent security key changes
2414
2415commit c5f1cc993597fed0a9013743556b1567f476c677
2416Author: djm@openbsd.org <djm@openbsd.org>
2417Date: Mon Nov 25 10:32:35 2019 +0000
2418
2419 upstream: unbreak tests for recent security key changes
2420
2421 OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95
2422
2423commit 64988266820cc90a45a21672be9d762cbde8d34d
2424Author: djm@openbsd.org <djm@openbsd.org>
2425Date: Mon Nov 25 06:53:04 2019 +0000
2426
2427 upstream: unbreak after security key support landed
2428
2429 OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba
2430
2431commit e65e25c81e22ea622e89a142a303726a3882384f
2432Author: tb@openbsd.org <tb@openbsd.org>
2433Date: Thu Nov 21 05:18:47 2019 +0000
2434
2435 upstream: Remove workaround for broken 'openssl rsa -text' output
2436
2437 that was fixed in libcrypto/rsa/rsa_ameth.c r1.24.
2438
2439 ok dtucker inoguchi
2440
2441 OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f
2442
2443commit 21377ec2a9378579ba4b44a681af7bbca77581f4
2444Author: djm@openbsd.org <djm@openbsd.org>
2445Date: Mon Nov 25 10:23:36 2019 +0000
2446
2447 upstream: redundant test
2448
2449 OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3
2450
2451commit 664deef95a2e770812533439b8bdd3f3c291ae59
2452Author: djm@openbsd.org <djm@openbsd.org>
2453Date: Mon Nov 25 00:57:51 2019 +0000
2454
2455 upstream: document the "no-touch-required" certificate extension;
2456
2457 ok markus, feedback deraadt
2458
2459 OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d
2460
2461commit 26cb128b31efdd5395153f4943f5be3eddc07033
2462Author: djm@openbsd.org <djm@openbsd.org>
2463Date: Mon Nov 25 00:57:27 2019 +0000
2464
2465 upstream: Print a key touch reminder when generating a security
2466
2467 key. Most keys require a touch to authorize the operation.
2468
2469 OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68
2470
2471commit daeaf4136927c2a82af1399022103d67ff03f74a
2472Author: djm@openbsd.org <djm@openbsd.org>
2473Date: Mon Nov 25 00:55:58 2019 +0000
2474
2475 upstream: allow "ssh-keygen -x no-touch-required" when generating a
2476
2477 security key keypair to request one that does not require a touch for each
2478 authentication attempt. The default remains to require touch.
2479
2480 feedback deraadt; ok markus@
2481
2482 OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd
2483
2484commit 2e71263b80fec7ad977e098004fef7d122169d40
2485Author: djm@openbsd.org <djm@openbsd.org>
2486Date: Mon Nov 25 00:54:23 2019 +0000
2487
2488 upstream: add a "no-touch-required" option for authorized_keys and
2489
2490 a similar extension for certificates. This option disables the default
2491 requirement that security key signatures attest that the user touched their
2492 key to authorize them.
2493
2494 feedback deraadt, ok markus
2495
2496 OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
2497
2498commit 0fddf2967ac51d518e300408a0d7e6adf4cd2634
2499Author: djm@openbsd.org <djm@openbsd.org>
2500Date: Mon Nov 25 00:52:46 2019 +0000
2501
2502 upstream: Add a sshd_config PubkeyAuthOptions directive
2503
2504 This directive has a single valid option "no-touch-required" that
2505 causes sshd to skip checking whether user presence was tested before
2506 a security key signature was made (usually by the user touching the
2507 key).
2508
2509 ok markus@
2510
2511 OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
2512
2513commit b7e74ea072919b31391bc0f5ff653f80b9f5e84f
2514Author: djm@openbsd.org <djm@openbsd.org>
2515Date: Mon Nov 25 00:51:37 2019 +0000
2516
2517 upstream: Add new structure for signature options
2518
2519 This is populated during signature verification with additional fields
2520 that are present in and covered by the signature. At the moment, it is
2521 only used to record security key-specific options, especially the flags
2522 field.
2523
2524 with and ok markus@
2525
2526 OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2527
2528commit d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3
2529Author: djm@openbsd.org <djm@openbsd.org>
2530Date: Mon Nov 25 00:38:17 2019 +0000
2531
2532 upstream: memleak in error path
2533
2534 OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
2535
2536commit e2c0a21ade5e0bd7f0aab08d7eb9457f086681e9
2537Author: dtucker@openbsd.org <dtucker@openbsd.org>
2538Date: Fri Nov 22 06:50:30 2019 +0000
2539
2540 upstream: Wait for FD to be readable or writeable during a nonblocking
2541
2542 connect, not just readable. Prevents a timeout when the server doesn't
2543 immediately send a banner (eg multiplexers like sslh) but is also slightly
2544 quicker for other connections since, unlike ssh1, ssh2 doesn't specify
2545 that the client should parse the server banner before sending its own.
2546 Patch from mnissler@chromium.org, ok djm@
2547
2548 OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
2549
2550commit 2f95d43dc222ce194622b706682e8de07c9cfb42
2551Author: Darren Tucker <dtucker@dtucker.net>
2552Date: Wed Nov 20 16:34:11 2019 +1100
2553
2554 Include openssl compat header.
2555
2556 Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
2557
2558commit a70d92f236576c032a45c39e68ca0d71e958d19d
2559Author: djm@openbsd.org <djm@openbsd.org>
2560Date: Tue Nov 19 22:23:19 2019 +0000
2561
2562 upstream: adjust on-wire signature encoding for ecdsa-sk keys to
2563
2564 better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
2565
2566 NB. if you are depending on security keys (already?) then make sure you
2567 update both your clients and servers.
2568
2569 OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
2570
2571commit 26369a5f7d9c4e4ef44a3e04910126e1bcea43d8
2572Author: djm@openbsd.org <djm@openbsd.org>
2573Date: Tue Nov 19 22:21:15 2019 +0000
2574
2575 upstream: a little more information from the monitor when signature
2576
2577 verification fails.
2578
2579 OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
2580
2581commit 4402d6c9b5bf128dcfae2429f1d41cdaa8849b6b
2582Author: jmc@openbsd.org <jmc@openbsd.org>
2583Date: Tue Nov 19 16:02:32 2019 +0000
2584
2585 upstream: revert previous: naddy pointed out what's meant to
2586
2587 happen. rethink needed...
2588
2589 OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
2590
2591commit 88056f881315233e990e4e04a815f8f96b4674e1
2592Author: jmc@openbsd.org <jmc@openbsd.org>
2593Date: Tue Nov 19 14:54:47 2019 +0000
2594
2595 upstream: -c and -s do not make sense with -k; reshuffle -k into
2596
2597 the main synopsis/usage; ok djm
2598
2599 OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc
2600
2601commit 2cf262c21f35296c2ff718cfdb52e0473a1c3983
2602Author: naddy@openbsd.org <naddy@openbsd.org>
2603Date: Mon Nov 18 23:17:48 2019 +0000
2604
2605 upstream: document '$' environment variable expansion for
2606
2607 SecurityKeyProvider; ok djm@
2608
2609 OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799
2610
2611commit f0edda81c5ebccffcce52b182c3033531a1aab71
2612Author: naddy@openbsd.org <naddy@openbsd.org>
2613Date: Mon Nov 18 23:16:49 2019 +0000
2614
2615 upstream: more missing mentions of ed25519-sk; ok djm@
2616
2617 OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
2618
2619commit 189550f5bc85148e85f4caa1f6b2fc623149a4ee
2620Author: naddy@openbsd.org <naddy@openbsd.org>
2621Date: Mon Nov 18 16:10:05 2019 +0000
2622
2623 upstream: additional missing stdarg.h includes when built without
2624
2625 WITH_OPENSSL; ok djm@
2626
2627 OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
2628
2629commit 723a5369864b338c48d22854bc2bb4ee5c083deb
2630Author: naddy@openbsd.org <naddy@openbsd.org>
2631Date: Mon Nov 18 16:08:57 2019 +0000
2632
2633 upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
2634
2635 addition; ok djm@
2636
2637 OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474
2638
2639commit 478f4f98e4e93ae4ed1a8911dec4e5b75ea10f30
2640Author: Damien Miller <djm@mindrot.org>
2641Date: Tue Nov 19 08:52:24 2019 +1100
2642
2643 remove all EC algs from proposals, no just sk ones
2644
2645 ok dtucker@
2646
2647commit 6a7ef310da100f876a257b7367e3b0766dac3994
2648Author: Damien Miller <djm@mindrot.org>
2649Date: Mon Nov 18 22:22:04 2019 +1100
2650
2651 filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms
2652
2653 Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when
2654 compiling without ECC support in libcrypto.
2655
2656commit 64f56f1d1af3947a71a4c391f2c08747d19ee591
2657Author: dtucker@openbsd.org <dtucker@openbsd.org>
2658Date: Mon Nov 18 09:15:17 2019 +0000
2659
2660 upstream: LibreSSL change the format for openssl rsa -text output from
2661
2662 "publicExponent" to "Exponent" so accept either. with djm.
2663
2664 OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
2665
2666commit 4bfc0503ad94a2a7190686a89649567c20b8534f
2667Author: djm@openbsd.org <djm@openbsd.org>
2668Date: Mon Nov 18 06:58:00 2019 +0000
2669
2670 upstream: fix a bug that prevented serialisation of ed25519-sk keys
2671
2672 OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9
2673
2674commit d88205417084f523107fbe1bc92061635cd57fd2
2675Author: djm@openbsd.org <djm@openbsd.org>
2676Date: Mon Nov 18 06:39:36 2019 +0000
2677
2678 upstream: Fix incorrect error message when key certification fails
2679
2680 OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee
2681
2682commit 740c4bc9875cbb4b9fc03fd5eac19df080f20df5
2683Author: djm@openbsd.org <djm@openbsd.org>
2684Date: Mon Nov 18 06:39:02 2019 +0000
2685
2686 upstream: fix bug that prevented certification of ed25519-sk keys
2687
2688 OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996
2689
2690commit 85409cbb505d8c463ab6e2284b4039764c7243de
2691Author: djm@openbsd.org <djm@openbsd.org>
2692Date: Mon Nov 18 06:24:17 2019 +0000
2693
2694 upstream: allow *-sk key types to be turned into certificates
2695
2696 OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945
2697
2698commit e2e1283404e06a22ac6135d057199e70dcadb8dd
2699Author: djm@openbsd.org <djm@openbsd.org>
2700Date: Mon Nov 18 04:55:02 2019 +0000
2701
2702 upstream: mention ed25519-sk key/cert types here too; prompted by
2703
2704 jmc@
2705
2706 OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818
2707
2708commit 97dc5d1d82865a7d20f1eb193b5c62ce684024e5
2709Author: djm@openbsd.org <djm@openbsd.org>
2710Date: Mon Nov 18 04:50:45 2019 +0000
2711
2712 upstream: mention ed25519-sk in places where it is accepted;
2713
2714 prompted by jmc@
2715
2716 OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442
2717
2718commit 130664344862a8c7afd3e24d8d36ce40af41a99f
2719Author: djm@openbsd.org <djm@openbsd.org>
2720Date: Mon Nov 18 04:34:47 2019 +0000
2721
2722 upstream: document ed25519-sk pubkey, private key and certificate
2723
2724 formats
2725
2726 OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88
2727
2728commit 71856e1142fc01628ce53098f8cfc74765464b35
2729Author: djm@openbsd.org <djm@openbsd.org>
2730Date: Mon Nov 18 04:29:50 2019 +0000
2731
2732 upstream: correct order or ecdsa-sk private key fields
2733
2734 OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e
2735
2736commit 93fa2a6649ae3e0626cbff25c985a4573d63e3f2
2737Author: djm@openbsd.org <djm@openbsd.org>
2738Date: Mon Nov 18 04:16:53 2019 +0000
2739
2740 upstream: correct description of fields in pub/private keys (was
2741
2742 missing curve name); spotted by Sebastian Kinne
2743
2744 OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7
2745
2746commit b497e920b409250309c4abe64229237b8f2730ba
2747Author: Damien Miller <djm@mindrot.org>
2748Date: Mon Nov 18 15:05:04 2019 +1100
2749
2750 Teach the GTK2/3 ssh-askpass the new prompt hints
2751
2752 ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT
2753 when running the askpass program. This is intended to allow the
2754 askpass to vary its UI across the three cases it supports: asking for
2755 a passphrase, confirming the use of a key and (recently) reminding
2756 a user to touch their security key.
2757
2758 This adapts the gnome-ssh-askpass[23] to use these hints. Specifically,
2759 for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show
2760 only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind
2761 users to tap their security key), it shows only a "close" button.
2762
2763 Help wanted: adapt the other askpass programs in active use, including
2764 x11-ssh-askpass, lxqt-openssh-askpass, etc.
2765
2766commit 857f49e91eeae6feb781ef5f5e26c38ca3d953ec
2767Author: Darren Tucker <dtucker@dtucker.net>
2768Date: Mon Nov 18 14:15:26 2019 +1100
2769
2770 Move ifdef OPENSSL_HAS_ECC.
2771
2772 Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef.
2773 ok djm@
2774
2775commit 6cf1c40096a79e5eedcf897c7cdb46bb32d4a3ee
2776Author: Darren Tucker <dtucker@dtucker.net>
2777Date: Mon Nov 18 14:14:18 2019 +1100
2778
2779 Enable -Wimplicit-fallthrough if supported
2780
2781 Suggested by djm.
2782
2783commit 103c51fd5f5ddc01cd6b5c1132e711765b921bf5
2784Author: djm@openbsd.org <djm@openbsd.org>
2785Date: Mon Nov 18 01:59:48 2019 +0000
2786
2787 upstream: missing break in getopt switch; spotted by Sebastian Kinne
2788
2789 OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc
2790
2791commit 9a1225e8ca2ce1fe809910874935302234399a6d
2792Author: djm@openbsd.org <djm@openbsd.org>
2793Date: Sat Nov 16 23:17:20 2019 +0000
2794
2795 upstream: tweak debug message
2796
2797 OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9
2798
2799commit 4103a3ec7c68493dbc4f0994a229507e943a86d3
2800Author: djm@openbsd.org <djm@openbsd.org>
2801Date: Sat Nov 16 22:42:30 2019 +0000
2802
2803 upstream: a little debug() in the security key interface
2804
2805 OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8
2806
2807commit 05daa211de926f66f50b7380d637f84dc6341574
2808Author: djm@openbsd.org <djm@openbsd.org>
2809Date: Sat Nov 16 22:36:48 2019 +0000
2810
2811 upstream: always use ssh-sk-helper, even for the internal USB HID
2812
2813 support. This avoid the need for a wpath pledge in ssh-agent.
2814
2815 reported by jmc@
2816
2817 OpenBSD-Commit-ID: 19f799c4d020b870741d221335dbfa5e76691c23
2818
2819commit d431778a561d90131814f986b646299f9af33c8c
2820Author: markus@openbsd.org <markus@openbsd.org>
2821Date: Fri Nov 15 15:41:01 2019 +0000
2822
2823 upstream: fix typos in sk_enroll
2824
2825 OpenBSD-Commit-ID: faa9bf779e008b3e64e2eb1344d9b7d83b3c4487
2826
2827commit af90aec0443ec51e6b2d804cb91771d3905f8a6f
2828Author: jmc@openbsd.org <jmc@openbsd.org>
2829Date: Fri Nov 15 11:16:28 2019 +0000
2830
2831 upstream: double word;
2832
2833 OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
2834
2835commit fd1a96490cef7f945a1b3b5df4e90c8a1070f425
2836Author: djm@openbsd.org <djm@openbsd.org>
2837Date: Fri Nov 15 06:00:20 2019 +0000
2838
2839 upstream: remove most uses of BN_CTX
2840
2841 We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
2842 we were using it didn't benefit from its use anyway. ok dtucker@
2843
2844 OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
2845
2846commit 39b87104cdd47baf79ef77dc81de62cea07d119f
2847Author: Darren Tucker <dtucker@dtucker.net>
2848Date: Fri Nov 15 18:56:54 2019 +1100
2849
2850 Add wrappers for other ultrix headers.
2851
2852 Wrappers protect against multiple inclusions for headers that don't do
2853 it themselves.
2854
2855commit 134a74f4e0cf750931f1125beb2a3f40c54c8809
2856Author: Darren Tucker <dtucker@dtucker.net>
2857Date: Fri Nov 15 18:55:13 2019 +1100
2858
2859 Add SSIZE_MAX when we define ssize_t.
2860
2861commit 9c6d0a3a1ed77989d8c5436d8c3cc6c7045c0197
2862Author: Darren Tucker <dtucker@dtucker.net>
2863Date: Fri Nov 15 17:13:19 2019 +1100
2864
2865 Remove ultrix realpath hack.
2866
2867commit c63fba5e3472307167850bbd84187186af7fa9f0
2868Author: djm@openbsd.org <djm@openbsd.org>
2869Date: Fri Nov 15 05:37:27 2019 +0000
2870
2871 upstream: unshield security key privkey before attempting signature
2872
2873 in agent. spotted by dtucker@
2874
2875 OpenBSD-Commit-ID: fb67d451665385b8a0a55371231c50aac67b91d2
2876
2877commit d165bb5396e3f718480e6039ca2cf77f5a2c2885
2878Author: deraadt@openbsd.org <deraadt@openbsd.org>
2879Date: Fri Nov 15 05:26:56 2019 +0000
2880
2881 upstream: rewrite c99-ism
2882
2883 OpenBSD-Commit-ID: d0c70cca29cfa7e6d9f7ec1d6d5dabea112499b3
2884
2885commit 03e06dd0e6e1c0a9f4b4b9de7def8a44dcbf93a7
2886Author: deraadt@openbsd.org <deraadt@openbsd.org>
2887Date: Fri Nov 15 05:25:52 2019 +0000
2888
2889 upstream: only clang understands those new -W options
2890
2891 OpenBSD-Commit-ID: d9b910e412d139141b072a905e66714870c38ac0
2892
2893commit 5c0bc273cba53f822b7d777bbb6c35d160d3b505
2894Author: Damien Miller <djm@mindrot.org>
2895Date: Fri Nov 15 16:08:00 2019 +1100
2896
2897 configure flag to built-in security key support
2898
2899 Require --with-security-key-builtin before enabling the built-in
2900 security key support (and consequent dependency on libfido2).
2901
2902commit fbcb9a7fa55300b8bd4c18bee024c6104c5a25d7
2903Author: Damien Miller <djm@mindrot.org>
2904Date: Fri Nov 15 16:06:30 2019 +1100
2905
2906 upstream commit
2907
2908 revision 1.48
2909 date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw;
2910 Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX.
2911 This requires a libc major version bump. OK deraadt@
2912
2913commit 2cfb11abac85885de0cb888bbeb9a3e4303105ea
2914Author: Damien Miller <djm@mindrot.org>
2915Date: Fri Nov 15 16:05:07 2019 +1100
2916
2917 upstream commit
2918
2919 revision 1.47
2920 date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE;
2921 Fix exponential CPU use with repeated '*' operators by changing '*'
2922 handling to be interative instead of recursive.
2923 Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@
2924
2925commit 228dd595c7882bb9b161dbb7d4dca15c8a5f03f5
2926Author: Damien Miller <djm@mindrot.org>
2927Date: Fri Nov 15 16:04:28 2019 +1100
2928
2929 upstream commit
2930
2931 revision 1.46
2932 date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1;
2933 Remove NULL-checks before free() and a few related dead assignments.
2934
2935 ok and valuable input from millert@
2936
2937commit a16f748690139b9f452485d97511ad5e578f59b2
2938Author: Damien Miller <djm@mindrot.org>
2939Date: Fri Nov 15 16:02:43 2019 +1100
2940
2941 upstream commit
2942
2943 revision 1.44
2944 date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l;
2945 remove null check before free. from Michael McConville
2946 ok semarie
2947
2948commit fd37cdeafe25adfcdc752280f535d28de7997ff1
2949Author: Damien Miller <djm@mindrot.org>
2950Date: Fri Nov 15 16:02:27 2019 +1100
2951
2952 upstream commit
2953
2954 revision 1.43
2955 date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ;
2956 in glob() initialize the glob_t before the first failure check.
2957 from j@pureftpd.org
2958 ok millert stsp
2959
2960commit fd62769c3882adea118dccaff80a06009874a2d1
2961Author: Damien Miller <djm@mindrot.org>
2962Date: Fri Nov 15 16:01:20 2019 +1100
2963
2964 upstream commit
2965
2966 revision 1.42
2967 date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ;
2968 Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
2969
2970commit 2b6cba7ee2b8b36f393be739c860a9d2e5d8eb48
2971Author: Damien Miller <djm@mindrot.org>
2972Date: Fri Nov 15 16:00:07 2019 +1100
2973
2974 upstream commit
2975
2976 revision 1.41
2977 date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2;
2978 obvious realloc -> reallocarray conversion
2979
2980commit ab3600665387ae34785498558c4409e27f495b0b
2981Author: djm@openbsd.org <djm@openbsd.org>
2982Date: Fri Nov 15 04:12:32 2019 +0000
2983
2984 upstream: don't consult dlopen whitelist for internal security key
2985
2986 provider; spotted by dtucker@
2987
2988 OpenBSD-Commit-ID: bfe5fbd17e4ff95dd85b9212181652b54444192e
2989
2990commit 19f8ec428db835f68c1cfd63587e9880ccd6486c
2991Author: Damien Miller <djm@mindrot.org>
2992Date: Fri Nov 15 15:08:28 2019 +1100
2993
2994 upstream commit
2995
2996 revision 1.40
2997 date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15;
2998 Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN,
2999 MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@
3000
3001commit bb7413db98e418d4af791244660abf6c829783f5
3002Author: Damien Miller <djm@mindrot.org>
3003Date: Fri Nov 15 15:07:30 2019 +1100
3004
3005 upstream commit
3006
3007 revision 1.39
3008 date: 2012/01/20 07:09:42; author: tedu; state: Exp; lines: +4 -4;
3009 the glob stat limit is way too low. bump to 2048.
3010 while here, failed stats should count against the limit too.
3011 ok deraadt sthen stsp
3012
3013commit 01362cf7cb979525c014714e2bccf799a46e772e
3014Author: djm@openbsd.org <djm@openbsd.org>
3015Date: Fri Nov 15 03:41:57 2019 +0000
3016
3017 upstream: U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when
3018
3019 probed to see if they own a key handle. Handle this case so the find_device()
3020 look can work for them. Reported by Michael Forney
3021
3022 OpenBSD-Commit-ID: 2ccd5b30a6ddfe4dba228b7159bf168601bd9166
3023
3024commit cf62307bc9758105913dcb91b418e4968ac2244d
3025Author: Darren Tucker <dtucker@dtucker.net>
3026Date: Fri Nov 15 14:01:00 2019 +1100
3027
3028 Add libfido2 to INSTALL.
3029
3030commit 69fbda1894349d1f420c842dfcbcc883239d1aa7
3031Author: Darren Tucker <dtucker@dtucker.net>
3032Date: Fri Nov 15 13:42:15 2019 +1100
3033
3034 libcrypto is now optional.
3035
3036commit 45ffa369886e37930776d7c15dd8b973242d6ecc
3037Author: djm@openbsd.org <djm@openbsd.org>
3038Date: Fri Nov 15 02:38:07 2019 +0000
3039
3040 upstream: show the "please touch your security key" notifier when
3041
3042 using the (default) build-in security key support.
3043
3044 OpenBSD-Commit-ID: 4707643aaa7124501d14e92d1364b20f312a6428
3045
3046commit 49dc9fa928d77807c53bdc2898db7fb515fe5eb3
3047Author: djm@openbsd.org <djm@openbsd.org>
3048Date: Fri Nov 15 02:37:24 2019 +0000
3049
3050 upstream: close the "touch your security key" notifier on the error
3051
3052 path too
3053
3054 OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829
3055
3056commit 22a82712e89bf17c27427aeba15795fb4011a0c2
3057Author: djm@openbsd.org <djm@openbsd.org>
3058Date: Fri Nov 15 02:20:06 2019 +0000
3059
3060 upstream: correct function name in debug message
3061
3062 OpenBSD-Commit-ID: 2482c99d2ce448f39282493050f8a01e3ffc39ab
3063
3064commit 018e2902a65c22faded215a7c588492c948f108c
3065Author: djm@openbsd.org <djm@openbsd.org>
3066Date: Fri Nov 15 00:32:40 2019 +0000
3067
3068 upstream: follow existing askpass logic for security key notifier:
3069
3070 fall back to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment
3071 variable is set.
3072
3073 OpenBSD-Commit-ID: cda753726b13fb797bf7a9f7a0b3022d9ade4520
3074
3075commit 575d0042a94997c1eeb86a6dcfb30b3c7bdbcba3
3076Author: djm@openbsd.org <djm@openbsd.org>
3077Date: Thu Nov 14 21:56:52 2019 +0000
3078
3079 upstream: remove debugging goop that snuck in to last commit
3080
3081 OpenBSD-Commit-ID: 8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e
3082
3083commit 63a5b24f2dbdc9a4bf2182ac3db26731ddc617e8
3084Author: Damien Miller <djm@mindrot.org>
3085Date: Fri Nov 15 11:21:26 2019 +1100
3086
3087 don't fatal if libfido2 not found
3088
3089 spotted by dtucker@
3090
3091commit 129952a81c00c332721b4ba3ede868c720ad7f4e
3092Author: Damien Miller <djm@mindrot.org>
3093Date: Fri Nov 15 11:17:12 2019 +1100
3094
3095 correct object dependency
3096
3097commit 6bff9521ab9a9f7396d635755c342b72373bb4f9
3098Author: djm@openbsd.org <djm@openbsd.org>
3099Date: Thu Nov 14 21:27:29 2019 +0000
3100
3101 upstream: directly support U2F/FIDO2 security keys in OpenSSH by
3102
3103 linking against the (previously external) USB HID middleware. The dlopen()
3104 capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
3105 and test/debugging.
3106
3107 OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
3108
3109commit 4f5e331cb8e11face3025aa6578662dde489c3ad
3110Author: markus@openbsd.org <markus@openbsd.org>
3111Date: Wed Nov 13 22:00:21 2019 +0000
3112
3113 upstream: in order to be able to figure out the number of
3114
3115 signatures left on a shielded key, we need to transfer the number of
3116 signatures left from the private to the public key. ok djm@
3117
3118 OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574
3119
3120commit dffd02e297e6c2a4e86775f293eb1b0ff01fb3df
3121Author: markus@openbsd.org <markus@openbsd.org>
3122Date: Wed Nov 13 20:25:45 2019 +0000
3123
3124 upstream: fix check for sig_s; noted by qsa at qualys.com
3125
3126 OpenBSD-Commit-ID: 34198084e4afb424a859f52c04bb2c9668a52867
3127
3128commit fc173aeb1526d4268db89ec5dfebaf8750dd26cd
3129Author: dtucker@openbsd.org <dtucker@openbsd.org>
3130Date: Wed Nov 13 11:25:11 2019 +0000
3131
3132 upstream: When clients get denied by MaxStartups, send a
3133
3134 noification prior to the SSH2 protocol banner according to RFC4253 section
3135 4.2. ok djm@ deraadt@ markus@
3136
3137 OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63
3138
3139commit bf219920b70cafbf29ebc9890ef67d0efa54e738
3140Author: markus@openbsd.org <markus@openbsd.org>
3141Date: Wed Nov 13 07:53:10 2019 +0000
3142
3143 upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
3144
3145 to delay the call to shield until we have received key specific options. -
3146 when serializing xmss keys for shield we need to deal with all optional
3147 components (e.g. state might not be loaded). ok djm@
3148
3149 OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
3150
3151commit 40598b85d72a509566b7b2a6d57676c7231fed34
3152Author: deraadt@openbsd.org <deraadt@openbsd.org>
3153Date: Wed Nov 13 05:42:26 2019 +0000
3154
3155 upstream: remove size_t gl_pathc < 0 test, it is invalid. the
3156
3157 return value from glob() is sufficient. discussed with djm
3158
3159 OpenBSD-Commit-ID: c91203322db9caaf7efaf5ae90c794a91070be3c
3160
3161commit 72687c8e7c38736e3e64e833ee7aa8f9cd9efed1
3162Author: deraadt@openbsd.org <deraadt@openbsd.org>
3163Date: Wed Nov 13 04:47:52 2019 +0000
3164
3165 upstream: stdarg.h required more broadly; ok djm
3166
3167 OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
3168
3169commit 1e0b248d47c96be944868a735553af8482300a07
3170Author: Darren Tucker <dtucker@dtucker.net>
3171Date: Thu Nov 14 16:08:17 2019 +1100
3172
3173 Put sshsk_sign call inside ifdef ENABLE_SK.
3174
3175 Fixes build against OpenSSL configured without ECC.
3176
3177commit 546274a6f89489d2e6be8a8b62f2bb63c87a61fd
3178Author: Darren Tucker <dtucker@dtucker.net>
3179Date: Wed Nov 13 23:27:31 2019 +1100
3180
3181 Remove duplicate __NR_clock_nanosleep
3182
3183commit b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56
3184Author: Darren Tucker <dtucker@dtucker.net>
3185Date: Wed Nov 13 23:19:35 2019 +1100
3186
3187 seccomp: Allow clock_nanosleep() in sandbox.
3188
3189 seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
3190 glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
3191
3192commit 2b523d23804c13cb68db135b919fcf312c42b580
3193Author: Darren Tucker <dtucker@dtucker.net>
3194Date: Wed Nov 13 11:56:56 2019 +1100
3195
3196 Include stdarg.h for va_list in xmalloc.h.
3197
3198commit 245dcbdca5374296bdb9c48be6e24bdf6b1c0af7
3199Author: Darren Tucker <dtucker@dtucker.net>
3200Date: Wed Nov 13 11:19:26 2019 +1100
3201
3202 Put headers inside ifdef _AIX.
3203
3204 Prevents compile errors due to missing definitions (eg va_list) on
3205 non-AIX platforms.
3206
3207commit a4cc579c6ad2b2e54bdd6cc0d5e12c2288113a56
3208Author: Darren Tucker <dtucker@dtucker.net>
3209Date: Wed Nov 13 10:41:41 2019 +1100
3210
3211 Fix comment in match_usergroup_pattern_list.
3212
3213 Spotted by balu.gajjala@gmail.com via bz#3092.
3214
3215commit fccff339cab5aa66f2554e0188b83f980683490b
3216Author: djm@openbsd.org <djm@openbsd.org>
3217Date: Tue Nov 12 22:38:19 2019 +0000
3218
3219 upstream: allow an empty attestation certificate returned by a
3220
3221 security key enrollment - these are possible for tokens that only offer self-
3222 attestation. This also needs support from the middleware.
3223
3224 ok markus@
3225
3226 OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
3227
3228commit e44bb61824e36d0d181a08489c16c378c486a974
3229Author: djm@openbsd.org <djm@openbsd.org>
3230Date: Tue Nov 12 22:36:44 2019 +0000
3231
3232 upstream: security keys typically need to be tapped/touched in
3233
3234 order to perform a signature operation. Notify the user when this is expected
3235 via the TTY (if available) or $SSH_ASKPASS if we can.
3236
3237 ok markus@
3238
3239 OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
3240
3241commit 4671211068441519011ac0e38c588317f4157ba1
3242Author: djm@openbsd.org <djm@openbsd.org>
3243Date: Tue Nov 12 22:35:02 2019 +0000
3244
3245 upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm too
3246
3247 OpenBSD-Commit-ID: 08d46712e5e5f1bad0aea68e7717b7bec1ab8959
3248
3249commit 5d1c1590d736694f41b03e686045f08fcae20d62
3250Author: djm@openbsd.org <djm@openbsd.org>
3251Date: Tue Nov 12 22:34:20 2019 +0000
3252
3253 upstream: dd API for performing one-shot notifications via tty or
3254
3255 SSH_ASKPASS
3256
3257 OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3
3258
3259commit 166927fd410823eec8a7b2472463db51e0e6fef5
3260Author: djm@openbsd.org <djm@openbsd.org>
3261Date: Tue Nov 12 22:32:48 2019 +0000
3262
3263 upstream: add xvasprintf()
3264
3265 OpenBSD-Commit-ID: e5e3671c05c121993b034db935bce1a7aa372247
3266
3267commit 782093ec6cf64cc6c4078410093359869ea9329f
3268Author: Darren Tucker <dtucker@dtucker.net>
3269Date: Wed Nov 13 09:08:55 2019 +1100
3270
3271 Remove leftover if statement from sync.
3272
3273commit b556cc3cbf0c43f073bb41bba4e92ca709a1ec13
3274Author: markus@openbsd.org <markus@openbsd.org>
3275Date: Tue Nov 12 19:34:40 2019 +0000
3276
3277 upstream: remove extra layer for ed25519 signature; ok djm@
3278
3279 OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47
3280
3281commit 3fcf69ace19e75cf9dcd7206f396adfcb29611a8
3282Author: markus@openbsd.org <markus@openbsd.org>
3283Date: Tue Nov 12 19:34:00 2019 +0000
3284
3285 upstream: check sig_r and sig_s for ssh-sk keys; ok djm
3286
3287 OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc
3288
3289commit 2c55744a56de0ffc81fe445a1e7fc5cd308712b3
3290Author: markus@openbsd.org <markus@openbsd.org>
3291Date: Tue Nov 12 19:33:08 2019 +0000
3292
3293 upstream: enable ed25519 support; ok djm
3294
3295 OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
3296
3297commit fd1a3b5e38721b1d69aae2d9de1a1d9155dfa5c7
3298Author: markus@openbsd.org <markus@openbsd.org>
3299Date: Tue Nov 12 19:32:30 2019 +0000
3300
3301 upstream: update sk-api to version 2 for ed25519 support; ok djm
3302
3303 OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a
3304
3305commit 7c32b51edbed5bd57870249c0a45dffd06be0002
3306Author: markus@openbsd.org <markus@openbsd.org>
3307Date: Tue Nov 12 19:31:45 2019 +0000
3308
3309 upstream: implement sshsk_ed25519_assemble(); ok djm
3310
3311 OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
3312
3313commit fe05a36dc0ea884c8c2395d53d804fe4f4202b26
3314Author: markus@openbsd.org <markus@openbsd.org>
3315Date: Tue Nov 12 19:31:18 2019 +0000
3316
3317 upstream: implement sshsk_ed25519_inner_sig(); ok djm
3318
3319 OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
3320
3321commit e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47
3322Author: markus@openbsd.org <markus@openbsd.org>
3323Date: Tue Nov 12 19:30:50 2019 +0000
3324
3325 upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
3326
3327 OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19
3328
3329commit bc7b5d6187de625c086b5f639b25bbad17bbabfc
3330Author: markus@openbsd.org <markus@openbsd.org>
3331Date: Tue Nov 12 19:30:21 2019 +0000
3332
3333 upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@
3334
3335 OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
3336
3337commit cef84a062db8cfeece26f067235dc440f6992c17
3338Author: markus@openbsd.org <markus@openbsd.org>
3339Date: Tue Nov 12 19:29:54 2019 +0000
3340
3341 upstream: factor out sshsk_ecdsa_assemble(); ok djm@
3342
3343 OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
3344
3345commit 7c096c456f33f3d2682736d4735cc10e790276e9
3346Author: markus@openbsd.org <markus@openbsd.org>
3347Date: Tue Nov 12 19:29:24 2019 +0000
3348
3349 upstream: implement ssh-ed25519-sk verification; ok djm@
3350
3351 OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
3352
3353commit ba5fb02bed1e556d0ce7b1740ae8a5f87b737491
3354Author: Damien Miller <djm@mindrot.org>
3355Date: Wed Nov 13 08:48:30 2019 +1100
3356
3357 ignore ssh-sk-helper
3358
3359commit 78c96498947f711141f493a40d202c482cc59438
3360Author: deraadt@openbsd.org <deraadt@openbsd.org>
3361Date: Mon Nov 11 19:53:37 2019 +0000
3362
3363 upstream: skip demanding -fstack-protector-all on hppa. we never
3364
3365 wrote a stack protector for reverse-stack architectures, and i don't think
3366 anyone else did either. a warning per compiled file is just annoying.
3367
3368 OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada
3369
3370commit aa1c9e37789f999979fe59df74ce5c8424861ac8
3371Author: djm@openbsd.org <djm@openbsd.org>
3372Date: Fri Nov 8 03:54:02 2019 +0000
3373
3374 upstream: duplicate 'x' character in getopt(3) optstring
3375
3376 OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7
3377
3378commit aa4c640dc362816d63584a16e786d5e314e24390
3379Author: naddy@openbsd.org <naddy@openbsd.org>
3380Date: Thu Nov 7 08:38:38 2019 +0000
3381
3382 upstream: Fill in missing man page bits for U2F security key support:
3383
3384 Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
3385 SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
3386 and ssh-keygen's new -w and -x options.
3387
3388 Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
3389 substitutions.
3390
3391 ok djm@
3392
3393 OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
3394
3395commit b236b27d6dada7f0542214003632b4e9b7aa1380
3396Author: Darren Tucker <dtucker@dtucker.net>
3397Date: Sun Nov 3 00:10:43 2019 +1100
3398
3399 Put sftp-realpath in libssh.a
3400
3401 and remove it from the specific binary targets.
3402
3403commit 382c18c20cdcec45b5d21ff25b4a5e0df91a68c4
3404Author: Darren Tucker <dtucker@dtucker.net>
3405Date: Sun Nov 3 00:09:21 2019 +1100
3406
3407 statfs might be defined in sys/mount.h.
3408
3409 eg on old NetBSDs.
3410
3411commit 03ffc0951c305c8e3b5fdc260d65312a57f8f7ea
3412Author: Darren Tucker <dtucker@dtucker.net>
3413Date: Sat Nov 2 23:25:01 2019 +1100
3414
3415 Put stdint.h inside ifdef HAVE_STDINT_H.
3416
3417commit 19cb64c4b42d4312ce12091fd9436dbd6898998c
3418Author: Darren Tucker <dtucker@dtucker.net>
3419Date: Sat Nov 2 22:45:44 2019 +1100
3420
3421 Rebuild .depend.
3422
3423commit 3611bfe89b92ada5914526d8ff0919aeb967cfa7
3424Author: Darren Tucker <dtucker@dtucker.net>
3425Date: Sat Nov 2 22:42:05 2019 +1100
3426
3427 Define __BSD_VISIBLE in fnmatch.h.
3428
3429 .. since we use symbols defined only when it is when using the compat
3430 fnmatch.
3431
3432commit f5cc5816aaddb8eca3cba193f53e99d6a0b37d05
3433Author: Darren Tucker <dtucker@dtucker.net>
3434Date: Sat Nov 2 16:39:38 2019 +1100
3435
3436 Only enable U2F if OpenSSL supports ECC.
3437
3438 This requires moving the U2F bits to below the OpenSSL parts so we have
3439 the required information. ok djm@
3440
3441commit ad38406fc95fa223b0ef2edf8ff50508f8ab1cb6
3442Author: naddy@openbsd.org <naddy@openbsd.org>
3443Date: Fri Nov 1 12:10:43 2019 +0000
3444
3445 upstream: fix miscellaneous text problems; ok djm@
3446
3447 OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f
3448
3449commit 9cac151c2dc76b8e5b727b2fa216f572e372170f
3450Author: Darren Tucker <dtucker@dtucker.net>
3451Date: Fri Nov 1 18:26:07 2019 +1100
3452
3453 Add flags needed to build and work on Ultrix.
3454
3455commit 0e3c5bc50907d2058407641b5a3581b7eda91b7e
3456Author: Darren Tucker <dtucker@dtucker.net>
3457Date: Fri Nov 1 18:24:29 2019 +1100
3458
3459 Hook up fnmatch for platforms that don't have it.
3460
3461commit b56dbfd9d967e5b6ce7be9f81f206112e19e1030
3462Author: Darren Tucker <dtucker@dtucker.net>
3463Date: Fri Nov 1 18:17:42 2019 +1100
3464
3465 Add missing bracket in realpath macro.
3466
3467commit 59ccb56f15e5e530e7c1b5a0b361749d8c6217d5
3468Author: Darren Tucker <dtucker@dtucker.net>
3469Date: Fri Nov 1 17:32:47 2019 +1100
3470
3471 Import fnmatch.c from OpenBSD.
3472
3473commit 79d46de9fbea0f3c0e8ae7cf84effaba089071b0
3474Author: Darren Tucker <dtucker@dtucker.net>
3475Date: Fri Nov 1 15:22:32 2019 +1100
3476
3477 Use sftp_realpath if no native realpath.
3478
3479commit bb4f003ed8c5f61ec74a66bcedc8ab19bf5b35c4
3480Author: Darren Tucker <dtucker@dtucker.net>
3481Date: Fri Nov 1 15:06:16 2019 +1100
3482
3483 Configure flags for haiku from haikuports.
3484
3485 Should build with the default flags with ./configure
3486
3487commit 4332b4fe49360679647a8705bc08f4e81323f6b4
3488Author: djm@openbsd.org <djm@openbsd.org>
3489Date: Fri Nov 1 03:54:33 2019 +0000
3490
3491 upstream: fix a race condition in the SIGCHILD handler that could turn
3492
3493 in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@
3494
3495 OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896
3496
3497commit 03f9205f0fb49ea2507eacc143737a8511ae5a4e
3498Author: Damien Miller <djm@mindrot.org>
3499Date: Fri Nov 1 14:49:25 2019 +1100
3500
3501 conditionalise SK sign/verify on ENABLE_SK
3502
3503 Spotted by Darren and his faux-Vax
3504
3505commit 5eb7b9563ff818e17de24231bf2d347d9db302c5
3506Author: Darren Tucker <dtucker@dtucker.net>
3507Date: Fri Nov 1 14:41:07 2019 +1100
3508
3509 Add prototype for localtime_r if needed.
3510
3511commit d500b59a825f6a58f2abf7b04eb1992d81e45d58
3512Author: Darren Tucker <dtucker@dtucker.net>
3513Date: Fri Nov 1 13:42:12 2019 +1100
3514
3515 Check if IP_TOS is defined before using.
3516
3517commit 764d51e04460ec0da12e05e4777bc90c116accb9
3518Author: Damien Miller <djm@mindrot.org>
3519Date: Fri Nov 1 13:34:49 2019 +1100
3520
3521 autoconf pieces for U2F support
3522
3523 Mostly following existing logic for PKCS#11 - turning off support
3524 when either libcrypto or dlopen(3) are unavailable.
3525
3526commit 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3
3527Author: djm@openbsd.org <djm@openbsd.org>
3528Date: Fri Nov 1 02:32:05 2019 +0000
3529
3530 upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path
3531
3532 OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc
3533
3534commit db8d13f7925da7337df87248995c533e111637ec
3535Author: djm@openbsd.org <djm@openbsd.org>
3536Date: Fri Nov 1 02:06:52 2019 +0000
3537
3538 upstream: more additional source files
3539
3540 OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f
3541
3542commit f89c5df65dd307739ff22319c2cf847d3b0c5ab4
3543Author: djm@openbsd.org <djm@openbsd.org>
3544Date: Fri Nov 1 02:04:25 2019 +0000
3545
3546 upstream: additional source files here too
3547
3548 OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd
3549
3550commit 02275afa1ecbfbd39f27d34c97090e76bec232ec
3551Author: djm@openbsd.org <djm@openbsd.org>
3552Date: Fri Nov 1 02:03:27 2019 +0000
3553
3554 upstream: additional source files here too
3555
3556 OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
3557
3558commit dfc8f01b9886c7999e6e20acf3f7492cb8c80796
3559Author: djm@openbsd.org <djm@openbsd.org>
3560Date: Fri Nov 1 01:57:59 2019 +0000
3561
3562 upstream: adapt to extra sshkey_sign() argument and additional
3563
3564 dependencies
3565
3566 OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
3567
3568commit afa59e26eeb44a93f36f043f60b936eaddae77c4
3569Author: djm@openbsd.org <djm@openbsd.org>
3570Date: Fri Nov 1 01:55:41 2019 +0000
3571
3572 upstream: skip security-key key types for tests until we have a
3573
3574 dummy U2F middleware to use.
3575
3576 OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
3577
3578commit de871e4daf346a712c78fa4ab8f18b231a47cb85
3579Author: jmc@openbsd.org <jmc@openbsd.org>
3580Date: Fri Nov 1 00:52:35 2019 +0000
3581
3582 upstream: sort;
3583
3584 OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
3585
3586commit 2aae149a34b1b5dfbef423d3b7999a96818969bb
3587Author: djm@openbsd.org <djm@openbsd.org>
3588Date: Thu Oct 31 21:37:33 2019 +0000
3589
3590 upstream: undo debugging bits that shouldn't have been committed
3591
3592 OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf
3593
3594commit 3420e0464bd0e8fedcfa5fd20ad37bdc740ad5b4
3595Author: Damien Miller <djm@mindrot.org>
3596Date: Fri Nov 1 09:24:58 2019 +1100
3597
3598 depend
3599
3600commit b923a90abc7bccb11a513dc8b5c0f13a0ea9682c
3601Author: djm@openbsd.org <djm@openbsd.org>
3602Date: Thu Oct 31 21:28:27 2019 +0000
3603
3604 upstream: fix -Wshadow warning
3605
3606 OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c
3607
3608commit 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9
3609Author: djm@openbsd.org <djm@openbsd.org>
3610Date: Thu Oct 31 21:23:19 2019 +0000
3611
3612 upstream: Refactor signing - use sshkey_sign for everything,
3613
3614 including the new U2F signatures.
3615
3616 Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
3617 sshkey_sign() like all other signature operations. This means that
3618 we need to add a provider argument to sshkey_sign(), so most of this
3619 change is mechanically adding that.
3620
3621 Suggested by / ok markus@
3622
3623 OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
3624
3625commit 07da39f71d36fb547749a5b16aa8892e621a7e4a
3626Author: djm@openbsd.org <djm@openbsd.org>
3627Date: Thu Oct 31 21:22:01 2019 +0000
3628
3629 upstream: ssh-agent support for U2F/FIDO keys
3630
3631 feedback & ok markus@
3632
3633 OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
3634
3635commit eebec620c9519c4839d781c4d5b6082152998f82
3636Author: djm@openbsd.org <djm@openbsd.org>
3637Date: Thu Oct 31 21:20:38 2019 +0000
3638
3639 upstream: ssh AddKeysToAgent support for U2F/FIDO keys
3640
3641 feedback & ok markus@
3642
3643 OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91
3644
3645commit 486164d060314a7f8bca2a00f53be9e900c5e74d
3646Author: djm@openbsd.org <djm@openbsd.org>
3647Date: Thu Oct 31 21:19:56 2019 +0000
3648
3649 upstream: ssh-add support for U2F/FIDO keys
3650
3651 OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
3652
3653commit b9dd14d3091e31fb836f69873d3aa622eb7b4a1c
3654Author: djm@openbsd.org <djm@openbsd.org>
3655Date: Thu Oct 31 21:19:14 2019 +0000
3656
3657 upstream: add new agent key constraint for U2F/FIDO provider
3658
3659 feedback & ok markus@
3660
3661 OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
3662
3663commit 884416bdb10468f1252e4d7c13d51b43dccba7f6
3664Author: djm@openbsd.org <djm@openbsd.org>
3665Date: Thu Oct 31 21:18:28 2019 +0000
3666
3667 upstream: ssh client support for U2F/FIDO keys
3668
3669 OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
3670
3671commit 01a0670f69c5b86e471e033b92145d6c7cc77c58
3672Author: djm@openbsd.org <djm@openbsd.org>
3673Date: Thu Oct 31 21:17:49 2019 +0000
3674
3675 upstream: Separate myproposal.h userauth pubkey types
3676
3677 U2F/FIDO keys are not supported for host authentication, so we need
3678 a separate list for user keys.
3679
3680 feedback & ok markus@
3681
3682 OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429
3683
3684commit 23f38c2d8cda3fad24e214e1f0133c42435b54ee
3685Author: djm@openbsd.org <djm@openbsd.org>
3686Date: Thu Oct 31 21:17:09 2019 +0000
3687
3688 upstream: ssh-keygen support for generating U2F/FIDO keys
3689
3690 OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37
3691
3692commit ed3467c1e16b7396ff7fcf12d2769261512935ec
3693Author: djm@openbsd.org <djm@openbsd.org>
3694Date: Thu Oct 31 21:16:20 2019 +0000
3695
3696 upstream: U2F/FIDO middleware interface
3697
3698 Supports enrolling (generating) keys and signatures.
3699
3700 feedback & ok markus@
3701
3702 OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
3703
3704commit 02bb0768a937e50bbb236efc2bbdddb1991b1c85
3705Author: djm@openbsd.org <djm@openbsd.org>
3706Date: Thu Oct 31 21:15:14 2019 +0000
3707
3708 upstream: Initial infrastructure for U2F/FIDO support
3709
3710 Key library support: including allocation, marshalling public/private
3711 keys and certificates, signature validation.
3712
3713 feedback & ok markus@
3714
3715 OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
3716
3717commit 57ecc10628b04c384cbba2fbc87d38b74cd1199d
3718Author: djm@openbsd.org <djm@openbsd.org>
3719Date: Thu Oct 31 21:14:17 2019 +0000
3720
3721 upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
3722
3723 OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915
3724
3725commit f4fdcd2b7a2bbf5d8770d44565173ca5158d4dcb
3726Author: Damien Miller <djm@mindrot.org>
3727Date: Fri Nov 1 08:36:16 2019 +1100
3728
3729 Missing unit test files
3730
3731commit 1bcd1169c5221688418fa38606e9c69055b72451
3732Author: Darren Tucker <dtucker@dtucker.net>
3733Date: Tue Oct 29 19:45:03 2019 +1100
3734
3735 Add implementation of localtime_r.
3736
3737commit 2046ed16c1202431b0307674c33a123a113e8297
3738Author: dtucker@openbsd.org <dtucker@openbsd.org>
3739Date: Tue Oct 29 07:47:27 2019 +0000
3740
3741 upstream: Signal handler cleanup: remove leftover support for
3742
3743 unreliable signals and now-unneeded save and restore of errno. ok deraadt@
3744 markus@
3745
3746 OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88
3747
3748commit 70fc9a6ca4dd33cb2dd400a4dad5db9683a3d284
3749Author: jmc@openbsd.org <jmc@openbsd.org>
3750Date: Tue Oct 22 08:50:35 2019 +0000
3751
3752 upstream: fixes from lucas;
3753
3754 OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2
3755
3756commit 702368aa4381c3b482368257ac574a87b5a80938
3757Author: dtucker@openbsd.org <dtucker@openbsd.org>
3758Date: Tue Oct 22 07:06:35 2019 +0000
3759
3760 upstream: Import regenerated moduli file.
3761
3762 OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987
3763
3764commit 5fe81da22652f8caa63e9e3a1af519a85d36337e
3765Author: Darren Tucker <dtucker@dtucker.net>
3766Date: Mon Oct 28 21:19:47 2019 +1100
3767
3768 Fix ifdefs to not mask needed bits.
3769
3770commit 7694e9d2fb5785bbdd0920dce7a160bd79feaf00
3771Author: Darren Tucker <dtucker@dtucker.net>
3772Date: Mon Oct 28 17:05:36 2019 +1100
3773
3774 Only use RLIMIT_NOFILE if it's defined.
3775
3776commit d561b0b2fa2531b4cc3bc70a7d657c6485c9fd0b
3777Author: Darren Tucker <dtucker@dtucker.net>
3778Date: Mon Oct 28 16:09:04 2019 +1100
3779
3780 Make sure we have struct statfs before using.
3781
3782commit 2912596aecfcf48e5115c7a906d1e664f7717a4b
3783Author: Darren Tucker <dtucker@dtucker.net>
3784Date: Mon Oct 28 16:06:59 2019 +1100
3785
3786 Define UINT32_MAX if needed.
3787
3788commit 7169e31121e8c8cc729b55154deb722ae495b316
3789Author: Darren Tucker <dtucker@dtucker.net>
3790Date: Mon Oct 28 16:00:45 2019 +1100
3791
3792 Move utimensat definition into timespec section.
3793
3794 Since utimensat uses struct timespec, move it to the section where we
3795 define struct timespec when needed.
3796
3797commit 850ec1773d656cbff44d78a79e369dc262ce5853
3798Author: Darren Tucker <dtucker@dtucker.net>
3799Date: Mon Oct 28 15:57:22 2019 +1100
3800
3801 Wrap OpenSSL bits in WITH_OPENSSL.
3802
3803commit 6fc7e1c6fec3ba589869ae98e968c0e5e2e4695b
3804Author: Darren Tucker <dtucker@dtucker.net>
3805Date: Mon Oct 28 15:53:25 2019 +1100
3806
3807 Wrap poll.h includes in HAVE_POLL_H.
3808
3809commit 9239a18f96905cc1a353e861e33af093652f24e7
3810Author: Darren Tucker <dtucker@dtucker.net>
3811Date: Thu Oct 24 14:39:49 2019 +1100
3812
3813 Add a function call stackprotector tests.
3814
3815 Including a function call in the test programs for the gcc stack
3816 protector flag tests exercises more of the compiler and makes it more
3817 likely it'll detect problems.
3818
3819commit b9705393be4612fd5e29d0cd8e7cf2b66ed19eb7
3820Author: Darren Tucker <dtucker@dtucker.net>
3821Date: Tue Oct 22 18:09:22 2019 +1100
3822
3823 Import regenerated moduli file.
3824
3825commit 76ed2199491397e0f9902ade80d5271e4a9b2630
3826Author: djm@openbsd.org <djm@openbsd.org>
3827Date: Wed Oct 16 06:05:39 2019 +0000
3828
3829 upstream: potential NULL dereference for revoked hostkeys; reported
3830
3831 by krishnaiah bommu
3832
3833 OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
3834
3835commit 6500c3bc71bf4fe14972c1177e6b93f1164d07a4
3836Author: djm@openbsd.org <djm@openbsd.org>
3837Date: Wed Oct 16 06:03:30 2019 +0000
3838
3839 upstream: free buf before return; reported by krishnaiah bommu
3840
3841 OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1
3842
3843commit d7d116b6d9e6cb79cc235e9801caa683d3db3181
3844Author: djm@openbsd.org <djm@openbsd.org>
3845Date: Mon Oct 14 06:00:02 2019 +0000
3846
3847 upstream: memleak in error path; spotted by oss-fuzz, ok markus@
3848
3849 OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266
3850
3851commit 9b9e3ca6945351eefb821ff783a4a8e6d9b98b9a
3852Author: Darren Tucker <dtucker@dtucker.net>
3853Date: Fri Oct 11 14:12:16 2019 +1100
3854
3855 Re-add SA_RESTART to mysignal.
3856
3857 This makes mysignal implement reliable BSD semantics according to
3858 Stevens' APUE. This was first attempted in 2001 but was reverted
3859 due to problems with HP-UX 10.20 and select() and possibly grantpt().
3860 Modern systems should be fine with it, but if any current platforms have
3861 a problem with it now we can disable it just for those. ok djm@
3862
3863commit 0bd312a362168c1eae3cd6b3889395a78e6fd0f8
3864Author: Darren Tucker <dtucker@dtucker.net>
3865Date: Thu Oct 10 09:42:03 2019 +1100
3866
3867 Fix ifdef typo for declaration of memmem.
3868
3869 Fixes build on IRIX. bz#3081.
3870
3871commit 01ce1cd402d5eecde2bba35b67e08f5b266b37fd
3872Author: Abhishek Arya <inferno@chromium.org>
3873Date: Tue Oct 8 20:19:18 2019 -0700
3874
3875 Update README.md
3876
3877commit 1ba130ac8fb2884307f658126f04578f8aef409e
3878Author: Damien Miller <djm@mindrot.org>
3879Date: Wed Oct 9 13:49:35 2019 +1100
3880
3881 add a fuzzer for private key parsing
3882
1commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c 3883commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c
2Author: Damien Miller <djm@mindrot.org> 3884Author: Damien Miller <djm@mindrot.org>
3Date: Wed Oct 9 11:31:03 2019 +1100 3885Date: Wed Oct 9 11:31:03 2019 +1100
@@ -8779,1692 +12661,3 @@ Date: Tue Feb 13 09:10:46 2018 +1100
8779 code that is synced with upstream and is an ongoing maintenance burden. 12661 code that is synced with upstream and is an ongoing maintenance burden.
8780 Both the hardware and software are literal museum pieces these days and 12662 Both the hardware and software are literal museum pieces these days and
8781 we could not find anyone still running OpenSSH on one. 12663 we could not find anyone still running OpenSSH on one.
8782
8783commit 174bed686968494723e6db881208cc4dac0d020f
8784Author: Darren Tucker <dtucker@dtucker.net>
8785Date: Tue Feb 13 18:12:47 2018 +1100
8786
8787 Retpoline linker flag only needed for linking.
8788
8789commit 075e258c2cc41e1d7f3ea2d292c5342091728d40
8790Author: Darren Tucker <dtucker@dtucker.net>
8791Date: Tue Feb 13 17:36:43 2018 +1100
8792
8793 Default PidFile is sshd.pid not ssh.pid.
8794
8795commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df
8796Author: Darren Tucker <dtucker@dtucker.net>
8797Date: Tue Feb 13 16:27:09 2018 +1100
8798
8799 Remove assigned-to-but-never-used variable.
8800
8801 'p' was removed in previous change but I neglected to remove the
8802 otherwise-unused assignment to it.
8803
8804commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1
8805Author: djm@openbsd.org <djm@openbsd.org>
8806Date: Tue Feb 13 03:36:56 2018 +0000
8807
8808 upstream: remove space before tab
8809
8810 OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
8811
8812commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab
8813Author: dtucker@openbsd.org <dtucker@openbsd.org>
8814Date: Sun Feb 11 21:16:56 2018 +0000
8815
8816 upstream Don't reset signal handlers inside handlers.
8817
8818 The signal handlers from the original ssh1 code on which OpenSSH
8819 is based assume unreliable signals and reinstall their handlers.
8820 Since OpenBSD (and pretty much every current system) has reliable
8821 signals this is not needed. In the unlikely even that -portable
8822 is still being used on such systems we will deal with it in the
8823 compat layer. ok deraadt@
8824
8825 OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
8826
8827commit 3c51143c639ac686687c7acf9b373b8c08195ffb
8828Author: Darren Tucker <dtucker@dtucker.net>
8829Date: Tue Feb 13 09:07:29 2018 +1100
8830
8831 Whitespace sync with upstream.
8832
8833commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7
8834Author: Darren Tucker <dtucker@dtucker.net>
8835Date: Tue Feb 13 08:25:46 2018 +1100
8836
8837 Whitespace sync with upstream.
8838
8839commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711
8840Author: Darren Tucker <dtucker@dtucker.net>
8841Date: Sun Feb 11 21:25:11 2018 +1300
8842
8843 Move signal compat code into bsd-signal.{c,h}
8844
8845commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab
8846Author: Darren Tucker <dtucker@dtucker.net>
8847Date: Sun Feb 11 21:20:39 2018 +1300
8848
8849 Include headers for linux/if.h.
8850
8851 Prevents configure-time "present but cannot be compiled" warning.
8852
8853commit bc02181c24fc551aab85eb2cff0f90380928ef43
8854Author: Darren Tucker <dtucker@dtucker.net>
8855Date: Sun Feb 11 19:45:47 2018 +1300
8856
8857 Fix test for -z,retpolineplt linker flag.
8858
8859commit 3377df00ea3fece5293db85fe63baef33bf5152e
8860Author: Darren Tucker <dtucker@dtucker.net>
8861Date: Sun Feb 11 09:32:37 2018 +1100
8862
8863 Add checks for Spectre v2 mitigation (retpoline)
8864
8865 This adds checks for gcc and clang flags for mitigations for Spectre
8866 variant 2, ie "retpoline". It'll automatically enabled if the compiler
8867 supports it as part of toolchain hardening flag. ok djm@
8868
8869commit d9e5cf078ea5380da6df767bb1773802ec557ef0
8870Author: djm@openbsd.org <djm@openbsd.org>
8871Date: Sat Feb 10 09:25:34 2018 +0000
8872
8873 upstream commit
8874
8875 constify some private key-related functions; based on
8876 https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
8877
8878 OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
8879
8880commit a7c38215d564bf98e8e9eb40c1079e3adf686f15
8881Author: djm@openbsd.org <djm@openbsd.org>
8882Date: Sat Feb 10 09:03:54 2018 +0000
8883
8884 upstream commit
8885
8886 Mention ServerAliveTimeout in context of TCPKeepAlives;
8887 prompted by Christoph Anton Mitterer via github
8888
8889 OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
8890
8891commit 62562ceae61e4f7cf896566592bb840216e71061
8892Author: djm@openbsd.org <djm@openbsd.org>
8893Date: Sat Feb 10 06:54:38 2018 +0000
8894
8895 upstream commit
8896
8897 clarify IgnoreUserKnownHosts; based on github PR from
8898 Christoph Anton Mitterer.
8899
8900 OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
8901
8902commit 4f011daa4cada6450fa810f7563b8968639bb562
8903Author: djm@openbsd.org <djm@openbsd.org>
8904Date: Sat Feb 10 06:40:28 2018 +0000
8905
8906 upstream commit
8907
8908 Shorter, more accurate explanation of
8909 NoHostAuthenticationForLocalhost without the confusing example. Prompted by
8910 Christoph Anton Mitterer via github and bz#2293.
8911
8912 OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
8913
8914commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f
8915Author: djm@openbsd.org <djm@openbsd.org>
8916Date: Sat Feb 10 06:15:12 2018 +0000
8917
8918 upstream commit
8919
8920 Disable RemoteCommand and RequestTTY in the ssh session
8921 started by scp. sftp is already doing this. From Camden Narzt via github; ok
8922 dtucker
8923
8924 OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
8925
8926commit ca613249a00b64b2eea9f52d3834b55c28cf2862
8927Author: djm@openbsd.org <djm@openbsd.org>
8928Date: Sat Feb 10 05:48:46 2018 +0000
8929
8930 upstream commit
8931
8932 Refuse to create a certificate with an unusable number of
8933 principals; Prompted by gdestuynder via github
8934
8935 OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
8936
8937commit b56ac069d46b6f800de34e1e935f98d050731d14
8938Author: djm@openbsd.org <djm@openbsd.org>
8939Date: Sat Feb 10 05:43:26 2018 +0000
8940
8941 upstream commit
8942
8943 fatal if we're unable to write all the public key; previously
8944 we would silently ignore errors writing the comment and terminating newline.
8945 Prompted by github PR from WillerZ; ok dtucker
8946
8947 OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
8948
8949commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db
8950Author: Darren Tucker <dtucker@dtucker.net>
8951Date: Sat Feb 10 11:18:38 2018 +1100
8952
8953 Add changelog entry for binary strip change.
8954
8955commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf
8956Author: Darren Tucker <dtucker@dtucker.net>
8957Date: Sat Feb 10 11:14:54 2018 +1100
8958
8959 Remove unused variables.
8960
8961commit 937d96587df99c16c611d828cded292fa474a32b
8962Author: Darren Tucker <dtucker@dtucker.net>
8963Date: Sat Feb 10 11:12:45 2018 +1100
8964
8965 Don't strip binaries so debuginfo gets built.
8966
8967 Tell install not to strip binaries during package creation so that the
8968 debuginfo package can be built.
8969
8970commit eb0865f330f59c889ec92696b97bd397090e720c
8971Author: Darren Tucker <dtucker@dtucker.net>
8972Date: Sat Feb 10 10:33:11 2018 +1100
8973
8974 Fix bogus dates in changelog.
8975
8976commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165
8977Author: Darren Tucker <dtucker@dtucker.net>
8978Date: Sat Feb 10 10:25:15 2018 +1100
8979
8980 Remove SSH1 from description.
8981
8982commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4
8983Author: Darren Tucker <dtucker@dtucker.net>
8984Date: Sat Feb 10 10:19:16 2018 +1100
8985
8986 Add support for compat-openssl10 build dep.
8987
8988commit 04f4e8193cb5a5a751fcc356bd6656291fec539e
8989Author: Darren Tucker <dtucker@dtucker.net>
8990Date: Sat Feb 10 09:57:04 2018 +1100
8991
8992 Add leading zero so it'll work when rhel not set.
8993
8994 When rhel is not set it will error out with "bad if". Add leading zero
8995 as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
8996 on non-RHEL.
8997
8998commit 12abd67a6af28476550807a443b38def2076bb92
8999Author: Darren Tucker <dtucker@dtucker.net>
9000Date: Sat Feb 10 09:56:34 2018 +1100
9001
9002 Update openssl-devel dependency.
9003
9004commit b33e7645f8813719d7f9173fef24463c8833ebb3
9005Author: nkadel <nkadel@gmail.com>
9006Date: Sun Nov 16 18:19:58 2014 -0500
9007
9008 Add mandir with-mandir' for RHEL 5 compatibility.
9009
9010 Activate '--mandir' and '--with-mandir' settings in setup for RHEL
9011 5 compatibility.
9012
9013commit 94f8bf360eb0162e39ddf39d69925c2e93511e40
9014Author: nkadel <nkadel@gmail.com>
9015Date: Sun Nov 16 18:18:51 2014 -0500
9016
9017 Discard 'K5DIR' reporting.
9018
9019 It does not work inside 'mock' build environment.
9020
9021commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5
9022Author: nkadel <nkadel@gmail.com>
9023Date: Sun Nov 16 18:17:15 2014 -0500
9024
9025 Add 'dist' to 'rel' for OS specific RPM names.
9026
9027commit 87346f1f57f71150a9b8c7029d8c210e27027716
9028Author: nkadel <nkadel@gmail.com>
9029Date: Sun Nov 16 14:17:38 2014 -0500
9030
9031 Add openssh-devel >= 0.9.8f for redhat spec file.
9032
9033commit bec1478d710866d3c1b119343a35567a8fc71ec3
9034Author: nkadel <nkadel@gmail.com>
9035Date: Sun Nov 16 13:10:24 2014 -0500
9036
9037 Enhance BuildRequires for openssh-x11-askpass.
9038
9039commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f
9040Author: nkadel <nkadel@gmail.com>
9041Date: Sun Nov 16 13:04:14 2014 -0500
9042
9043 Always include x11-ssh-askpass SRPM.
9044
9045 Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
9046
9047commit c61d0d038d58eebc365f31830be6e04ce373ad1b
9048Author: Damien Miller <djm@mindrot.org>
9049Date: Sat Feb 10 09:43:12 2018 +1100
9050
9051 this is long unused; prompted by dtucker@
9052
9053commit 745771fb788e41bb7cdad34e5555bf82da3af7ed
9054Author: dtucker@openbsd.org <dtucker@openbsd.org>
9055Date: Fri Feb 9 02:37:36 2018 +0000
9056
9057 upstream commit
9058
9059 Remove unused sKerberosTgtPassing from enum. From
9060 calestyo via github pull req #11, ok djm@
9061
9062 OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
9063
9064commit 1f385f55332db830b0ae22a7663b98279ca2d657
9065Author: dtucker@openbsd.org <dtucker@openbsd.org>
9066Date: Thu Feb 8 04:12:32 2018 +0000
9067
9068 upstream commit
9069
9070 Rename struct umac_ctx to umac128_ctx too. In portable
9071 some linkers complain about two symbols with the same name having differing
9072 sizes. ok djm@
9073
9074 OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
9075
9076commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf
9077Author: dtucker@openbsd.org <dtucker@openbsd.org>
9078Date: Wed Feb 7 22:52:45 2018 +0000
9079
9080 upstream commit
9081
9082 ssh_free checks for and handles NULL args, remove NULL
9083 checks from remaining callers. ok djm@
9084
9085 OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
9086
9087commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c
9088Author: Darren Tucker <dtucker@dtucker.net>
9089Date: Thu Feb 8 12:36:22 2018 +1100
9090
9091 Set SO_REUSEADDR in regression test netcat.
9092
9093 Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
9094 Address already in use" which is likely due to previous invocations
9095 leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to
9096 SO_REUSEPORT which is alread set on platforms that support it). ok djm@
9097
9098commit 1749991c55bab716877b7c687cbfbf19189ac6f1
9099Author: jsing@openbsd.org <jsing@openbsd.org>
9100Date: Wed Feb 7 05:17:56 2018 +0000
9101
9102 upstream commit
9103
9104 Convert some explicit_bzero()/free() calls to freezero().
9105
9106 ok deraadt@ dtucker@
9107
9108 OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
9109
9110commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2
9111Author: jsing@openbsd.org <jsing@openbsd.org>
9112Date: Wed Feb 7 05:15:49 2018 +0000
9113
9114 upstream commit
9115
9116 Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
9117
9118 These functions have never appeared in OpenSSL and are likely never to do
9119 so.
9120
9121 "kill it with fire" djm@
9122
9123 OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
9124
9125commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377
9126Author: jsing@openbsd.org <jsing@openbsd.org>
9127Date: Wed Feb 7 02:06:50 2018 +0000
9128
9129 upstream commit
9130
9131 Remove all guards for calls to OpenSSL free functions -
9132 all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
9133
9134 Prompted by dtucker@ asking about guards for RSA_free(), when looking at
9135 openssh-portable pr#84 on github.
9136
9137 ok deraadt@ dtucker@
9138
9139 OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
9140
9141commit 3c000d57d46882eb736c6563edfc4995915c24a2
9142Author: Darren Tucker <dtucker@dtucker.net>
9143Date: Wed Feb 7 09:19:38 2018 +1100
9144
9145 Remove obsolete "Smartcard support" message
9146
9147 The configure checks that populated $SCARD_MSG were removed in commits
9148 7ea845e4 and d8f60022 when the smartcard support was replaced with
9149 PKCS#11.
9150
9151commit 3e615090de0ce36a833d811e01c28aec531247c4
9152Author: dtucker@openbsd.org <dtucker@openbsd.org>
9153Date: Tue Feb 6 06:01:54 2018 +0000
9154
9155 upstream commit
9156
9157 Replace "trojan horse" with the correct term (MITM).
9158 From maikel at predikkta.com via bz#2822, ok markus@
9159
9160 OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
9161
9162commit 3484380110d437c50e17f87d18544286328c75cb
9163Author: tb@openbsd.org <tb@openbsd.org>
9164Date: Mon Feb 5 05:37:46 2018 +0000
9165
9166 upstream commit
9167
9168 Add a couple of non-negativity checks to avoid close(-1).
9169
9170 ok djm
9171
9172 OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
9173
9174commit 5069320be93c8b2a6584b9f944c86f60c2b04e48
9175Author: tb@openbsd.org <tb@openbsd.org>
9176Date: Mon Feb 5 05:36:49 2018 +0000
9177
9178 upstream commit
9179
9180 The file descriptors for socket, stdin, stdout and stderr
9181 aren't necessarily distinct, so check if they are the same to avoid closing
9182 the same fd several times.
9183
9184 ok djm
9185
9186 OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
9187
9188commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d
9189Author: djm@openbsd.org <djm@openbsd.org>
9190Date: Mon Feb 5 04:02:53 2018 +0000
9191
9192 upstream commit
9193
9194 I accidentially a word
9195
9196 OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
9197
9198commit 130283d5c2545ff017c2162dc1258c5354e29399
9199Author: djm@openbsd.org <djm@openbsd.org>
9200Date: Thu Jan 25 03:34:43 2018 +0000
9201
9202 upstream commit
9203
9204 certificate options are case-sensitive; fix case on one
9205 that had it wrong.
9206
9207 move a badly-place sentence to a less bad place
9208
9209 OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
9210
9211commit 89f09ee68730337015bf0c3f138504494a34e9a6
9212Author: Damien Miller <djm@mindrot.org>
9213Date: Wed Jan 24 12:20:44 2018 +1100
9214
9215 crypto_api.h needs includes.h
9216
9217commit c9c1bba06ad1c7cad8548549a68c071bd807af60
9218Author: stsp@openbsd.org <stsp@openbsd.org>
9219Date: Tue Jan 23 20:00:58 2018 +0000
9220
9221 upstream commit
9222
9223 Fix a logic bug in sshd_exchange_identification which
9224 prevented clients using major protocol version 2 from connecting to the
9225 server. ok millert@
9226
9227 OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
9228
9229commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb
9230Author: stsp@openbsd.org <stsp@openbsd.org>
9231Date: Tue Jan 23 18:33:49 2018 +0000
9232
9233 upstream commit
9234
9235 Add missing braces; fixes 'write: Socket is not
9236 connected' error in ssh. ok deraadt@
9237
9238 OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
9239
9240commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a
9241Author: Damien Miller <djm@mindrot.org>
9242Date: Tue Jan 23 16:49:43 2018 +1100
9243
9244 rebuild depends
9245
9246commit 552ea155be44f9c439c1f9f0c38f9e593428f838
9247Author: Damien Miller <djm@mindrot.org>
9248Date: Tue Jan 23 16:49:22 2018 +1100
9249
9250 one SSH_BUG_BANNER instance that got away
9251
9252commit 14b5c635d1190633b23ac3372379517fb645b0c2
9253Author: djm@openbsd.org <djm@openbsd.org>
9254Date: Tue Jan 23 05:27:21 2018 +0000
9255
9256 upstream commit
9257
9258 Drop compatibility hacks for some ancient SSH
9259 implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
9260
9261 These versions were all released in or before 2001 and predate the
9262 final SSH RFCs. The hacks in question aren't necessary for RFC-
9263 compliant SSH implementations.
9264
9265 ok markus@
9266
9267 OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
9268
9269commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb
9270Author: djm@openbsd.org <djm@openbsd.org>
9271Date: Tue Jan 23 05:17:04 2018 +0000
9272
9273 upstream commit
9274
9275 try harder to preserve errno during
9276 ssh_connect_direct() to make the final error message possibly accurate;
9277 bz#2814, ok dtucker@
9278
9279 OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
9280
9281commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec
9282Author: djm@openbsd.org <djm@openbsd.org>
9283Date: Tue Jan 23 05:12:12 2018 +0000
9284
9285 upstream commit
9286
9287 unbreak support for clients that advertise a protocol
9288 version of "1.99" (indicating both v2 and v1 support). Busted by me during
9289 SSHv1 purge in r1.358; bz2810, ok dtucker
9290
9291 OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
9292
9293commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d
9294Author: djm@openbsd.org <djm@openbsd.org>
9295Date: Tue Jan 23 05:06:25 2018 +0000
9296
9297 upstream commit
9298
9299 don't attempt to force hostnames that are addresses to
9300 lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
9301 remove ambiguities (e.g. ::0001 => ::1) before they are matched against
9302 known_hosts; bz#2763, ok dtucker@
9303
9304 OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
9305
9306commit d6364f6fb1a3d753d7ca9bf15b2adce961324513
9307Author: djm@openbsd.org <djm@openbsd.org>
9308Date: Tue Jan 23 05:01:15 2018 +0000
9309
9310 upstream commit
9311
9312 avoid modifying pw->pw_passwd; let endpwent() clean up
9313 for us, but keep a scrubbed copy; bz2777, ok dtucker@
9314
9315 OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
9316
9317commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215
9318Author: naddy@openbsd.org <naddy@openbsd.org>
9319Date: Sat Jan 13 00:24:09 2018 +0000
9320
9321 upstream commit
9322
9323 clarify authorship; prodded by and ok markus@
9324
9325 OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c
9326
9327commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4
9328Author: markus@openbsd.org <markus@openbsd.org>
9329Date: Mon Jan 8 15:37:21 2018 +0000
9330
9331 upstream commit
9332
9333 group shared source files (e.g. SRCS_KEX) and allow
9334 compilation w/o OPENSSL ok djm@
9335
9336 OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62
9337
9338commit 25cf9105b849932fc3b141590c009e704f2eeba6
9339Author: markus@openbsd.org <markus@openbsd.org>
9340Date: Mon Jan 8 15:21:49 2018 +0000
9341
9342 upstream commit
9343
9344 move subprocess() so scp/sftp do not need uidswap.o; ok
9345 djm@
9346
9347 OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
9348
9349commit b0d34132b3ca26fe94013f01d7b92101e70b68bb
9350Author: markus@openbsd.org <markus@openbsd.org>
9351Date: Mon Jan 8 15:18:46 2018 +0000
9352
9353 upstream commit
9354
9355 switch ssh-pkcs11-helper to new API; ok djm@
9356
9357 OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42
9358
9359commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3
9360Author: markus@openbsd.org <markus@openbsd.org>
9361Date: Mon Jan 8 15:15:36 2018 +0000
9362
9363 upstream commit
9364
9365 split client/server kex; only ssh-keygen needs
9366 uuencode.o; only scp/sftp use progressmeter.o; ok djm@
9367
9368 OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee
9369
9370commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e
9371Author: markus@openbsd.org <markus@openbsd.org>
9372Date: Mon Jan 8 15:15:17 2018 +0000
9373
9374 upstream commit
9375
9376 only ssh-keygen needs uuencode.o; only scp/sftp use
9377 progressmeter.o
9378
9379 OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85
9380
9381commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172
9382Author: markus@openbsd.org <markus@openbsd.org>
9383Date: Mon Jan 8 15:14:44 2018 +0000
9384
9385 upstream commit
9386
9387 uuencode.h is not used
9388
9389 OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
9390
9391commit 4f29309c4cb19bcb1774931db84cacc414f17d29
9392Author: Damien Miller <djm@mindrot.org>
9393Date: Wed Jan 3 19:50:43 2018 +1100
9394
9395 unbreak fuzz harness
9396
9397commit f6b50bf84dc0b61f22c887c00423e0ea7644e844
9398Author: djm@openbsd.org <djm@openbsd.org>
9399Date: Thu Dec 21 05:46:35 2017 +0000
9400
9401 upstream commit
9402
9403 another libssh casualty
9404
9405 OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec
9406
9407commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13
9408Author: djm@openbsd.org <djm@openbsd.org>
9409Date: Thu Dec 21 03:01:49 2017 +0000
9410
9411 upstream commit
9412
9413 missed one (unbreak after ssh/lib removal)
9414
9415 OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322
9416
9417commit e6c4134165d05447009437a96e7201276688807f
9418Author: djm@openbsd.org <djm@openbsd.org>
9419Date: Thu Dec 21 00:41:22 2017 +0000
9420
9421 upstream commit
9422
9423 unbreak unit tests after removal of src/usr.bin/ssh/lib
9424
9425 OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
9426
9427commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe
9428Author: djm@openbsd.org <djm@openbsd.org>
9429Date: Thu Dec 21 00:00:28 2017 +0000
9430
9431 upstream commit
9432
9433 revert stricter key type / signature type checking in
9434 userauth path; too much software generates inconsistent messages, so we need
9435 a better plan.
9436
9437 OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
9438
9439commit c5a6cbdb79752f7e761074abdb487953ea6db671
9440Author: djm@openbsd.org <djm@openbsd.org>
9441Date: Tue Dec 19 00:49:30 2017 +0000
9442
9443 upstream commit
9444
9445 explicitly test all key types and their certificate
9446 counterparts
9447
9448 refactor a little
9449
9450 OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
9451
9452commit f689adb7a370b5572612d88be9837ca9aea75447
9453Author: dtucker@openbsd.org <dtucker@openbsd.org>
9454Date: Mon Dec 11 11:41:56 2017 +0000
9455
9456 upstream commit
9457
9458 use cmp in a loop instead of diff -N to compare
9459 directories. The former works on more platforms for Portable.
9460
9461 OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099
9462
9463commit 748dd8e5de332b24c40f4b3bbedb902acb048c98
9464Author: Damien Miller <djm@mindrot.org>
9465Date: Tue Dec 19 16:17:59 2017 +1100
9466
9467 remove blocks.c from Makefile
9468
9469commit 278856320520e851063b06cef6ef1c60d4c5d652
9470Author: djm@openbsd.org <djm@openbsd.org>
9471Date: Tue Dec 19 00:24:34 2017 +0000
9472
9473 upstream commit
9474
9475 include signature type and CA key (if applicable) in some
9476 debug messages
9477
9478 OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
9479
9480commit 7860731ef190b52119fa480f8064ab03c44a120a
9481Author: djm@openbsd.org <djm@openbsd.org>
9482Date: Mon Dec 18 23:16:23 2017 +0000
9483
9484 upstream commit
9485
9486 unbreak hostkey rotation; attempting to sign with a
9487 desired signature algorithm of kex->hostkey_alg is incorrect when the key
9488 type isn't capable of making those signatures. ok markus@
9489
9490 OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
9491
9492commit 966ef478339ad5e631fb684d2a8effe846ce3fd4
9493Author: djm@openbsd.org <djm@openbsd.org>
9494Date: Mon Dec 18 23:14:34 2017 +0000
9495
9496 upstream commit
9497
9498 log mismatched RSA signature types; ok markus@
9499
9500 OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
9501
9502commit 349ecd4da3a985359694a74635748009be6baca6
9503Author: djm@openbsd.org <djm@openbsd.org>
9504Date: Mon Dec 18 23:13:42 2017 +0000
9505
9506 upstream commit
9507
9508 pass kex->hostkey_alg and kex->hostkey_nid from pre-auth
9509 to post-auth unpriviledged child processes; ok markus@
9510
9511 OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302
9512
9513commit c9e37a8725c083441dd34a8a53768aa45c3c53fe
9514Author: millert@openbsd.org <millert@openbsd.org>
9515Date: Mon Dec 18 17:28:54 2017 +0000
9516
9517 upstream commit
9518
9519 Add helper function for uri handing in scp where a
9520 missing path simply means ".". Also fix exit code and add warnings when an
9521 invalid uri is encountered. OK otto@
9522
9523 OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
9524
9525commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0
9526Author: djm@openbsd.org <djm@openbsd.org>
9527Date: Mon Dec 18 02:25:15 2017 +0000
9528
9529 upstream commit
9530
9531 pass negotiated signing algorithm though to
9532 sshkey_verify() and check that the negotiated algorithm matches the type in
9533 the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
9534
9535 OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
9536
9537commit 931c78dfd7fe30669681a59e536bbe66535f3ee9
9538Author: djm@openbsd.org <djm@openbsd.org>
9539Date: Mon Dec 18 02:22:29 2017 +0000
9540
9541 upstream commit
9542
9543 sshkey_sigtype() function to return the type of a
9544 signature; ok markus@
9545
9546 OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
9547
9548commit 4cdc5956f2fcc9e9078938db833142dc07d8f523
9549Author: naddy@openbsd.org <naddy@openbsd.org>
9550Date: Thu Dec 14 21:07:39 2017 +0000
9551
9552 upstream commit
9553
9554 Replace ED25519's private SHA-512 implementation with a
9555 call to the regular digest code. This speeds up compilation considerably. ok
9556 markus@
9557
9558 OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
9559
9560commit 012e5cb839faf76549e3b6101b192fe1a74d367e
9561Author: naddy@openbsd.org <naddy@openbsd.org>
9562Date: Tue Dec 12 15:06:12 2017 +0000
9563
9564 upstream commit
9565
9566 Create a persistent umac128.c source file: #define the
9567 output size and the name of the entry points for UMAC-128 before including
9568 umac.c. Idea from FreeBSD. ok dtucker@
9569
9570 OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
9571
9572commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7
9573Author: Darren Tucker <dtucker@zip.com.au>
9574Date: Mon Dec 11 16:23:28 2017 +1100
9575
9576 Update .depend with empty config.h
9577
9578commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3
9579Author: Darren Tucker <dtucker@zip.com.au>
9580Date: Mon Dec 11 16:21:55 2017 +1100
9581
9582 Ensure config.h is always in dependencies.
9583
9584 Put an empty config.h into the dependency list to ensure that it's
9585 always listed and consistent.
9586
9587commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71
9588Author: deraadt@openbsd.org <deraadt@openbsd.org>
9589Date: Sun Dec 10 19:37:57 2017 +0000
9590
9591 upstream commit
9592
9593 ssh/lib hasn't worked towards our code-sharing goals for
9594 a quit while, perhaps it is too verbose? Change each */Makefile to
9595 specifying exactly what sources that program requires, compiling it seperate.
9596 Maybe we'll iterate by sorting those into seperatable chunks, splitting up
9597 files which contain common code + server/client specific code, or whatnot.
9598 But this isn't one step, or we'd have done it a long time ago.. ok dtucker
9599 markus djm
9600
9601 OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d
9602
9603commit 48c23a39a8f1069a57264dd826f6c90aa12778d5
9604Author: dtucker@openbsd.org <dtucker@openbsd.org>
9605Date: Sun Dec 10 05:55:29 2017 +0000
9606
9607 upstream commit
9608
9609 Put remote client info back into the ClientAlive
9610 connection termination message. Based in part on diff from lars.nooden at
9611 gmail, ok djm
9612
9613 OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
9614
9615commit aabd75ec76575c1b17232e6526a644097cd798e5
9616Author: deraadt@openbsd.org <deraadt@openbsd.org>
9617Date: Fri Dec 8 03:45:52 2017 +0000
9618
9619 upstream commit
9620
9621 time_t printing needs %lld and (long long) casts ok djm
9622
9623 OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7
9624
9625commit fd4eeeec16537870bd40d04836c7906ec141c17d
9626Author: djm@openbsd.org <djm@openbsd.org>
9627Date: Fri Dec 8 02:14:33 2017 +0000
9628
9629 upstream commit
9630
9631 fix ordering in previous to ensure errno isn't clobbered
9632 before logging.
9633
9634 OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
9635
9636commit 155072fdb0d938015df828836beb2f18a294ab8a
9637Author: djm@openbsd.org <djm@openbsd.org>
9638Date: Fri Dec 8 02:13:02 2017 +0000
9639
9640 upstream commit
9641
9642 for some reason unix_listener() logged most errors twice
9643 with each message containing only some of the useful information; merge these
9644
9645 OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
9646
9647commit 79c0e1d29959304e5a49af1dbc58b144628c09f3
9648Author: Darren Tucker <dtucker@zip.com.au>
9649Date: Mon Dec 11 14:38:33 2017 +1100
9650
9651 Add autogenerated dependency info to Makefile.
9652
9653 Adds a .depend file containing dependency information generated by
9654 makedepend, which is appended to the generated Makefile by configure.
9655
9656 You can regen the file with "make -f Makefile.in depend" if necessary,
9657 but we'll be looking at some way to automatically keep this up to date.
9658
9659 "no objection" djm@
9660
9661commit f001de8fbf7f3faddddd8efd03df18e57601f7eb
9662Author: Darren Tucker <dtucker@zip.com.au>
9663Date: Mon Dec 11 13:42:51 2017 +1100
9664
9665 Fix pasto in ldns handling.
9666
9667 When ldns-config is not found, configure would check the wrong variable.
9668 ok djm@
9669
9670commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee
9671Author: Darren Tucker <dtucker@zip.com.au>
9672Date: Sat Dec 9 10:12:23 2017 +1100
9673
9674 Portable switched to git so s/CVS/git/.
9675
9676commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b
9677Author: Darren Tucker <dtucker@zip.com.au>
9678Date: Sat Dec 9 08:06:00 2017 +1100
9679
9680 Remove now-used check for perl.
9681
9682commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240
9683Author: djm@openbsd.org <djm@openbsd.org>
9684Date: Wed Dec 6 05:06:21 2017 +0000
9685
9686 upstream commit
9687
9688 don't accept junk after "yes" or "no" responses to
9689 hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
9690
9691 OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
9692
9693commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0
9694Author: dtucker@openbsd.org <dtucker@openbsd.org>
9695Date: Tue Dec 5 23:59:47 2017 +0000
9696
9697 upstream commit
9698
9699 Replace atoi and strtol conversions for integer arguments
9700 to config keywords with a checking wrapper around strtonum. This will
9701 prevent and flag invalid and negative arguments to these keywords. ok djm@
9702
9703 OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
9704
9705commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84
9706Author: dtucker@openbsd.org <dtucker@openbsd.org>
9707Date: Tue Dec 5 23:56:07 2017 +0000
9708
9709 upstream commit
9710
9711 Add missing break for rdomain. Prevents spurious
9712 "Deprecated option" warnings. ok djm@
9713
9714 OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a
9715
9716commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198
9717Author: djm@openbsd.org <djm@openbsd.org>
9718Date: Tue Dec 5 01:30:19 2017 +0000
9719
9720 upstream commit
9721
9722 include the addr:port in bind/listen failure messages
9723
9724 OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
9725
9726commit a8c89499543e2d889629c4e5e8dcf47a655cf889
9727Author: dtucker@openbsd.org <dtucker@openbsd.org>
9728Date: Wed Nov 29 05:49:54 2017 +0000
9729
9730 upstream commit
9731
9732 Import updated moduli.
9733
9734 OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a
9735
9736commit 3dde09ab38c8e1cfc28252be473541a81bc57097
9737Author: dtucker@openbsd.org <dtucker@openbsd.org>
9738Date: Tue Nov 28 21:10:22 2017 +0000
9739
9740 upstream commit
9741
9742 Have sftp print a warning about shell cleanliness when
9743 decoding the first packet fails, which is usually caused by shells polluting
9744 stdout of non-interactive starups. bz#2800, ok markus@ deraadt@.
9745
9746 OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5
9747
9748commit 6c8a246437f612ada8541076be2414846d767319
9749Author: Darren Tucker <dtucker@zip.com.au>
9750Date: Fri Dec 1 17:11:47 2017 +1100
9751
9752 Replace mkinstalldirs with mkdir -p.
9753
9754 Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir:
9755 cannot create directory:... File exists" during "make install".
9756 Patch from eb at emlix.com.
9757
9758commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023
9759Author: Darren Tucker <dtucker@zip.com.au>
9760Date: Fri Dec 1 17:07:08 2017 +1100
9761
9762 Pull in newer install-sh from autoconf-2.69.
9763
9764 Suggested by eb at emlix.com
9765
9766commit 79226e5413c5b0fda3511351a8511ff457e306d8
9767Author: Darren Tucker <dtucker@zip.com.au>
9768Date: Fri Dec 1 16:55:35 2017 +1100
9769
9770 Remove RSA1 host key generation.
9771
9772 SSH1 support is now gone, remove SSH1 key generation.
9773 Patch from eb at emlix.com.
9774
9775commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb
9776Author: djm@openbsd.org <djm@openbsd.org>
9777Date: Tue Nov 28 06:09:38 2017 +0000
9778
9779 upstream commit
9780
9781 more whitespace errors
9782
9783 OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb
9784
9785commit 7f257bf3fd3a759f31098960cbbd1453fafc4164
9786Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9787Date: Tue Nov 28 06:04:51 2017 +0000
9788
9789 upstream commit
9790
9791 whitespace at EOL
9792
9793 OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a
9794
9795commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4
9796Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
9797Date: Sat Nov 25 06:46:22 2017 +0000
9798
9799 upstream commit
9800
9801 Add monotime_ts and monotime_tv that return monotonic
9802 timespec and timeval respectively. Replace calls to gettimeofday() in packet
9803 timing with monotime_tv so that the callers will work over a clock step.
9804 Should prevent integer overflow during clock steps reported by wangle6 at
9805 huawei.com. "I like" markus@
9806
9807 OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
9808
9809commit 2d638e986085bdf1a40310ed6e2307463db96ea0
9810Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
9811Date: Sat Nov 25 05:58:47 2017 +0000
9812
9813 upstream commit
9814
9815 Remove get_current_time() and replace with calls to
9816 monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I
9817 like" markus@
9818
9819 OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952
9820
9821commit ba460acae48a36ef749cb23068f968f4d5d90a24
9822Author: Darren Tucker <dtucker@zip.com.au>
9823Date: Fri Nov 24 16:24:31 2017 +1100
9824
9825 Include string.h for explicit_bzero.
9826
9827commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff
9828Author: Damien Miller <djm@mindrot.org>
9829Date: Fri Nov 24 10:23:47 2017 +1100
9830
9831 fix incorrect range of OpenSSL versions supported
9832
9833 Pointed out by Solar Designer
9834
9835commit 83a1e5dbec52d05775174f368e0c44b08619a308
9836Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9837Date: Wed Nov 15 02:10:16 2017 +0000
9838
9839 upstream commit
9840
9841 downgrade a couple more request parsing errors from
9842 process-fatal to just returning failure, making them consistent with the
9843 others that were already like that.
9844
9845 OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
9846
9847commit 93c68a8f3da8e5e6acdc3396f54d73919165e242
9848Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9849Date: Wed Nov 15 00:13:40 2017 +0000
9850
9851 upstream commit
9852
9853 fix regression in 7.6: failure to parse a signature request
9854 message shouldn't be fatal to the process, just the request. Reported by Ron
9855 Frederick
9856
9857 OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
9858
9859commit 548d3a66feb64c405733932a6b1abeaf7198fa71
9860Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9861Date: Tue Nov 14 00:45:29 2017 +0000
9862
9863 upstream commit
9864
9865 fix problem in configuration parsing when in config dump mode
9866 (sshd -T) without providing a full connection specification (sshd -T -C ...)
9867
9868 spotted by bluhm@
9869
9870 OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
9871
9872commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88
9873Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9874Date: Fri Nov 3 05:18:44 2017 +0000
9875
9876 upstream commit
9877
9878 reuse parse_multistate for parse_flag (yes/no arguments).
9879 Saves a few lines of code and makes the parser more consistent wrt case-
9880 sensitivity. bz#2664 ok dtucker@
9881
9882 OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef
9883
9884commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9
9885Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9886Date: Fri Nov 3 05:14:04 2017 +0000
9887
9888 upstream commit
9889
9890 allow certificate validity intervals that specify only a
9891 start or stop time (we already support specifying both or neither)
9892
9893 OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
9894
9895commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91
9896Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9897Date: Fri Nov 3 03:46:52 2017 +0000
9898
9899 upstream commit
9900
9901 allow "cd" and "lcd" commands with no explicit path
9902 argument. lcd will change to the local user's home directory as usual. cd
9903 will change to the starting directory for session (because the protocol
9904 offers no way to obtain the remote user's home directory). bz#2760 ok
9905 dtucker@
9906
9907 OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
9908
9909commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e
9910Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
9911Date: Fri Nov 3 03:18:53 2017 +0000
9912
9913 upstream commit
9914
9915 When doing a config test with sshd -T, only require the
9916 attributes that are actually used in Match criteria rather than (an
9917 incomplete list of) all criteria. ok djm@, man page help jmc@
9918
9919 OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
9920
9921commit c357eed5a52cd2f4ff358b17e30e3f9a800644da
9922Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9923Date: Fri Nov 3 02:32:19 2017 +0000
9924
9925 upstream commit
9926
9927 typos in ECDSA certificate names; bz#2787 reported by
9928 Mike Gerow
9929
9930 OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163
9931
9932commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395
9933Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9934Date: Fri Nov 3 02:29:17 2017 +0000
9935
9936 upstream commit
9937
9938 Private keys in PEM format have been encrypted by AES-128 for
9939 a while (not 3DES). bz#2788 reported by Calum Mackay
9940
9941 OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a
9942
9943commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185
9944Author: Darren Tucker <dtucker@zip.com.au>
9945Date: Fri Nov 3 14:52:51 2017 +1100
9946
9947 Check for linux/if.h when enabling rdomain.
9948
9949 musl libc doesn't seem to have linux/if.h, so check for its presence
9950 before enabling rdomain support on Linux.
9951
9952commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f
9953Author: Darren Tucker <dtucker@zip.com.au>
9954Date: Fri Nov 3 14:09:45 2017 +1100
9955
9956 Add headers for sys/sysctl.h and net/route.h
9957
9958 On at least older OpenBSDs, sys/sysctl.h and net/route.h require
9959 sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME.
9960
9961commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb
9962Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9963Date: Fri Nov 3 02:22:41 2017 +0000
9964
9965 upstream commit
9966
9967 avoid unused variable warnings for !WITH_OPENSSL; patch from
9968 Marcus Folkesson
9969
9970 OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
9971
9972commit 6b373e4635a7470baa94253dd1dc8953663da9e8
9973Author: Marcus Folkesson <marcus.folkesson@gmail.com>
9974Date: Sat Oct 28 19:48:39 2017 +0200
9975
9976 only enable functions in dh.c when openssl is used
9977
9978 Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
9979
9980commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b
9981Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
9982Date: Wed Nov 1 00:04:15 2017 +0000
9983
9984 upstream commit
9985
9986 fix broken stdout in ControlPersist mode, introduced by me in
9987 r1.467 and reported by Alf Schlichting
9988
9989 OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509
9990
9991commit f21455a084f9cc3942cf1bde64055a4916849fed
9992Author: Darren Tucker <dtucker@zip.com.au>
9993Date: Tue Oct 31 10:09:33 2017 +1100
9994
9995 Include includes.h for HAVE_GETPAGESIZE.
9996
9997 The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
9998 config.h, but bsd-getpagesize.c forgot to include includes.h (which
9999 indirectly includes config.h) so the checks always fails, causing linker
10000 issues when linking statically on systems with getpagesize().
10001
10002 Patch from Peter Korsgaard <peter at korsgaard.com>
10003
10004commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5
10005Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
10006Date: Mon Oct 30 22:01:52 2017 +0000
10007
10008 upstream commit
10009
10010 whitespace at EOL
10011
10012 OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07
10013
10014commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e
10015Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
10016Date: Mon Oct 30 21:59:43 2017 +0000
10017
10018 upstream commit
10019
10020 whitespace at EOL
10021
10022 OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd
10023
10024commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3
10025Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org>
10026Date: Wed Oct 25 20:08:36 2017 +0000
10027
10028 upstream commit
10029
10030 Use printenv to test whether an SSH_USER_AUTH is set
10031 instead of using $SSH_USER_AUTH. The latter won't work with csh which treats
10032 unknown variables as an error when expanding them. OK markus@
10033
10034 OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1
10035
10036commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7
10037Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org>
10038Date: Tue Oct 24 19:33:32 2017 +0000
10039
10040 upstream commit
10041
10042 Add tests for URI parsing. OK markus@
10043
10044 OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b
10045
10046commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4
10047Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
10048Date: Fri Oct 27 01:57:06 2017 +0000
10049
10050 upstream commit
10051
10052 whitespace at EOL
10053
10054 OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6
10055
10056commit d2135474344335a7c6ee643b6ade6db400fa76ee
10057Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
10058Date: Fri Oct 27 01:01:17 2017 +0000
10059
10060 upstream commit
10061
10062 whitespace at EOL (lots)
10063
10064 OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747
10065
10066commit b77c29a07f5a02c7c1998701c73d92bde7ae1608
10067Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
10068Date: Fri Oct 27 00:18:41 2017 +0000
10069
10070 upstream commit
10071
10072 improve printing of rdomain on accept() a little
10073
10074 OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
10075
10076commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b
10077Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
10078Date: Thu Oct 26 06:44:01 2017 +0000
10079
10080 upstream commit
10081
10082 mark up the rdomain keyword;
10083
10084 OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a
10085
10086commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b
10087Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
10088Date: Wed Oct 25 06:19:46 2017 +0000
10089
10090 upstream commit
10091
10092 tweak the uri text, specifically removing some markup to
10093 make it a bit more readable;
10094
10095 issue reported by - and diff ok - millert
10096
10097 OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
10098
10099commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40
10100Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
10101Date: Wed Oct 25 06:18:06 2017 +0000
10102
10103 upstream commit
10104
10105 simplify macros in previous, and some minor tweaks;
10106
10107 OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca
10108
10109commit eb9c582b710dc48976b48eb2204218f6863bae9a
10110Author: Damien Miller <djm@mindrot.org>
10111Date: Tue Oct 31 00:46:29 2017 +1100
10112
10113 Switch upstream git repository.
10114
10115 Previously portable OpenSSH has synced against a conversion of OpenBSD's
10116 CVS repository made using the git cvsimport tool, but this has become
10117 increasingly unreliable.
10118
10119 As of this commit, portable OpenSSH now tracks a conversion of the
10120 OpenBSD CVS upstream made using the excellent cvs2gitdump tool from
10121 YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump
10122
10123 cvs2gitdump is considerably more reliable than gitcvsimport and the old
10124 version of cvsps that it uses under the hood, and is the same tool used
10125 to export the entire OpenBSD repository to git (so we know it can cope
10126 with future growth).
10127
10128 These new conversions are mirrored at github, so interested parties can
10129 match portable OpenSSH commits to their upstream counterparts.
10130
10131 https://github.com/djmdjm/openbsd-openssh-src
10132 https://github.com/djmdjm/openbsd-openssh-regress
10133
10134 An unfortunate side effect of switching upstreams is that we must have
10135 a flag day, across which the upstream commit IDs will be inconsistent.
10136 The old commit IDs are recorded with the tags "Upstream-ID" for main
10137 directory commits and "Upstream-Regress-ID" for regress commits.
10138
10139 To make it clear that the commit IDs do not refer to the same
10140 things, the new repository will instead use "OpenBSD-ID" and
10141 "OpenBSD-Regress-ID" tags instead.
10142
10143 Apart from being a longwinded explanation of what is going on, this
10144 commit message also serves to synchronise our tools with the state of
10145 the tree, which happens to be:
10146
10147 OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
10148 OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
10149
10150commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea
10151Author: Damien Miller <djm@mindrot.org>
10152Date: Fri Oct 27 08:42:33 2017 +1100
10153
10154 fix rdomain compilation errors
10155
10156commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab
10157Author: Damien Miller <djm@mindrot.org>
10158Date: Wed Oct 25 14:15:42 2017 +1100
10159
10160 autoconf glue to enable Linux VRF
10161
10162commit 97c5aaf925d61641d599071abb56012cde265978
10163Author: Damien Miller <djm@mindrot.org>
10164Date: Wed Oct 25 14:09:56 2017 +1100
10165
10166 basic valid_rdomain() implementation for Linux
10167
10168commit ce1cca39d7935dd394080ce2df62f5ce5b51f485
10169Author: Damien Miller <djm@mindrot.org>
10170Date: Wed Oct 25 13:47:59 2017 +1100
10171
10172 implement get/set_rdomain() for Linux
10173
10174 Not enabled, pending implementation of valid_rdomain() and autoconf glue
10175
10176commit 6eee79f9b8d4a3b113b698383948a119acb82415
10177Author: Damien Miller <djm@mindrot.org>
10178Date: Wed Oct 25 13:22:29 2017 +1100
10179
10180 stubs for rdomain replacement functions
10181
10182commit f5594f939f844bbb688313697d6676238da355b3
10183Author: Damien Miller <djm@mindrot.org>
10184Date: Wed Oct 25 13:13:57 2017 +1100
10185
10186 rename port-tun.[ch] => port-net.[ch]
10187
10188 Ahead of adding rdomain support
10189
10190commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb
10191Author: djm@openbsd.org <djm@openbsd.org>
10192Date: Wed Oct 25 02:10:39 2017 +0000
10193
10194 upstream commit
10195
10196 uninitialised variable in PermitTunnel printing code
10197
10198 Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
10199
10200commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f
10201Author: Damien Miller <djm@mindrot.org>
10202Date: Wed Oct 25 13:10:59 2017 +1100
10203
10204 provide hooks and fallbacks for rdomain support
10205
10206commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04
10207Author: Damien Miller <djm@mindrot.org>
10208Date: Wed Oct 25 11:25:43 2017 +1100
10209
10210 check for net/route.h and sys/sysctl.h
10211
10212commit 4d5456c7de108e17603a0920c4d15bca87244921
10213Author: djm@openbsd.org <djm@openbsd.org>
10214Date: Wed Oct 25 00:21:37 2017 +0000
10215
10216 upstream commit
10217
10218 transfer ownership of stdout to the session channel by
10219 dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
10220 the local side; reported by David Newall, ok markus@
10221
10222 Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
10223
10224commit 68af80e6fdeaeb79432209db614386ff0f37e75f
10225Author: djm@openbsd.org <djm@openbsd.org>
10226Date: Wed Oct 25 00:19:47 2017 +0000
10227
10228 upstream commit
10229
10230 add a "rdomain" criteria for the sshd_config Match
10231 keyword to allow conditional configuration that depends on which rdomain(4) a
10232 connection was recevied on. ok markus@
10233
10234 Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
10235
10236commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a
10237Author: djm@openbsd.org <djm@openbsd.org>
10238Date: Wed Oct 25 00:17:08 2017 +0000
10239
10240 upstream commit
10241
10242 add sshd_config RDomain keyword to place sshd and the
10243 subsequent user session (including the shell and any TCP/IP forwardings) into
10244 the specified rdomain(4)
10245
10246 ok markus@
10247
10248 Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
10249
10250commit acf559e1cffbd1d6167cc1742729fc381069f06b
10251Author: djm@openbsd.org <djm@openbsd.org>
10252Date: Wed Oct 25 00:15:35 2017 +0000
10253
10254 upstream commit
10255
10256 Add optional rdomain qualifier to sshd_config's
10257 ListenAddress option to allow listening on a different rdomain(4), e.g.
10258
10259 ListenAddress 0.0.0.0 rdomain 4
10260
10261 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
10262
10263commit b9903ee8ee8671b447fc260c2bee3761e26c7227
10264Author: millert@openbsd.org <millert@openbsd.org>
10265Date: Tue Oct 24 19:41:45 2017 +0000
10266
10267 upstream commit
10268
10269 Kill dead store and some spaces vs. tabs indent in
10270 parse_user_host_path(). Noticed by markus@
10271
10272 Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
10273
10274commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800
10275Author: jmc@openbsd.org <jmc@openbsd.org>
10276Date: Tue Oct 24 06:27:42 2017 +0000
10277
10278 upstream commit
10279
10280 tweak previous; ok djm
10281
10282 Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
10283
10284commit e3fa20e2e58fdc88a0e842358778f2de448b771b
10285Author: Damien Miller <djm@mindrot.org>
10286Date: Mon Oct 23 16:25:24 2017 +1100
10287
10288 avoid -Wsign-compare warning in argv copying
10289
10290commit b7548b12a6b2b4abf4d057192c353147e0abba08
10291Author: djm@openbsd.org <djm@openbsd.org>
10292Date: Mon Oct 23 05:08:00 2017 +0000
10293
10294 upstream commit
10295
10296 Expose devices allocated for tun/tap forwarding.
10297
10298 At the client, the device may be obtained from a new %T expansion
10299 for LocalCommand.
10300
10301 At the server, the allocated devices will be listed in a
10302 SSH_TUNNEL variable exposed to the environment of any user sessions
10303 started after the tunnel forwarding was established.
10304
10305 ok markus
10306
10307 Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
10308
10309commit 887669ef032d63cf07f53cada216fa8a0c9a7d72
10310Author: millert@openbsd.org <millert@openbsd.org>
10311Date: Sat Oct 21 23:06:24 2017 +0000
10312
10313 upstream commit
10314
10315 Add URI support to ssh, sftp and scp. For example
10316 ssh://user@host or sftp://user@host/path. The connection parameters
10317 described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
10318 the ssh fingerprint format in the draft uses md5 with no way to specify the
10319 hash function type. OK djm@
10320
10321 Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
10322
10323commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98
10324Author: Damien Miller <djm@mindrot.org>
10325Date: Fri Oct 20 13:22:00 2017 +1100
10326
10327 Fix missed RCSID merges
10328
10329commit d3b6aeb546242c9e61721225ac4387d416dd3d5e
10330Author: djm@openbsd.org <djm@openbsd.org>
10331Date: Fri Oct 20 02:13:41 2017 +0000
10332
10333 upstream commit
10334
10335 more RCSIDs
10336
10337 Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
10338
10339commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a
10340Author: djm@openbsd.org <djm@openbsd.org>
10341Date: Fri Oct 20 01:56:39 2017 +0000
10342
10343 upstream commit
10344
10345 add RCSIDs to these; they make syncing portable a bit
10346 easier
10347
10348 Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
10349
10350commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464
10351Author: Damien Miller <djm@mindrot.org>
10352Date: Fri Oct 20 12:54:15 2017 +1100
10353
10354 upstream commit
10355
10356 Apply missing commit 1.11 to kexc25519s.c
10357
10358 Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
10359
10360commit 6f72280553cb6918859ebcacc717f2d2fafc1a27
10361Author: Damien Miller <djm@mindrot.org>
10362Date: Fri Oct 20 12:52:50 2017 +1100
10363
10364 upstream commit
10365
10366 Apply missing commit 1.127 to servconf.h
10367
10368 Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
10369
10370commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc
10371Author: jmc@openbsd.org <jmc@openbsd.org>
10372Date: Wed Oct 18 05:36:59 2017 +0000
10373
10374 upstream commit
10375
10376 remove unused Pp;
10377
10378 Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
10379
10380commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14
10381Author: djm@openbsd.org <djm@openbsd.org>
10382Date: Wed Oct 18 02:49:44 2017 +0000
10383
10384 upstream commit
10385
10386 In the description of pattern-lists, clarify negated
10387 matches by explicitly stating that a negated match will never yield a
10388 positive result, and that at least one positive term in the pattern-list must
10389 match. bz#1918
10390
10391 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
10392
10393commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd
10394Author: djm@openbsd.org <djm@openbsd.org>
10395Date: Fri Oct 13 21:13:54 2017 +0000
10396
10397 upstream commit
10398
10399 log debug messages sent to peer; ok deraadt markus
10400
10401 Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
10402
10403commit 071325f458d615d7740da5c1c1d5a8b68a0b4605
10404Author: jmc@openbsd.org <jmc@openbsd.org>
10405Date: Fri Oct 13 16:50:45 2017 +0000
10406
10407 upstream commit
10408
10409 trim permitrootlogin description somewhat, to avoid
10410 ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
10411 myself
10412
10413 ok sthen schwarze deraadt
10414
10415 Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
10416
10417commit 10727487becb897a15f658e0cb2d05466236e622
10418Author: djm@openbsd.org <djm@openbsd.org>
10419Date: Fri Oct 13 06:45:18 2017 +0000
10420
10421 upstream commit
10422
10423 mention SSH_USER_AUTH in the list of environment
10424 variables
10425
10426 Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
10427
10428commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2
10429Author: djm@openbsd.org <djm@openbsd.org>
10430Date: Fri Oct 13 06:24:51 2017 +0000
10431
10432 upstream commit
10433
10434 BIO_get_mem_data() is supposed to take a char* as pointer
10435 argument, so don't pass it a const char*
10436
10437 Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
10438
10439commit cfa46825b5ef7097373ed8e31b01a4538a8db565
10440Author: benno@openbsd.org <benno@openbsd.org>
10441Date: Mon Oct 9 20:12:51 2017 +0000
10442
10443 upstream commit
10444
10445 clarify the order in which config statements are used. ok
10446 jmc@ djm@
10447
10448 Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
10449
10450commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5
10451Author: djm@openbsd.org <djm@openbsd.org>
10452Date: Thu Oct 5 15:52:03 2017 +0000
10453
10454 upstream commit
10455
10456 replace statically-sized arrays in ServerOptions with
10457 dynamic ones managed by xrecallocarray, removing some arbitrary (though
10458 large) limits and saving a bit of memory; "much nicer" markus@
10459
10460 Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
10461
10462commit 2b4f3ab050c2aaf6977604dd037041372615178d
10463Author: jmc@openbsd.org <jmc@openbsd.org>
10464Date: Thu Oct 5 12:56:50 2017 +0000
10465
10466 upstream commit
10467
10468 %C is hashed; from klemens nanni ok markus
10469
10470 Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
diff --git a/INSTALL b/INSTALL
index 814768791..23bcf384c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,28 +7,35 @@ options. Some notes about specific compilers:
7 - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime 7 - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
8 (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure) 8 (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
9 9
10You will need working installations of Zlib and libcrypto (LibreSSL / 10To support Privilege Separation (which is now required) you will need
11OpenSSL) 11to create the user, group and directory used by sshd for privilege
12separation. See README.privsep for details.
13
12 14
15The remaining items are optional.
16
17A working installation of zlib:
13Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): 18Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
14http://www.gzip.org/zlib/ 19http://www.gzip.org/zlib/
15 20
16libcrypto from either of: 21libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
22is supported but severely restricts the avilable ciphers and algorithms.
17 - LibreSSL (https://www.libressl.org/) 23 - LibreSSL (https://www.libressl.org/)
18 - OpenSSL (https://www.openssl.org) with any of the following versions: 24 - OpenSSL (https://www.openssl.org) with any of the following versions:
19 - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 25 - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
20 26
21LibreSSL/OpenSSL should be compiled as a position-independent library 27Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
22(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. 281.1.0g can't be used.
23If you must use a non-position-independent libcrypto, then you may need
24to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
25OpenSSL 1.1 versions prior to 1.1.0g can't be used.
26 29
27To support Privilege Separation (which is now required) you will need 30LibreSSL/OpenSSL should be compiled as a position-independent library
28to create the user, group and directory used by sshd for privilege 31(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
29separation. See README.privsep for details. 32or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
33be able to link with it. If you must use a non-position-independent
34libcrypto, then you may need to configure OpenSSH --without-pie.
30 35
31The remaining items are optional. 36If you build either from source, running the OpenSSL self-test ("make
37tests") or the LibreSSL equivalent ("make check") and ensuring that all
38tests pass is strongly recommended.
32 39
33NB. If you operating system supports /dev/random, you should configure 40NB. If you operating system supports /dev/random, you should configure
34libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's 41libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
@@ -53,7 +60,7 @@ PAM:
53 60
54OpenSSH can utilise Pluggable Authentication Modules (PAM) if your 61OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
55system supports it. PAM is standard most Linux distributions, Solaris, 62system supports it. PAM is standard most Linux distributions, Solaris,
56HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD. 63HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
57 64
58Information about the various PAM implementations are available: 65Information about the various PAM implementations are available:
59 66
@@ -110,6 +117,15 @@ If you are making significant changes to the code you may need to rebuild
110the dependency (.depend) file using "make depend", which requires the 117the dependency (.depend) file using "make depend", which requires the
111"makedepend" tool from the X11 distribution. 118"makedepend" tool from the X11 distribution.
112 119
120libfido2:
121
122libfido2 allows the use of hardware security keys over USB. libfido2
123in turn depends on libcbor.
124
125https://github.com/Yubico/libfido2
126https://github.com/pjk/libcbor
127
128
1132. Building / Installation 1292. Building / Installation
114-------------------------- 130--------------------------
115 131
@@ -236,7 +252,7 @@ to generate keys for all supported types.
236 252
237Replacing /etc/ssh with the correct path to the configuration directory. 253Replacing /etc/ssh with the correct path to the configuration directory.
238(${prefix}/etc or whatever you specified with --sysconfdir during 254(${prefix}/etc or whatever you specified with --sysconfdir during
239configuration) 255configuration).
240 256
241If you have configured OpenSSH with EGD support, ensure that EGD is 257If you have configured OpenSSH with EGD support, ensure that EGD is
242running and has collected some Entropy. 258running and has collected some Entropy.
diff --git a/Makefile.in b/Makefile.in
index 9b8a42c1e..bff1db49b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,6 +24,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
24SFTP_SERVER=$(libexecdir)/sftp-server 24SFTP_SERVER=$(libexecdir)/sftp-server
25SSH_KEYSIGN=$(libexecdir)/ssh-keysign 25SSH_KEYSIGN=$(libexecdir)/ssh-keysign
26SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper 26SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
27SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
27PRIVSEP_PATH=@PRIVSEP_PATH@ 28PRIVSEP_PATH=@PRIVSEP_PATH@
28SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ 29SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
29STRIP_OPT=@STRIP_OPT@ 30STRIP_OPT=@STRIP_OPT@
@@ -35,19 +36,23 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
35 -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ 36 -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
36 -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ 37 -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
37 -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ 38 -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
39 -D_PATH_SSH_SK_HELPER=\"$(SSH_SK_HELPER)\" \
38 -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ 40 -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
39 -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" 41 -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
40 42
41CC=@CC@ 43CC=@CC@
42LD=@LD@ 44LD=@LD@
43CFLAGS=@CFLAGS@ 45CFLAGS=@CFLAGS@
46CFLAGS_NOPIE=@CFLAGS_NOPIE@
44CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ 47CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
48PICFLAG=@PICFLAG@
45LIBS=@LIBS@ 49LIBS=@LIBS@
46K5LIBS=@K5LIBS@ 50K5LIBS=@K5LIBS@
47GSSLIBS=@GSSLIBS@ 51GSSLIBS=@GSSLIBS@
48SSHLIBS=@SSHLIBS@ 52SSHLIBS=@SSHLIBS@
49SSHDLIBS=@SSHDLIBS@ 53SSHDLIBS=@SSHDLIBS@
50LIBEDIT=@LIBEDIT@ 54LIBEDIT=@LIBEDIT@
55LIBFIDO2=@LIBFIDO2@
51AR=@AR@ 56AR=@AR@
52AWK=@AWK@ 57AWK=@AWK@
53RANLIB=@RANLIB@ 58RANLIB=@RANLIB@
@@ -56,11 +61,14 @@ SED=@SED@
56ENT=@ENT@ 61ENT=@ENT@
57XAUTH_PATH=@XAUTH_PATH@ 62XAUTH_PATH=@XAUTH_PATH@
58LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ 63LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
64LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
59EXEEXT=@EXEEXT@ 65EXEEXT=@EXEEXT@
60MANFMT=@MANFMT@ 66MANFMT=@MANFMT@
61MKDIR_P=@MKDIR_P@ 67MKDIR_P=@MKDIR_P@
62 68
63TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) 69.SUFFIXES: .lo
70
71TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
64 72
65XMSS_OBJS=\ 73XMSS_OBJS=\
66 ssh-xmss.o \ 74 ssh-xmss.o \
@@ -91,21 +99,24 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
91 log.o match.o moduli.o nchan.o packet.o \ 99 log.o match.o moduli.o nchan.o packet.o \
92 readpass.o ttymodes.o xmalloc.o addrmatch.o \ 100 readpass.o ttymodes.o xmalloc.o addrmatch.o \
93 atomicio.o dispatch.o mac.o misc.o utf8.o \ 101 atomicio.o dispatch.o mac.o misc.o utf8.o \
94 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ 102 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \
103 ssh-ed25519-sk.o ssh-rsa.o dh.o \
95 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ 104 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
96 ssh-pkcs11.o smult_curve25519_ref.o \ 105 ssh-pkcs11.o smult_curve25519_ref.o \
97 poly1305.o chacha.o cipher-chachapoly.o \ 106 poly1305.o chacha.o cipher-chachapoly.o \
98 ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ 107 ssh-ed25519.o digest-openssl.o digest-libc.o \
99 sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ 108 hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
100 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ 109 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
101 kexgexc.o kexgexs.o \ 110 kexgexc.o kexgexs.o \
102 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ 111 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
103 kexgssc.o \ 112 kexgssc.o \
104 platform-pledge.o platform-tracing.o platform-misc.o 113 sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
114 sshbuf-io.o
105 115
116SKOBJS= ssh-sk-client.o
106 117
107SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ 118SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
108 sshconnect.o sshconnect2.o mux.o 119 sshconnect.o sshconnect2.o mux.o $(SKOBJS)
109 120
110SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ 121SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
111 audit.o audit-bsm.o audit-linux.o platform.o \ 122 audit.o audit-bsm.o audit-linux.o platform.o \
@@ -117,13 +128,33 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
117 monitor.o monitor_wrap.o auth-krb5.o \ 128 monitor.o monitor_wrap.o auth-krb5.o \
118 auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ 129 auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
119 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ 130 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
120 sftp-server.o sftp-common.o sftp-realpath.o \ 131 sftp-server.o sftp-common.o \
121 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 132 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
122 sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ 133 sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
123 sandbox-solaris.o uidswap.o 134 sandbox-solaris.o uidswap.o $(SKOBJS)
135
136SCP_OBJS= scp.o progressmeter.o
137
138SSHADD_OBJS= ssh-add.o $(SKOBJS)
139
140SSHAGENT_OBJS= ssh-agent.o ssh-pkcs11-client.o $(SKOBJS)
141
142SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o $(SKOBJS)
143
144SSHKEYSIGN_OBJS=ssh-keysign.o readconf.o uidswap.o $(SKOBJS)
145
146P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o $(SKOBJS)
147
148SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o
149
150SSHKEYSCAN_OBJS=ssh-keyscan.o $(SKOBJS)
124 151
125MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out 152SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o
126MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 153
154SFTP_OBJS= sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
155
156MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
157MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
127MANTYPE = @MANTYPE@ 158MANTYPE = @MANTYPE@
128 159
129CONFIGFILES=sshd_config.out ssh_config.out moduli.out 160CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -181,32 +212,35 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
181sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) 212sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
182 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) 213 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
183 214
184scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o 215scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
185 $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 216 $(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
217
218ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS)
219 $(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
186 220
187ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o 221ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS)
188 $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 222 $(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
189 223
190ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o 224ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS)
191 $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 225 $(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
192 226
193ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o 227ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSIGN_OBJS)
194 $(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 228 $(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
195 229
196ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o 230ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS)
197 $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 231 $(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
198 232
199ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o 233ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
200 $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 234 $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
201 235
202ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o 236ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
203 $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) 237 $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
204 238
205sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-realpath.o sftp-server-main.o 239sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
206 $(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 240 $(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
207 241
208sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o 242sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
209 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) 243 $(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
210 244
211# test driver for the loginrec code - not built by default 245# test driver for the loginrec code - not built by default
212logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o 246logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
@@ -234,7 +268,7 @@ moduli:
234 echo 268 echo
235 269
236clean: regressclean 270clean: regressclean
237 rm -f *.o *.a $(TARGETS) logintest config.cache config.log 271 rm -f *.o *.lo *.a $(TARGETS) logintest config.cache config.log
238 rm -f *.out core survey 272 rm -f *.out core survey
239 rm -f regress/check-perm$(EXEEXT) 273 rm -f regress/check-perm$(EXEEXT)
240 rm -f regress/mkdtemp$(EXEEXT) 274 rm -f regress/mkdtemp$(EXEEXT)
@@ -258,6 +292,9 @@ clean: regressclean
258 rm -f regress/unittests/utf8/test_utf8$(EXEEXT) 292 rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
259 rm -f regress/misc/kexfuzz/*.o 293 rm -f regress/misc/kexfuzz/*.o
260 rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT) 294 rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
295 rm -f regress/misc/sk-dummy/*.o
296 rm -f regress/misc/sk-dummy/*.lo
297 rm -f regress/misc/sk-dummy/sk-dummy.so
261 (cd openbsd-compat && $(MAKE) clean) 298 (cd openbsd-compat && $(MAKE) clean)
262 299
263distclean: regressclean 300distclean: regressclean
@@ -317,6 +354,8 @@ depend-rebuild:
317 rm -f config.h 354 rm -f config.h
318 touch config.h 355 touch config.h
319 makedepend -w1000 -Y. -f .depend *.c 2>/dev/null 356 makedepend -w1000 -Y. -f .depend *.c 2>/dev/null
357 (head -2 .depend; tail +3 .depend | sort) >.depend.tmp
358 mv .depend.tmp .depend
320 rm -f config.h 359 rm -f config.h
321 360
322depend-check: depend-rebuild 361depend-check: depend-rebuild
@@ -350,6 +389,7 @@ install-files:
350 $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) 389 $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
351 $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) 390 $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
352 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) 391 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
392 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
353 $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) 393 $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
354 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) 394 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
355 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 395 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
@@ -367,6 +407,7 @@ install-files:
367 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 407 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
368 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 408 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
369 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 409 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
410 $(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
370 411
371install-sysconf: 412install-sysconf:
372 $(MKDIR_P) $(DESTDIR)$(sysconfdir) 413 $(MKDIR_P) $(DESTDIR)$(sysconfdir)
@@ -427,6 +468,7 @@ uninstall:
427 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) 468 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
428 -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) 469 -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
429 -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) 470 -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
471 -rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
430 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 472 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
431 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 473 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
432 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 474 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -438,6 +480,7 @@ uninstall:
438 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 480 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
439 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 481 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
440 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 482 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
483 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
441 484
442regress-prep: 485regress-prep:
443 $(MKDIR_P) `pwd`/regress/unittests/test_helper 486 $(MKDIR_P) `pwd`/regress/unittests/test_helper
@@ -450,6 +493,7 @@ regress-prep:
450 $(MKDIR_P) `pwd`/regress/unittests/match 493 $(MKDIR_P) `pwd`/regress/unittests/match
451 $(MKDIR_P) `pwd`/regress/unittests/utf8 494 $(MKDIR_P) `pwd`/regress/unittests/utf8
452 $(MKDIR_P) `pwd`/regress/misc/kexfuzz 495 $(MKDIR_P) `pwd`/regress/misc/kexfuzz
496 $(MKDIR_P) `pwd`/regress/misc/sk-dummy
453 [ -f `pwd`/regress/Makefile ] || \ 497 [ -f `pwd`/regress/Makefile ] || \
454 ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile 498 ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
455 499
@@ -504,7 +548,8 @@ UNITTESTS_TEST_SSHKEY_OBJS=\
504 regress/unittests/sshkey/tests.o \ 548 regress/unittests/sshkey/tests.o \
505 regress/unittests/sshkey/common.o \ 549 regress/unittests/sshkey/common.o \
506 regress/unittests/sshkey/test_file.o \ 550 regress/unittests/sshkey/test_file.o \
507 regress/unittests/sshkey/test_sshkey.o 551 regress/unittests/sshkey/test_sshkey.o \
552 $(SKOBJS)
508 553
509regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \ 554regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
510 regress/unittests/test_helper/libtest_helper.a libssh.a 555 regress/unittests/test_helper/libtest_helper.a libssh.a
@@ -533,7 +578,8 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \
533 578
534UNITTESTS_TEST_KEX_OBJS=\ 579UNITTESTS_TEST_KEX_OBJS=\
535 regress/unittests/kex/tests.o \ 580 regress/unittests/kex/tests.o \
536 regress/unittests/kex/test_kex.o 581 regress/unittests/kex/test_kex.o \
582 $(SKOBJS)
537 583
538regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ 584regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
539 regress/unittests/test_helper/libtest_helper.a libssh.a 585 regress/unittests/test_helper/libtest_helper.a libssh.a
@@ -543,7 +589,8 @@ regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
543 589
544UNITTESTS_TEST_HOSTKEYS_OBJS=\ 590UNITTESTS_TEST_HOSTKEYS_OBJS=\
545 regress/unittests/hostkeys/tests.o \ 591 regress/unittests/hostkeys/tests.o \
546 regress/unittests/hostkeys/test_iterate.o 592 regress/unittests/hostkeys/test_iterate.o \
593 $(SKOBJS)
547 594
548regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ 595regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
549 ${UNITTESTS_TEST_HOSTKEYS_OBJS} \ 596 ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
@@ -573,18 +620,33 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \
573 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 620 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
574 621
575MISC_KEX_FUZZ_OBJS=\ 622MISC_KEX_FUZZ_OBJS=\
576 regress/misc/kexfuzz/kexfuzz.o 623 regress/misc/kexfuzz/kexfuzz.o \
624 $(SKOBJS)
577 625
578regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a 626regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
579 $(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \ 627 $(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
580 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 628 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
581 629
630# These all need to be compiled -fPIC, so they are treated differently.
631SK_DUMMY_OBJS=\
632 regress/misc/sk-dummy/sk-dummy.lo \
633 regress/misc/sk-dummy/fatal.lo \
634 ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo
635
636.c.lo: Makefile.in config.h
637 $(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $< -o $@
638
639regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
640 $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \
641 -L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS)
642
582regress-binaries: regress-prep $(LIBCOMPAT) \ 643regress-binaries: regress-prep $(LIBCOMPAT) \
583 regress/modpipe$(EXEEXT) \ 644 regress/modpipe$(EXEEXT) \
584 regress/setuid-allowed$(EXEEXT) \ 645 regress/setuid-allowed$(EXEEXT) \
585 regress/netcat$(EXEEXT) \ 646 regress/netcat$(EXEEXT) \
586 regress/check-perm$(EXEEXT) \ 647 regress/check-perm$(EXEEXT) \
587 regress/mkdtemp$(EXEEXT) 648 regress/mkdtemp$(EXEEXT) \
649 regress/misc/sk-dummy/sk-dummy.so
588 650
589regress-unit-binaries: regress-prep $(REGRESSLIBS) \ 651regress-unit-binaries: regress-prep $(REGRESSLIBS) \
590 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ 652 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
@@ -617,10 +679,13 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
617 TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \ 679 TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
618 TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \ 680 TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
619 TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \ 681 TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
682 TEST_SSH_SSHSKHELPER="$${BUILDDIR}/ssh-sk-helper"; \
620 TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \ 683 TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
621 TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \ 684 TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
622 TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \ 685 TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
623 TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \ 686 TEST_SSH_PKCS11_HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
687 TEST_SSH_SK_HELPER="$${BUILDDIR}/ssh-sk-helper"; \
688 TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
624 TEST_SSH_PLINK="plink"; \ 689 TEST_SSH_PLINK="plink"; \
625 TEST_SSH_PUTTYGEN="puttygen"; \ 690 TEST_SSH_PUTTYGEN="puttygen"; \
626 TEST_SSH_CONCH="conch"; \ 691 TEST_SSH_CONCH="conch"; \
@@ -645,6 +710,8 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
645 TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \ 710 TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
646 TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \ 711 TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
647 TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ 712 TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
713 TEST_SSH_PKCS11_HELPER="$${TEST_SSH_PKCS11_HELPER}" \
714 TEST_SSH_SK_HELPER="$${TEST_SSH_SK_HELPER}" \
648 TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ 715 TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
649 TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \ 716 TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
650 TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \ 717 TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 48338e671..1fce87006 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -280,6 +280,13 @@ their data fields are:
280 280
281Name Format Description 281Name Format Description
282----------------------------------------------------------------------------- 282-----------------------------------------------------------------------------
283no-presence-required empty Flag indicating that signatures made
284 with this certificate need not assert
285 user presence. This option only make
286 sense for the U2F/FIDO security key
287 types that support this feature in
288 their signature formats.
289
283permit-X11-forwarding empty Flag indicating that X11 forwarding 290permit-X11-forwarding empty Flag indicating that X11 forwarding
284 should be permitted. X11 forwarding will 291 should be permitted. X11 forwarding will
285 be refused if this option is absent. 292 be refused if this option is absent.
@@ -304,4 +311,4 @@ permit-user-rc empty Flag indicating that execution of
304 of this script will not be permitted if 311 of this script will not be permitted if
305 this option is not present. 312 this option is not present.
306 313
307$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $ 314$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
new file mode 100644
index 000000000..748111d56
--- /dev/null
+++ b/PROTOCOL.u2f
@@ -0,0 +1,337 @@
1This document describes OpenSSH's support for U2F/FIDO security keys.
2
3Background
4----------
5
6U2F is an open standard for two-factor authentication hardware, widely
7used for user authentication to websites. U2F tokens are ubiquitous,
8available from a number of manufacturers and are currently by far the
9cheapest way for users to achieve hardware-backed credential storage.
10
11The U2F protocol however cannot be trivially used as an SSH protocol key
12type as both the inputs to the signature operation and the resultant
13signature differ from those specified for SSH. For similar reasons,
14integration of U2F devices cannot be achieved via the PKCS#11 API.
15
16U2F also offers a number of features that are attractive in the context
17of SSH authentication. They can be configured to require indication
18of "user presence" for each signature operation (typically achieved
19by requiring the user touch the key). They also offer an attestation
20mechanism at key enrollment time that can be used to prove that a
21given key is backed by hardware. Finally the signature format includes
22a monotonic signature counter that can be used (at scale) to detect
23concurrent use of a private key, should it be extracted from hardware.
24
25U2F private keys are generated through an enrollment operation,
26which takes an application ID - a URL-like string, typically "ssh:"
27in this case, but a HTTP origin for the case of web authentication,
28and a challenge string (typically randomly generated). The enrollment
29operation returns a public key, a key handle that must be used to invoke
30the hardware-backed private key, some flags and signed attestation
31information that may be used to verify that a private key is hosted on a
32particular hardware instance.
33
34It is common for U2F hardware to derive private keys from the key handle
35in conjunction with a small per-device secret that is unique to the
36hardware, thus requiring little on-device storage for an effectively
37unlimited number of supported keys. This drives the requirement that
38the key handle be supplied for each signature operation. U2F tokens
39primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
40standard specifies additional key types, including one based on Ed25519.
41
42SSH U2F Key formats
43-------------------
44
45OpenSSH integrates U2F as new key and corresponding certificate types:
46
47 sk-ecdsa-sha2-nistp256@openssh.com
48 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
49 sk-ssh-ed25519@openssh.com
50 sk-ssh-ed25519-cert-v01@openssh.com
51
52While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
53keys require extra information in the public and private keys, and in
54the signature object itself. As such they cannot be made compatible with
55the existing ecdsa-sha2-nistp* key types.
56
57The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is:
58
59 string "sk-ecdsa-sha2-nistp256@openssh.com"
60 string curve name
61 ec_point Q
62 string application (user-specified, but typically "ssh:")
63
64The corresponding private key contains:
65
66 string "sk-ecdsa-sha2-nistp256@openssh.com"
67 string curve name
68 ec_point Q
69 string application (user-specified, but typically "ssh:")
70 uint8 flags
71 string key_handle
72 string reserved
73
74The format of a sk-ssh-ed25519@openssh.com public key is:
75
76 string "sk-ssh-ed25519@openssh.com"
77 string public key
78 string application (user-specified, but typically "ssh:")
79
80With a private half consisting of:
81
82 string "sk-ssh-ed25519@openssh.com"
83 string public key
84 string application (user-specified, but typically "ssh:")
85 uint8 flags
86 string key_handle
87 string reserved
88
89The certificate form for SSH U2F keys appends the usual certificate
90information to the public key:
91
92 string "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
93 string nonce
94 string curve name
95 ec_point Q
96 string application
97 uint64 serial
98 uint32 type
99 string key id
100 string valid principals
101 uint64 valid after
102 uint64 valid before
103 string critical options
104 string extensions
105 string reserved
106 string signature key
107 string signature
108
109and for security key ed25519 certificates:
110
111 string "sk-ssh-ed25519-cert-v01@openssh.com"
112 string nonce
113 string public key
114 string application
115 uint64 serial
116 uint32 type
117 string key id
118 string valid principals
119 uint64 valid after
120 uint64 valid before
121 string critical options
122 string extensions
123 string reserved
124 string signature key
125 string signature
126
127Both security key certificates use the following encoding for private keys:
128
129 string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com")
130 string pubkey (the above key/cert structure)
131 string application
132 uint8 flags
133 string key_handle
134 string reserved
135
136During key generation, the hardware also returns attestation information
137that may be used to cryptographically prove that a given key is
138hardware-backed. Unfortunately, the protocol required for this proof is
139not privacy-preserving and may be used to identify U2F tokens with at
140least manufacturer and batch number granularity. For this reason, we
141choose not to include this information in the public key or save it by
142default.
143
144Attestation information is useful for out-of-band key and certificate
145registration worksflows, e.g. proving to a CA that a key is backed
146by trusted hardware before it will issue a certificate. To support this
147case, OpenSSH optionally allows retaining the attestation information
148at the time of key generation. It will take the following format:
149
150 string "ssh-sk-attest-v00"
151 string attestation certificate
152 string enrollment signature
153 uint32 reserved flags
154 string reserved string
155
156OpenSSH treats the attestation certificate and enrollment signatures as
157opaque objects and does no interpretation of them itself.
158
159SSH U2F signatures
160------------------
161
162In addition to the message to be signed, the U2F signature operation
163requires the key handle and a few additional parameters. The signature
164is signed over a blob that consists of:
165
166 byte[32] SHA256(application)
167 byte flags (including "user present", extensions present)
168 uint32 counter
169 byte[] extensions
170 byte[32] SHA256(message)
171
172No extensons are yet defined for SSH use. If any are defined in the future,
173it will be possible to infer their presence from the contents of the "flags"
174value.
175
176The signature returned from U2F hardware takes the following format:
177
178 byte flags (including "user present")
179 uint32 counter
180 byte[] ecdsa_signature (in X9.62 format).
181
182For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
183format data in the pre-authentication attack surface. Therefore, the
184signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
185be reformatted to better match the existing signature encoding:
186
187 string "sk-ecdsa-sha2-nistp256@openssh.com"
188 string ecdsa_signature
189 byte flags
190 uint32 counter
191
192Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
193encoding:
194
195 mpint r
196 mpint s
197
198For Ed25519 keys the signature is encoded as:
199
200 string "sk-ssh-ed25519@openssh.com"
201 string signature
202 byte flags
203 uint32 counter
204
205ssh-agent protocol extensions
206-----------------------------
207
208ssh-agent requires a protocol extension to support U2F keys. At
209present the closest analogue to Security Keys in ssh-agent are PKCS#11
210tokens, insofar as they require a middleware library to communicate with
211the device that holds the keys. Unfortunately, the protocol message used
212to add PKCS#11 keys to ssh-agent does not include any way to send the
213key handle to the agent as U2F keys require.
214
215To avoid this, without having to add wholly new messages to the agent
216protocol, we will use the existing SSH2_AGENTC_ADD_ID_CONSTRAINED message
217with a new key constraint extension to encode a path to the middleware
218library for the key. The format of this constraint extension would be:
219
220 byte SSH_AGENT_CONSTRAIN_EXTENSION
221 string sk-provider@openssh.com
222 string middleware path
223
224This constraint-based approach does not present any compatibility
225problems.
226
227OpenSSH integration
228-------------------
229
230U2F tokens may be attached via a number of means, including USB and NFC.
231The USB interface is standardised around a HID protocol, but we want to
232be able to support other transports as well as dummy implementations for
233regress testing. For this reason, OpenSSH shall support a dynamically-
234loaded middleware libraries to communicate with security keys, but offer
235support for the common case of USB HID security keys internally.
236
237The middleware library need only expose a handful of functions:
238
239 #define SSH_SK_VERSION_MAJOR 0x00040000 /* API version */
240 #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
241
242 /* Flags */
243 #define SSH_SK_USER_PRESENCE_REQD 0x01
244 #define SSH_SK_USER_VERIFICATION_REQD 0x04
245 #define SSH_SK_RESIDENT_KEY 0x20
246
247 /* Algs */
248 #define SSH_SK_ECDSA 0x00
249 #define SSH_SK_ED25519 0x01
250
251 /* Error codes */
252 #define SSH_SK_ERR_GENERAL -1
253 #define SSH_SK_ERR_UNSUPPORTED -2
254 #define SSH_SK_ERR_PIN_REQUIRED -3
255 #define SSH_SK_ERR_DEVICE_NOT_FOUND -4
256
257 struct sk_enroll_response {
258 uint8_t *public_key;
259 size_t public_key_len;
260 uint8_t *key_handle;
261 size_t key_handle_len;
262 uint8_t *signature;
263 size_t signature_len;
264 uint8_t *attestation_cert;
265 size_t attestation_cert_len;
266 };
267
268 struct sk_sign_response {
269 uint8_t flags;
270 uint32_t counter;
271 uint8_t *sig_r;
272 size_t sig_r_len;
273 uint8_t *sig_s;
274 size_t sig_s_len;
275 };
276
277 struct sk_resident_key {
278 uint32_t alg;
279 size_t slot;
280 char *application;
281 struct sk_enroll_response key;
282 };
283
284 struct sk_option {
285 char *name;
286 char *value;
287 uint8_t important;
288 };
289
290 /* Return the version of the middleware API */
291 uint32_t sk_api_version(void);
292
293 /* Enroll a U2F key (private key generation) */
294 int sk_enroll(uint32_t alg,
295 const uint8_t *challenge, size_t challenge_len,
296 const char *application, uint8_t flags, const char *pin,
297 struct sk_option **options,
298 struct sk_enroll_response **enroll_response);
299
300 /* Sign a challenge */
301 int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
302 const char *application,
303 const uint8_t *key_handle, size_t key_handle_len,
304 uint8_t flags, const char *pin, struct sk_option **options,
305 struct sk_sign_response **sign_response);
306
307 /* Enumerate all resident keys */
308 int sk_load_resident_keys(const char *pin, struct sk_option **options,
309 struct sk_resident_key ***rks, size_t *nrks);
310
311The SSH_SK_VERSION_MAJOR should be incremented for each incompatible
312API change.
313
314The options may be used to pass miscellaneous options to the middleware
315as a NULL-terminated array of pointers to struct sk_option. The middleware
316may ignore unsupported or unknown options unless the "important" flag is
317set, in which case it should return failure if an unsupported option is
318requested.
319
320At present the following options names are supported:
321
322 "device"
323
324 Specifies a specific FIDO device on which to perform the
325 operation. The value in this field is interpreted by the
326 middleware but it would be typical to specify a path to
327 a /dev node for the device in question.
328
329 "user"
330
331 Specifies the FIDO2 username used when enrolling a key,
332 overriding OpenSSH's default of using an all-zero username.
333
334In OpenSSH, the middleware will be invoked by using a similar mechanism to
335ssh-pkcs11-helper to provide address-space containment of the
336middleware from ssh-agent.
337
diff --git a/README b/README
index 5c83aa508..c95ff2162 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See https://www.openssh.com/releasenotes.html#8.1p1 for the release notes. 1See https://www.openssh.com/releasenotes.html#8.2p1 for the release notes.
2 2
3Please read https://www.openssh.com/report.html for bug reporting 3Please read https://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or 4instructions and note that we do not use Github for bug reporting or
@@ -15,7 +15,7 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
15and Dug Song. It has a homepage at https://www.openssh.com/ 15and Dug Song. It has a homepage at https://www.openssh.com/
16 16
17This port consists of the re-introduction of autoconf support, PAM 17This port consists of the re-introduction of autoconf support, PAM
18support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library 18support, EGD/PRNGD support and replacements for OpenBSD library
19functions that are (regrettably) absent from other unices. This port 19functions that are (regrettably) absent from other unices. This port
20has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, 20has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
21FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare. 21FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.
@@ -26,37 +26,27 @@ The PAM support is now more functional than the popular packages of
26commercial ssh-1.2.x. It checks "account" and "session" modules for 26commercial ssh-1.2.x. It checks "account" and "session" modules for
27all logins, not just when using password authentication. 27all logins, not just when using password authentication.
28 28
29OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
30libedit[6]
31
32There is now several mailing lists for this port of OpenSSH. Please 29There is now several mailing lists for this port of OpenSSH. Please
33refer to https://www.openssh.com/list.html for details on how to join. 30refer to https://www.openssh.com/list.html for details on how to join.
34 31
35Please send bug reports and patches to the mailing list 32Please send bug reports and patches to the mailing list
36openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed 33openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
37users. Code contribution are welcomed, but please follow the OpenBSD 34users. Code contribution are welcomed, but please follow the OpenBSD
38style guidelines[7]. 35style guidelines[1].
39 36
40Please refer to the INSTALL document for information on how to install 37Please refer to the INSTALL document for information on dependencies and
41OpenSSH on your system. 38how to install OpenSSH on your system.
42 39
43Damien Miller <djm@mindrot.org> 40Damien Miller <djm@mindrot.org>
44 41
45Miscellania - 42Miscellania -
46 43
47This version of OpenSSH is based upon code retrieved from the OpenBSD 44This version of OpenSSH is based upon code retrieved from the OpenBSD CVS
48CVS repository which in turn was based on the last free sample 45repository which in turn was based on the last free sample implementation
49implementation released by Tatu Ylonen. 46released by Tatu Ylonen.
50 47
51References - 48References -
52 49
53[0] https://www.openssh.com/ 50[0] https://www.openssh.com/
54[1] http://www.lothar.com/tech/crypto/ 51[1] https://man.openbsd.org/style.9
55[2] http://prngd.sourceforge.net/ 52
56[3] https://www.zlib.net/
57[4] https://www.openssl.org/
58[5] https://www.openpam.org
59 https://www.kernel.org/pub/linux/libs/pam/
60 (PAM also is standard on Solaris and HP-UX 11)
61[6] https://thrysoee.dk/editline/ (portable version)
62[7] https://man.openbsd.org/style.9
diff --git a/README.dns b/README.dns
index 97879183e..29ecaee8d 100644
--- a/README.dns
+++ b/README.dns
@@ -1,10 +1,10 @@
1How to verify host keys using OpenSSH and DNS 1How to verify host keys using OpenSSH and DNS
2--------------------------------------------- 2---------------------------------------------
3 3
4OpenSSH contains support for verifying host keys using DNS as described in 4OpenSSH contains support for verifying host keys using DNS as described
5draft-ietf-secsh-dns-05.txt. The document contains very brief instructions 5in https://tools.ietf.org/html/rfc4255. The document contains very brief
6on how to use this feature. Configuring DNS is out of the scope of this 6instructions on how to use this feature. Configuring DNS is out of the
7document. 7scope of this document.
8 8
9 9
10(1) Server: Generate and publish the DNS RR 10(1) Server: Generate and publish the DNS RR
diff --git a/README.md b/README.md
index 4e2624161..5b73d24c0 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,40 @@
1Portable OpenSSH with GSSAPI Key Exchange patches
2=================================================
3
4Currently, there are two branches with gssapi key exchange related
5patches:
6
7 * fedora/master: Changes that are shipped in Fedora
8 * debian/master: Changes that are shipped in Debian
9
10The target is to converge to a shared repository with single master
11branch from where we could build releases for both OSes.
12
13
14What is in:
15
16 * The original patch implementing missing parts of RFC4462 by Simon Wilkinson
17 adapted to the current OpenSSH versions and with several fixes
18 * New methods for GSSAPI Kex from IETF draft [1] from Jakub Jelen
19
20
21Missing kerberos-related parts:
22
23 * .k5login and .kusers support available in Fedora [2] [3].
24 * Improved handling of kerberos ccache location [4]
25
26
27[1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-08
28[2] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-kuserok.patch
29[3] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-GSSAPIEnablek5users.patch
30[4] https://bugzilla.mindrot.org/show_bug.cgi?id=2775
31
32-------------------------------------------------------------------------------
33
1# Portable OpenSSH 34# Portable OpenSSH
2 35
36[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
37
3OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. 38OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
4 39
5This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM). 40This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
@@ -25,14 +60,16 @@ Stable release tarballs are available from a number of [download mirrors](https:
25 60
26### Dependencies 61### Dependencies
27 62
28Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies. 63Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
64
65FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
29 66
30### Building a release 67### Building a release
31 68
32Releases include a pre-built copy of the ``configure`` script and may be built using: 69Releases include a pre-built copy of the ``configure`` script and may be built using:
33 70
34``` 71```
35tar zxvf openssh-X.Y.tar.gz 72tar zxvf openssh-X.YpZ.tar.gz
36cd openssh 73cd openssh
37./configure # [options] 74./configure # [options]
38make && make tests 75make && make tests
@@ -64,6 +101,7 @@ Flag | Meaning
64``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. 101``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
65``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. 102``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
66``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. 103``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
104``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
67 105
68## Development 106## Development
69 107
diff --git a/auth-krb5.c b/auth-krb5.c
index 204752e1b..3096f1c8e 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -182,13 +182,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
182 182
183 len = strlen(authctxt->krb5_ticket_file) + 6; 183 len = strlen(authctxt->krb5_ticket_file) + 6;
184 authctxt->krb5_ccname = xmalloc(len); 184 authctxt->krb5_ccname = xmalloc(len);
185#ifdef USE_CCAPI
186 snprintf(authctxt->krb5_ccname, len, "API:%s",
187 authctxt->krb5_ticket_file);
188#else
189 snprintf(authctxt->krb5_ccname, len, "FILE:%s", 185 snprintf(authctxt->krb5_ccname, len, "FILE:%s",
190 authctxt->krb5_ticket_file); 186 authctxt->krb5_ticket_file);
191#endif
192 187
193#ifdef USE_PAM 188#ifdef USE_PAM
194 if (options.use_pam) 189 if (options.use_pam)
@@ -245,22 +240,15 @@ krb5_cleanup_proc(Authctxt *authctxt)
245#ifndef HEIMDAL 240#ifndef HEIMDAL
246krb5_error_code 241krb5_error_code
247ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { 242ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
248 int ret, oerrno; 243 int tmpfd, ret, oerrno;
249 char ccname[40]; 244 char ccname[40];
250 mode_t old_umask; 245 mode_t old_umask;
251#ifdef USE_CCAPI
252 char cctemplate[] = "API:krb5cc_%d";
253#else
254 char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
255 int tmpfd;
256#endif
257 246
258 ret = snprintf(ccname, sizeof(ccname), 247 ret = snprintf(ccname, sizeof(ccname),
259 cctemplate, geteuid()); 248 "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
260 if (ret < 0 || (size_t)ret >= sizeof(ccname)) 249 if (ret < 0 || (size_t)ret >= sizeof(ccname))
261 return ENOMEM; 250 return ENOMEM;
262 251
263#ifndef USE_CCAPI
264 old_umask = umask(0177); 252 old_umask = umask(0177);
265 tmpfd = mkstemp(ccname + strlen("FILE:")); 253 tmpfd = mkstemp(ccname + strlen("FILE:"));
266 oerrno = errno; 254 oerrno = errno;
@@ -277,7 +265,6 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
277 return oerrno; 265 return oerrno;
278 } 266 }
279 close(tmpfd); 267 close(tmpfd);
280#endif
281 268
282 return (krb5_cc_resolve(ctx, ccname, ccache)); 269 return (krb5_cc_resolve(ctx, ccname, ccache));
283} 270}
diff --git a/auth-options.c b/auth-options.c
index 90b0d7f25..2d200944c 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -96,7 +96,10 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
96 name, sshbuf_len(data)); 96 name, sshbuf_len(data));
97 found = 0; 97 found = 0;
98 if ((which & OPTIONS_EXTENSIONS) != 0) { 98 if ((which & OPTIONS_EXTENSIONS) != 0) {
99 if (strcmp(name, "permit-X11-forwarding") == 0) { 99 if (strcmp(name, "no-touch-required") == 0) {
100 opts->no_require_user_presence = 1;
101 found = 1;
102 } else if (strcmp(name, "permit-X11-forwarding") == 0) {
100 opts->permit_x11_forwarding_flag = 1; 103 opts->permit_x11_forwarding_flag = 1;
101 found = 1; 104 found = 1;
102 } else if (strcmp(name, 105 } else if (strcmp(name,
@@ -347,6 +350,8 @@ sshauthopt_parse(const char *opts, const char **errstrp)
347 ret->permit_agent_forwarding_flag = r == 1; 350 ret->permit_agent_forwarding_flag = r == 1;
348 } else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { 351 } else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {
349 ret->permit_x11_forwarding_flag = r == 1; 352 ret->permit_x11_forwarding_flag = r == 1;
353 } else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {
354 ret->no_require_user_presence = r != 1; /* NB. flip */
350 } else if ((r = opt_flag("pty", 1, &opts)) != -1) { 355 } else if ((r = opt_flag("pty", 1, &opts)) != -1) {
351 ret->permit_pty_flag = r == 1; 356 ret->permit_pty_flag = r == 1;
352 } else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { 357 } else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
@@ -567,14 +572,15 @@ sshauthopt_merge(const struct sshauthopt *primary,
567 goto alloc_fail; 572 goto alloc_fail;
568 } 573 }
569 574
570 /* Flags are logical-AND (i.e. must be set in both for permission) */ 575#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1)
571#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1) 576 /* Permissive flags are logical-AND (i.e. must be set in both) */
572 OPTFLAG(permit_port_forwarding_flag); 577 OPTFLAG_AND(permit_port_forwarding_flag);
573 OPTFLAG(permit_agent_forwarding_flag); 578 OPTFLAG_AND(permit_agent_forwarding_flag);
574 OPTFLAG(permit_x11_forwarding_flag); 579 OPTFLAG_AND(permit_x11_forwarding_flag);
575 OPTFLAG(permit_pty_flag); 580 OPTFLAG_AND(permit_pty_flag);
576 OPTFLAG(permit_user_rc); 581 OPTFLAG_AND(permit_user_rc);
577#undef OPTFLAG 582 OPTFLAG_AND(no_require_user_presence);
583#undef OPTFLAG_AND
578 584
579 /* Earliest expiry time should win */ 585 /* Earliest expiry time should win */
580 if (primary->valid_before != 0) 586 if (primary->valid_before != 0)
@@ -643,6 +649,7 @@ sshauthopt_copy(const struct sshauthopt *orig)
643 OPTSCALAR(cert_authority); 649 OPTSCALAR(cert_authority);
644 OPTSCALAR(force_tun_device); 650 OPTSCALAR(force_tun_device);
645 OPTSCALAR(valid_before); 651 OPTSCALAR(valid_before);
652 OPTSCALAR(no_require_user_presence);
646#undef OPTSCALAR 653#undef OPTSCALAR
647#define OPTSTRING(x) \ 654#define OPTSTRING(x) \
648 do { \ 655 do { \
@@ -765,7 +772,7 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
765{ 772{
766 int r = SSH_ERR_INTERNAL_ERROR; 773 int r = SSH_ERR_INTERNAL_ERROR;
767 774
768 /* Flag and simple integer options */ 775 /* Flag options */
769 if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || 776 if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||
770 (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || 777 (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||
771 (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || 778 (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||
@@ -773,7 +780,11 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
773 (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || 780 (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
774 (r = sshbuf_put_u8(m, opts->restricted)) != 0 || 781 (r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
775 (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || 782 (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
776 (r = sshbuf_put_u64(m, opts->valid_before)) != 0) 783 (r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0)
784 return r;
785
786 /* Simple integer options */
787 if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0)
777 return r; 788 return r;
778 789
779 /* tunnel number can be negative to indicate "unset" */ 790 /* tunnel number can be negative to indicate "unset" */
@@ -817,6 +828,7 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
817 if ((opts = calloc(1, sizeof(*opts))) == NULL) 828 if ((opts = calloc(1, sizeof(*opts))) == NULL)
818 return SSH_ERR_ALLOC_FAIL; 829 return SSH_ERR_ALLOC_FAIL;
819 830
831 /* Flag options */
820#define OPT_FLAG(x) \ 832#define OPT_FLAG(x) \
821 do { \ 833 do { \
822 if ((r = sshbuf_get_u8(m, &f)) != 0) \ 834 if ((r = sshbuf_get_u8(m, &f)) != 0) \
@@ -830,8 +842,10 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
830 OPT_FLAG(permit_user_rc); 842 OPT_FLAG(permit_user_rc);
831 OPT_FLAG(restricted); 843 OPT_FLAG(restricted);
832 OPT_FLAG(cert_authority); 844 OPT_FLAG(cert_authority);
845 OPT_FLAG(no_require_user_presence);
833#undef OPT_FLAG 846#undef OPT_FLAG
834 847
848 /* Simple integer options */
835 if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) 849 if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
836 goto out; 850 goto out;
837 851
diff --git a/auth-options.h b/auth-options.h
index 14cbfa49d..d96ffedee 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */ 1/* $OpenBSD: auth-options.h,v 1.29 2019/11/25 00:54:23 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2018 Damien Miller <djm@mindrot.org> 4 * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@@ -68,6 +68,9 @@ struct sshauthopt {
68 */ 68 */
69 char *required_from_host_cert; 69 char *required_from_host_cert;
70 char *required_from_host_keys; 70 char *required_from_host_keys;
71
72 /* Key requires user presence asserted */
73 int no_require_user_presence;
71}; 74};
72 75
73struct sshauthopt *sshauthopt_new(void); 76struct sshauthopt *sshauthopt_new(void);
diff --git a/auth-pam.c b/auth-pam.c
index d3f400bc3..5a3ba09b4 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -56,6 +56,7 @@
56#include <errno.h> 56#include <errno.h>
57#include <signal.h> 57#include <signal.h>
58#include <stdarg.h> 58#include <stdarg.h>
59#include <stdlib.h>
59#include <string.h> 60#include <string.h>
60#include <unistd.h> 61#include <unistd.h>
61 62
@@ -99,6 +100,7 @@ extern char *__progname;
99#include "servconf.h" 100#include "servconf.h"
100#include "ssh2.h" 101#include "ssh2.h"
101#include "auth-options.h" 102#include "auth-options.h"
103#include "misc.h"
102#ifdef GSSAPI 104#ifdef GSSAPI
103#include "ssh-gss.h" 105#include "ssh-gss.h"
104#endif 106#endif
@@ -150,12 +152,12 @@ static struct pam_ctxt *cleanup_ctxt;
150 */ 152 */
151 153
152static int sshpam_thread_status = -1; 154static int sshpam_thread_status = -1;
153static mysig_t sshpam_oldsig; 155static sshsig_t sshpam_oldsig;
154 156
155static void 157static void
156sshpam_sigchld_handler(int sig) 158sshpam_sigchld_handler(int sig)
157{ 159{
158 signal(SIGCHLD, SIG_DFL); 160 ssh_signal(SIGCHLD, SIG_DFL);
159 if (cleanup_ctxt == NULL) 161 if (cleanup_ctxt == NULL)
160 return; /* handler called after PAM cleanup, shouldn't happen */ 162 return; /* handler called after PAM cleanup, shouldn't happen */
161 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) 163 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
@@ -207,7 +209,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
207 *thread = pid; 209 *thread = pid;
208 close(ctx->pam_csock); 210 close(ctx->pam_csock);
209 ctx->pam_csock = -1; 211 ctx->pam_csock = -1;
210 sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler); 212 sshpam_oldsig = ssh_signal(SIGCHLD, sshpam_sigchld_handler);
211 return (0); 213 return (0);
212 } 214 }
213} 215}
@@ -215,7 +217,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
215static int 217static int
216pthread_cancel(sp_pthread_t thread) 218pthread_cancel(sp_pthread_t thread)
217{ 219{
218 signal(SIGCHLD, sshpam_oldsig); 220 ssh_signal(SIGCHLD, sshpam_oldsig);
219 return (kill(thread, SIGTERM)); 221 return (kill(thread, SIGTERM));
220} 222}
221 223
@@ -227,7 +229,7 @@ pthread_join(sp_pthread_t thread, void **value)
227 229
228 if (sshpam_thread_status != -1) 230 if (sshpam_thread_status != -1)
229 return (sshpam_thread_status); 231 return (sshpam_thread_status);
230 signal(SIGCHLD, sshpam_oldsig); 232 ssh_signal(SIGCHLD, sshpam_oldsig);
231 while (waitpid(thread, &status, 0) == -1) { 233 while (waitpid(thread, &status, 0) == -1) {
232 if (errno == EINTR) 234 if (errno == EINTR)
233 continue; 235 continue;
@@ -299,7 +301,7 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
299# define pam_chauthtok(a,b) (sshpam_chauthtok_ruid((a), (b))) 301# define pam_chauthtok(a,b) (sshpam_chauthtok_ruid((a), (b)))
300#endif 302#endif
301 303
302void 304static void
303sshpam_password_change_required(int reqd) 305sshpam_password_change_required(int reqd)
304{ 306{
305 extern struct sshauthopt *auth_opts; 307 extern struct sshauthopt *auth_opts;
diff --git a/auth-skey.c b/auth-skey.c
deleted file mode 100644
index b347527f6..000000000
--- a/auth-skey.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27
28#ifdef SKEY
29
30#include <sys/types.h>
31
32#include <pwd.h>
33#include <stdio.h>
34
35#include <skey.h>
36
37#include "xmalloc.h"
38#include "hostfile.h"
39#include "auth.h"
40#include "ssh-gss.h"
41#include "log.h"
42#include "monitor_wrap.h"
43
44static void *
45skey_init_ctx(Authctxt *authctxt)
46{
47 return authctxt;
48}
49
50int
51skey_query(void *ctx, char **name, char **infotxt,
52 u_int* numprompts, char ***prompts, u_int **echo_on)
53{
54 Authctxt *authctxt = ctx;
55 char challenge[1024];
56 struct skey skey;
57
58 if (_compat_skeychallenge(&skey, authctxt->user, challenge,
59 sizeof(challenge)) == -1)
60 return -1;
61
62 *name = xstrdup("");
63 *infotxt = xstrdup("");
64 *numprompts = 1;
65 *prompts = xcalloc(*numprompts, sizeof(char *));
66 *echo_on = xcalloc(*numprompts, sizeof(u_int));
67
68 xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
69
70 return 0;
71}
72
73int
74skey_respond(void *ctx, u_int numresponses, char **responses)
75{
76 Authctxt *authctxt = ctx;
77
78 if (authctxt->valid &&
79 numresponses == 1 &&
80 skey_haskey(authctxt->pw->pw_name) == 0 &&
81 skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
82 return 0;
83 return -1;
84}
85
86static void
87skey_free_ctx(void *ctx)
88{
89 /* we don't have a special context */
90}
91
92KbdintDevice skey_device = {
93 "skey",
94 skey_init_ctx,
95 skey_query,
96 skey_respond,
97 skey_free_ctx
98};
99
100KbdintDevice mm_skey_device = {
101 "skey",
102 skey_init_ctx,
103 mm_skey_query,
104 mm_skey_respond,
105 skey_free_ctx
106};
107#endif /* SKEY */
diff --git a/auth.c b/auth.c
index fc0c05bae..aed3c13ac 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.146 2020/01/31 22:42:45 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -79,6 +79,7 @@
79 79
80/* import */ 80/* import */
81extern ServerOptions options; 81extern ServerOptions options;
82extern struct include_list includes;
82extern int use_privsep; 83extern int use_privsep;
83extern struct sshbuf *loginmsg; 84extern struct sshbuf *loginmsg;
84extern struct passwd *privsep_pw; 85extern struct passwd *privsep_pw;
@@ -489,7 +490,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
489 host_status = check_key_in_hostkeys(hostkeys, key, &found); 490 host_status = check_key_in_hostkeys(hostkeys, key, &found);
490 if (host_status == HOST_REVOKED) 491 if (host_status == HOST_REVOKED)
491 error("WARNING: revoked key for %s attempted authentication", 492 error("WARNING: revoked key for %s attempted authentication",
492 found->host); 493 host);
493 else if (host_status == HOST_OK) 494 else if (host_status == HOST_OK)
494 debug("%s: key for %s found at %s:%ld", __func__, 495 debug("%s: key for %s found at %s:%ld", __func__,
495 found->host, found->file, found->line); 496 found->host, found->file, found->line);
@@ -571,7 +572,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
571 572
572 ci = get_connection_info(ssh, 1, options.use_dns); 573 ci = get_connection_info(ssh, 1, options.use_dns);
573 ci->user = user; 574 ci->user = user;
574 parse_server_match_config(&options, ci); 575 parse_server_match_config(&options, &includes, ci);
575 log_change_level(options.log_level); 576 log_change_level(options.log_level);
576 process_permitopen(ssh, &options); 577 process_permitopen(ssh, &options);
577 578
@@ -828,7 +829,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
828 child_set_env(&child_env, &envsize, "LANG", cp); 829 child_set_env(&child_env, &envsize, "LANG", cp);
829 830
830 for (i = 0; i < NSIG; i++) 831 for (i = 0; i < NSIG; i++)
831 signal(i, SIG_DFL); 832 ssh_signal(i, SIG_DFL);
832 833
833 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { 834 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
834 error("%s: open %s: %s", tag, _PATH_DEVNULL, 835 error("%s: open %s: %s", tag, _PATH_DEVNULL,
@@ -912,7 +913,7 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
912 913
913 snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); 914 snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
914 /* Try to keep this alphabetically sorted */ 915 /* Try to keep this alphabetically sorted */
915 snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", 916 snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
916 opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", 917 opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
917 opts->force_command == NULL ? "" : " command", 918 opts->force_command == NULL ? "" : " command",
918 do_env ? " environment" : "", 919 do_env ? " environment" : "",
@@ -925,7 +926,8 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
925 opts->force_tun_device == -1 ? "" : " tun=", 926 opts->force_tun_device == -1 ? "" : " tun=",
926 opts->force_tun_device == -1 ? "" : buf, 927 opts->force_tun_device == -1 ? "" : buf,
927 opts->permit_user_rc ? " user-rc" : "", 928 opts->permit_user_rc ? " user-rc" : "",
928 opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); 929 opts->permit_x11_forwarding_flag ? " x11-forwarding" : "",
930 opts->no_require_user_presence ? " no-touch-required" : "");
929 931
930 debug("%s: %s", loc, msg); 932 debug("%s: %s", loc, msg);
931 if (do_remote) 933 if (do_remote)
diff --git a/auth2-chall.c b/auth2-chall.c
index 671f2f05f..c57387b71 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.51 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.52 2019/11/13 04:47:52 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -29,9 +29,9 @@
29#include <sys/types.h> 29#include <sys/types.h>
30 30
31#include <stdlib.h> 31#include <stdlib.h>
32#include <stdarg.h>
33#include <stdio.h> 32#include <stdio.h>
34#include <string.h> 33#include <string.h>
34#include <stdarg.h>
35 35
36#include "xmalloc.h" 36#include "xmalloc.h"
37#include "ssh2.h" 37#include "ssh2.h"
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index d46047084..5e9b7c65d 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.41 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.42 2019/11/25 00:51:37 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -151,7 +151,7 @@ userauth_hostbased(struct ssh *ssh)
151 if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser, 151 if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
152 chost, key)) && 152 chost, key)) &&
153 PRIVSEP(sshkey_verify(key, sig, slen, 153 PRIVSEP(sshkey_verify(key, sig, slen,
154 sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) 154 sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
155 authenticated = 1; 155 authenticated = 1;
156 156
157 auth2_record_key(authctxt, authenticated, key); 157 auth2_record_key(authctxt, authenticated, key);
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index f88ef2c39..e23d2edd2 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-kbdint.c,v 1.10 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: auth2-kbdint.c,v 1.11 2019/11/13 04:47:52 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -27,10 +27,9 @@
27 27
28#include <sys/types.h> 28#include <sys/types.h>
29 29
30#include <stdarg.h>
31
32#include <stdlib.h> 30#include <stdlib.h>
33#include <stdio.h> 31#include <stdio.h>
32#include <stdarg.h>
34 33
35#include "xmalloc.h" 34#include "xmalloc.h"
36#include "packet.h" 35#include "packet.h"
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index df12c2c60..815ea0f25 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -68,6 +68,7 @@
68#include "ssherr.h" 68#include "ssherr.h"
69#include "channels.h" /* XXX for session.h */ 69#include "channels.h" /* XXX for session.h */
70#include "session.h" /* XXX for child_set_env(); refactor? */ 70#include "session.h" /* XXX for child_set_env(); refactor? */
71#include "sk-api.h"
71 72
72/* import */ 73/* import */
73extern ServerOptions options; 74extern ServerOptions options;
@@ -96,8 +97,9 @@ userauth_pubkey(struct ssh *ssh)
96 u_char *pkblob = NULL, *sig = NULL, have_sig; 97 u_char *pkblob = NULL, *sig = NULL, have_sig;
97 size_t blen, slen; 98 size_t blen, slen;
98 int r, pktype; 99 int r, pktype;
99 int authenticated = 0; 100 int req_presence = 0, authenticated = 0;
100 struct sshauthopt *authopts = NULL; 101 struct sshauthopt *authopts = NULL;
102 struct sshkey_sig_details *sig_details = NULL;
101 103
102 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || 104 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
103 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || 105 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
@@ -213,9 +215,31 @@ userauth_pubkey(struct ssh *ssh)
213 PRIVSEP(sshkey_verify(key, sig, slen, 215 PRIVSEP(sshkey_verify(key, sig, slen,
214 sshbuf_ptr(b), sshbuf_len(b), 216 sshbuf_ptr(b), sshbuf_len(b),
215 (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, 217 (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
216 ssh->compat)) == 0) { 218 ssh->compat, &sig_details)) == 0) {
217 authenticated = 1; 219 authenticated = 1;
218 } 220 }
221 if (authenticated == 1 && sig_details != NULL) {
222 auth2_record_info(authctxt, "signature count = %u",
223 sig_details->sk_counter);
224 debug("%s: sk_counter = %u, sk_flags = 0x%02x",
225 __func__, sig_details->sk_counter,
226 sig_details->sk_flags);
227 req_presence = (options.pubkey_auth_options &
228 PUBKEYAUTH_TOUCH_REQUIRED) ||
229 !authopts->no_require_user_presence;
230 if (req_presence && (sig_details->sk_flags &
231 SSH_SK_USER_PRESENCE_REQD) == 0) {
232 error("public key %s signature for %s%s from "
233 "%.128s port %d rejected: user presence "
234 "(authenticator touch) requirement "
235 "not met ", key_s,
236 authctxt->valid ? "" : "invalid user ",
237 authctxt->user, ssh_remote_ipaddr(ssh),
238 ssh_remote_port(ssh));
239 authenticated = 0;
240 goto done;
241 }
242 }
219 auth2_record_key(authctxt, authenticated, key); 243 auth2_record_key(authctxt, authenticated, key);
220 } else { 244 } else {
221 debug("%s: test pkalg %s pkblob %s%s%s", 245 debug("%s: test pkalg %s pkblob %s%s%s",
@@ -266,6 +290,7 @@ done:
266 free(key_s); 290 free(key_s);
267 free(ca_s); 291 free(ca_s);
268 free(sig); 292 free(sig);
293 sshkey_sig_details_free(sig_details);
269 return authenticated; 294 return authenticated;
270} 295}
271 296
@@ -436,7 +461,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
436 * NB. all returns later this function should go via "out" to 461 * NB. all returns later this function should go via "out" to
437 * ensure the original SIGCHLD handler is restored properly. 462 * ensure the original SIGCHLD handler is restored properly.
438 */ 463 */
439 osigchld = signal(SIGCHLD, SIG_DFL); 464 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
440 465
441 /* Prepare and verify the user for the command */ 466 /* Prepare and verify the user for the command */
442 username = percent_expand(options.authorized_principals_command_user, 467 username = percent_expand(options.authorized_principals_command_user,
@@ -524,7 +549,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
524 out: 549 out:
525 if (f != NULL) 550 if (f != NULL)
526 fclose(f); 551 fclose(f);
527 signal(SIGCHLD, osigchld); 552 ssh_signal(SIGCHLD, osigchld);
528 for (i = 0; i < ac; i++) 553 for (i = 0; i < ac; i++)
529 free(av[i]); 554 free(av[i]);
530 free(av); 555 free(av);
@@ -874,7 +899,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
874 * NB. all returns later this function should go via "out" to 899 * NB. all returns later this function should go via "out" to
875 * ensure the original SIGCHLD handler is restored properly. 900 * ensure the original SIGCHLD handler is restored properly.
876 */ 901 */
877 osigchld = signal(SIGCHLD, SIG_DFL); 902 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
878 903
879 /* Prepare and verify the user for the command */ 904 /* Prepare and verify the user for the command */
880 username = percent_expand(options.authorized_keys_command_user, 905 username = percent_expand(options.authorized_keys_command_user,
@@ -963,7 +988,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
963 out: 988 out:
964 if (f != NULL) 989 if (f != NULL)
965 fclose(f); 990 fclose(f);
966 signal(SIGCHLD, osigchld); 991 ssh_signal(SIGCHLD, osigchld);
967 for (i = 0; i < ac; i++) 992 for (i = 0; i < ac; i++)
968 free(av[i]); 993 free(av[i]);
969 free(av); 994 free(av);
diff --git a/authfd.c b/authfd.c
index a5162790f..05fd45401 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */ 1/* $OpenBSD: authfd.c,v 1.121 2019/12/21 02:19:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -44,8 +44,8 @@
44#include <fcntl.h> 44#include <fcntl.h>
45#include <stdlib.h> 45#include <stdlib.h>
46#include <signal.h> 46#include <signal.h>
47#include <stdarg.h>
48#include <string.h> 47#include <string.h>
48#include <stdarg.h>
49#include <unistd.h> 49#include <unistd.h>
50#include <errno.h> 50#include <errno.h>
51 51
@@ -82,21 +82,16 @@ decode_reply(u_char type)
82 return SSH_ERR_INVALID_FORMAT; 82 return SSH_ERR_INVALID_FORMAT;
83} 83}
84 84
85/* Returns the number of the authentication fd, or -1 if there is none. */ 85/*
86 * Opens an authentication socket at the provided path and stores the file
87 * descriptor in fdp. Returns 0 on success and an error on failure.
88 */
86int 89int
87ssh_get_authentication_socket(int *fdp) 90ssh_get_authentication_socket_path(const char *authsocket, int *fdp)
88{ 91{
89 const char *authsocket;
90 int sock, oerrno; 92 int sock, oerrno;
91 struct sockaddr_un sunaddr; 93 struct sockaddr_un sunaddr;
92 94
93 if (fdp != NULL)
94 *fdp = -1;
95
96 authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
97 if (authsocket == NULL || *authsocket == '\0')
98 return SSH_ERR_AGENT_NOT_PRESENT;
99
100 memset(&sunaddr, 0, sizeof(sunaddr)); 95 memset(&sunaddr, 0, sizeof(sunaddr));
101 sunaddr.sun_family = AF_UNIX; 96 sunaddr.sun_family = AF_UNIX;
102 strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); 97 strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@@ -119,6 +114,25 @@ ssh_get_authentication_socket(int *fdp)
119 return 0; 114 return 0;
120} 115}
121 116
117/*
118 * Opens the default authentication socket and stores the file descriptor in
119 * fdp. Returns 0 on success and an error on failure.
120 */
121int
122ssh_get_authentication_socket(int *fdp)
123{
124 const char *authsocket;
125
126 if (fdp != NULL)
127 *fdp = -1;
128
129 authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
130 if (authsocket == NULL || *authsocket == '\0')
131 return SSH_ERR_AGENT_NOT_PRESENT;
132
133 return ssh_get_authentication_socket_path(authsocket, fdp);
134}
135
122/* Communicate with agent: send request and read reply */ 136/* Communicate with agent: send request and read reply */
123static int 137static int
124ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) 138ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
@@ -423,7 +437,8 @@ ssh_agent_sign(int sock, const struct sshkey *key,
423 437
424 438
425static int 439static int
426encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) 440encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
441 const char *provider)
427{ 442{
428 int r; 443 int r;
429 444
@@ -441,6 +456,14 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
441 (r = sshbuf_put_u32(m, maxsign)) != 0) 456 (r = sshbuf_put_u32(m, maxsign)) != 0)
442 goto out; 457 goto out;
443 } 458 }
459 if (provider != NULL) {
460 if ((r = sshbuf_put_u8(m,
461 SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
462 (r = sshbuf_put_cstring(m,
463 "sk-provider@openssh.com")) != 0 ||
464 (r = sshbuf_put_cstring(m, provider)) != 0)
465 goto out;
466 }
444 r = 0; 467 r = 0;
445 out: 468 out:
446 return r; 469 return r;
@@ -452,10 +475,11 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
452 */ 475 */
453int 476int
454ssh_add_identity_constrained(int sock, struct sshkey *key, 477ssh_add_identity_constrained(int sock, struct sshkey *key,
455 const char *comment, u_int life, u_int confirm, u_int maxsign) 478 const char *comment, u_int life, u_int confirm, u_int maxsign,
479 const char *provider)
456{ 480{
457 struct sshbuf *msg; 481 struct sshbuf *msg;
458 int r, constrained = (life || confirm || maxsign); 482 int r, constrained = (life || confirm || maxsign || provider);
459 u_char type; 483 u_char type;
460 484
461 if ((msg = sshbuf_new()) == NULL) 485 if ((msg = sshbuf_new()) == NULL)
@@ -469,9 +493,13 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
469 case KEY_DSA_CERT: 493 case KEY_DSA_CERT:
470 case KEY_ECDSA: 494 case KEY_ECDSA:
471 case KEY_ECDSA_CERT: 495 case KEY_ECDSA_CERT:
496 case KEY_ECDSA_SK:
497 case KEY_ECDSA_SK_CERT:
472#endif 498#endif
473 case KEY_ED25519: 499 case KEY_ED25519:
474 case KEY_ED25519_CERT: 500 case KEY_ED25519_CERT:
501 case KEY_ED25519_SK:
502 case KEY_ED25519_SK_CERT:
475 case KEY_XMSS: 503 case KEY_XMSS:
476 case KEY_XMSS_CERT: 504 case KEY_XMSS_CERT:
477 type = constrained ? 505 type = constrained ?
@@ -488,7 +516,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
488 goto out; 516 goto out;
489 } 517 }
490 if (constrained && 518 if (constrained &&
491 (r = encode_constraints(msg, life, confirm, maxsign)) != 0) 519 (r = encode_constraints(msg, life, confirm, maxsign,
520 provider)) != 0)
492 goto out; 521 goto out;
493 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 522 if ((r = ssh_request_reply(sock, msg, msg)) != 0)
494 goto out; 523 goto out;
@@ -566,7 +595,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
566 (r = sshbuf_put_cstring(msg, pin)) != 0) 595 (r = sshbuf_put_cstring(msg, pin)) != 0)
567 goto out; 596 goto out;
568 if (constrained && 597 if (constrained &&
569 (r = encode_constraints(msg, life, confirm, 0)) != 0) 598 (r = encode_constraints(msg, life, confirm, 0, NULL)) != 0)
570 goto out; 599 goto out;
571 if ((r = ssh_request_reply(sock, msg, msg)) != 0) 600 if ((r = ssh_request_reply(sock, msg, msg)) != 0)
572 goto out; 601 goto out;
diff --git a/authfd.h b/authfd.h
index 579076504..c3bf6259a 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */ 1/* $OpenBSD: authfd.h,v 1.48 2019/12/21 02:19:13 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -24,13 +24,15 @@ struct ssh_identitylist {
24}; 24};
25 25
26int ssh_get_authentication_socket(int *fdp); 26int ssh_get_authentication_socket(int *fdp);
27int ssh_get_authentication_socket_path(const char *authsocket, int *fdp);
27void ssh_close_authentication_socket(int sock); 28void ssh_close_authentication_socket(int sock);
28 29
29int ssh_lock_agent(int sock, int lock, const char *password); 30int ssh_lock_agent(int sock, int lock, const char *password);
30int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); 31int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
31void ssh_free_identitylist(struct ssh_identitylist *idl); 32void ssh_free_identitylist(struct ssh_identitylist *idl);
32int ssh_add_identity_constrained(int sock, struct sshkey *key, 33int ssh_add_identity_constrained(int sock, struct sshkey *key,
33 const char *comment, u_int life, u_int confirm, u_int maxsign); 34 const char *comment, u_int life, u_int confirm, u_int maxsign,
35 const char *provider);
34int ssh_agent_has_key(int sock, struct sshkey *key); 36int ssh_agent_has_key(int sock, struct sshkey *key);
35int ssh_remove_identity(int sock, struct sshkey *key); 37int ssh_remove_identity(int sock, struct sshkey *key);
36int ssh_update_card(int sock, int add, const char *reader_id, 38int ssh_update_card(int sock, int add, const char *reader_id,
@@ -77,6 +79,7 @@ int ssh_agent_sign(int sock, const struct sshkey *key,
77#define SSH_AGENT_CONSTRAIN_LIFETIME 1 79#define SSH_AGENT_CONSTRAIN_LIFETIME 1
78#define SSH_AGENT_CONSTRAIN_CONFIRM 2 80#define SSH_AGENT_CONSTRAIN_CONFIRM 2
79#define SSH_AGENT_CONSTRAIN_MAXSIGN 3 81#define SSH_AGENT_CONSTRAIN_MAXSIGN 3
82#define SSH_AGENT_CONSTRAIN_EXTENSION 255
80 83
81/* extended failure messages */ 84/* extended failure messages */
82#define SSH2_AGENT_FAILURE 30 85#define SSH2_AGENT_FAILURE 30
diff --git a/authfile.c b/authfile.c
index 37341189c..20b66d9bd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -55,20 +55,13 @@
55static int 55static int
56sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 56sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57{ 57{
58 int fd, oerrno; 58 int r;
59 mode_t omask;
59 60
60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) 61 omask = umask(077);
61 return SSH_ERR_SYSTEM_ERROR; 62 r = sshbuf_write_file(filename, keybuf);
62 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), 63 umask(omask);
63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 64 return r;
64 oerrno = errno;
65 close(fd);
66 unlink(filename);
67 errno = oerrno;
68 return SSH_ERR_SYSTEM_ERROR;
69 }
70 close(fd);
71 return 0;
72} 65}
73 66
74int 67int
@@ -92,49 +85,6 @@ sshkey_save_private(struct sshkey *key, const char *filename,
92 return r; 85 return r;
93} 86}
94 87
95/* Load a key from a fd into a buffer */
96int
97sshkey_load_file(int fd, struct sshbuf *blob)
98{
99 u_char buf[1024];
100 size_t len;
101 struct stat st;
102 int r;
103
104 if (fstat(fd, &st) == -1)
105 return SSH_ERR_SYSTEM_ERROR;
106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
107 st.st_size > MAX_KEY_FILE_SIZE)
108 return SSH_ERR_INVALID_FORMAT;
109 for (;;) {
110 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
111 if (errno == EPIPE)
112 break;
113 r = SSH_ERR_SYSTEM_ERROR;
114 goto out;
115 }
116 if ((r = sshbuf_put(blob, buf, len)) != 0)
117 goto out;
118 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
119 r = SSH_ERR_INVALID_FORMAT;
120 goto out;
121 }
122 }
123 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
124 st.st_size != (off_t)sshbuf_len(blob)) {
125 r = SSH_ERR_FILE_CHANGED;
126 goto out;
127 }
128 r = 0;
129
130 out:
131 explicit_bzero(buf, sizeof(buf));
132 if (r != 0)
133 sshbuf_reset(blob);
134 return r;
135}
136
137
138/* XXX remove error() calls from here? */ 88/* XXX remove error() calls from here? */
139int 89int
140sshkey_perm_ok(int fd, const char *filename) 90sshkey_perm_ok(int fd, const char *filename)
@@ -199,11 +149,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
199 149
200 if (keyp != NULL) 150 if (keyp != NULL)
201 *keyp = NULL; 151 *keyp = NULL;
202 if ((buffer = sshbuf_new()) == NULL) { 152 if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
203 r = SSH_ERR_ALLOC_FAIL;
204 goto out;
205 }
206 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
207 (r = sshkey_parse_private_fileblob_type(buffer, type, 153 (r = sshkey_parse_private_fileblob_type(buffer, type,
208 passphrase, keyp, commentp)) != 0) 154 passphrase, keyp, commentp)) != 0)
209 goto out; 155 goto out;
@@ -234,12 +180,7 @@ sshkey_load_private(const char *filename, const char *passphrase,
234 r = SSH_ERR_KEY_BAD_PERMISSIONS; 180 r = SSH_ERR_KEY_BAD_PERMISSIONS;
235 goto out; 181 goto out;
236 } 182 }
237 183 if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
238 if ((buffer = sshbuf_new()) == NULL) {
239 r = SSH_ERR_ALLOC_FAIL;
240 goto out;
241 }
242 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
243 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, 184 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
244 commentp)) != 0) 185 commentp)) != 0)
245 goto out; 186 goto out;
@@ -550,3 +491,34 @@ sshkey_advance_past_options(char **cpp)
550 return (*cp == '\0' && quoted) ? -1 : 0; 491 return (*cp == '\0' && quoted) ? -1 : 0;
551} 492}
552 493
494/* Save a public key */
495int
496sshkey_save_public(const struct sshkey *key, const char *path,
497 const char *comment)
498{
499 int fd, oerrno;
500 FILE *f = NULL;
501 int r = SSH_ERR_INTERNAL_ERROR;
502
503 if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
504 return SSH_ERR_SYSTEM_ERROR;
505 if ((f = fdopen(fd, "w")) == NULL) {
506 r = SSH_ERR_SYSTEM_ERROR;
507 goto fail;
508 }
509 if ((r = sshkey_write(key, f)) != 0)
510 goto fail;
511 fprintf(f, " %s\n", comment);
512 if (ferror(f) || fclose(f) != 0) {
513 r = SSH_ERR_SYSTEM_ERROR;
514 fail:
515 oerrno = errno;
516 if (f != NULL)
517 fclose(f);
518 else
519 close(fd);
520 errno = oerrno;
521 return r;
522 }
523 return 0;
524}
diff --git a/authfile.h b/authfile.h
index 9c8a95a01..1db067a81 100644
--- a/authfile.h
+++ b/authfile.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */ 1/* $OpenBSD: authfile.h,v 1.25 2020/01/25 23:02:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
@@ -35,7 +35,6 @@ struct sshkey;
35 35
36int sshkey_save_private(struct sshkey *, const char *, 36int sshkey_save_private(struct sshkey *, const char *,
37 const char *, const char *, int, const char *, int); 37 const char *, const char *, int, const char *, int);
38int sshkey_load_file(int, struct sshbuf *);
39int sshkey_load_cert(const char *, struct sshkey **); 38int sshkey_load_cert(const char *, struct sshkey **);
40int sshkey_load_public(const char *, struct sshkey **, char **); 39int sshkey_load_public(const char *, struct sshkey **, char **);
41int sshkey_load_private(const char *, const char *, struct sshkey **, char **); 40int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
@@ -49,5 +48,7 @@ int sshkey_perm_ok(int, const char *);
49int sshkey_in_file(struct sshkey *, const char *, int, int); 48int sshkey_in_file(struct sshkey *, const char *, int, int);
50int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); 49int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
51int sshkey_advance_past_options(char **cpp); 50int sshkey_advance_past_options(char **cpp);
51int sshkey_save_public(const struct sshkey *key, const char *path,
52 const char *comment);
52 53
53#endif 54#endif
diff --git a/canohost.c b/canohost.c
index 9a00fc2cf..8e81b5193 100644
--- a/canohost.c
+++ b/canohost.c
@@ -60,7 +60,7 @@ remote_hostname(struct ssh *ssh)
60 if (getpeername(ssh_packet_get_connection_in(ssh), 60 if (getpeername(ssh_packet_get_connection_in(ssh),
61 (struct sockaddr *)&from, &fromlen) == -1) { 61 (struct sockaddr *)&from, &fromlen) == -1) {
62 debug("getpeername failed: %.100s", strerror(errno)); 62 debug("getpeername failed: %.100s", strerror(errno));
63 return strdup(ntop); 63 return xstrdup(ntop);
64 } 64 }
65 65
66 ipv64_normalise_mapped(&from, &fromlen); 66 ipv64_normalise_mapped(&from, &fromlen);
@@ -72,7 +72,7 @@ remote_hostname(struct ssh *ssh)
72 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 72 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
73 NULL, 0, NI_NAMEREQD) != 0) { 73 NULL, 0, NI_NAMEREQD) != 0) {
74 /* Host name not found. Use ip address. */ 74 /* Host name not found. Use ip address. */
75 return strdup(ntop); 75 return xstrdup(ntop);
76 } 76 }
77 77
78 /* 78 /*
@@ -87,7 +87,7 @@ remote_hostname(struct ssh *ssh)
87 logit("Nasty PTR record \"%s\" is set up for %s, ignoring", 87 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
88 name, ntop); 88 name, ntop);
89 freeaddrinfo(ai); 89 freeaddrinfo(ai);
90 return strdup(ntop); 90 return xstrdup(ntop);
91 } 91 }
92 92
93 /* Names are stored in lowercase. */ 93 /* Names are stored in lowercase. */
@@ -108,7 +108,7 @@ remote_hostname(struct ssh *ssh)
108 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 108 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
109 logit("reverse mapping checking getaddrinfo for %.700s " 109 logit("reverse mapping checking getaddrinfo for %.700s "
110 "[%s] failed.", name, ntop); 110 "[%s] failed.", name, ntop);
111 return strdup(ntop); 111 return xstrdup(ntop);
112 } 112 }
113 /* Look for the address from the list of addresses. */ 113 /* Look for the address from the list of addresses. */
114 for (ai = aitop; ai; ai = ai->ai_next) { 114 for (ai = aitop; ai; ai = ai->ai_next) {
@@ -123,9 +123,9 @@ remote_hostname(struct ssh *ssh)
123 /* Address not found for the host name. */ 123 /* Address not found for the host name. */
124 logit("Address %.100s maps to %.600s, but this does not " 124 logit("Address %.100s maps to %.600s, but this does not "
125 "map back to the address.", ntop, name); 125 "map back to the address.", ntop, name);
126 return strdup(ntop); 126 return xstrdup(ntop);
127 } 127 }
128 return strdup(name); 128 return xstrdup(name);
129} 129}
130 130
131void 131void
diff --git a/channels.c b/channels.c
index 0f45aee4e..226ba7a39 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.394 2019/07/07 01:05:00 dtucker Exp $ */ 1/* $OpenBSD: channels.c,v 1.395 2020/01/25 06:40:20 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3356,7 +3356,12 @@ channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp,
3356 } else if (strcmp(listen_addr, "localhost") != 0 || 3356 } else if (strcmp(listen_addr, "localhost") != 0 ||
3357 strcmp(listen_addr, "127.0.0.1") == 0 || 3357 strcmp(listen_addr, "127.0.0.1") == 0 ||
3358 strcmp(listen_addr, "::1") == 0) { 3358 strcmp(listen_addr, "::1") == 0) {
3359 /* Accept localhost address when GatewayPorts=yes */ 3359 /*
3360 * Accept explicit localhost address when
3361 * GatewayPorts=yes. The "localhost" hostname is
3362 * deliberately skipped here so it will listen on all
3363 * available local address families.
3364 */
3360 addr = listen_addr; 3365 addr = listen_addr;
3361 } 3366 }
3362 } else if (strcmp(listen_addr, "127.0.0.1") == 0 || 3367 } else if (strcmp(listen_addr, "127.0.0.1") == 0 ||
diff --git a/channels.h b/channels.h
index aa2a87c10..c8ae0d904 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.132 2018/10/04 00:10:11 djm Exp $ */ 1/* $OpenBSD: channels.h,v 1.133 2020/01/25 22:49:38 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -105,8 +105,16 @@ struct channel_connect {
105/* Callbacks for mux channels back into client-specific code */ 105/* Callbacks for mux channels back into client-specific code */
106typedef int mux_callback_fn(struct ssh *, struct Channel *); 106typedef int mux_callback_fn(struct ssh *, struct Channel *);
107 107
108/*
109 * NB. channel IDs on the wire and in c->remote_id are uint32, but local
110 * channel IDs (e.g. c->self) only ever use the int32 subset of this range,
111 * because we use local channel ID -1 for housekeeping. Remote channels have
112 * a dedicated "have_remote_id" flag to indicate their validity.
113 */
114
108struct Channel { 115struct Channel {
109 int type; /* channel type/state */ 116 int type; /* channel type/state */
117
110 int self; /* my own channel identifier */ 118 int self; /* my own channel identifier */
111 uint32_t remote_id; /* channel identifier for remote peer */ 119 uint32_t remote_id; /* channel identifier for remote peer */
112 int have_remote_id; /* non-zero if remote_id is valid */ 120 int have_remote_id; /* non-zero if remote_id is valid */
diff --git a/cipher.c b/cipher.c
index 25f98ba8e..820bc6ace 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -143,6 +143,17 @@ cipher_alg_list(char sep, int auth_only)
143 return ret; 143 return ret;
144} 144}
145 145
146const char *
147compression_alg_list(int compression)
148{
149#ifdef WITH_ZLIB
150 return compression ? "zlib@openssh.com,zlib,none" :
151 "none,zlib@openssh.com,zlib";
152#else
153 return "none";
154#endif
155}
156
146u_int 157u_int
147cipher_blocksize(const struct sshcipher *c) 158cipher_blocksize(const struct sshcipher *c)
148{ 159{
diff --git a/cipher.h b/cipher.h
index 5843aab49..1a591cd7f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
54const char *cipher_warning_message(const struct sshcipher_ctx *); 54const char *cipher_warning_message(const struct sshcipher_ctx *);
55int ciphers_valid(const char *); 55int ciphers_valid(const char *);
56char *cipher_alg_list(char, int); 56char *cipher_alg_list(char, int);
57const char *compression_alg_list(int);
57int cipher_init(struct sshcipher_ctx **, const struct sshcipher *, 58int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
58 const u_char *, u_int, const u_char *, u_int, int); 59 const u_char *, u_int, const u_char *, u_int, int);
59int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, 60int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
diff --git a/clientloop.c b/clientloop.c
index 9def2a1a9..1bdac6a46 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.327 2019/07/24 08:57:00 mestre Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.340 2020/02/02 09:45:34 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -77,10 +77,10 @@
77#include <paths.h> 77#include <paths.h>
78#endif 78#endif
79#include <signal.h> 79#include <signal.h>
80#include <stdarg.h>
81#include <stdio.h> 80#include <stdio.h>
82#include <stdlib.h> 81#include <stdlib.h>
83#include <string.h> 82#include <string.h>
83#include <stdarg.h>
84#include <termios.h> 84#include <termios.h>
85#include <pwd.h> 85#include <pwd.h>
86#include <unistd.h> 86#include <unistd.h>
@@ -139,6 +139,12 @@ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
139extern char *host; 139extern char *host;
140 140
141/* 141/*
142 * If this field is not NULL, the ForwardAgent socket is this path and different
143 * instead of SSH_AUTH_SOCK.
144 */
145extern char *forward_agent_sock_path;
146
147/*
142 * Flag to indicate that we have received a window change signal which has 148 * Flag to indicate that we have received a window change signal which has
143 * not yet been processed. This will cause a message indicating the new 149 * not yet been processed. This will cause a message indicating the new
144 * window size to be sent to the server a little later. This is volatile 150 * window size to be sent to the server a little later. This is volatile
@@ -783,7 +789,7 @@ process_cmdline(struct ssh *ssh)
783 memset(&fwd, 0, sizeof(fwd)); 789 memset(&fwd, 0, sizeof(fwd));
784 790
785 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 791 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
786 handler = signal(SIGINT, SIG_IGN); 792 handler = ssh_signal(SIGINT, SIG_IGN);
787 cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); 793 cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
788 if (s == NULL) 794 if (s == NULL)
789 goto out; 795 goto out;
@@ -881,7 +887,7 @@ process_cmdline(struct ssh *ssh)
881 } 887 }
882 888
883out: 889out:
884 signal(SIGINT, handler); 890 ssh_signal(SIGINT, handler);
885 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 891 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
886 free(cmd); 892 free(cmd);
887 free(fwd.listen_host); 893 free(fwd.listen_host);
@@ -1304,15 +1310,15 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
1304 * Set signal handlers, (e.g. to restore non-blocking mode) 1310 * Set signal handlers, (e.g. to restore non-blocking mode)
1305 * but don't overwrite SIG_IGN, matches behaviour from rsh(1) 1311 * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
1306 */ 1312 */
1307 if (signal(SIGHUP, SIG_IGN) != SIG_IGN) 1313 if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN)
1308 signal(SIGHUP, signal_handler); 1314 ssh_signal(SIGHUP, signal_handler);
1309 if (signal(SIGINT, SIG_IGN) != SIG_IGN) 1315 if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN)
1310 signal(SIGINT, signal_handler); 1316 ssh_signal(SIGINT, signal_handler);
1311 if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) 1317 if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN)
1312 signal(SIGQUIT, signal_handler); 1318 ssh_signal(SIGQUIT, signal_handler);
1313 if (signal(SIGTERM, SIG_IGN) != SIG_IGN) 1319 if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
1314 signal(SIGTERM, signal_handler); 1320 ssh_signal(SIGTERM, signal_handler);
1315 signal(SIGWINCH, window_change_handler); 1321 ssh_signal(SIGWINCH, window_change_handler);
1316 1322
1317 if (have_pty) 1323 if (have_pty)
1318 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 1324 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
@@ -1399,8 +1405,12 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
1399 * Send as much buffered packet data as possible to the 1405 * Send as much buffered packet data as possible to the
1400 * sender. 1406 * sender.
1401 */ 1407 */
1402 if (FD_ISSET(connection_out, writeset)) 1408 if (FD_ISSET(connection_out, writeset)) {
1403 ssh_packet_write_poll(ssh); 1409 if ((r = ssh_packet_write_poll(ssh)) != 0) {
1410 sshpkt_fatal(ssh, r,
1411 "%s: ssh_packet_write_poll", __func__);
1412 }
1413 }
1404 1414
1405 /* 1415 /*
1406 * If we are a backgrounded control master, and the 1416 * If we are a backgrounded control master, and the
@@ -1420,7 +1430,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
1420 /* Terminate the session. */ 1430 /* Terminate the session. */
1421 1431
1422 /* Stop watching for window change. */ 1432 /* Stop watching for window change. */
1423 signal(SIGWINCH, SIG_DFL); 1433 ssh_signal(SIGWINCH, SIG_DFL);
1424 1434
1425 if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || 1435 if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
1426 (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 || 1436 (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 ||
@@ -1631,7 +1641,12 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
1631 "malicious server."); 1641 "malicious server.");
1632 return NULL; 1642 return NULL;
1633 } 1643 }
1634 if ((r = ssh_get_authentication_socket(&sock)) != 0) { 1644 if (forward_agent_sock_path == NULL) {
1645 r = ssh_get_authentication_socket(&sock);
1646 } else {
1647 r = ssh_get_authentication_socket_path(forward_agent_sock_path, &sock);
1648 }
1649 if (r != 0) {
1635 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1650 if (r != SSH_ERR_AGENT_NOT_PRESENT)
1636 debug("%s: ssh_get_authentication_socket: %s", 1651 debug("%s: ssh_get_authentication_socket: %s",
1637 __func__, ssh_err(r)); 1652 __func__, ssh_err(r));
@@ -1890,13 +1905,22 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
1890} 1905}
1891 1906
1892static void 1907static void
1908hostkey_change_preamble(LogLevel loglevel)
1909{
1910 do_log2(loglevel, "The server has updated its host keys.");
1911 do_log2(loglevel, "These changes were verified by the server's "
1912 "existing trusted key.");
1913}
1914
1915static void
1893update_known_hosts(struct hostkeys_update_ctx *ctx) 1916update_known_hosts(struct hostkeys_update_ctx *ctx)
1894{ 1917{
1895 int r, was_raw = 0; 1918 int r, was_raw = 0, first = 1;
1896 LogLevel loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ? 1919 int asking = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK;
1897 SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; 1920 LogLevel loglevel = asking ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE;
1898 char *fp, *response; 1921 char *fp, *response;
1899 size_t i; 1922 size_t i;
1923 struct stat sb;
1900 1924
1901 for (i = 0; i < ctx->nkeys; i++) { 1925 for (i = 0; i < ctx->nkeys; i++) {
1902 if (ctx->keys_seen[i] != 2) 1926 if (ctx->keys_seen[i] != 2)
@@ -1904,16 +1928,22 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
1904 if ((fp = sshkey_fingerprint(ctx->keys[i], 1928 if ((fp = sshkey_fingerprint(ctx->keys[i],
1905 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) 1929 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
1906 fatal("%s: sshkey_fingerprint failed", __func__); 1930 fatal("%s: sshkey_fingerprint failed", __func__);
1931 if (first && asking)
1932 hostkey_change_preamble(loglevel);
1907 do_log2(loglevel, "Learned new hostkey: %s %s", 1933 do_log2(loglevel, "Learned new hostkey: %s %s",
1908 sshkey_type(ctx->keys[i]), fp); 1934 sshkey_type(ctx->keys[i]), fp);
1935 first = 0;
1909 free(fp); 1936 free(fp);
1910 } 1937 }
1911 for (i = 0; i < ctx->nold; i++) { 1938 for (i = 0; i < ctx->nold; i++) {
1912 if ((fp = sshkey_fingerprint(ctx->old_keys[i], 1939 if ((fp = sshkey_fingerprint(ctx->old_keys[i],
1913 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) 1940 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
1914 fatal("%s: sshkey_fingerprint failed", __func__); 1941 fatal("%s: sshkey_fingerprint failed", __func__);
1942 if (first && asking)
1943 hostkey_change_preamble(loglevel);
1915 do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", 1944 do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
1916 sshkey_type(ctx->old_keys[i]), fp); 1945 sshkey_type(ctx->old_keys[i]), fp);
1946 first = 0;
1917 free(fp); 1947 free(fp);
1918 } 1948 }
1919 if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { 1949 if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
@@ -1943,19 +1973,37 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
1943 if (was_raw) 1973 if (was_raw)
1944 enter_raw_mode(1); 1974 enter_raw_mode(1);
1945 } 1975 }
1946 1976 if (options.update_hostkeys == 0)
1977 return;
1947 /* 1978 /*
1948 * Now that all the keys are verified, we can go ahead and replace 1979 * Now that all the keys are verified, we can go ahead and replace
1949 * them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't 1980 * them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't
1950 * cancel the operation). 1981 * cancel the operation).
1951 */ 1982 */
1952 if (options.update_hostkeys != 0 && 1983 for (i = 0; i < options.num_user_hostfiles; i++) {
1953 (r = hostfile_replace_entries(options.user_hostfiles[0], 1984 /*
1954 ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys, 1985 * NB. keys are only added to hostfiles[0], for the rest we
1955 options.hash_known_hosts, 0, 1986 * just delete the hostname entries.
1956 options.fingerprint_hash)) != 0) 1987 */
1957 error("%s: hostfile_replace_entries failed: %s", 1988 if (stat(options.user_hostfiles[i], &sb) != 0) {
1958 __func__, ssh_err(r)); 1989 if (errno == ENOENT) {
1990 debug("%s: known hosts file %s does not exist",
1991 __func__, strerror(errno));
1992 } else {
1993 error("%s: known hosts file %s inaccessible",
1994 __func__, strerror(errno));
1995 }
1996 continue;
1997 }
1998 if ((r = hostfile_replace_entries(options.user_hostfiles[i],
1999 ctx->host_str, ctx->ip_str,
2000 i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0,
2001 options.hash_known_hosts, 0,
2002 options.fingerprint_hash)) != 0) {
2003 error("%s: hostfile_replace_entries failed for %s: %s",
2004 __func__, options.user_hostfiles[i], ssh_err(r));
2005 }
2006 }
1959} 2007}
1960 2008
1961static void 2009static void
@@ -2016,7 +2064,8 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
2016 sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; 2064 sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA;
2017 if ((r = sshkey_verify(ctx->keys[i], sig, siglen, 2065 if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
2018 sshbuf_ptr(signdata), sshbuf_len(signdata), 2066 sshbuf_ptr(signdata), sshbuf_len(signdata),
2019 use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { 2067 use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0,
2068 NULL)) != 0) {
2020 error("%s: server gave bad signature for %s key %zu", 2069 error("%s: server gave bad signature for %s key %zu",
2021 __func__, sshkey_type(ctx->keys[i]), i); 2070 __func__, sshkey_type(ctx->keys[i]), i);
2022 goto out; 2071 goto out;
@@ -2047,8 +2096,7 @@ static int
2047key_accepted_by_hostkeyalgs(const struct sshkey *key) 2096key_accepted_by_hostkeyalgs(const struct sshkey *key)
2048{ 2097{
2049 const char *ktype = sshkey_ssh_name(key); 2098 const char *ktype = sshkey_ssh_name(key);
2050 const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? 2099 const char *hostkeyalgs = options.hostkeyalgorithms;
2051 options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
2052 2100
2053 if (key == NULL || key->type == KEY_UNSPEC) 2101 if (key == NULL || key->type == KEY_UNSPEC)
2054 return 0; 2102 return 0;
@@ -2095,8 +2143,10 @@ client_input_hostkeys(struct ssh *ssh)
2095 goto out; 2143 goto out;
2096 } 2144 }
2097 if ((r = sshkey_from_blob(blob, len, &key)) != 0) { 2145 if ((r = sshkey_from_blob(blob, len, &key)) != 0) {
2098 error("%s: parse key: %s", __func__, ssh_err(r)); 2146 do_log2(r == SSH_ERR_KEY_TYPE_UNKNOWN ?
2099 goto out; 2147 SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR,
2148 "%s: parse key: %s", __func__, ssh_err(r));
2149 continue;
2100 } 2150 }
2101 fp = sshkey_fingerprint(key, options.fingerprint_hash, 2151 fp = sshkey_fingerprint(key, options.fingerprint_hash,
2102 SSH_FP_DEFAULT); 2152 SSH_FP_DEFAULT);
@@ -2148,11 +2198,22 @@ client_input_hostkeys(struct ssh *ssh)
2148 options.check_host_ip ? &ctx->ip_str : NULL); 2198 options.check_host_ip ? &ctx->ip_str : NULL);
2149 2199
2150 /* Find which keys we already know about. */ 2200 /* Find which keys we already know about. */
2151 if ((r = hostkeys_foreach(options.user_hostfiles[0], hostkeys_find, 2201 for (i = 0; i < options.num_user_hostfiles; i++) {
2152 ctx, ctx->host_str, ctx->ip_str, 2202 debug("%s: searching %s for %s / %s", __func__,
2153 HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { 2203 options.user_hostfiles[i], ctx->host_str,
2154 error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); 2204 ctx->ip_str ? ctx->ip_str : "(none)");
2155 goto out; 2205 if ((r = hostkeys_foreach(options.user_hostfiles[i],
2206 hostkeys_find, ctx, ctx->host_str, ctx->ip_str,
2207 HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) {
2208 if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
2209 debug("%s: hostkeys file %s does not exist",
2210 __func__, options.user_hostfiles[i]);
2211 continue;
2212 }
2213 error("%s: hostkeys_foreach failed for %s: %s",
2214 __func__, options.user_hostfiles[i], ssh_err(r));
2215 goto out;
2216 }
2156 } 2217 }
2157 2218
2158 /* Figure out if we have any new keys to add */ 2219 /* Figure out if we have any new keys to add */
diff --git a/config.h.in b/config.h.in
index 00fe91741..b8b5a01ae 100644
--- a/config.h.in
+++ b/config.h.in
@@ -99,7 +99,7 @@
99/* Define if you want to specify the path to your wtmp file */ 99/* Define if you want to specify the path to your wtmp file */
100#undef CONF_WTMP_FILE 100#undef CONF_WTMP_FILE
101 101
102/* Define if your platform needs to skip post auth file descriptor passing */ 102/* Need to call setpgrp as root */
103#undef DISABLE_FD_PASSING 103#undef DISABLE_FD_PASSING
104 104
105/* Define if you don't want to use lastlog */ 105/* Define if you don't want to use lastlog */
@@ -132,6 +132,12 @@
132/* Enable for PKCS#11 support */ 132/* Enable for PKCS#11 support */
133#undef ENABLE_PKCS11 133#undef ENABLE_PKCS11
134 134
135/* Enable for U2F/FIDO support */
136#undef ENABLE_SK
137
138/* Enable for built-in U2F/FIDO support */
139#undef ENABLE_SK_INTERNAL
140
135/* define if fflush(NULL) does not work */ 141/* define if fflush(NULL) does not work */
136#undef FFLUSH_NULL_BUG 142#undef FFLUSH_NULL_BUG
137 143
@@ -341,6 +347,10 @@
341 don't. */ 347 don't. */
342#undef HAVE_DECL_MAXSYMLINKS 348#undef HAVE_DECL_MAXSYMLINKS
343 349
350/* Define to 1 if you have the declaration of `memmem', and to 0 if you don't.
351 */
352#undef HAVE_DECL_MEMMEM
353
344/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you 354/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
345 don't. */ 355 don't. */
346#undef HAVE_DECL_NFDBITS 356#undef HAVE_DECL_NFDBITS
@@ -369,6 +379,10 @@
369 don't. */ 379 don't. */
370#undef HAVE_DECL_SHUT_RD 380#undef HAVE_DECL_SHUT_RD
371 381
382/* Define to 1 if you have the declaration of `UINT32_MAX', and to 0 if you
383 don't. */
384#undef HAVE_DECL_UINT32_MAX
385
372/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. 386/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
373 */ 387 */
374#undef HAVE_DECL_WRITEV 388#undef HAVE_DECL_WRITEV
@@ -414,6 +428,9 @@
414/* Define to 1 if you have the `dirname' function. */ 428/* Define to 1 if you have the `dirname' function. */
415#undef HAVE_DIRNAME 429#undef HAVE_DIRNAME
416 430
431/* Define to 1 if you have the `dlopen' function. */
432#undef HAVE_DLOPEN
433
417/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ 434/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
418#undef HAVE_DSA_GENERATE_PARAMETERS_EX 435#undef HAVE_DSA_GENERATE_PARAMETERS_EX
419 436
@@ -510,9 +527,6 @@
510/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */ 527/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */
511#undef HAVE_EVP_PKEY_GET0_RSA 528#undef HAVE_EVP_PKEY_GET0_RSA
512 529
513/* Define to 1 if you have the `EVP_ripemd160' function. */
514#undef HAVE_EVP_RIPEMD160
515
516/* Define to 1 if you have the `EVP_sha256' function. */ 530/* Define to 1 if you have the `EVP_sha256' function. */
517#undef HAVE_EVP_SHA256 531#undef HAVE_EVP_SHA256
518 532
@@ -561,6 +575,12 @@
561/* Define to 1 if you have the `fmt_scaled' function. */ 575/* Define to 1 if you have the `fmt_scaled' function. */
562#undef HAVE_FMT_SCALED 576#undef HAVE_FMT_SCALED
563 577
578/* Define to 1 if you have the `fnmatch' function. */
579#undef HAVE_FNMATCH
580
581/* Define to 1 if you have the <fnmatch.h> header file. */
582#undef HAVE_FNMATCH_H
583
564/* Define to 1 if you have the `freeaddrinfo' function. */ 584/* Define to 1 if you have the `freeaddrinfo' function. */
565#undef HAVE_FREEADDRINFO 585#undef HAVE_FREEADDRINFO
566 586
@@ -852,6 +872,9 @@
852/* Define to 1 if you have the <locale.h> header file. */ 872/* Define to 1 if you have the <locale.h> header file. */
853#undef HAVE_LOCALE_H 873#undef HAVE_LOCALE_H
854 874
875/* Define to 1 if you have the `localtime_r' function. */
876#undef HAVE_LOCALTIME_R
877
855/* Define to 1 if you have the `login' function. */ 878/* Define to 1 if you have the `login' function. */
856#undef HAVE_LOGIN 879#undef HAVE_LOGIN
857 880
@@ -1041,6 +1064,9 @@
1041/* Define to 1 if you have the `reallocarray' function. */ 1064/* Define to 1 if you have the `reallocarray' function. */
1042#undef HAVE_REALLOCARRAY 1065#undef HAVE_REALLOCARRAY
1043 1066
1067/* Define to 1 if you have the `realpath' function. */
1068#undef HAVE_REALPATH
1069
1044/* Define to 1 if you have the `recallocarray' function. */ 1070/* Define to 1 if you have the `recallocarray' function. */
1045#undef HAVE_RECALLOCARRAY 1071#undef HAVE_RECALLOCARRAY
1046 1072
@@ -1344,6 +1370,9 @@
1344/* define if you have struct sockaddr_storage data type */ 1370/* define if you have struct sockaddr_storage data type */
1345#undef HAVE_STRUCT_SOCKADDR_STORAGE 1371#undef HAVE_STRUCT_SOCKADDR_STORAGE
1346 1372
1373/* Define to 1 if `f_files' is a member of `struct statfs'. */
1374#undef HAVE_STRUCT_STATFS_F_FILES
1375
1347/* Define to 1 if `f_flags' is a member of `struct statfs'. */ 1376/* Define to 1 if `f_flags' is a member of `struct statfs'. */
1348#undef HAVE_STRUCT_STATFS_F_FLAGS 1377#undef HAVE_STRUCT_STATFS_F_FLAGS
1349 1378
@@ -1356,7 +1385,7 @@
1356/* Define to 1 if `st_mtime' is a member of `struct stat'. */ 1385/* Define to 1 if `st_mtime' is a member of `struct stat'. */
1357#undef HAVE_STRUCT_STAT_ST_MTIME 1386#undef HAVE_STRUCT_STAT_ST_MTIME
1358 1387
1359/* Define to 1 if the system has the type `struct timespec'. */ 1388/* define if you have struct timespec */
1360#undef HAVE_STRUCT_TIMESPEC 1389#undef HAVE_STRUCT_TIMESPEC
1361 1390
1362/* define if you have struct timeval */ 1391/* define if you have struct timeval */
@@ -1684,7 +1713,7 @@
1684/* Set this to your mail directory if you do not have _PATH_MAILDIR */ 1713/* Set this to your mail directory if you do not have _PATH_MAILDIR */
1685#undef MAIL_DIRECTORY 1714#undef MAIL_DIRECTORY
1686 1715
1687/* Need setpgrp to acquire controlling tty */ 1716/* Need setpgrp to for controlling tty */
1688#undef NEED_SETPGRP 1717#undef NEED_SETPGRP
1689 1718
1690/* compiler does not accept __attribute__ on prototype args */ 1719/* compiler does not accept __attribute__ on prototype args */
@@ -1869,6 +1898,9 @@
1869/* Support routing domains using Linux VRF */ 1898/* Support routing domains using Linux VRF */
1870#undef SYS_RDOMAIN_LINUX 1899#undef SYS_RDOMAIN_LINUX
1871 1900
1901/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
1902#undef TIME_WITH_SYS_TIME
1903
1872/* Support passwords > 8 chars */ 1904/* Support passwords > 8 chars */
1873#undef UNIXWARE_LONG_PASSWORDS 1905#undef UNIXWARE_LONG_PASSWORDS
1874 1906
@@ -1933,6 +1965,9 @@
1933/* Define if you want SELinux support. */ 1965/* Define if you want SELinux support. */
1934#undef WITH_SELINUX 1966#undef WITH_SELINUX
1935 1967
1968/* Enable zlib */
1969#undef WITH_ZLIB
1970
1936/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most 1971/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
1937 significant byte first (like Motorola and SPARC, unlike Intel). */ 1972 significant byte first (like Motorola and SPARC, unlike Intel). */
1938#if defined AC_APPLE_UNIVERSAL_BUILD 1973#if defined AC_APPLE_UNIVERSAL_BUILD
diff --git a/configure b/configure
index 1e67db268..09db0a335 100755
--- a/configure
+++ b/configure
@@ -624,6 +624,8 @@ ac_includes_default="\
624#endif" 624#endif"
625 625
626ac_subst_vars='LTLIBOBJS 626ac_subst_vars='LTLIBOBJS
627CFLAGS_NOPIE
628LDFLAGS_NOPIE
627DEPEND 629DEPEND
628UNSUPPORTED_ALGORITHMS 630UNSUPPORTED_ALGORITHMS
629TEST_MALLOC_OPTIONS 631TEST_MALLOC_OPTIONS
@@ -643,8 +645,10 @@ KRB5CONF
643SSHDLIBS 645SSHDLIBS
644SSHLIBS 646SSHLIBS
645SSH_PRIVSEP_USER 647SSH_PRIVSEP_USER
648LIBFIDO2
646COMMENT_OUT_ECC 649COMMENT_OUT_ECC
647TEST_SSH_ECC 650TEST_SSH_ECC
651PICFLAG
648LIBEDIT 652LIBEDIT
649PKGCONFIG 653PKGCONFIG
650LDNSCONFIG 654LDNSCONFIG
@@ -756,6 +760,8 @@ with_libedit
756with_audit 760with_audit
757with_pie 761with_pie
758enable_pkcs11 762enable_pkcs11
763enable_security_key
764with_security_key_builtin
759with_ssl_dir 765with_ssl_dir
760with_openssl_header_check 766with_openssl_header_check
761with_ssl_engine 767with_ssl_engine
@@ -1415,6 +1421,7 @@ Optional Features:
1415 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 1421 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1416 --disable-largefile omit support for large files 1422 --disable-largefile omit support for large files
1417 --disable-pkcs11 disable PKCS#11 support code [no] 1423 --disable-pkcs11 disable PKCS#11 support code [no]
1424 --disable-security-key disable U2F/FIDO support code no
1418 --disable-strip Disable calling strip(1) on install 1425 --disable-strip Disable calling strip(1) on install
1419 --disable-etc-default-login Disable using PATH from /etc/default/login no 1426 --disable-etc-default-login Disable using PATH from /etc/default/login no
1420 --disable-lastlog disable use of lastlog even if detected no 1427 --disable-lastlog disable use of lastlog even if detected no
@@ -1450,6 +1457,7 @@ Optional Packages:
1450 --with-libedit[=PATH] Enable libedit support for sftp 1457 --with-libedit[=PATH] Enable libedit support for sftp
1451 --with-audit=module Enable audit support (modules=debug,bsm,linux) 1458 --with-audit=module Enable audit support (modules=debug,bsm,linux)
1452 --with-pie Build Position Independent Executables if possible 1459 --with-pie Build Position Independent Executables if possible
1460 --with-security-key-builtin include builtin U2F/FIDO support
1453 --with-ssl-dir=PATH Specify path to OpenSSL installation 1461 --with-ssl-dir=PATH Specify path to OpenSSL installation
1454 --without-openssl-header-check Disable OpenSSL version consistency check 1462 --without-openssl-header-check Disable OpenSSL version consistency check
1455 --with-ssl-engine Enable OpenSSL (hardware) ENGINE support 1463 --with-ssl-engine Enable OpenSSL (hardware) ENGINE support
@@ -6066,6 +6074,49 @@ fi
6066rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext 6074rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6067} 6075}
6068 { 6076 {
6077 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wimplicit-fallthrough" >&5
6078$as_echo_n "checking if $CC supports compile flag -Wimplicit-fallthrough... " >&6; }
6079 saved_CFLAGS="$CFLAGS"
6080 CFLAGS="$CFLAGS $WERROR -Wimplicit-fallthrough"
6081 _define_flag=""
6082 test "x$_define_flag" = "x" && _define_flag="-Wimplicit-fallthrough"
6083 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6084/* end confdefs.h. */
6085
6086#include <stdlib.h>
6087#include <stdio.h>
6088int main(int argc, char **argv) {
6089 /* Some math to catch -ftrapv problems in the toolchain */
6090 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6091 float l = i * 2.1;
6092 double m = l / 0.5;
6093 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6094 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6095 exit(0);
6096}
6097
6098_ACEOF
6099if ac_fn_c_try_compile "$LINENO"; then :
6100
6101if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
6102then
6103 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6104$as_echo "no" >&6; }
6105 CFLAGS="$saved_CFLAGS"
6106else
6107 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6108$as_echo "yes" >&6; }
6109 CFLAGS="$saved_CFLAGS $_define_flag"
6110fi
6111else
6112 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6113$as_echo "no" >&6; }
6114 CFLAGS="$saved_CFLAGS"
6115
6116fi
6117rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6118}
6119 {
6069 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5 6120 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5
6070$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; } 6121$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; }
6071 saved_CFLAGS="$CFLAGS" 6122 saved_CFLAGS="$CFLAGS"
@@ -6481,13 +6532,16 @@ $as_echo_n "checking if $CC supports $t... " >&6; }
6481 LDFLAGS="$LDFLAGS $t -Werror" 6532 LDFLAGS="$LDFLAGS $t -Werror"
6482 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 6533 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6483/* end confdefs.h. */ 6534/* end confdefs.h. */
6484 #include <stdio.h> 6535
6536 #include <stdio.h>
6537 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
6538
6485int 6539int
6486main () 6540main ()
6487{ 6541{
6488 6542
6489 char x[256]; 6543 char x[256];
6490 snprintf(x, sizeof(x), "XXX"); 6544 snprintf(x, sizeof(x), "XXX%d", func(1));
6491 6545
6492 ; 6546 ;
6493 return 0; 6547 return 0;
@@ -6508,13 +6562,16 @@ $as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
6508else 6562else
6509 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 6563 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6510/* end confdefs.h. */ 6564/* end confdefs.h. */
6511 #include <stdio.h> 6565
6566 #include <stdio.h>
6567 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
6568
6512int 6569int
6513main () 6570main ()
6514{ 6571{
6515 6572
6516 char x[256]; 6573 char x[256];
6517 snprintf(x, sizeof(x), "XXX"); 6574 snprintf(x, sizeof(x), "XXX%d", func(1));
6518 6575
6519 ; 6576 ;
6520 return 0; 6577 return 0;
@@ -6741,6 +6798,7 @@ for ac_header in \
6741 features.h \ 6798 features.h \
6742 fcntl.h \ 6799 fcntl.h \
6743 floatingpoint.h \ 6800 floatingpoint.h \
6801 fnmatch.h \
6744 getopt.h \ 6802 getopt.h \
6745 glob.h \ 6803 glob.h \
6746 ia.h \ 6804 ia.h \
@@ -7531,6 +7589,7 @@ done
7531 ;; 7589 ;;
7532*-*-haiku*) 7590*-*-haiku*)
7533 LIBS="$LIBS -lbsd " 7591 LIBS="$LIBS -lbsd "
7592 CFLAGS="$CFLAGS -D_BSD_SOURCE"
7534 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 7593 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5
7535$as_echo_n "checking for socket in -lnetwork... " >&6; } 7594$as_echo_n "checking for socket in -lnetwork... " >&6; }
7536if ${ac_cv_lib_network_socket+:} false; then : 7595if ${ac_cv_lib_network_socket+:} false; then :
@@ -7578,6 +7637,9 @@ fi
7578 7637
7579 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h 7638 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
7580 7639
7640
7641$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
7642
7581 MANTYPE=man 7643 MANTYPE=man
7582 ;; 7644 ;;
7583*-*-hpux*) 7645*-*-hpux*)
@@ -8656,11 +8718,34 @@ $as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h
8656 8718
8657$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h 8719$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h
8658 8720
8659 $as_echo "#define NEED_SETPGRP 1" >>confdefs.h 8721
8722$as_echo "#define NEED_SETPGRP 1" >>confdefs.h
8660 8723
8661 8724
8662$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h 8725$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h
8663 8726
8727
8728$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
8729
8730 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
8731 # don't get a controlling tty.
8732
8733$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8734
8735 # On Ultrix some headers are not protected against multiple includes,
8736 # so we create wrappers and put it where the compiler will find it.
8737 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: creating compat wrappers for headers" >&5
8738$as_echo "$as_me: WARNING: creating compat wrappers for headers" >&2;}
8739 mkdir -p netinet
8740 for header in netinet/ip.h netdb.h resolv.h; do
8741 name=`echo $header | tr 'a-z/.' 'A-Z__'`
8742 cat >$header <<EOD
8743#ifndef _SSH_COMPAT_${name}
8744#define _SSH_COMPAT_${name}
8745#include "/usr/include/${header}"
8746#endif
8747EOD
8748 done
8664 ;; 8749 ;;
8665 8750
8666*-*-lynxos) 8751*-*-lynxos)
@@ -8990,11 +9075,12 @@ $as_echo "#define HAVE_BASENAME 1" >>confdefs.h
8990fi 9075fi
8991 9076
8992 9077
9078zlib=yes
8993 9079
8994# Check whether --with-zlib was given. 9080# Check whether --with-zlib was given.
8995if test "${with_zlib+set}" = set; then : 9081if test "${with_zlib+set}" = set; then :
8996 withval=$with_zlib; if test "x$withval" = "xno" ; then 9082 withval=$with_zlib; if test "x$withval" = "xno" ; then
8997 as_fn_error $? "*** zlib is required ***" "$LINENO" 5 9083 zlib=no
8998 elif test "x$withval" != "xyes"; then 9084 elif test "x$withval" != "xyes"; then
8999 if test -d "$withval/lib"; then 9085 if test -d "$withval/lib"; then
9000 if test -n "${rpath_opt}"; then 9086 if test -n "${rpath_opt}"; then
@@ -9019,7 +9105,18 @@ if test "${with_zlib+set}" = set; then :
9019fi 9105fi
9020 9106
9021 9107
9022ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" 9108{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for zlib" >&5
9109$as_echo_n "checking for zlib... " >&6; }
9110if test "x${zlib}" = "xno"; then
9111 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9112$as_echo "no" >&6; }
9113else
9114 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9115$as_echo "yes" >&6; }
9116
9117$as_echo "#define WITH_ZLIB 1" >>confdefs.h
9118
9119 ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
9023if test "x$ac_cv_header_zlib_h" = xyes; then : 9120if test "x$ac_cv_header_zlib_h" = xyes; then :
9024 9121
9025else 9122else
@@ -9027,7 +9124,7 @@ else
9027fi 9124fi
9028 9125
9029 9126
9030{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 9127 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
9031$as_echo_n "checking for deflate in -lz... " >&6; } 9128$as_echo_n "checking for deflate in -lz... " >&6; }
9032if ${ac_cv_lib_z_deflate+:} false; then : 9129if ${ac_cv_lib_z_deflate+:} false; then :
9033 $as_echo_n "(cached) " >&6 9130 $as_echo_n "(cached) " >&6
@@ -9127,9 +9224,9 @@ if test "${with_zlib_version_check+set}" = set; then :
9127fi 9224fi
9128 9225
9129 9226
9130{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 9227 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5
9131$as_echo_n "checking for possibly buggy zlib... " >&6; } 9228$as_echo_n "checking for possibly buggy zlib... " >&6; }
9132if test "$cross_compiling" = yes; then : 9229 if test "$cross_compiling" = yes; then :
9133 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 9230 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5
9134$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} 9231$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
9135 9232
@@ -9190,6 +9287,7 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
9190 conftest.$ac_objext conftest.beam conftest.$ac_ext 9287 conftest.$ac_objext conftest.beam conftest.$ac_ext
9191fi 9288fi
9192 9289
9290fi
9193 9291
9194ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" 9292ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
9195if test "x$ac_cv_func_strcasecmp" = xyes; then : 9293if test "x$ac_cv_func_strcasecmp" = xyes; then :
@@ -10350,8 +10448,6 @@ else
10350fi 10448fi
10351 10449
10352 if test "x$LDNSCONFIG" = "xno"; then 10450 if test "x$LDNSCONFIG" = "xno"; then
10353 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10354 LDFLAGS="$LDFLAGS -L${withval}/lib"
10355 LIBS="-lldns $LIBS" 10451 LIBS="-lldns $LIBS"
10356 ldns=yes 10452 ldns=yes
10357 else 10453 else
@@ -10379,7 +10475,9 @@ $as_echo_n "checking for ldns support... " >&6; }
10379 10475
10380#include <stdio.h> 10476#include <stdio.h>
10381#include <stdlib.h> 10477#include <stdlib.h>
10382#include <stdint.h> 10478#ifdef HAVE_STDINT_H
10479# include <stdint.h>
10480#endif
10383#include <ldns/ldns.h> 10481#include <ldns/ldns.h>
10384int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 10482int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
10385 10483
@@ -10920,6 +11018,34 @@ $as_echo "no" >&6; }
10920 fi 11018 fi
10921fi 11019fi
10922 11020
11021{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -fPIC is accepted" >&5
11022$as_echo_n "checking whether -fPIC is accepted... " >&6; }
11023SAVED_CFLAGS="$CFLAGS"
11024CFLAGS="$CFLAGS -fPIC"
11025cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11026/* end confdefs.h. */
11027 #include <stdlib.h>
11028int
11029main ()
11030{
11031 exit(0);
11032 ;
11033 return 0;
11034}
11035_ACEOF
11036if ac_fn_c_try_compile "$LINENO"; then :
11037 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11038$as_echo "yes" >&6; }
11039 PICFLAG="-fPIC";
11040else
11041 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11042$as_echo "no" >&6; }
11043 PICFLAG="";
11044fi
11045rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
11046CFLAGS="$SAVED_CFLAGS"
11047
11048
10923for ac_func in \ 11049for ac_func in \
10924 Blowfish_initstate \ 11050 Blowfish_initstate \
10925 Blowfish_expandstate \ 11051 Blowfish_expandstate \
@@ -10951,6 +11077,7 @@ for ac_func in \
10951 fchown \ 11077 fchown \
10952 fchownat \ 11078 fchownat \
10953 flock \ 11079 flock \
11080 fnmatch \
10954 freeaddrinfo \ 11081 freeaddrinfo \
10955 freezero \ 11082 freezero \
10956 fstatfs \ 11083 fstatfs \
@@ -10978,6 +11105,7 @@ for ac_func in \
10978 inet_ntop \ 11105 inet_ntop \
10979 innetgr \ 11106 innetgr \
10980 llabs \ 11107 llabs \
11108 localtime_r \
10981 login_getcapbool \ 11109 login_getcapbool \
10982 md5_crypt \ 11110 md5_crypt \
10983 memmem \ 11111 memmem \
@@ -10995,6 +11123,7 @@ for ac_func in \
10995 raise \ 11123 raise \
10996 readpassphrase \ 11124 readpassphrase \
10997 reallocarray \ 11125 reallocarray \
11126 realpath \
10998 recvmsg \ 11127 recvmsg \
10999 recallocarray \ 11128 recallocarray \
11000 rresvport_af \ 11129 rresvport_af \
@@ -11073,6 +11202,16 @@ fi
11073cat >>confdefs.h <<_ACEOF 11202cat >>confdefs.h <<_ACEOF
11074#define HAVE_DECL_BZERO $ac_have_decl 11203#define HAVE_DECL_BZERO $ac_have_decl
11075_ACEOF 11204_ACEOF
11205ac_fn_c_check_decl "$LINENO" "memmem" "ac_cv_have_decl_memmem" "$ac_includes_default"
11206if test "x$ac_cv_have_decl_memmem" = xyes; then :
11207 ac_have_decl=1
11208else
11209 ac_have_decl=0
11210fi
11211
11212cat >>confdefs.h <<_ACEOF
11213#define HAVE_DECL_MEMMEM $ac_have_decl
11214_ACEOF
11076 11215
11077 11216
11078for ac_func in mblen mbtowc nl_langinfo wcwidth 11217for ac_func in mblen mbtowc nl_langinfo wcwidth
@@ -11160,10 +11299,32 @@ if test "${enable_pkcs11+set}" = set; then :
11160fi 11299fi
11161 11300
11162 11301
11163# PKCS11 depends on OpenSSL. 11302disable_sk=
11164if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 11303# Check whether --enable-security-key was given.
11165 # PKCS#11 support requires dlopen() and co 11304if test "${enable_security_key+set}" = set; then :
11166 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 11305 enableval=$enable_security_key;
11306 if test "x$enableval" = "xno" ; then
11307 disable_sk=1
11308 fi
11309
11310
11311fi
11312
11313enable_sk_internal=
11314
11315# Check whether --with-security-key-builtin was given.
11316if test "${with_security_key_builtin+set}" = set; then :
11317 withval=$with_security_key_builtin;
11318 if test "x$withval" != "xno" ; then
11319 enable_sk_internal=yes
11320 fi
11321
11322
11323fi
11324
11325test "x$disable_sk" != "x" && enable_sk_internal=""
11326
11327{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
11167$as_echo_n "checking for library containing dlopen... " >&6; } 11328$as_echo_n "checking for library containing dlopen... " >&6; }
11168if ${ac_cv_search_dlopen+:} false; then : 11329if ${ac_cv_search_dlopen+:} false; then :
11169 $as_echo_n "(cached) " >&6 11330 $as_echo_n "(cached) " >&6
@@ -11216,19 +11377,26 @@ $as_echo "$ac_cv_search_dlopen" >&6; }
11216ac_res=$ac_cv_search_dlopen 11377ac_res=$ac_cv_search_dlopen
11217if test "$ac_res" != no; then : 11378if test "$ac_res" != no; then :
11218 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" 11379 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
11219 ac_fn_c_check_decl "$LINENO" "RTLD_NOW" "ac_cv_have_decl_RTLD_NOW" "#include <dlfcn.h>
11220 11380
11221" 11381fi
11222if test "x$ac_cv_have_decl_RTLD_NOW" = xyes; then :
11223 11382
11224$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h 11383for ac_func in dlopen
11384do :
11385 ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
11386if test "x$ac_cv_func_dlopen" = xyes; then :
11387 cat >>confdefs.h <<_ACEOF
11388#define HAVE_DLOPEN 1
11389_ACEOF
11225 11390
11226fi 11391fi
11392done
11227 11393
11394ac_fn_c_check_decl "$LINENO" "RTLD_NOW" "ac_cv_have_decl_RTLD_NOW" "#include <dlfcn.h>
11395"
11396if test "x$ac_cv_have_decl_RTLD_NOW" = xyes; then :
11228 11397
11229fi 11398fi
11230 11399
11231fi
11232 11400
11233# IRIX has a const char return value for gai_strerror() 11401# IRIX has a const char return value for gai_strerror()
11234for ac_func in gai_strerror 11402for ac_func in gai_strerror
@@ -13384,26 +13552,6 @@ fi
13384done 13552done
13385 13553
13386 13554
13387 # Search for RIPE-MD support in OpenSSL
13388 for ac_func in EVP_ripemd160
13389do :
13390 ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160"
13391if test "x$ac_cv_func_EVP_ripemd160" = xyes; then :
13392 cat >>confdefs.h <<_ACEOF
13393#define HAVE_EVP_RIPEMD160 1
13394_ACEOF
13395
13396else
13397 unsupported_algorithms="$unsupported_algorithms \
13398 hmac-ripemd160 \
13399 hmac-ripemd160@openssh.com \
13400 hmac-ripemd160-etm@openssh.com"
13401
13402
13403fi
13404done
13405
13406
13407 # Check complete ECC support in OpenSSL 13555 # Check complete ECC support in OpenSSL
13408 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 13556 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5
13409$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; } 13557$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; }
@@ -13570,6 +13718,9 @@ _ACEOF
13570fi 13718fi
13571done 13719done
13572 13720
13721 openssl_ecc=yes
13722 else
13723 openssl_ecc=no
13573 fi 13724 fi
13574 if test x$enable_nistp256 = x1; then 13725 if test x$enable_nistp256 = x1; then
13575 13726
@@ -13664,6 +13815,220 @@ done
13664 13815
13665fi 13816fi
13666 13817
13818# PKCS11/U2F depend on OpenSSL and dlopen().
13819enable_pkcs11=yes
13820enable_sk=yes
13821if test "x$openssl" != "xyes" ; then
13822 enable_pkcs11="disabled; missing libcrypto"
13823 enable_sk="disabled; missing libcrypto"
13824fi
13825if test "x$openssl_ecc" != "xyes" ; then
13826 enable_sk="disabled; OpenSSL has no ECC support"
13827fi
13828if test "x$ac_cv_func_dlopen" != "xyes" ; then
13829 enable_pkcs11="disabled; missing dlopen(3)"
13830 enable_sk="disabled; missing dlopen(3)"
13831fi
13832if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
13833 enable_pkcs11="disabled; missing RTLD_NOW"
13834 enable_sk="disabled; missing RTLD_NOW"
13835fi
13836if test ! -z "$disable_pkcs11" ; then
13837 enable_pkcs11="disabled by user"
13838fi
13839if test ! -z "$disable_sk" ; then
13840 enable_sk="disabled by user"
13841fi
13842
13843{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable PKCS11" >&5
13844$as_echo_n "checking whether to enable PKCS11... " >&6; }
13845if test "x$enable_pkcs11" = "xyes" ; then
13846
13847$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h
13848
13849fi
13850{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_pkcs11" >&5
13851$as_echo "$enable_pkcs11" >&6; }
13852
13853{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable U2F" >&5
13854$as_echo_n "checking whether to enable U2F... " >&6; }
13855if test "x$enable_sk" = "xyes" ; then
13856
13857$as_echo "#define ENABLE_SK /**/" >>confdefs.h
13858
13859fi
13860{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_sk" >&5
13861$as_echo "$enable_sk" >&6; }
13862
13863# Now check for built-in security key support.
13864if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
13865 if test -n "$ac_tool_prefix"; then
13866 # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
13867set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
13868{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
13869$as_echo_n "checking for $ac_word... " >&6; }
13870if ${ac_cv_path_PKGCONFIG+:} false; then :
13871 $as_echo_n "(cached) " >&6
13872else
13873 case $PKGCONFIG in
13874 [\\/]* | ?:[\\/]*)
13875 ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
13876 ;;
13877 *)
13878 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
13879for as_dir in $PATH
13880do
13881 IFS=$as_save_IFS
13882 test -z "$as_dir" && as_dir=.
13883 for ac_exec_ext in '' $ac_executable_extensions; do
13884 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
13885 ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
13886 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
13887 break 2
13888 fi
13889done
13890 done
13891IFS=$as_save_IFS
13892
13893 ;;
13894esac
13895fi
13896PKGCONFIG=$ac_cv_path_PKGCONFIG
13897if test -n "$PKGCONFIG"; then
13898 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
13899$as_echo "$PKGCONFIG" >&6; }
13900else
13901 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13902$as_echo "no" >&6; }
13903fi
13904
13905
13906fi
13907if test -z "$ac_cv_path_PKGCONFIG"; then
13908 ac_pt_PKGCONFIG=$PKGCONFIG
13909 # Extract the first word of "pkg-config", so it can be a program name with args.
13910set dummy pkg-config; ac_word=$2
13911{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
13912$as_echo_n "checking for $ac_word... " >&6; }
13913if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
13914 $as_echo_n "(cached) " >&6
13915else
13916 case $ac_pt_PKGCONFIG in
13917 [\\/]* | ?:[\\/]*)
13918 ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
13919 ;;
13920 *)
13921 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
13922for as_dir in $PATH
13923do
13924 IFS=$as_save_IFS
13925 test -z "$as_dir" && as_dir=.
13926 for ac_exec_ext in '' $ac_executable_extensions; do
13927 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
13928 ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
13929 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
13930 break 2
13931 fi
13932done
13933 done
13934IFS=$as_save_IFS
13935
13936 ;;
13937esac
13938fi
13939ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
13940if test -n "$ac_pt_PKGCONFIG"; then
13941 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
13942$as_echo "$ac_pt_PKGCONFIG" >&6; }
13943else
13944 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13945$as_echo "no" >&6; }
13946fi
13947
13948 if test "x$ac_pt_PKGCONFIG" = x; then
13949 PKGCONFIG="no"
13950 else
13951 case $cross_compiling:$ac_tool_warned in
13952yes:)
13953{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
13954$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
13955ac_tool_warned=yes ;;
13956esac
13957 PKGCONFIG=$ac_pt_PKGCONFIG
13958 fi
13959else
13960 PKGCONFIG="$ac_cv_path_PKGCONFIG"
13961fi
13962
13963 use_pkgconfig_for_libfido2=
13964 if test "x$PKGCONFIG" != "xno"; then
13965 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libfido2" >&5
13966$as_echo_n "checking if $PKGCONFIG knows about libfido2... " >&6; }
13967 if "$PKGCONFIG" libfido2; then
13968 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13969$as_echo "yes" >&6; }
13970 use_pkgconfig_for_libfido2=yes
13971 else
13972 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13973$as_echo "no" >&6; }
13974 fi
13975 fi
13976 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
13977 LIBFIDO2=`$PKGCONFIG --libs libfido2`
13978 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
13979 else
13980 LIBFIDO2="-lfido2 -lcbor"
13981 fi
13982 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
13983 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fido_init in -lfido2" >&5
13984$as_echo_n "checking for fido_init in -lfido2... " >&6; }
13985if ${ac_cv_lib_fido2_fido_init+:} false; then :
13986 $as_echo_n "(cached) " >&6
13987else
13988 ac_check_lib_save_LIBS=$LIBS
13989LIBS="-lfido2 $OTHERLIBS
13990 $LIBS"
13991cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13992/* end confdefs.h. */
13993
13994/* Override any GCC internal prototype to avoid an error.
13995 Use char because int might match the return type of a GCC
13996 builtin and then its argument prototype would still apply. */
13997#ifdef __cplusplus
13998extern "C"
13999#endif
14000char fido_init ();
14001int
14002main ()
14003{
14004return fido_init ();
14005 ;
14006 return 0;
14007}
14008_ACEOF
14009if ac_fn_c_try_link "$LINENO"; then :
14010 ac_cv_lib_fido2_fido_init=yes
14011else
14012 ac_cv_lib_fido2_fido_init=no
14013fi
14014rm -f core conftest.err conftest.$ac_objext \
14015 conftest$ac_exeext conftest.$ac_ext
14016LIBS=$ac_check_lib_save_LIBS
14017fi
14018{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_fido2_fido_init" >&5
14019$as_echo "$ac_cv_lib_fido2_fido_init" >&6; }
14020if test "x$ac_cv_lib_fido2_fido_init" = xyes; then :
14021
14022
14023
14024$as_echo "#define ENABLE_SK_INTERNAL /**/" >>confdefs.h
14025
14026 enable_sk="built-in"
14027
14028fi
14029
14030fi
14031
13667for ac_func in \ 14032for ac_func in \
13668 arc4random \ 14033 arc4random \
13669 arc4random_buf \ 14034 arc4random_buf \
@@ -14756,6 +15121,28 @@ fi
14756 15121
14757fi 15122fi
14758 15123
15124ac_fn_c_check_decl "$LINENO" "UINT32_MAX" "ac_cv_have_decl_UINT32_MAX" "
15125#ifdef HAVE_SYS_LIMITS_H
15126# include <sys/limits.h>
15127#endif
15128#ifdef HAVE_LIMITS_H
15129# include <limits.h>
15130#endif
15131#ifdef HAVE_STDINT_H
15132# include <stdint.h>
15133#endif
15134
15135"
15136if test "x$ac_cv_have_decl_UINT32_MAX" = xyes; then :
15137 ac_have_decl=1
15138else
15139 ac_have_decl=0
15140fi
15141
15142cat >>confdefs.h <<_ACEOF
15143#define HAVE_DECL_UINT32_MAX $ac_have_decl
15144_ACEOF
15145
14759 15146
14760# More checks for data types 15147# More checks for data types
14761{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 15148{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5
@@ -15215,7 +15602,9 @@ fi
15215 15602
15216ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" " 15603ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "
15217#include <sys/types.h> 15604#include <sys/types.h>
15218#include <stdint.h> 15605#ifdef HAVE_STDINT_H
15606# include <stdint.h>
15607#endif
15219 15608
15220" 15609"
15221if test "x$ac_cv_type_intmax_t" = xyes; then : 15610if test "x$ac_cv_type_intmax_t" = xyes; then :
@@ -15228,7 +15617,9 @@ _ACEOF
15228fi 15617fi
15229ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" " 15618ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "
15230#include <sys/types.h> 15619#include <sys/types.h>
15231#include <stdint.h> 15620#ifdef HAVE_STDINT_H
15621# include <stdint.h>
15622#endif
15232 15623
15233" 15624"
15234if test "x$ac_cv_type_uintmax_t" = xyes; then : 15625if test "x$ac_cv_type_uintmax_t" = xyes; then :
@@ -15361,7 +15752,36 @@ _ACEOF
15361fi 15752fi
15362 15753
15363 15754
15755ac_fn_c_check_member "$LINENO" "struct statfs" "f_files" "ac_cv_member_struct_statfs_f_files" "
15756#include <sys/param.h>
15757#include <sys/types.h>
15758#ifdef HAVE_SYS_BITYPES_H
15759#include <sys/bitypes.h>
15760#endif
15761#ifdef HAVE_SYS_STATFS_H
15762#include <sys/statfs.h>
15763#endif
15764#ifdef HAVE_SYS_STATVFS_H
15765#include <sys/statvfs.h>
15766#endif
15767#ifdef HAVE_SYS_VFS_H
15768#include <sys/vfs.h>
15769#endif
15770#ifdef HAVE_SYS_MOUNT_H
15771#include <sys/mount.h>
15772#endif
15773
15774"
15775if test "x$ac_cv_member_struct_statfs_f_files" = xyes; then :
15776
15777cat >>confdefs.h <<_ACEOF
15778#define HAVE_STRUCT_STATFS_F_FILES 1
15779_ACEOF
15780
15781
15782fi
15364ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " 15783ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" "
15784#include <sys/param.h>
15365#include <sys/types.h> 15785#include <sys/types.h>
15366#ifdef HAVE_SYS_BITYPES_H 15786#ifdef HAVE_SYS_BITYPES_H
15367#include <sys/bitypes.h> 15787#include <sys/bitypes.h>
@@ -15375,6 +15795,9 @@ ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_st
15375#ifdef HAVE_SYS_VFS_H 15795#ifdef HAVE_SYS_VFS_H
15376#include <sys/vfs.h> 15796#include <sys/vfs.h>
15377#endif 15797#endif
15798#ifdef HAVE_SYS_MOUNT_H
15799#include <sys/mount.h>
15800#endif
15378 15801
15379" 15802"
15380if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then : 15803if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then :
@@ -15807,6 +16230,42 @@ $as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h
15807 16230
15808fi 16231fi
15809 16232
16233{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
16234$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
16235if ${ac_cv_header_time+:} false; then :
16236 $as_echo_n "(cached) " >&6
16237else
16238 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16239/* end confdefs.h. */
16240#include <sys/types.h>
16241#include <sys/time.h>
16242#include <time.h>
16243
16244int
16245main ()
16246{
16247if ((struct tm *) 0)
16248return 0;
16249 ;
16250 return 0;
16251}
16252_ACEOF
16253if ac_fn_c_try_compile "$LINENO"; then :
16254 ac_cv_header_time=yes
16255else
16256 ac_cv_header_time=no
16257fi
16258rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16259fi
16260{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
16261$as_echo "$ac_cv_header_time" >&6; }
16262if test $ac_cv_header_time = yes; then
16263
16264$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
16265
16266fi
16267
16268
15810{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 16269{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5
15811$as_echo_n "checking for struct timeval... " >&6; } 16270$as_echo_n "checking for struct timeval... " >&6; }
15812if ${ac_cv_have_struct_timeval+:} false; then : 16271if ${ac_cv_have_struct_timeval+:} false; then :
@@ -15842,16 +16301,51 @@ $as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
15842 have_struct_timeval=1 16301 have_struct_timeval=1
15843fi 16302fi
15844 16303
15845ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default" 16304{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec" >&5
15846if test "x$ac_cv_type_struct_timespec" = xyes; then : 16305$as_echo_n "checking for struct timespec... " >&6; }
16306if ${ac_cv_have_struct_timespec+:} false; then :
16307 $as_echo_n "(cached) " >&6
16308else
15847 16309
15848cat >>confdefs.h <<_ACEOF 16310 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15849#define HAVE_STRUCT_TIMESPEC 1 16311/* end confdefs.h. */
16312
16313 #ifdef TIME_WITH_SYS_TIME
16314 # include <sys/time.h>
16315 # include <time.h>
16316 #else
16317 # ifdef HAVE_SYS_TIME_H
16318 # include <sys/time.h>
16319 # else
16320 # include <time.h>
16321 # endif
16322 #endif
16323
16324int
16325main ()
16326{
16327 struct timespec ts; ts.tv_sec = 1;
16328 ;
16329 return 0;
16330}
15850_ACEOF 16331_ACEOF
16332if ac_fn_c_try_compile "$LINENO"; then :
16333 ac_cv_have_struct_timespec="yes"
16334else
16335 ac_cv_have_struct_timespec="no"
15851 16336
16337fi
16338rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15852 16339
15853fi 16340fi
16341{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timespec" >&5
16342$as_echo "$ac_cv_have_struct_timespec" >&6; }
16343if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
16344
16345$as_echo "#define HAVE_STRUCT_TIMESPEC 1" >>confdefs.h
15854 16346
16347 have_struct_timespec=1
16348fi
15855 16349
15856# We need int64_t or else certain parts of the compile will fail. 16350# We need int64_t or else certain parts of the compile will fail.
15857if test "x$ac_cv_have_int64_t" = "xno" && \ 16351if test "x$ac_cv_have_int64_t" = "xno" && \
@@ -19428,6 +19922,12 @@ DEPEND=$(cat $srcdir/.depend)
19428CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 19922CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
19429LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 19923LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
19430 19924
19925# Make a copy of CFLAGS/LDFLAGS without PIE options.
19926LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
19927CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
19928
19929
19930
19431 19931
19432ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" 19932ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh"
19433 19933
@@ -20777,6 +21277,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
20777echo " BSD Auth support: $BSD_AUTH_MSG" 21277echo " BSD Auth support: $BSD_AUTH_MSG"
20778echo " Random number source: $RAND_MSG" 21278echo " Random number source: $RAND_MSG"
20779echo " Privsep sandbox style: $SANDBOX_STYLE" 21279echo " Privsep sandbox style: $SANDBOX_STYLE"
21280echo " PKCS#11 support: $enable_pkcs11"
21281echo " U2F/FIDO support: $enable_sk"
20780 21282
20781echo "" 21283echo ""
20782 21284
diff --git a/configure.ac b/configure.ac
index c119d6fd1..5db3013de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -164,6 +164,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
164 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
165 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
166 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
167 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
167 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 168 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
168 if test "x$use_toolchain_hardening" = "x1"; then 169 if test "x$use_toolchain_hardening" = "x1"; then
169 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 170 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
@@ -213,20 +214,26 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
213 CFLAGS="$CFLAGS $t -Werror" 214 CFLAGS="$CFLAGS $t -Werror"
214 LDFLAGS="$LDFLAGS $t -Werror" 215 LDFLAGS="$LDFLAGS $t -Werror"
215 AC_LINK_IFELSE( 216 AC_LINK_IFELSE(
216 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 217 [AC_LANG_PROGRAM([[
218 #include <stdio.h>
219 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
220 ]],
217 [[ 221 [[
218 char x[256]; 222 char x[256];
219 snprintf(x, sizeof(x), "XXX"); 223 snprintf(x, sizeof(x), "XXX%d", func(1));
220 ]])], 224 ]])],
221 [ AC_MSG_RESULT([yes]) 225 [ AC_MSG_RESULT([yes])
222 CFLAGS="$saved_CFLAGS $t" 226 CFLAGS="$saved_CFLAGS $t"
223 LDFLAGS="$saved_LDFLAGS $t" 227 LDFLAGS="$saved_LDFLAGS $t"
224 AC_MSG_CHECKING([if $t works]) 228 AC_MSG_CHECKING([if $t works])
225 AC_RUN_IFELSE( 229 AC_RUN_IFELSE(
226 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 230 [AC_LANG_PROGRAM([[
231 #include <stdio.h>
232 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
233 ]],
227 [[ 234 [[
228 char x[256]; 235 char x[256];
229 snprintf(x, sizeof(x), "XXX"); 236 snprintf(x, sizeof(x), "XXX%d", func(1));
230 ]])], 237 ]])],
231 [ AC_MSG_RESULT([yes]) 238 [ AC_MSG_RESULT([yes])
232 break ], 239 break ],
@@ -376,6 +383,7 @@ AC_CHECK_HEADERS([ \
376 features.h \ 383 features.h \
377 fcntl.h \ 384 fcntl.h \
378 floatingpoint.h \ 385 floatingpoint.h \
386 fnmatch.h \
379 getopt.h \ 387 getopt.h \
380 glob.h \ 388 glob.h \
381 ia.h \ 389 ia.h \
@@ -715,8 +723,10 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
715 ;; 723 ;;
716*-*-haiku*) 724*-*-haiku*)
717 LIBS="$LIBS -lbsd " 725 LIBS="$LIBS -lbsd "
726 CFLAGS="$CFLAGS -D_BSD_SOURCE"
718 AC_CHECK_LIB([network], [socket]) 727 AC_CHECK_LIB([network], [socket])
719 AC_DEFINE([HAVE_U_INT64_T]) 728 AC_DEFINE([HAVE_U_INT64_T])
729 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
720 MANTYPE=man 730 MANTYPE=man
721 ;; 731 ;;
722*-*-hpux*) 732*-*-hpux*)
@@ -1216,8 +1226,25 @@ mips-sony-bsd|mips-sony-newsos4)
1216 1226
1217*-*-ultrix*) 1227*-*-ultrix*)
1218 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1228 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1219 AC_DEFINE([NEED_SETPGRP]) 1229 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1220 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1230 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1231 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1232 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1233 # don't get a controlling tty.
1234 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1235 # On Ultrix some headers are not protected against multiple includes,
1236 # so we create wrappers and put it where the compiler will find it.
1237 AC_MSG_WARN([creating compat wrappers for headers])
1238 mkdir -p netinet
1239 for header in netinet/ip.h netdb.h resolv.h; do
1240 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1241 cat >$header <<EOD
1242#ifndef _SSH_COMPAT_${name}
1243#define _SSH_COMPAT_${name}
1244#include "/usr/include/${header}"
1245#endif
1246EOD
1247 done
1221 ;; 1248 ;;
1222 1249
1223*-*-lynxos) 1250*-*-lynxos)
@@ -1284,11 +1311,12 @@ AC_CHECK_FUNC([getspnam], ,
1284AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1311AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1285 [Define if you have the basename function.])]) 1312 [Define if you have the basename function.])])
1286 1313
1287dnl zlib is required 1314dnl zlib defaults to enabled
1315zlib=yes
1288AC_ARG_WITH([zlib], 1316AC_ARG_WITH([zlib],
1289 [ --with-zlib=PATH Use zlib in PATH], 1317 [ --with-zlib=PATH Use zlib in PATH],
1290 [ if test "x$withval" = "xno" ; then 1318 [ if test "x$withval" = "xno" ; then
1291 AC_MSG_ERROR([*** zlib is required ***]) 1319 zlib=no
1292 elif test "x$withval" != "xyes"; then 1320 elif test "x$withval" != "xyes"; then
1293 if test -d "$withval/lib"; then 1321 if test -d "$withval/lib"; then
1294 if test -n "${rpath_opt}"; then 1322 if test -n "${rpath_opt}"; then
@@ -1311,8 +1339,14 @@ AC_ARG_WITH([zlib],
1311 fi ] 1339 fi ]
1312) 1340)
1313 1341
1314AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1342AC_MSG_CHECKING([for zlib])
1315AC_CHECK_LIB([z], [deflate], , 1343if test "x${zlib}" = "xno"; then
1344 AC_MSG_RESULT([no])
1345else
1346 AC_MSG_RESULT([yes])
1347 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1348 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1349 AC_CHECK_LIB([z], [deflate], ,
1316 [ 1350 [
1317 saved_CPPFLAGS="$CPPFLAGS" 1351 saved_CPPFLAGS="$CPPFLAGS"
1318 saved_LDFLAGS="$LDFLAGS" 1352 saved_LDFLAGS="$LDFLAGS"
@@ -1331,18 +1365,18 @@ AC_CHECK_LIB([z], [deflate], ,
1331 ] 1365 ]
1332 ) 1366 )
1333 ] 1367 ]
1334) 1368 )
1335 1369
1336AC_ARG_WITH([zlib-version-check], 1370 AC_ARG_WITH([zlib-version-check],
1337 [ --without-zlib-version-check Disable zlib version check], 1371 [ --without-zlib-version-check Disable zlib version check],
1338 [ if test "x$withval" = "xno" ; then 1372 [ if test "x$withval" = "xno" ; then
1339 zlib_check_nonfatal=1 1373 zlib_check_nonfatal=1
1340 fi 1374 fi
1341 ] 1375 ]
1342) 1376 )
1343 1377
1344AC_MSG_CHECKING([for possibly buggy zlib]) 1378 AC_MSG_CHECKING([for possibly buggy zlib])
1345AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1379 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1346#include <stdio.h> 1380#include <stdio.h>
1347#include <stdlib.h> 1381#include <stdlib.h>
1348#include <zlib.h> 1382#include <zlib.h>
@@ -1380,7 +1414,8 @@ See http://www.gzip.org/zlib/ for details.])
1380 fi 1414 fi
1381 ], 1415 ],
1382 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1416 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1383) 1417 )
1418fi
1384 1419
1385dnl UnixWare 2.x 1420dnl UnixWare 2.x
1386AC_CHECK_FUNC([strcasecmp], 1421AC_CHECK_FUNC([strcasecmp],
@@ -1586,8 +1621,6 @@ AC_ARG_WITH(ldns,
1586 if test "x$withval" = "xyes" ; then 1621 if test "x$withval" = "xyes" ; then
1587 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1622 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1588 if test "x$LDNSCONFIG" = "xno"; then 1623 if test "x$LDNSCONFIG" = "xno"; then
1589 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1590 LDFLAGS="$LDFLAGS -L${withval}/lib"
1591 LIBS="-lldns $LIBS" 1624 LIBS="-lldns $LIBS"
1592 ldns=yes 1625 ldns=yes
1593 else 1626 else
@@ -1611,7 +1644,9 @@ AC_ARG_WITH(ldns,
1611 [AC_LANG_SOURCE([[ 1644 [AC_LANG_SOURCE([[
1612#include <stdio.h> 1645#include <stdio.h>
1613#include <stdlib.h> 1646#include <stdlib.h>
1614#include <stdint.h> 1647#ifdef HAVE_STDINT_H
1648# include <stdint.h>
1649#endif
1615#include <ldns/ldns.h> 1650#include <ldns/ldns.h>
1616int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1651int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1617 ]]) 1652 ]])
@@ -1778,6 +1813,18 @@ if test "x$use_pie" != "xno"; then
1778 fi 1813 fi
1779fi 1814fi
1780 1815
1816AC_MSG_CHECKING([whether -fPIC is accepted])
1817SAVED_CFLAGS="$CFLAGS"
1818CFLAGS="$CFLAGS -fPIC"
1819AC_COMPILE_IFELSE(
1820 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1821 [AC_MSG_RESULT([yes])
1822 PICFLAG="-fPIC"; ],
1823 [AC_MSG_RESULT([no])
1824 PICFLAG=""; ])
1825CFLAGS="$SAVED_CFLAGS"
1826AC_SUBST([PICFLAG])
1827
1781dnl Checks for library functions. Please keep in alphabetical order 1828dnl Checks for library functions. Please keep in alphabetical order
1782AC_CHECK_FUNCS([ \ 1829AC_CHECK_FUNCS([ \
1783 Blowfish_initstate \ 1830 Blowfish_initstate \
@@ -1810,6 +1857,7 @@ AC_CHECK_FUNCS([ \
1810 fchown \ 1857 fchown \
1811 fchownat \ 1858 fchownat \
1812 flock \ 1859 flock \
1860 fnmatch \
1813 freeaddrinfo \ 1861 freeaddrinfo \
1814 freezero \ 1862 freezero \
1815 fstatfs \ 1863 fstatfs \
@@ -1837,6 +1885,7 @@ AC_CHECK_FUNCS([ \
1837 inet_ntop \ 1885 inet_ntop \
1838 innetgr \ 1886 innetgr \
1839 llabs \ 1887 llabs \
1888 localtime_r \
1840 login_getcapbool \ 1889 login_getcapbool \
1841 md5_crypt \ 1890 md5_crypt \
1842 memmem \ 1891 memmem \
@@ -1854,6 +1903,7 @@ AC_CHECK_FUNCS([ \
1854 raise \ 1903 raise \
1855 readpassphrase \ 1904 readpassphrase \
1856 reallocarray \ 1905 reallocarray \
1906 realpath \
1857 recvmsg \ 1907 recvmsg \
1858 recallocarray \ 1908 recallocarray \
1859 rresvport_af \ 1909 rresvport_af \
@@ -1911,7 +1961,7 @@ AC_CHECK_FUNCS([ \
1911 warn \ 1961 warn \
1912]) 1962])
1913 1963
1914AC_CHECK_DECLS([bzero]) 1964AC_CHECK_DECLS([bzero, memmem])
1915 1965
1916dnl Wide character support. 1966dnl Wide character support.
1917AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1967AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
@@ -1951,16 +2001,29 @@ AC_ARG_ENABLE([pkcs11],
1951 ] 2001 ]
1952) 2002)
1953 2003
1954# PKCS11 depends on OpenSSL. 2004disable_sk=
1955if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 2005AC_ARG_ENABLE([security-key],
1956 # PKCS#11 support requires dlopen() and co 2006 [ --disable-security-key disable U2F/FIDO support code [no]],
1957 AC_SEARCH_LIBS([dlopen], [dl], 2007 [
1958 AC_CHECK_DECL([RTLD_NOW], 2008 if test "x$enableval" = "xno" ; then
1959 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), 2009 disable_sk=1
1960 [], [#include <dlfcn.h>] 2010 fi
1961 ) 2011 ]
1962 ) 2012)
1963fi 2013enable_sk_internal=
2014AC_ARG_WITH([security-key-builtin],
2015 [ --with-security-key-builtin include builtin U2F/FIDO support],
2016 [
2017 if test "x$withval" != "xno" ; then
2018 enable_sk_internal=yes
2019 fi
2020 ]
2021)
2022test "x$disable_sk" != "x" && enable_sk_internal=""
2023
2024AC_SEARCH_LIBS([dlopen], [dl])
2025AC_CHECK_FUNCS([dlopen])
2026AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
1964 2027
1965# IRIX has a const char return value for gai_strerror() 2028# IRIX has a const char return value for gai_strerror()
1966AC_CHECK_FUNCS([gai_strerror], [ 2029AC_CHECK_FUNCS([gai_strerror], [
@@ -2940,15 +3003,6 @@ if test "x$openssl" = "xyes" ; then
2940 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3003 # Check for SHA256, SHA384 and SHA512 support in OpenSSL
2941 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3004 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
2942 3005
2943 # Search for RIPE-MD support in OpenSSL
2944 AC_CHECK_FUNCS([EVP_ripemd160], ,
2945 [unsupported_algorithms="$unsupported_algorithms \
2946 hmac-ripemd160 \
2947 hmac-ripemd160@openssh.com \
2948 hmac-ripemd160-etm@openssh.com"
2949 ]
2950 )
2951
2952 # Check complete ECC support in OpenSSL 3006 # Check complete ECC support in OpenSSL
2953 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3007 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2954 AC_LINK_IFELSE( 3008 AC_LINK_IFELSE(
@@ -3030,6 +3084,9 @@ if test "x$openssl" = "xyes" ; then
3030 test x$enable_nistp521 = x1; then 3084 test x$enable_nistp521 = x1; then
3031 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3085 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3032 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3086 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3087 openssl_ecc=yes
3088 else
3089 openssl_ecc=no
3033 fi 3090 fi
3034 if test x$enable_nistp256 = x1; then 3091 if test x$enable_nistp256 = x1; then
3035 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3092 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@@ -3070,6 +3127,74 @@ else
3070 AC_CHECK_FUNCS([crypt]) 3127 AC_CHECK_FUNCS([crypt])
3071fi 3128fi
3072 3129
3130# PKCS11/U2F depend on OpenSSL and dlopen().
3131enable_pkcs11=yes
3132enable_sk=yes
3133if test "x$openssl" != "xyes" ; then
3134 enable_pkcs11="disabled; missing libcrypto"
3135 enable_sk="disabled; missing libcrypto"
3136fi
3137if test "x$openssl_ecc" != "xyes" ; then
3138 enable_sk="disabled; OpenSSL has no ECC support"
3139fi
3140if test "x$ac_cv_func_dlopen" != "xyes" ; then
3141 enable_pkcs11="disabled; missing dlopen(3)"
3142 enable_sk="disabled; missing dlopen(3)"
3143fi
3144if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3145 enable_pkcs11="disabled; missing RTLD_NOW"
3146 enable_sk="disabled; missing RTLD_NOW"
3147fi
3148if test ! -z "$disable_pkcs11" ; then
3149 enable_pkcs11="disabled by user"
3150fi
3151if test ! -z "$disable_sk" ; then
3152 enable_sk="disabled by user"
3153fi
3154
3155AC_MSG_CHECKING([whether to enable PKCS11])
3156if test "x$enable_pkcs11" = "xyes" ; then
3157 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3158fi
3159AC_MSG_RESULT([$enable_pkcs11])
3160
3161AC_MSG_CHECKING([whether to enable U2F])
3162if test "x$enable_sk" = "xyes" ; then
3163 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3164fi
3165AC_MSG_RESULT([$enable_sk])
3166
3167# Now check for built-in security key support.
3168if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
3169 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
3170 use_pkgconfig_for_libfido2=
3171 if test "x$PKGCONFIG" != "xno"; then
3172 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3173 if "$PKGCONFIG" libfido2; then
3174 AC_MSG_RESULT([yes])
3175 use_pkgconfig_for_libfido2=yes
3176 else
3177 AC_MSG_RESULT([no])
3178 fi
3179 fi
3180 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3181 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3182 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3183 else
3184 LIBFIDO2="-lfido2 -lcbor"
3185 fi
3186 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3187 AC_CHECK_LIB([fido2], [fido_init],
3188 [
3189 AC_SUBST([LIBFIDO2])
3190 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3191 [Enable for built-in U2F/FIDO support])
3192 enable_sk="built-in"
3193 ], [ ],
3194 [ $OTHERLIBS ]
3195 )
3196fi
3197
3073AC_CHECK_FUNCS([ \ 3198AC_CHECK_FUNCS([ \
3074 arc4random \ 3199 arc4random \
3075 arc4random_buf \ 3200 arc4random_buf \
@@ -3615,6 +3740,17 @@ fprint_ll(FILE *f, long long n)
3615 ) 3740 )
3616fi 3741fi
3617 3742
3743AC_CHECK_DECLS([UINT32_MAX], , , [[
3744#ifdef HAVE_SYS_LIMITS_H
3745# include <sys/limits.h>
3746#endif
3747#ifdef HAVE_LIMITS_H
3748# include <limits.h>
3749#endif
3750#ifdef HAVE_STDINT_H
3751# include <stdint.h>
3752#endif
3753]])
3618 3754
3619# More checks for data types 3755# More checks for data types
3620AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3756AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
@@ -3795,7 +3931,9 @@ fi
3795 3931
3796AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3932AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3797#include <sys/types.h> 3933#include <sys/types.h>
3798#include <stdint.h> 3934#ifdef HAVE_STDINT_H
3935# include <stdint.h>
3936#endif
3799]) 3937])
3800 3938
3801TYPE_SOCKLEN_T 3939TYPE_SOCKLEN_T
@@ -3814,7 +3952,8 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3814#endif 3952#endif
3815]) 3953])
3816 3954
3817AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ 3955AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
3956#include <sys/param.h>
3818#include <sys/types.h> 3957#include <sys/types.h>
3819#ifdef HAVE_SYS_BITYPES_H 3958#ifdef HAVE_SYS_BITYPES_H
3820#include <sys/bitypes.h> 3959#include <sys/bitypes.h>
@@ -3828,6 +3967,9 @@ AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[
3828#ifdef HAVE_SYS_VFS_H 3967#ifdef HAVE_SYS_VFS_H
3829#include <sys/vfs.h> 3968#include <sys/vfs.h>
3830#endif 3969#endif
3970#ifdef HAVE_SYS_MOUNT_H
3971#include <sys/mount.h>
3972#endif
3831]]) 3973]])
3832 3974
3833 3975
@@ -3973,6 +4115,8 @@ if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3973 [define if you have struct addrinfo data type]) 4115 [define if you have struct addrinfo data type])
3974fi 4116fi
3975 4117
4118AC_HEADER_TIME
4119
3976AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4120AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4121 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3978 [[ struct timeval tv; tv.tv_sec = 1;]])], 4122 [[ struct timeval tv; tv.tv_sec = 1;]])],
@@ -3985,7 +4129,28 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3985 have_struct_timeval=1 4129 have_struct_timeval=1
3986fi 4130fi
3987 4131
3988AC_CHECK_TYPES([struct timespec]) 4132AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4133 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4134 #ifdef TIME_WITH_SYS_TIME
4135 # include <sys/time.h>
4136 # include <time.h>
4137 #else
4138 # ifdef HAVE_SYS_TIME_H
4139 # include <sys/time.h>
4140 # else
4141 # include <time.h>
4142 # endif
4143 #endif
4144 ]],
4145 [[ struct timespec ts; ts.tv_sec = 1;]])],
4146 [ ac_cv_have_struct_timespec="yes" ],
4147 [ ac_cv_have_struct_timespec="no"
4148 ])
4149])
4150if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4151 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4152 have_struct_timespec=1
4153fi
3989 4154
3990# We need int64_t or else certain parts of the compile will fail. 4155# We need int64_t or else certain parts of the compile will fail.
3991if test "x$ac_cv_have_int64_t" = "xno" && \ 4156if test "x$ac_cv_have_int64_t" = "xno" && \
@@ -5274,6 +5439,12 @@ AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5274CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5439CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5275LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5440LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5276 5441
5442# Make a copy of CFLAGS/LDFLAGS without PIE options.
5443LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5444CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5445AC_SUBST([LDFLAGS_NOPIE])
5446AC_SUBST([CFLAGS_NOPIE])
5447
5277AC_EXEEXT 5448AC_EXEEXT
5278AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5449AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5279 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5450 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
@@ -5334,6 +5505,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5334echo " BSD Auth support: $BSD_AUTH_MSG" 5505echo " BSD Auth support: $BSD_AUTH_MSG"
5335echo " Random number source: $RAND_MSG" 5506echo " Random number source: $RAND_MSG"
5336echo " Privsep sandbox style: $SANDBOX_STYLE" 5507echo " Privsep sandbox style: $SANDBOX_STYLE"
5508echo " PKCS#11 support: $enable_pkcs11"
5509echo " U2F/FIDO support: $enable_sk"
5337 5510
5338echo "" 5511echo ""
5339 5512
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index e37a13382..88cdfaeff 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -39,6 +39,10 @@
39#define GRAB_TRIES 16 39#define GRAB_TRIES 16
40#define GRAB_WAIT 250 /* milliseconds */ 40#define GRAB_WAIT 250 /* milliseconds */
41 41
42#define PROMPT_ENTRY 0
43#define PROMPT_CONFIRM 1
44#define PROMPT_NONE 2
45
42/* 46/*
43 * Compile with: 47 * Compile with:
44 * 48 *
@@ -82,11 +86,12 @@ ok_dialog(GtkWidget *entry, gpointer dialog)
82} 86}
83 87
84static int 88static int
85passphrase_dialog(char *message) 89passphrase_dialog(char *message, int prompt_type)
86{ 90{
87 const char *failed; 91 const char *failed;
88 char *passphrase, *local; 92 char *passphrase, *local;
89 int result, grab_tries, grab_server, grab_pointer; 93 int result, grab_tries, grab_server, grab_pointer;
94 int buttons, default_response;
90 GtkWidget *parent_window, *dialog, *entry; 95 GtkWidget *parent_window, *dialog, *entry;
91 GdkGrabStatus status; 96 GdkGrabStatus status;
92 97
@@ -98,31 +103,43 @@ passphrase_dialog(char *message)
98 * complain. */ 103 * complain. */
99 parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL); 104 parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
100 105
106 switch (prompt_type) {
107 case PROMPT_CONFIRM:
108 buttons = GTK_BUTTONS_YES_NO;
109 default_response = GTK_RESPONSE_YES;
110 break;
111 case PROMPT_NONE:
112 buttons = GTK_BUTTONS_CLOSE;
113 default_response = GTK_RESPONSE_CLOSE;
114 break;
115 default:
116 buttons = GTK_BUTTONS_OK_CANCEL;
117 default_response = GTK_RESPONSE_OK;
118 break;
119 }
120
101 dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0, 121 dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
102 GTK_MESSAGE_QUESTION, 122 GTK_MESSAGE_QUESTION, buttons, "%s", message);
103 GTK_BUTTONS_OK_CANCEL,
104 "%s",
105 message);
106
107 entry = gtk_entry_new();
108 gtk_box_pack_start(
109 GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
110 FALSE, FALSE, 0);
111 gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
112 gtk_widget_grab_focus(entry);
113 gtk_widget_show(entry);
114 123
115 gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); 124 gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
116 gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); 125 gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
117 gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); 126 gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
118 127 gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
119 /* Make <enter> close dialog */
120 gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
121 g_signal_connect(G_OBJECT(entry), "activate",
122 G_CALLBACK(ok_dialog), dialog);
123
124 gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); 128 gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
125 129
130 if (prompt_type == PROMPT_ENTRY) {
131 entry = gtk_entry_new();
132 gtk_box_pack_start(
133 GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
134 entry, FALSE, FALSE, 0);
135 gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
136 gtk_widget_grab_focus(entry);
137 gtk_widget_show(entry);
138 /* Make <enter> close dialog */
139 g_signal_connect(G_OBJECT(entry), "activate",
140 G_CALLBACK(ok_dialog), dialog);
141 }
142
126 /* Grab focus */ 143 /* Grab focus */
127 gtk_widget_show_now(dialog); 144 gtk_widget_show_now(dialog);
128 if (grab_pointer) { 145 if (grab_pointer) {
@@ -166,32 +183,37 @@ passphrase_dialog(char *message)
166 gdk_flush(); 183 gdk_flush();
167 184
168 /* Report passphrase if user selected OK */ 185 /* Report passphrase if user selected OK */
169 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); 186 if (prompt_type == PROMPT_ENTRY) {
170 if (result == GTK_RESPONSE_OK) { 187 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
171 local = g_locale_from_utf8(passphrase, strlen(passphrase), 188 if (result == GTK_RESPONSE_OK) {
172 NULL, NULL, NULL); 189 local = g_locale_from_utf8(passphrase,
173 if (local != NULL) { 190 strlen(passphrase), NULL, NULL, NULL);
174 puts(local); 191 if (local != NULL) {
175 memset(local, '\0', strlen(local)); 192 puts(local);
176 g_free(local); 193 memset(local, '\0', strlen(local));
177 } else { 194 g_free(local);
178 puts(passphrase); 195 } else {
196 puts(passphrase);
197 }
179 } 198 }
199 /* Zero passphrase in memory */
200 memset(passphrase, '\b', strlen(passphrase));
201 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
202 memset(passphrase, '\0', strlen(passphrase));
203 g_free(passphrase);
180 } 204 }
181 205
182 /* Zero passphrase in memory */
183 memset(passphrase, '\b', strlen(passphrase));
184 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
185 memset(passphrase, '\0', strlen(passphrase));
186 g_free(passphrase);
187
188 gtk_widget_destroy(dialog); 206 gtk_widget_destroy(dialog);
189 return (result == GTK_RESPONSE_OK ? 0 : -1); 207 if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
208 return -1;
209 return 0;
190 210
191 /* At least one grab failed - ungrab what we got, and report
192 the failure to the user. Note that XGrabServer() cannot
193 fail. */
194 nograbkb: 211 nograbkb:
212 /*
213 * At least one grab failed - ungrab what we got, and report
214 * the failure to the user. Note that XGrabServer() cannot
215 * fail.
216 */
195 gdk_pointer_ungrab(GDK_CURRENT_TIME); 217 gdk_pointer_ungrab(GDK_CURRENT_TIME);
196 nograb: 218 nograb:
197 if (grab_server) 219 if (grab_server)
@@ -206,8 +228,8 @@ passphrase_dialog(char *message)
206int 228int
207main(int argc, char **argv) 229main(int argc, char **argv)
208{ 230{
209 char *message; 231 char *message, *prompt_mode;
210 int result; 232 int result, prompt_type = PROMPT_ENTRY;
211 233
212 gtk_init(&argc, &argv); 234 gtk_init(&argc, &argv);
213 235
@@ -219,8 +241,15 @@ main(int argc, char **argv)
219 message = g_strdup("Enter your OpenSSH passphrase:"); 241 message = g_strdup("Enter your OpenSSH passphrase:");
220 } 242 }
221 243
244 if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
245 if (strcasecmp(prompt_mode, "confirm") == 0)
246 prompt_type = PROMPT_CONFIRM;
247 else if (strcasecmp(prompt_mode, "none") == 0)
248 prompt_type = PROMPT_NONE;
249 }
250
222 setvbuf(stdout, 0, _IONBF, 0); 251 setvbuf(stdout, 0, _IONBF, 0);
223 result = passphrase_dialog(message); 252 result = passphrase_dialog(message, prompt_type);
224 g_free(message); 253 g_free(message);
225 254
226 return (result); 255 return (result);
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index a440a11c2..54dc39610 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 8.1p1 1%define ver 8.2p1
2%define rel 1%{?dist} 2%define rel 1%{?dist}
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index 8850cceda..ae75c79a5 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -158,7 +158,7 @@ asked for confirmation, which is your cue to log back out and run
158The reason you might want to specify the -i option in this case is to 158The reason you might want to specify the -i option in this case is to
159ensure that the comment on the installed key is the one from the 159ensure that the comment on the installed key is the one from the
160.Pa .pub 160.Pa .pub
161file, rather than just the filename that was loaded into you agent. 161file, rather than just the filename that was loaded into your agent.
162It also ensures that only the id you intended is installed, rather than 162It also ensures that only the id you intended is installed, rather than
163all the keys that you have in your 163all the keys that you have in your
164.Xr ssh-agent 1 . 164.Xr ssh-agent 1 .
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 8c081acc0..4c318001e 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 8.1p1 16Version: 8.2p1
17URL: https://www.openssh.com/ 17URL: https://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 07406955d..8acad4cd4 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,12 +1,12 @@
1# see git-dpm(1) from git-dpm package 1# see git-dpm(1) from git-dpm package
22e128b223e8e73ace57a0726130bfbcf920d0f9e 2a2dabf35ce0228c86a288d11cc847a9d9801604f
32e128b223e8e73ace57a0726130bfbcf920d0f9e 3a2dabf35ce0228c86a288d11cc847a9d9801604f
44213eec74e74de6310c27a40c3e9759a08a73996 4f0de78bd4f29fa688c5df116f3f9cd43543a76d0
54213eec74e74de6310c27a40c3e9759a08a73996 5f0de78bd4f29fa688c5df116f3f9cd43543a76d0
6openssh_8.1p1.orig.tar.gz 6openssh_8.2p1.orig.tar.gz
7c44b96094869f177735ae053d92bd5fcab1319de 7d1ab35a93507321c5db885e02d41ce1414f0507c
81625894 81701197
9debianTag="debian/%e%%%V" 9debianTag="debian/%e%%%V"
10patchedTag="patched/%e%%%V" 10patchedTag="patched/%e%%%V"
11upstreamTag="upstream/%U" 11upstreamTag="upstream/%U"
12signature:8b241dee85731fb19e57622f160a4326da52a7a7:683:openssh_8.1p1.orig.tar.gz.asc 12signature:d3814ab57572c13bdee2037ad1477e2f7c51e1b0:683:openssh_8.2p1.orig.tar.gz.asc
diff --git a/debian/NEWS b/debian/NEWS
index 32a0c721e..1963c7919 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,50 @@
1openssh (1:8.2p1-1) unstable; urgency=medium
2
3 OpenSSH 8.2 includes a number of changes that may affect existing
4 configurations:
5
6 * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa"
7 (RSA/SHA1) algorithm from those accepted for certificate signatures
8 (i.e. the client and server CASignatureAlgorithms option) and will use
9 the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
10 CA signs new certificates.
11
12 Certificates are at special risk to SHA1 collision vulnerabilities as
13 an attacker has effectively unlimited time in which to craft a
14 collision that yields them a valid certificate, far more than the
15 relatively brief LoginGraceTime window that they have to forge a host
16 key signature.
17
18 The OpenSSH certificate format includes a CA-specified (typically
19 random) nonce value near the start of the certificate that should make
20 exploitation of chosen-prefix collisions in this context challenging,
21 as the attacker does not have full control over the prefix that
22 actually gets signed. Nonetheless, SHA1 is now a demonstrably broken
23 algorithm and futher improvements in attacks are highly likely.
24
25 OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
26 algorithms and will refuse to accept certificates signed by an OpenSSH
27 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly
28 selected during signing ("ssh-keygen -t ssh-rsa"). Older
29 clients/servers may use another CA key type such as ssh-ed25519
30 (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521
31 types (supported since OpenSSH 5.7) instead if they cannot be upgraded.
32
33 * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
34 key exchange proposal for both the client and server.
35
36 * ssh-keygen(1): The command-line options related to the generation and
37 screening of safe prime numbers used by the
38 diffie-hellman-group-exchange-* key exchange algorithms have changed.
39 Most options have been folded under the -O flag.
40
41 * sshd(8): The sshd listener process title visible to ps(1) has changed
42 to include information about the number of connections that are
43 currently attempting authentication and the limits configured by
44 MaxStartups.
45
46 -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 12:11:52 +0000
47
1openssh (1:8.1p1-1) unstable; urgency=medium 48openssh (1:8.1p1-1) unstable; urgency=medium
2 49
3 OpenSSH 8.1 includes a number of changes that may affect existing 50 OpenSSH 8.1 includes a number of changes that may affect existing
diff --git a/debian/changelog b/debian/changelog
index fd967a966..b86ad184e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,108 @@
1openssh (1:8.1p1-6) UNRELEASED; urgency=medium 1openssh (1:8.2p1-1) UNRELEASED; urgency=medium
2 2
3 * New upstream release (https://www.openssh.com/txt/release-8.2, closes:
4 #951582):
5 - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
6 (RSA/SHA1) algorithm from those accepted for certificate signatures
7 (i.e. the client and server CASignatureAlgorithms option) and will use
8 the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
9 CA signs new certificates.
10 - ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
11 key exchange proposal for both the client and server.
12 - ssh-keygen(1): The command-line options related to the generation and
13 screening of safe prime numbers used by the
14 diffie-hellman-group-exchange-* key exchange algorithms have changed.
15 Most options have been folded under the -O flag.
16 - sshd(8): The sshd listener process title visible to ps(1) has changed
17 to include information about the number of connections that are
18 currently attempting authentication and the limits configured by
19 MaxStartups.
20 - Add support for FIDO/U2F hardware authenticators.
21 - ssh-keygen(1): Add a "no-touch-required" option when generating
22 FIDO-hosted keys, that disables their default behaviour of requiring a
23 physical touch/tap on the token during authentication. Note: not all
24 tokens support disabling the touch requirement.
25 - sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects
26 miscellaneous public key authentication-related options for sshd(8).
27 At present it supports only a single option "no-touch-required". This
28 causes sshd to skip its default check for FIDO/U2F keys that the
29 signature was authorised by a touch or press event on the token
30 hardware.
31 - ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for
32 authorized_keys and a similar extension for certificates. This option
33 disables the default requirement that FIDO key signatures attest that
34 the user touched their key to authorize them, mirroring the similar
35 PubkeyAuthOptions sshd_config option.
36 - ssh-keygen(1): Add support for the writing the FIDO attestation
37 information that is returned when new keys are generated via the "-O
38 write-attestation=/path" option. FIDO attestation certificates may be
39 used to verify that a FIDO key is hosted in trusted hardware. OpenSSH
40 does not currently make use of this information, beyond optionally
41 writing it to disk.
42 - Add support for FIDO2 resident keys.
43 - sshd(8): Add an Include sshd_config keyword that allows including
44 additional configuration files via glob(3) patterns (closes: #631189).
45 - ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via
46 the IPQoS directive.
47 - ssh(1): When AddKeysToAgent=yes is set and the key contains no
48 comment, add the key to the agent with the key's path as the comment.
49 - ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509
50 subjects as key comments, rather than simply listing the PKCS#11
51 provider library path.
52 - ssh-keygen(1): Allow PEM export of DSA and ECDSA keys.
53 - sshd(8): When clients get denied by MaxStartups, send a notification
54 prior to the SSH2 protocol banner according to RFC4253 section 4.2
55 (closes: #275458).
56 - ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program,
57 pass a hint to the program to describe the type of desired prompt.
58 The possible values are "confirm" (indicating that a yes/no
59 confirmation dialog with no text entry should be shown), "none" (to
60 indicate an informational message only), or blank for the original
61 ssh-askpass behaviour of requesting a password/phrase.
62 - ssh(1): Allow forwarding a different agent socket to the path
63 specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
64 option to accepting an explicit path or the name of an environment
65 variable in addition to yes/no.
66 - ssh-keygen(1): Add a new signature operations "find-principals" to
67 look up the principal associated with a signature from an
68 allowed-signers file.
69 - sshd(8): Expose the number of currently-authenticating connections
70 along with the MaxStartups limit in the process title visible to "ps".
71 - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
72 now disable connection killing entirely rather than the current
73 behaviour of instantly killing the connection after the first liveness
74 test regardless of success.
75 - sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups /
76 DenyGroups in the sshd(8) manual page.
77 - sshd(8): Better describe HashKnownHosts in the manual page.
78 - sshd(8): Clarify that that permitopen=/PermitOpen do no name or
79 address translation in the manual page.
80 - sshd(8): Allow the UpdateHostKeys feature to function when multiple
81 known_hosts files are in use. When updating host keys, ssh will now
82 search subsequent known_hosts files, but will add updated host keys to
83 the first specified file only.
84 - All: Replace all calls to signal(2) with a wrapper around
85 sigaction(2). This wrapper blocks all other signals during the
86 handler preventing races between handlers, and sets SA_RESTART which
87 should reduce the potential for short read/write operations.
88 - sftp(1): Fix a race condition in the SIGCHILD handler that could turn
89 in to a kill(-1).
90 - sshd(8): Fix a case where valid (but extremely large) SSH channel IDs
91 were being incorrectly rejected.
92 - ssh(1): When checking host key fingerprints as answers to new hostkey
93 prompts, ignore whitespace surrounding the fingerprint itself.
94 - All: Wait for file descriptors to be readable or writeable during
95 non-blocking connect, not just readable. Prevents a timeout when the
96 server doesn't immediately send a banner (e.g. multiplexers like
97 sslh).
98 - sshd_config(5): Document the sntrup4591761x25519-sha512@tinyssh.org
99 key exchange algorithm.
3 * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1 100 * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1
4 and 1:7.7p1-4 inclusive (closes: #951220). 101 and 1:7.7p1-4 inclusive (closes: #951220).
5 * ssh(1): Explain that -Y is equivalent to -X in the default configuration 102 * ssh(1): Explain that -Y is equivalent to -X in the default configuration
6 (closes: #951640). 103 (closes: #951640).
7 104
8 -- Colin Watson <cjwatson@debian.org> Fri, 14 Feb 2020 18:43:44 +0000 105 -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 12:11:52 +0000
9 106
10openssh (1:8.1p1-5) unstable; urgency=medium 107openssh (1:8.1p1-5) unstable; urgency=medium
11 108
diff --git a/debian/control b/debian/control
index 9b0bba2bb..8b7fe6b68 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: autotools-dev,
11 dpkg-dev (>= 1.16.1~), 11 dpkg-dev (>= 1.16.1~),
12 libaudit-dev [linux-any], 12 libaudit-dev [linux-any],
13 libedit-dev, 13 libedit-dev,
14 libfido2-dev [linux-any],
14 libgtk-3-dev <!pkg.openssh.nognome>, 15 libgtk-3-dev <!pkg.openssh.nognome>,
15 libkrb5-dev | heimdal-dev, 16 libkrb5-dev | heimdal-dev,
16 libpam0g-dev | libpam-dev, 17 libpam0g-dev | libpam-dev,
@@ -34,7 +35,8 @@ Depends: adduser (>= 3.10),
34 passwd, 35 passwd,
35 ${misc:Depends}, 36 ${misc:Depends},
36 ${shlibs:Depends}, 37 ${shlibs:Depends},
37Recommends: xauth, 38Recommends: openssh-sk-helper,
39 xauth,
38Conflicts: sftp, 40Conflicts: sftp,
39Replaces: ssh, 41Replaces: ssh,
40 ssh-krb5, 42 ssh-krb5,
@@ -157,6 +159,16 @@ Description: secure shell (SSH) sftp server module, for SFTP access from remote
157 Newer versions of the draft will not be supported, though some features 159 Newer versions of the draft will not be supported, though some features
158 are individually implemented as extensions. 160 are individually implemented as extensions.
159 161
162Package: openssh-sk-helper
163Priority: optional
164Architecture: any
165Depends: ${misc:Depends},
166 ${shlibs:Depends}
167Multi-Arch: foreign
168Description: OpenSSH helper for FIDO authenticator support
169 This package provides ssh-sk-helper, which is used by ssh-agent to access
170 SSH keys provided by a FIDO authenticator for second-factor authentication.
171
160Package: openssh-tests 172Package: openssh-tests
161Priority: optional 173Priority: optional
162Architecture: any 174Architecture: any
diff --git a/debian/openssh-sk-helper.install b/debian/openssh-sk-helper.install
new file mode 100644
index 000000000..65fc98e66
--- /dev/null
+++ b/debian/openssh-sk-helper.install
@@ -0,0 +1,2 @@
1usr/lib/openssh/ssh-sk-helper
2usr/share/man/man8/ssh-sk-helper.8
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 01f1bf35c..43a160a0f 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
1From 7febe5a4b6bcb94d887ac1fe22e8a1742ffb609f Mon Sep 17 00:00:00 2001 1From b0cb3badf4d423f8ea7bf950e55ca72878cc224b Mon Sep 17 00:00:00 2001
2From: Tomas Pospisek <tpo_deb@sourcepole.ch> 2From: Tomas Pospisek <tpo_deb@sourcepole.ch>
3Date: Sun, 9 Feb 2014 16:10:07 +0000 3Date: Sun, 9 Feb 2014 16:10:07 +0000
4Subject: Install authorized_keys(5) as a symlink to sshd(8) 4Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
13 1 file changed, 1 insertion(+) 13 1 file changed, 1 insertion(+)
14 14
15diff --git a/Makefile.in b/Makefile.in 15diff --git a/Makefile.in b/Makefile.in
16index ab29e4f05..9b8a42c1e 100644 16index b68c1710f..bff1db49b 100644
17--- a/Makefile.in 17--- a/Makefile.in
18+++ b/Makefile.in 18+++ b/Makefile.in
19@@ -362,6 +362,7 @@ install-files: 19@@ -402,6 +402,7 @@ install-files:
20 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 20 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
21 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 21 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
22 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 22 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch
index ce7dc266e..b04c21060 100644
--- a/debian/patches/conch-old-privkey-format.patch
+++ b/debian/patches/conch-old-privkey-format.patch
@@ -1,4 +1,4 @@
1From 2e889a135439e6234502c813fa0ef2eb1fcd733c Mon Sep 17 00:00:00 2001 1From 311da721c2a5c6d147738e0699fa49d04cd5762a Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Thu, 30 Aug 2018 00:58:56 +0100 3Date: Thu, 30 Aug 2018 00:58:56 +0100
4Subject: Work around conch interoperability failure 4Subject: Work around conch interoperability failure
@@ -18,10 +18,10 @@ Patch-Name: conch-old-privkey-format.patch
18 3 files changed, 14 insertions(+), 2 deletions(-) 18 3 files changed, 14 insertions(+), 2 deletions(-)
19 19
20diff --git a/regress/Makefile b/regress/Makefile 20diff --git a/regress/Makefile b/regress/Makefile
21index 34c47e8cb..17e0a06e8 100644 21index 774c10d41..01e257a94 100644
22--- a/regress/Makefile 22--- a/regress/Makefile
23+++ b/regress/Makefile 23+++ b/regress/Makefile
24@@ -119,7 +119,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ 24@@ -120,7 +120,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
25 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ 25 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
26 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ 26 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
27 sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ 27 sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
@@ -29,7 +29,7 @@ index 34c47e8cb..17e0a06e8 100644
29+ ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \ 29+ ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
30 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ 30 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
31 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ 31 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
32 sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ 32 sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
33diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh 33diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
34index 6678813a2..6ff5da20b 100644 34index 6678813a2..6ff5da20b 100644
35--- a/regress/conch-ciphers.sh 35--- a/regress/conch-ciphers.sh
@@ -44,10 +44,10 @@ index 6678813a2..6ff5da20b 100644
44 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} 44 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
45 if [ $? -ne 0 ]; then 45 if [ $? -ne 0 ]; then
46diff --git a/regress/test-exec.sh b/regress/test-exec.sh 46diff --git a/regress/test-exec.sh b/regress/test-exec.sh
47index 508b93284..5e48bfbe3 100644 47index f5e3ee6f5..a3a40719f 100644
48--- a/regress/test-exec.sh 48--- a/regress/test-exec.sh
49+++ b/regress/test-exec.sh 49+++ b/regress/test-exec.sh
50@@ -510,6 +510,18 @@ REGRESS_INTEROP_CONCH=no 50@@ -573,6 +573,18 @@ REGRESS_INTEROP_CONCH=no
51 if test -x "$CONCH" ; then 51 if test -x "$CONCH" ; then
52 REGRESS_INTEROP_CONCH=yes 52 REGRESS_INTEROP_CONCH=yes
53 fi 53 fi
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index acf995e27..0d998fdd4 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
1From 4eb06adf69f21f387e4f2d29dad01b2ca1303094 Mon Sep 17 00:00:00 2001 1From 7d20d00ea24ec0c3fffacc80ab271d0699d198c6 Mon Sep 17 00:00:00 2001
2From: Kees Cook <kees@debian.org> 2From: Kees Cook <kees@debian.org>
3Date: Sun, 9 Feb 2014 16:10:06 +0000 3Date: Sun, 9 Feb 2014 16:10:06 +0000
4Subject: Add DebianBanner server configuration option 4Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
8 8
9Bug-Debian: http://bugs.debian.org/562048 9Bug-Debian: http://bugs.debian.org/562048
10Forwarded: not-needed 10Forwarded: not-needed
11Last-Update: 2019-06-05 11Last-Update: 2020-02-21
12 12
13Patch-Name: debian-banner.patch 13Patch-Name: debian-banner.patch
14--- 14---
@@ -22,10 +22,10 @@ Patch-Name: debian-banner.patch
22 7 files changed, 23 insertions(+), 5 deletions(-) 22 7 files changed, 23 insertions(+), 5 deletions(-)
23 23
24diff --git a/kex.c b/kex.c 24diff --git a/kex.c b/kex.c
25index 65ed6af02..f450bc2c7 100644 25index f638942d3..2abfbb95a 100644
26--- a/kex.c 26--- a/kex.c
27+++ b/kex.c 27+++ b/kex.c
28@@ -1221,7 +1221,7 @@ send_error(struct ssh *ssh, char *msg) 28@@ -1226,7 +1226,7 @@ send_error(struct ssh *ssh, char *msg)
29 */ 29 */
30 int 30 int
31 kex_exchange_identification(struct ssh *ssh, int timeout_ms, 31 kex_exchange_identification(struct ssh *ssh, int timeout_ms,
@@ -34,7 +34,7 @@ index 65ed6af02..f450bc2c7 100644
34 { 34 {
35 int remote_major, remote_minor, mismatch; 35 int remote_major, remote_minor, mismatch;
36 size_t len, i, n; 36 size_t len, i, n;
37@@ -1239,7 +1239,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, 37@@ -1244,7 +1244,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
38 if (version_addendum != NULL && *version_addendum == '\0') 38 if (version_addendum != NULL && *version_addendum == '\0')
39 version_addendum = NULL; 39 version_addendum = NULL;
40 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", 40 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
@@ -58,10 +58,10 @@ index fe7141414..938dca03b 100644
58 struct kex *kex_new(void); 58 struct kex *kex_new(void);
59 int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); 59 int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
60diff --git a/servconf.c b/servconf.c 60diff --git a/servconf.c b/servconf.c
61index 73b93c636..5576098a5 100644 61index bf3cd84a4..7bbc25c2e 100644
62--- a/servconf.c 62--- a/servconf.c
63+++ b/servconf.c 63+++ b/servconf.c
64@@ -184,6 +184,7 @@ initialize_server_options(ServerOptions *options) 64@@ -194,6 +194,7 @@ initialize_server_options(ServerOptions *options)
65 options->fingerprint_hash = -1; 65 options->fingerprint_hash = -1;
66 options->disable_forwarding = -1; 66 options->disable_forwarding = -1;
67 options->expose_userauth_info = -1; 67 options->expose_userauth_info = -1;
@@ -69,32 +69,32 @@ index 73b93c636..5576098a5 100644
69 } 69 }
70 70
71 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 71 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
72@@ -437,6 +438,8 @@ fill_default_server_options(ServerOptions *options) 72@@ -468,6 +469,8 @@ fill_default_server_options(ServerOptions *options)
73 options->disable_forwarding = 0;
74 if (options->expose_userauth_info == -1)
75 options->expose_userauth_info = 0; 73 options->expose_userauth_info = 0;
74 if (options->sk_provider == NULL)
75 options->sk_provider = xstrdup("internal");
76+ if (options->debian_banner == -1) 76+ if (options->debian_banner == -1)
77+ options->debian_banner = 1; 77+ options->debian_banner = 1;
78 78
79 assemble_algorithms(options); 79 assemble_algorithms(options);
80 80
81@@ -523,6 +526,7 @@ typedef enum { 81@@ -556,6 +559,7 @@ typedef enum {
82 sStreamLocalBindMask, sStreamLocalBindUnlink, 82 sStreamLocalBindMask, sStreamLocalBindUnlink,
83 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 83 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
84 sExposeAuthInfo, sRDomain, 84 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
85+ sDebianBanner, 85+ sDebianBanner,
86 sDeprecated, sIgnore, sUnsupported 86 sDeprecated, sIgnore, sUnsupported
87 } ServerOpCodes; 87 } ServerOpCodes;
88 88
89@@ -682,6 +686,7 @@ static struct { 89@@ -719,6 +723,7 @@ static struct {
90 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
91 { "rdomain", sRDomain, SSHCFG_ALL }, 90 { "rdomain", sRDomain, SSHCFG_ALL },
92 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 91 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
92 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
93+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, 93+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
94 { NULL, sBadOption, 0 } 94 { NULL, sBadOption, 0 }
95 }; 95 };
96 96
97@@ -2217,6 +2222,10 @@ process_server_config_line(ServerOptions *options, char *line, 97@@ -2382,6 +2387,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
98 *charptr = xstrdup(arg); 98 *charptr = xstrdup(arg);
99 break; 99 break;
100 100
@@ -106,23 +106,23 @@ index 73b93c636..5576098a5 100644
106 case sIgnore: 106 case sIgnore:
107 case sUnsupported: 107 case sUnsupported:
108diff --git a/servconf.h b/servconf.h 108diff --git a/servconf.h b/servconf.h
109index 29329ba1f..d5ad19065 100644 109index 3f47ea25e..3fa05fcac 100644
110--- a/servconf.h 110--- a/servconf.h
111+++ b/servconf.h 111+++ b/servconf.h
112@@ -214,6 +214,8 @@ typedef struct { 112@@ -221,6 +221,8 @@ typedef struct {
113 int fingerprint_hash;
114 int expose_userauth_info; 113 int expose_userauth_info;
115 u_int64_t timing_secret; 114 u_int64_t timing_secret;
115 char *sk_provider;
116+ 116+
117+ int debian_banner; 117+ int debian_banner;
118 } ServerOptions; 118 } ServerOptions;
119 119
120 /* Information about the incoming connection as used by Match */ 120 /* Information about the incoming connection as used by Match */
121diff --git a/sshconnect.c b/sshconnect.c 121diff --git a/sshconnect.c b/sshconnect.c
122index 41e75a275..27daef74f 100644 122index b796d3c8a..9f2412e0d 100644
123--- a/sshconnect.c 123--- a/sshconnect.c
124+++ b/sshconnect.c 124+++ b/sshconnect.c
125@@ -1291,7 +1291,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, 125@@ -1292,7 +1292,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
126 lowercase(host); 126 lowercase(host);
127 127
128 /* Exchange protocol version identification strings with the server. */ 128 /* Exchange protocol version identification strings with the server. */
@@ -132,10 +132,10 @@ index 41e75a275..27daef74f 100644
132 132
133 /* Put the connection into non-blocking mode. */ 133 /* Put the connection into non-blocking mode. */
134diff --git a/sshd.c b/sshd.c 134diff --git a/sshd.c b/sshd.c
135index ea8beacb4..4e8ff0662 100644 135index 65916fc6d..da876a900 100644
136--- a/sshd.c 136--- a/sshd.c
137+++ b/sshd.c 137+++ b/sshd.c
138@@ -2165,7 +2165,8 @@ main(int ac, char **av) 138@@ -2187,7 +2187,8 @@ main(int ac, char **av)
139 if (!debug_flag) 139 if (!debug_flag)
140 alarm(options.login_grace_time); 140 alarm(options.login_grace_time);
141 141
@@ -146,10 +146,10 @@ index ea8beacb4..4e8ff0662 100644
146 146
147 ssh_packet_set_nonblocking(ssh); 147 ssh_packet_set_nonblocking(ssh);
148diff --git a/sshd_config.5 b/sshd_config.5 148diff --git a/sshd_config.5 b/sshd_config.5
149index eec224158..46537f177 100644 149index ebd09f891..c926f584c 100644
150--- a/sshd_config.5 150--- a/sshd_config.5
151+++ b/sshd_config.5 151+++ b/sshd_config.5
152@@ -545,6 +545,11 @@ or 152@@ -542,6 +542,11 @@ or
153 .Cm no . 153 .Cm no .
154 The default is 154 The default is
155 .Cm yes . 155 .Cm yes .
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index acb4e3ce9..e5c690915 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1From 9a713cd4bbaef5ad4f1d28c1718fb6960ac257b3 Mon Sep 17 00:00:00 2001 1From cc80ecc65d57a9e68ce84d67bcfece281ffa0e9f Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:18 +0000 3Date: Sun, 9 Feb 2014 16:10:18 +0000
4Subject: Various Debian-specific configuration changes 4Subject: Various Debian-specific configuration changes
@@ -39,10 +39,10 @@ Patch-Name: debian-config.patch
39 6 files changed, 80 insertions(+), 9 deletions(-) 39 6 files changed, 80 insertions(+), 9 deletions(-)
40 40
41diff --git a/readconf.c b/readconf.c 41diff --git a/readconf.c b/readconf.c
42index 16d2729dd..253574ce0 100644 42index 7f251dd4a..e82024678 100644
43--- a/readconf.c 43--- a/readconf.c
44+++ b/readconf.c 44+++ b/readconf.c
45@@ -2037,7 +2037,7 @@ fill_default_options(Options * options) 45@@ -2087,7 +2087,7 @@ fill_default_options(Options * options)
46 if (options->forward_x11 == -1) 46 if (options->forward_x11 == -1)
47 options->forward_x11 = 0; 47 options->forward_x11 = 0;
48 if (options->forward_x11_trusted == -1) 48 if (options->forward_x11_trusted == -1)
@@ -52,10 +52,10 @@ index 16d2729dd..253574ce0 100644
52 options->forward_x11_timeout = 1200; 52 options->forward_x11_timeout = 1200;
53 /* 53 /*
54diff --git a/ssh.1 b/ssh.1 54diff --git a/ssh.1 b/ssh.1
55index 24530e511..44a00d525 100644 55index b33a8049f..a8967c2f8 100644
56--- a/ssh.1 56--- a/ssh.1
57+++ b/ssh.1 57+++ b/ssh.1
58@@ -795,6 +795,16 @@ directive in 58@@ -809,6 +809,16 @@ directive in
59 .Xr ssh_config 5 59 .Xr ssh_config 5
60 for more information. 60 for more information.
61 .Pp 61 .Pp
@@ -72,7 +72,7 @@ index 24530e511..44a00d525 100644
72 .It Fl x 72 .It Fl x
73 Disables X11 forwarding. 73 Disables X11 forwarding.
74 .Pp 74 .Pp
75@@ -803,6 +813,20 @@ Enables trusted X11 forwarding. 75@@ -817,6 +827,20 @@ Enables trusted X11 forwarding.
76 Trusted X11 forwardings are not subjected to the X11 SECURITY extension 76 Trusted X11 forwardings are not subjected to the X11 SECURITY extension
77 controls. 77 controls.
78 .Pp 78 .Pp
@@ -117,7 +117,7 @@ index 1ff999b68..6dd6ecf87 100644
117+ HashKnownHosts yes 117+ HashKnownHosts yes
118+ GSSAPIAuthentication yes 118+ GSSAPIAuthentication yes
119diff --git a/ssh_config.5 b/ssh_config.5 119diff --git a/ssh_config.5 b/ssh_config.5
120index 4b42aab9d..d27655e15 100644 120index c6eaa63e7..5c90d3e02 100644
121--- a/ssh_config.5 121--- a/ssh_config.5
122+++ b/ssh_config.5 122+++ b/ssh_config.5
123@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more 123@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
@@ -143,7 +143,7 @@ index 4b42aab9d..d27655e15 100644
143 The file contains keyword-argument pairs, one per line. 143 The file contains keyword-argument pairs, one per line.
144 Lines starting with 144 Lines starting with
145 .Ql # 145 .Ql #
146@@ -721,11 +737,12 @@ elapsed. 146@@ -729,11 +745,12 @@ elapsed.
147 .It Cm ForwardX11Trusted 147 .It Cm ForwardX11Trusted
148 If this option is set to 148 If this option is set to
149 .Cm yes , 149 .Cm yes ,
@@ -207,7 +207,7 @@ index 2c48105f8..ed8272f6d 100644
207 # Example of overriding settings on a per-user basis 207 # Example of overriding settings on a per-user basis
208 #Match User anoncvs 208 #Match User anoncvs
209diff --git a/sshd_config.5 b/sshd_config.5 209diff --git a/sshd_config.5 b/sshd_config.5
210index 270805060..02e29cb6f 100644 210index 25f4b8117..b8bea2ad7 100644
211--- a/sshd_config.5 211--- a/sshd_config.5
212+++ b/sshd_config.5 212+++ b/sshd_config.5
213@@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes 213@@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 6e8f0ae2f..3744218ff 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
1From 6220be7f65137290fbe3ad71b83667e71e4ccd03 Mon Sep 17 00:00:00 2001 1From 74c1c0ef7689ea68dc8263f73c00ff8675f9f0fe Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:01 +0000 3Date: Sun, 9 Feb 2014 16:10:01 +0000
4Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf 4Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index d5ddbbd26..b0faea78c 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
1From 944653642de12f09baa546011429fb69ffc0065a Mon Sep 17 00:00:00 2001 1From a14ddfc3f607b0bf29046bfb4b26a6d827fa58c7 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:11 +0000 3Date: Sun, 9 Feb 2014 16:10:11 +0000
4Subject: Document that HashKnownHosts may break tab-completion 4Subject: Document that HashKnownHosts may break tab-completion
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch
13 1 file changed, 3 insertions(+) 13 1 file changed, 3 insertions(+)
14 14
15diff --git a/ssh_config.5 b/ssh_config.5 15diff --git a/ssh_config.5 b/ssh_config.5
16index 2c74b57c0..4b42aab9d 100644 16index e61a0fd43..c6eaa63e7 100644
17--- a/ssh_config.5 17--- a/ssh_config.5
18+++ b/ssh_config.5 18+++ b/ssh_config.5
19@@ -840,6 +840,9 @@ Note that existing names and addresses in known hosts files 19@@ -848,6 +848,9 @@ Note that existing names and addresses in known hosts files
20 will not be converted automatically, 20 will not be converted automatically,
21 but may be manually hashed using 21 but may be manually hashed using
22 .Xr ssh-keygen 1 . 22 .Xr ssh-keygen 1 .
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 89c2a9864..35b370752 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
1From 4360244ab2ed367bdb2c836292e761c589355950 Mon Sep 17 00:00:00 2001 1From 63da84c3570afb4fa6bab38fdac3e9af45d0ec54 Mon Sep 17 00:00:00 2001
2From: Vincent Untz <vuntz@ubuntu.com> 2From: Vincent Untz <vuntz@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:10:16 +0000 3Date: Sun, 9 Feb 2014 16:10:16 +0000
4Subject: Give the ssh-askpass-gnome window a default icon 4Subject: Give the ssh-askpass-gnome window a default icon
@@ -12,10 +12,10 @@ Patch-Name: gnome-ssh-askpass2-icon.patch
12 1 file changed, 2 insertions(+) 12 1 file changed, 2 insertions(+)
13 13
14diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c 14diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
15index 535a69274..e37a13382 100644 15index bc83a2d67..88cdfaeff 100644
16--- a/contrib/gnome-ssh-askpass2.c 16--- a/contrib/gnome-ssh-askpass2.c
17+++ b/contrib/gnome-ssh-askpass2.c 17+++ b/contrib/gnome-ssh-askpass2.c
18@@ -211,6 +211,8 @@ main(int argc, char **argv) 18@@ -233,6 +233,8 @@ main(int argc, char **argv)
19 19
20 gtk_init(&argc, &argv); 20 gtk_init(&argc, &argv);
21 21
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index b858f4915..4bf1d3f73 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From 9da806e67101afdc0d3a1d304659927acf18f5c5 Mon Sep 17 00:00:00 2001 1From 34aff3aa136e5a65f441b25811dd466488fda087 Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -18,12 +18,12 @@ security history.
18 18
19Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master 19Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master
20Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 20Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
21Last-Updated: 2019-10-09 21Last-Updated: 2020-02-21
22 22
23Patch-Name: gssapi.patch 23Patch-Name: gssapi.patch
24--- 24---
25 Makefile.in | 3 +- 25 Makefile.in | 3 +-
26 auth-krb5.c | 17 +- 26 README.md | 33 +++
27 auth.c | 96 +------- 27 auth.c | 96 +-------
28 auth2-gss.c | 56 ++++- 28 auth2-gss.c | 56 ++++-
29 auth2.c | 2 + 29 auth2.c | 2 +
@@ -34,14 +34,12 @@ Patch-Name: gssapi.patch
34 gss-genr.c | 300 +++++++++++++++++++++++- 34 gss-genr.c | 300 +++++++++++++++++++++++-
35 gss-serv-krb5.c | 85 ++++++- 35 gss-serv-krb5.c | 85 ++++++-
36 gss-serv.c | 186 +++++++++++++-- 36 gss-serv.c | 186 +++++++++++++--
37 hmac.c | 1 +
38 kex.c | 66 +++++- 37 kex.c | 66 +++++-
39 kex.h | 29 +++ 38 kex.h | 29 +++
40 kexdh.c | 10 + 39 kexdh.c | 10 +
41 kexgen.c | 2 +- 40 kexgen.c | 2 +-
42 kexgssc.c | 606 ++++++++++++++++++++++++++++++++++++++++++++++++ 41 kexgssc.c | 606 ++++++++++++++++++++++++++++++++++++++++++++++++
43 kexgsss.c | 474 +++++++++++++++++++++++++++++++++++++ 42 kexgsss.c | 474 +++++++++++++++++++++++++++++++++++++
44 mac.c | 1 +
45 monitor.c | 139 ++++++++++- 43 monitor.c | 139 ++++++++++-
46 monitor.h | 2 + 44 monitor.h | 2 +
47 monitor_wrap.c | 57 ++++- 45 monitor_wrap.c | 57 ++++-
@@ -53,96 +51,86 @@ Patch-Name: gssapi.patch
53 session.c | 10 +- 51 session.c | 10 +-
54 ssh-gss.h | 50 +++- 52 ssh-gss.h | 50 +++-
55 ssh.1 | 8 + 53 ssh.1 | 8 +
56 ssh.c | 4 +- 54 ssh.c | 6 +-
57 ssh_config | 2 + 55 ssh_config | 2 +
58 ssh_config.5 | 57 +++++ 56 ssh_config.5 | 57 +++++
59 sshconnect2.c | 140 ++++++++++- 57 sshconnect2.c | 142 +++++++++++-
60 sshd.c | 120 +++++++++- 58 sshd.c | 62 ++++-
61 sshd_config | 2 + 59 sshd_config | 2 +
62 sshd_config.5 | 30 +++ 60 sshd_config.5 | 30 +++
63 sshkey.c | 3 +- 61 sshkey.c | 3 +-
64 sshkey.h | 1 + 62 sshkey.h | 1 +
65 40 files changed, 2664 insertions(+), 160 deletions(-) 63 38 files changed, 2624 insertions(+), 160 deletions(-)
66 create mode 100644 kexgssc.c 64 create mode 100644 kexgssc.c
67 create mode 100644 kexgsss.c 65 create mode 100644 kexgsss.c
68 66
69diff --git a/Makefile.in b/Makefile.in 67diff --git a/Makefile.in b/Makefile.in
70index adb1977e2..ab29e4f05 100644 68index e7549470c..b68c1710f 100644
71--- a/Makefile.in 69--- a/Makefile.in
72+++ b/Makefile.in 70+++ b/Makefile.in
73@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 71@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
74 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ 72 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
75 kexgexc.o kexgexs.o \ 73 kexgexc.o kexgexs.o \
76 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ 74 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
77+ kexgssc.o \ 75+ kexgssc.o \
78 platform-pledge.o platform-tracing.o platform-misc.o 76 sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
77 sshbuf-io.o
79 78
80 79@@ -125,7 +126,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
81@@ -114,7 +115,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
82 auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ 80 auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
83 auth2-none.o auth2-passwd.o auth2-pubkey.o \ 81 auth2-none.o auth2-passwd.o auth2-pubkey.o \
84 monitor.o monitor_wrap.o auth-krb5.o \ 82 monitor.o monitor_wrap.o auth-krb5.o \
85- auth2-gss.o gss-serv.o gss-serv-krb5.o \ 83- auth2-gss.o gss-serv.o gss-serv-krb5.o \
86+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ 84+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
87 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ 85 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
88 sftp-server.o sftp-common.o sftp-realpath.o \ 86 sftp-server.o sftp-common.o \
89 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 87 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
90diff --git a/auth-krb5.c b/auth-krb5.c 88diff --git a/README.md b/README.md
91index 3096f1c8e..204752e1b 100644 89index 28fb43d2a..5b73d24c0 100644
92--- a/auth-krb5.c 90--- a/README.md
93+++ b/auth-krb5.c 91+++ b/README.md
94@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) 92@@ -1,3 +1,36 @@
95 93+Portable OpenSSH with GSSAPI Key Exchange patches
96 len = strlen(authctxt->krb5_ticket_file) + 6; 94+=================================================
97 authctxt->krb5_ccname = xmalloc(len); 95+
98+#ifdef USE_CCAPI 96+Currently, there are two branches with gssapi key exchange related
99+ snprintf(authctxt->krb5_ccname, len, "API:%s", 97+patches:
100+ authctxt->krb5_ticket_file); 98+
101+#else 99+ * fedora/master: Changes that are shipped in Fedora
102 snprintf(authctxt->krb5_ccname, len, "FILE:%s", 100+ * debian/master: Changes that are shipped in Debian
103 authctxt->krb5_ticket_file); 101+
104+#endif 102+The target is to converge to a shared repository with single master
105 103+branch from where we could build releases for both OSes.
106 #ifdef USE_PAM 104+
107 if (options.use_pam) 105+
108@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt) 106+What is in:
109 #ifndef HEIMDAL 107+
110 krb5_error_code 108+ * The original patch implementing missing parts of RFC4462 by Simon Wilkinson
111 ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { 109+ adapted to the current OpenSSH versions and with several fixes
112- int tmpfd, ret, oerrno; 110+ * New methods for GSSAPI Kex from IETF draft [1] from Jakub Jelen
113+ int ret, oerrno; 111+
114 char ccname[40]; 112+
115 mode_t old_umask; 113+Missing kerberos-related parts:
116+#ifdef USE_CCAPI 114+
117+ char cctemplate[] = "API:krb5cc_%d"; 115+ * .k5login and .kusers support available in Fedora [2] [3].
118+#else 116+ * Improved handling of kerberos ccache location [4]
119+ char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX"; 117+
120+ int tmpfd; 118+
121+#endif 119+[1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-08
122 120+[2] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-kuserok.patch
123 ret = snprintf(ccname, sizeof(ccname), 121+[3] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-GSSAPIEnablek5users.patch
124- "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); 122+[4] https://bugzilla.mindrot.org/show_bug.cgi?id=2775
125+ cctemplate, geteuid()); 123+
126 if (ret < 0 || (size_t)ret >= sizeof(ccname)) 124+-------------------------------------------------------------------------------
127 return ENOMEM; 125+
128 126 # Portable OpenSSH
129+#ifndef USE_CCAPI
130 old_umask = umask(0177);
131 tmpfd = mkstemp(ccname + strlen("FILE:"));
132 oerrno = errno;
133@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
134 return oerrno;
135 }
136 close(tmpfd);
137+#endif
138 127
139 return (krb5_cc_resolve(ctx, ccname, ccache)); 128 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
140 }
141diff --git a/auth.c b/auth.c 129diff --git a/auth.c b/auth.c
142index ca450f4e4..47c27773c 100644 130index 086b8ebb1..687c57b42 100644
143--- a/auth.c 131--- a/auth.c
144+++ b/auth.c 132+++ b/auth.c
145@@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) 133@@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
146 case PERMIT_NO_PASSWD: 134 case PERMIT_NO_PASSWD:
147 if (strcmp(method, "publickey") == 0 || 135 if (strcmp(method, "publickey") == 0 ||
148 strcmp(method, "hostbased") == 0 || 136 strcmp(method, "hostbased") == 0 ||
@@ -152,7 +140,7 @@ index ca450f4e4..47c27773c 100644
152 return 1; 140 return 1;
153 break; 141 break;
154 case PERMIT_FORCED_ONLY: 142 case PERMIT_FORCED_ONLY:
155@@ -723,99 +724,6 @@ fakepw(void) 143@@ -724,99 +725,6 @@ fakepw(void)
156 return (&fake); 144 return (&fake);
157 } 145 }
158 146
@@ -181,7 +169,7 @@ index ca450f4e4..47c27773c 100644
181- if (getpeername(ssh_packet_get_connection_in(ssh), 169- if (getpeername(ssh_packet_get_connection_in(ssh),
182- (struct sockaddr *)&from, &fromlen) == -1) { 170- (struct sockaddr *)&from, &fromlen) == -1) {
183- debug("getpeername failed: %.100s", strerror(errno)); 171- debug("getpeername failed: %.100s", strerror(errno));
184- return strdup(ntop); 172- return xstrdup(ntop);
185- } 173- }
186- 174-
187- ipv64_normalise_mapped(&from, &fromlen); 175- ipv64_normalise_mapped(&from, &fromlen);
@@ -193,7 +181,7 @@ index ca450f4e4..47c27773c 100644
193- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 181- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
194- NULL, 0, NI_NAMEREQD) != 0) { 182- NULL, 0, NI_NAMEREQD) != 0) {
195- /* Host name not found. Use ip address. */ 183- /* Host name not found. Use ip address. */
196- return strdup(ntop); 184- return xstrdup(ntop);
197- } 185- }
198- 186-
199- /* 187- /*
@@ -208,7 +196,7 @@ index ca450f4e4..47c27773c 100644
208- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", 196- logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
209- name, ntop); 197- name, ntop);
210- freeaddrinfo(ai); 198- freeaddrinfo(ai);
211- return strdup(ntop); 199- return xstrdup(ntop);
212- } 200- }
213- 201-
214- /* Names are stored in lowercase. */ 202- /* Names are stored in lowercase. */
@@ -229,7 +217,7 @@ index ca450f4e4..47c27773c 100644
229- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 217- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
230- logit("reverse mapping checking getaddrinfo for %.700s " 218- logit("reverse mapping checking getaddrinfo for %.700s "
231- "[%s] failed.", name, ntop); 219- "[%s] failed.", name, ntop);
232- return strdup(ntop); 220- return xstrdup(ntop);
233- } 221- }
234- /* Look for the address from the list of addresses. */ 222- /* Look for the address from the list of addresses. */
235- for (ai = aitop; ai; ai = ai->ai_next) { 223- for (ai = aitop; ai; ai = ai->ai_next) {
@@ -244,9 +232,9 @@ index ca450f4e4..47c27773c 100644
244- /* Address not found for the host name. */ 232- /* Address not found for the host name. */
245- logit("Address %.100s maps to %.600s, but this does not " 233- logit("Address %.100s maps to %.600s, but this does not "
246- "map back to the address.", ntop, name); 234- "map back to the address.", ntop, name);
247- return strdup(ntop); 235- return xstrdup(ntop);
248- } 236- }
249- return strdup(name); 237- return xstrdup(name);
250-} 238-}
251- 239-
252 /* 240 /*
@@ -368,7 +356,7 @@ index 0e7762242..1c217268c 100644
368 #endif 356 #endif
369 &method_passwd, 357 &method_passwd,
370diff --git a/canohost.c b/canohost.c 358diff --git a/canohost.c b/canohost.c
371index abea9c6e6..9a00fc2cf 100644 359index abea9c6e6..8e81b5193 100644
372--- a/canohost.c 360--- a/canohost.c
373+++ b/canohost.c 361+++ b/canohost.c
374@@ -35,6 +35,99 @@ 362@@ -35,6 +35,99 @@
@@ -400,7 +388,7 @@ index abea9c6e6..9a00fc2cf 100644
400+ if (getpeername(ssh_packet_get_connection_in(ssh), 388+ if (getpeername(ssh_packet_get_connection_in(ssh),
401+ (struct sockaddr *)&from, &fromlen) == -1) { 389+ (struct sockaddr *)&from, &fromlen) == -1) {
402+ debug("getpeername failed: %.100s", strerror(errno)); 390+ debug("getpeername failed: %.100s", strerror(errno));
403+ return strdup(ntop); 391+ return xstrdup(ntop);
404+ } 392+ }
405+ 393+
406+ ipv64_normalise_mapped(&from, &fromlen); 394+ ipv64_normalise_mapped(&from, &fromlen);
@@ -412,7 +400,7 @@ index abea9c6e6..9a00fc2cf 100644
412+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 400+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
413+ NULL, 0, NI_NAMEREQD) != 0) { 401+ NULL, 0, NI_NAMEREQD) != 0) {
414+ /* Host name not found. Use ip address. */ 402+ /* Host name not found. Use ip address. */
415+ return strdup(ntop); 403+ return xstrdup(ntop);
416+ } 404+ }
417+ 405+
418+ /* 406+ /*
@@ -427,7 +415,7 @@ index abea9c6e6..9a00fc2cf 100644
427+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", 415+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
428+ name, ntop); 416+ name, ntop);
429+ freeaddrinfo(ai); 417+ freeaddrinfo(ai);
430+ return strdup(ntop); 418+ return xstrdup(ntop);
431+ } 419+ }
432+ 420+
433+ /* Names are stored in lowercase. */ 421+ /* Names are stored in lowercase. */
@@ -448,7 +436,7 @@ index abea9c6e6..9a00fc2cf 100644
448+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 436+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
449+ logit("reverse mapping checking getaddrinfo for %.700s " 437+ logit("reverse mapping checking getaddrinfo for %.700s "
450+ "[%s] failed.", name, ntop); 438+ "[%s] failed.", name, ntop);
451+ return strdup(ntop); 439+ return xstrdup(ntop);
452+ } 440+ }
453+ /* Look for the address from the list of addresses. */ 441+ /* Look for the address from the list of addresses. */
454+ for (ai = aitop; ai; ai = ai->ai_next) { 442+ for (ai = aitop; ai; ai = ai->ai_next) {
@@ -463,9 +451,9 @@ index abea9c6e6..9a00fc2cf 100644
463+ /* Address not found for the host name. */ 451+ /* Address not found for the host name. */
464+ logit("Address %.100s maps to %.600s, but this does not " 452+ logit("Address %.100s maps to %.600s, but this does not "
465+ "map back to the address.", ntop, name); 453+ "map back to the address.", ntop, name);
466+ return strdup(ntop); 454+ return xstrdup(ntop);
467+ } 455+ }
468+ return strdup(name); 456+ return xstrdup(name);
469+} 457+}
470+ 458+
471 void 459 void
@@ -486,7 +474,7 @@ index 26d62855a..0cadc9f18 100644
486 int get_peer_port(int); 474 int get_peer_port(int);
487 char *get_local_ipaddr(int); 475 char *get_local_ipaddr(int);
488diff --git a/clientloop.c b/clientloop.c 476diff --git a/clientloop.c b/clientloop.c
489index b5a1f7038..9def2a1a9 100644 477index ebd0dbca1..1bdac6a46 100644
490--- a/clientloop.c 478--- a/clientloop.c
491+++ b/clientloop.c 479+++ b/clientloop.c
492@@ -112,6 +112,10 @@ 480@@ -112,6 +112,10 @@
@@ -500,7 +488,7 @@ index b5a1f7038..9def2a1a9 100644
500 /* import options */ 488 /* import options */
501 extern Options options; 489 extern Options options;
502 490
503@@ -1373,9 +1377,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, 491@@ -1379,9 +1383,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
504 break; 492 break;
505 493
506 /* Do channel operations unless rekeying in progress. */ 494 /* Do channel operations unless rekeying in progress. */
@@ -521,10 +509,10 @@ index b5a1f7038..9def2a1a9 100644
521 client_process_net_input(ssh, readset); 509 client_process_net_input(ssh, readset);
522 510
523diff --git a/configure.ac b/configure.ac 511diff --git a/configure.ac b/configure.ac
524index 3e93c0276..1c2512314 100644 512index b689db4b5..efafb6bd8 100644
525--- a/configure.ac 513--- a/configure.ac
526+++ b/configure.ac 514+++ b/configure.ac
527@@ -666,6 +666,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 515@@ -674,6 +674,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
528 [Use tunnel device compatibility to OpenBSD]) 516 [Use tunnel device compatibility to OpenBSD])
529 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 517 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
530 [Prepend the address family to IP tunnel traffic]) 518 [Prepend the address family to IP tunnel traffic])
@@ -1338,23 +1326,11 @@ index ab3a15f0f..1d47870e7 100644
1338 } 1326 }
1339 1327
1340 /* Privileged */ 1328 /* Privileged */
1341diff --git a/hmac.c b/hmac.c
1342index 32688876d..a79e8569c 100644
1343--- a/hmac.c
1344+++ b/hmac.c
1345@@ -21,6 +21,7 @@
1346
1347 #include <stdlib.h>
1348 #include <string.h>
1349+#include <stdlib.h>
1350
1351 #include "sshbuf.h"
1352 #include "digest.h"
1353diff --git a/kex.c b/kex.c 1329diff --git a/kex.c b/kex.c
1354index 49d701568..e09355dbd 100644 1330index ce85f0439..574c76093 100644
1355--- a/kex.c 1331--- a/kex.c
1356+++ b/kex.c 1332+++ b/kex.c
1357@@ -55,11 +55,16 @@ 1333@@ -57,11 +57,16 @@
1358 #include "misc.h" 1334 #include "misc.h"
1359 #include "dispatch.h" 1335 #include "dispatch.h"
1360 #include "monitor.h" 1336 #include "monitor.h"
@@ -1371,7 +1347,7 @@ index 49d701568..e09355dbd 100644
1371 /* prototype */ 1347 /* prototype */
1372 static int kex_choose_conf(struct ssh *); 1348 static int kex_choose_conf(struct ssh *);
1373 static int kex_input_newkeys(int, u_int32_t, struct ssh *); 1349 static int kex_input_newkeys(int, u_int32_t, struct ssh *);
1374@@ -113,15 +118,28 @@ static const struct kexalg kexalgs[] = { 1350@@ -115,15 +120,28 @@ static const struct kexalg kexalgs[] = {
1375 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ 1351 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
1376 { NULL, 0, -1, -1}, 1352 { NULL, 0, -1, -1},
1377 }; 1353 };
@@ -1386,7 +1362,7 @@ index 49d701568..e09355dbd 100644
1386+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, 1362+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
1387+ { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, 1363+ { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
1388+#endif 1364+#endif
1389+ { NULL, 0, -1, -1 }, 1365+ { NULL, 0, -1, -1},
1390+}; 1366+};
1391 1367
1392-char * 1368-char *
@@ -1403,7 +1379,7 @@ index 49d701568..e09355dbd 100644
1403 if (ret != NULL) 1379 if (ret != NULL)
1404 ret[rlen++] = sep; 1380 ret[rlen++] = sep;
1405 nlen = strlen(k->name); 1381 nlen = strlen(k->name);
1406@@ -136,6 +154,18 @@ kex_alg_list(char sep) 1382@@ -138,6 +156,18 @@ kex_alg_list(char sep)
1407 return ret; 1383 return ret;
1408 } 1384 }
1409 1385
@@ -1422,7 +1398,7 @@ index 49d701568..e09355dbd 100644
1422 static const struct kexalg * 1398 static const struct kexalg *
1423 kex_alg_by_name(const char *name) 1399 kex_alg_by_name(const char *name)
1424 { 1400 {
1425@@ -145,6 +175,10 @@ kex_alg_by_name(const char *name) 1401@@ -147,6 +177,10 @@ kex_alg_by_name(const char *name)
1426 if (strcmp(k->name, name) == 0) 1402 if (strcmp(k->name, name) == 0)
1427 return k; 1403 return k;
1428 } 1404 }
@@ -1433,7 +1409,7 @@ index 49d701568..e09355dbd 100644
1433 return NULL; 1409 return NULL;
1434 } 1410 }
1435 1411
1436@@ -313,6 +347,29 @@ kex_assemble_names(char **listp, const char *def, const char *all) 1412@@ -315,6 +349,29 @@ kex_assemble_names(char **listp, const char *def, const char *all)
1437 return r; 1413 return r;
1438 } 1414 }
1439 1415
@@ -1463,7 +1439,7 @@ index 49d701568..e09355dbd 100644
1463 /* put algorithm proposal into buffer */ 1439 /* put algorithm proposal into buffer */
1464 int 1440 int
1465 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) 1441 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
1466@@ -696,6 +753,9 @@ kex_free(struct kex *kex) 1442@@ -698,6 +755,9 @@ kex_free(struct kex *kex)
1467 sshbuf_free(kex->server_version); 1443 sshbuf_free(kex->server_version);
1468 sshbuf_free(kex->client_pub); 1444 sshbuf_free(kex->client_pub);
1469 free(kex->session_id); 1445 free(kex->session_id);
@@ -1572,7 +1548,7 @@ index 67133e339..edaa46762 100644
1572 break; 1548 break;
1573 case KEX_DH_GRP18_SHA512: 1549 case KEX_DH_GRP18_SHA512:
1574diff --git a/kexgen.c b/kexgen.c 1550diff --git a/kexgen.c b/kexgen.c
1575index bb996b504..d353ed8b0 100644 1551index 69348b964..c0e8c2f44 100644
1576--- a/kexgen.c 1552--- a/kexgen.c
1577+++ b/kexgen.c 1553+++ b/kexgen.c
1578@@ -44,7 +44,7 @@ 1554@@ -44,7 +44,7 @@
@@ -2676,23 +2652,11 @@ index 000000000..60bc02deb
2676+ return r; 2652+ return r;
2677+} 2653+}
2678+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ 2654+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
2679diff --git a/mac.c b/mac.c
2680index f3dda6692..de346ed20 100644
2681--- a/mac.c
2682+++ b/mac.c
2683@@ -30,6 +30,7 @@
2684 #include <stdlib.h>
2685 #include <string.h>
2686 #include <stdio.h>
2687+#include <stdlib.h>
2688
2689 #include "digest.h"
2690 #include "hmac.h"
2691diff --git a/monitor.c b/monitor.c 2655diff --git a/monitor.c b/monitor.c
2692index 00af44f98..bead9e204 100644 2656index 2ce89fe90..ebf76c7f9 100644
2693--- a/monitor.c 2657--- a/monitor.c
2694+++ b/monitor.c 2658+++ b/monitor.c
2695@@ -147,6 +147,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); 2659@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
2696 int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *); 2660 int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *);
2697 int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *); 2661 int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *);
2698 int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *); 2662 int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *);
@@ -2701,7 +2665,7 @@ index 00af44f98..bead9e204 100644
2701 #endif 2665 #endif
2702 2666
2703 #ifdef SSH_AUDIT_EVENTS 2667 #ifdef SSH_AUDIT_EVENTS
2704@@ -219,11 +221,18 @@ struct mon_table mon_dispatch_proto20[] = { 2668@@ -220,11 +222,18 @@ struct mon_table mon_dispatch_proto20[] = {
2705 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, 2669 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
2706 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, 2670 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
2707 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, 2671 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@@ -2720,7 +2684,7 @@ index 00af44f98..bead9e204 100644
2720 #ifdef WITH_OPENSSL 2684 #ifdef WITH_OPENSSL
2721 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 2685 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
2722 #endif 2686 #endif
2723@@ -292,6 +301,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) 2687@@ -293,6 +302,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
2724 /* Permit requests for moduli and signatures */ 2688 /* Permit requests for moduli and signatures */
2725 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2689 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2726 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2690 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2731,7 +2695,7 @@ index 00af44f98..bead9e204 100644
2731 2695
2732 /* The first few requests do not require asynchronous access */ 2696 /* The first few requests do not require asynchronous access */
2733 while (!authenticated) { 2697 while (!authenticated) {
2734@@ -405,6 +418,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) 2698@@ -406,6 +419,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
2735 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2699 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2736 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2700 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
2737 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 2701 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2742,7 +2706,7 @@ index 00af44f98..bead9e204 100644
2742 2706
2743 if (auth_opts->permit_pty_flag) { 2707 if (auth_opts->permit_pty_flag) {
2744 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 2708 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
2745@@ -1687,6 +1704,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) 2709@@ -1713,6 +1730,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
2746 # ifdef OPENSSL_HAS_ECC 2710 # ifdef OPENSSL_HAS_ECC
2747 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 2711 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
2748 # endif 2712 # endif
@@ -2760,7 +2724,7 @@ index 00af44f98..bead9e204 100644
2760 #endif /* WITH_OPENSSL */ 2724 #endif /* WITH_OPENSSL */
2761 kex->kex[KEX_C25519_SHA256] = kex_gen_server; 2725 kex->kex[KEX_C25519_SHA256] = kex_gen_server;
2762 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; 2726 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
2763@@ -1780,8 +1808,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2727@@ -1806,8 +1834,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2764 u_char *p; 2728 u_char *p;
2765 int r; 2729 int r;
2766 2730
@@ -2771,7 +2735,7 @@ index 00af44f98..bead9e204 100644
2771 2735
2772 if ((r = sshbuf_get_string(m, &p, &len)) != 0) 2736 if ((r = sshbuf_get_string(m, &p, &len)) != 0)
2773 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2737 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2774@@ -1813,8 +1841,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2738@@ -1839,8 +1867,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2775 OM_uint32 flags = 0; /* GSI needs this */ 2739 OM_uint32 flags = 0; /* GSI needs this */
2776 int r; 2740 int r;
2777 2741
@@ -2782,7 +2746,7 @@ index 00af44f98..bead9e204 100644
2782 2746
2783 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) 2747 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
2784 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2748 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2785@@ -1834,6 +1862,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2749@@ -1860,6 +1888,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2786 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2750 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2787 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2751 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2788 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2752 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2790,7 +2754,7 @@ index 00af44f98..bead9e204 100644
2790 } 2754 }
2791 return (0); 2755 return (0);
2792 } 2756 }
2793@@ -1845,8 +1874,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2757@@ -1871,8 +1900,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2794 OM_uint32 ret; 2758 OM_uint32 ret;
2795 int r; 2759 int r;
2796 2760
@@ -2801,7 +2765,7 @@ index 00af44f98..bead9e204 100644
2801 2765
2802 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || 2766 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
2803 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) 2767 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
2804@@ -1872,13 +1901,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2768@@ -1898,13 +1927,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2805 int 2769 int
2806 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2770 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2807 { 2771 {
@@ -2823,7 +2787,7 @@ index 00af44f98..bead9e204 100644
2823 2787
2824 sshbuf_reset(m); 2788 sshbuf_reset(m);
2825 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 2789 if ((r = sshbuf_put_u32(m, authenticated)) != 0)
2826@@ -1887,7 +1920,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2790@@ -1913,7 +1946,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2827 debug3("%s: sending result %d", __func__, authenticated); 2791 debug3("%s: sending result %d", __func__, authenticated);
2828 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2792 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
2829 2793
@@ -2836,7 +2800,7 @@ index 00af44f98..bead9e204 100644
2836 2800
2837 if ((displayname = ssh_gssapi_displayname()) != NULL) 2801 if ((displayname = ssh_gssapi_displayname()) != NULL)
2838 auth2_record_info(authctxt, "%s", displayname); 2802 auth2_record_info(authctxt, "%s", displayname);
2839@@ -1895,5 +1932,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2803@@ -1921,5 +1958,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2840 /* Monitor loop will terminate if authenticated */ 2804 /* Monitor loop will terminate if authenticated */
2841 return (authenticated); 2805 return (authenticated);
2842 } 2806 }
@@ -2936,10 +2900,10 @@ index 683e5e071..2b1a2d590 100644
2936 2900
2937 struct ssh; 2901 struct ssh;
2938diff --git a/monitor_wrap.c b/monitor_wrap.c 2902diff --git a/monitor_wrap.c b/monitor_wrap.c
2939index 4169b7604..fdca39a6a 100644 2903index 001a8fa1c..6edb509a3 100644
2940--- a/monitor_wrap.c 2904--- a/monitor_wrap.c
2941+++ b/monitor_wrap.c 2905+++ b/monitor_wrap.c
2942@@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 2906@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
2943 } 2907 }
2944 2908
2945 int 2909 int
@@ -2956,7 +2920,7 @@ index 4169b7604..fdca39a6a 100644
2956 2920
2957 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); 2921 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
2958 mm_request_receive_expect(pmonitor->m_recvfd, 2922 mm_request_receive_expect(pmonitor->m_recvfd,
2959@@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user) 2923@@ -1012,4 +1014,57 @@ mm_ssh_gssapi_userok(char *user)
2960 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); 2924 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
2961 return (authenticated); 2925 return (authenticated);
2962 } 2926 }
@@ -3015,10 +2979,10 @@ index 4169b7604..fdca39a6a 100644
3015+ 2979+
3016 #endif /* GSSAPI */ 2980 #endif /* GSSAPI */
3017diff --git a/monitor_wrap.h b/monitor_wrap.h 2981diff --git a/monitor_wrap.h b/monitor_wrap.h
3018index 191277f3a..92dda574b 100644 2982index 23ab096aa..485590c18 100644
3019--- a/monitor_wrap.h 2983--- a/monitor_wrap.h
3020+++ b/monitor_wrap.h 2984+++ b/monitor_wrap.h
3021@@ -63,8 +63,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, 2985@@ -64,8 +64,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
3022 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 2986 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
3023 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, 2987 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
3024 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 2988 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -3031,7 +2995,7 @@ index 191277f3a..92dda574b 100644
3031 2995
3032 #ifdef USE_PAM 2996 #ifdef USE_PAM
3033diff --git a/readconf.c b/readconf.c 2997diff --git a/readconf.c b/readconf.c
3034index f78b4d6fe..3c68d1a88 100644 2998index f3cac6b3a..da8022dd0 100644
3035--- a/readconf.c 2999--- a/readconf.c
3036+++ b/readconf.c 3000+++ b/readconf.c
3037@@ -67,6 +67,7 @@ 3001@@ -67,6 +67,7 @@
@@ -3042,7 +3006,7 @@ index f78b4d6fe..3c68d1a88 100644
3042 3006
3043 /* Format of the configuration file: 3007 /* Format of the configuration file:
3044 3008
3045@@ -162,6 +163,8 @@ typedef enum { 3009@@ -160,6 +161,8 @@ typedef enum {
3046 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 3010 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
3047 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 3011 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
3048 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 3012 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -3051,7 +3015,7 @@ index f78b4d6fe..3c68d1a88 100644
3051 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 3015 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
3052 oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, 3016 oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
3053 oHashKnownHosts, 3017 oHashKnownHosts,
3054@@ -202,10 +205,22 @@ static struct { 3018@@ -204,10 +207,22 @@ static struct {
3055 /* Sometimes-unsupported options */ 3019 /* Sometimes-unsupported options */
3056 #if defined(GSSAPI) 3020 #if defined(GSSAPI)
3057 { "gssapiauthentication", oGssAuthentication }, 3021 { "gssapiauthentication", oGssAuthentication },
@@ -3074,7 +3038,7 @@ index f78b4d6fe..3c68d1a88 100644
3074 #endif 3038 #endif
3075 #ifdef ENABLE_PKCS11 3039 #ifdef ENABLE_PKCS11
3076 { "pkcs11provider", oPKCS11Provider }, 3040 { "pkcs11provider", oPKCS11Provider },
3077@@ -988,10 +1003,42 @@ parse_time: 3041@@ -1029,10 +1044,42 @@ parse_time:
3078 intptr = &options->gss_authentication; 3042 intptr = &options->gss_authentication;
3079 goto parse_flag; 3043 goto parse_flag;
3080 3044
@@ -3117,7 +3081,7 @@ index f78b4d6fe..3c68d1a88 100644
3117 case oBatchMode: 3081 case oBatchMode:
3118 intptr = &options->batch_mode; 3082 intptr = &options->batch_mode;
3119 goto parse_flag; 3083 goto parse_flag;
3120@@ -1863,7 +1910,13 @@ initialize_options(Options * options) 3084@@ -1911,7 +1958,13 @@ initialize_options(Options * options)
3121 options->pubkey_authentication = -1; 3085 options->pubkey_authentication = -1;
3122 options->challenge_response_authentication = -1; 3086 options->challenge_response_authentication = -1;
3123 options->gss_authentication = -1; 3087 options->gss_authentication = -1;
@@ -3131,7 +3095,7 @@ index f78b4d6fe..3c68d1a88 100644
3131 options->password_authentication = -1; 3095 options->password_authentication = -1;
3132 options->kbd_interactive_authentication = -1; 3096 options->kbd_interactive_authentication = -1;
3133 options->kbd_interactive_devices = NULL; 3097 options->kbd_interactive_devices = NULL;
3134@@ -2009,8 +2062,18 @@ fill_default_options(Options * options) 3098@@ -2059,8 +2112,18 @@ fill_default_options(Options * options)
3135 options->challenge_response_authentication = 1; 3099 options->challenge_response_authentication = 1;
3136 if (options->gss_authentication == -1) 3100 if (options->gss_authentication == -1)
3137 options->gss_authentication = 0; 3101 options->gss_authentication = 0;
@@ -3150,7 +3114,7 @@ index f78b4d6fe..3c68d1a88 100644
3150 if (options->password_authentication == -1) 3114 if (options->password_authentication == -1)
3151 options->password_authentication = 1; 3115 options->password_authentication = 1;
3152 if (options->kbd_interactive_authentication == -1) 3116 if (options->kbd_interactive_authentication == -1)
3153@@ -2625,7 +2688,14 @@ dump_client_config(Options *o, const char *host) 3117@@ -2702,7 +2765,14 @@ dump_client_config(Options *o, const char *host)
3154 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); 3118 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
3155 #ifdef GSSAPI 3119 #ifdef GSSAPI
3156 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); 3120 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
@@ -3166,10 +3130,10 @@ index f78b4d6fe..3c68d1a88 100644
3166 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); 3130 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
3167 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); 3131 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
3168diff --git a/readconf.h b/readconf.h 3132diff --git a/readconf.h b/readconf.h
3169index 8e36bf32a..0bff6d80a 100644 3133index feedb3d20..a8a8870d7 100644
3170--- a/readconf.h 3134--- a/readconf.h
3171+++ b/readconf.h 3135+++ b/readconf.h
3172@@ -40,7 +40,13 @@ typedef struct { 3136@@ -41,7 +41,13 @@ typedef struct {
3173 int challenge_response_authentication; 3137 int challenge_response_authentication;
3174 /* Try S/Key or TIS, authentication. */ 3138 /* Try S/Key or TIS, authentication. */
3175 int gss_authentication; /* Try GSS authentication */ 3139 int gss_authentication; /* Try GSS authentication */
@@ -3184,10 +3148,10 @@ index 8e36bf32a..0bff6d80a 100644
3184 * authentication. */ 3148 * authentication. */
3185 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 3149 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
3186diff --git a/servconf.c b/servconf.c 3150diff --git a/servconf.c b/servconf.c
3187index e76f9c39e..f63eb0b94 100644 3151index 70f5f73f0..191575a16 100644
3188--- a/servconf.c 3152--- a/servconf.c
3189+++ b/servconf.c 3153+++ b/servconf.c
3190@@ -64,6 +64,7 @@ 3154@@ -69,6 +69,7 @@
3191 #include "auth.h" 3155 #include "auth.h"
3192 #include "myproposal.h" 3156 #include "myproposal.h"
3193 #include "digest.h" 3157 #include "digest.h"
@@ -3195,7 +3159,7 @@ index e76f9c39e..f63eb0b94 100644
3195 3159
3196 static void add_listen_addr(ServerOptions *, const char *, 3160 static void add_listen_addr(ServerOptions *, const char *,
3197 const char *, int); 3161 const char *, int);
3198@@ -124,8 +125,11 @@ initialize_server_options(ServerOptions *options) 3162@@ -133,8 +134,11 @@ initialize_server_options(ServerOptions *options)
3199 options->kerberos_ticket_cleanup = -1; 3163 options->kerberos_ticket_cleanup = -1;
3200 options->kerberos_get_afs_token = -1; 3164 options->kerberos_get_afs_token = -1;
3201 options->gss_authentication=-1; 3165 options->gss_authentication=-1;
@@ -3207,7 +3171,7 @@ index e76f9c39e..f63eb0b94 100644
3207 options->password_authentication = -1; 3171 options->password_authentication = -1;
3208 options->kbd_interactive_authentication = -1; 3172 options->kbd_interactive_authentication = -1;
3209 options->challenge_response_authentication = -1; 3173 options->challenge_response_authentication = -1;
3210@@ -351,10 +355,18 @@ fill_default_server_options(ServerOptions *options) 3174@@ -375,10 +379,18 @@ fill_default_server_options(ServerOptions *options)
3211 options->kerberos_get_afs_token = 0; 3175 options->kerberos_get_afs_token = 0;
3212 if (options->gss_authentication == -1) 3176 if (options->gss_authentication == -1)
3213 options->gss_authentication = 0; 3177 options->gss_authentication = 0;
@@ -3226,7 +3190,7 @@ index e76f9c39e..f63eb0b94 100644
3226 if (options->password_authentication == -1) 3190 if (options->password_authentication == -1)
3227 options->password_authentication = 1; 3191 options->password_authentication = 1;
3228 if (options->kbd_interactive_authentication == -1) 3192 if (options->kbd_interactive_authentication == -1)
3229@@ -498,6 +510,7 @@ typedef enum { 3193@@ -531,6 +543,7 @@ typedef enum {
3230 sHostKeyAlgorithms, 3194 sHostKeyAlgorithms,
3231 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 3195 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
3232 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 3196 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -3234,7 +3198,7 @@ index e76f9c39e..f63eb0b94 100644
3234 sAcceptEnv, sSetEnv, sPermitTunnel, 3198 sAcceptEnv, sSetEnv, sPermitTunnel,
3235 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 3199 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
3236 sUsePrivilegeSeparation, sAllowAgentForwarding, 3200 sUsePrivilegeSeparation, sAllowAgentForwarding,
3237@@ -572,12 +585,22 @@ static struct { 3201@@ -607,12 +620,22 @@ static struct {
3238 #ifdef GSSAPI 3202 #ifdef GSSAPI
3239 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 3203 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
3240 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 3204 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -3257,7 +3221,7 @@ index e76f9c39e..f63eb0b94 100644
3257 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 3221 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
3258 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 3222 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
3259 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 3223 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
3260@@ -1488,6 +1511,10 @@ process_server_config_line(ServerOptions *options, char *line, 3224@@ -1548,6 +1571,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3261 intptr = &options->gss_authentication; 3225 intptr = &options->gss_authentication;
3262 goto parse_flag; 3226 goto parse_flag;
3263 3227
@@ -3268,7 +3232,7 @@ index e76f9c39e..f63eb0b94 100644
3268 case sGssCleanupCreds: 3232 case sGssCleanupCreds:
3269 intptr = &options->gss_cleanup_creds; 3233 intptr = &options->gss_cleanup_creds;
3270 goto parse_flag; 3234 goto parse_flag;
3271@@ -1496,6 +1523,22 @@ process_server_config_line(ServerOptions *options, char *line, 3235@@ -1556,6 +1583,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3272 intptr = &options->gss_strict_acceptor; 3236 intptr = &options->gss_strict_acceptor;
3273 goto parse_flag; 3237 goto parse_flag;
3274 3238
@@ -3291,7 +3255,7 @@ index e76f9c39e..f63eb0b94 100644
3291 case sPasswordAuthentication: 3255 case sPasswordAuthentication:
3292 intptr = &options->password_authentication; 3256 intptr = &options->password_authentication;
3293 goto parse_flag; 3257 goto parse_flag;
3294@@ -2585,6 +2628,10 @@ dump_config(ServerOptions *o) 3258@@ -2777,6 +2820,10 @@ dump_config(ServerOptions *o)
3295 #ifdef GSSAPI 3259 #ifdef GSSAPI
3296 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 3260 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
3297 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 3261 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@@ -3303,10 +3267,10 @@ index e76f9c39e..f63eb0b94 100644
3303 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 3267 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
3304 dump_cfg_fmtint(sKbdInteractiveAuthentication, 3268 dump_cfg_fmtint(sKbdInteractiveAuthentication,
3305diff --git a/servconf.h b/servconf.h 3269diff --git a/servconf.h b/servconf.h
3306index 5483da051..29329ba1f 100644 3270index 4202a2d02..3f47ea25e 100644
3307--- a/servconf.h 3271--- a/servconf.h
3308+++ b/servconf.h 3272+++ b/servconf.h
3309@@ -126,8 +126,11 @@ typedef struct { 3273@@ -132,8 +132,11 @@ typedef struct {
3310 int kerberos_get_afs_token; /* If true, try to get AFS token if 3274 int kerberos_get_afs_token; /* If true, try to get AFS token if
3311 * authenticated with Kerberos. */ 3275 * authenticated with Kerberos. */
3312 int gss_authentication; /* If true, permit GSSAPI authentication */ 3276 int gss_authentication; /* If true, permit GSSAPI authentication */
@@ -3319,10 +3283,10 @@ index 5483da051..29329ba1f 100644
3319 * authentication. */ 3283 * authentication. */
3320 int kbd_interactive_authentication; /* If true, permit */ 3284 int kbd_interactive_authentication; /* If true, permit */
3321diff --git a/session.c b/session.c 3285diff --git a/session.c b/session.c
3322index 8f5d7e0a4..f1a47f766 100644 3286index 8c0e54f79..06a33442a 100644
3323--- a/session.c 3287--- a/session.c
3324+++ b/session.c 3288+++ b/session.c
3325@@ -2674,13 +2674,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) 3289@@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt)
3326 3290
3327 #ifdef KRB5 3291 #ifdef KRB5
3328 if (options.kerberos_ticket_cleanup && 3292 if (options.kerberos_ticket_cleanup &&
@@ -3465,10 +3429,10 @@ index 36180d07a..70dd36658 100644
3465 3429
3466 #endif /* _SSH_GSS_H */ 3430 #endif /* _SSH_GSS_H */
3467diff --git a/ssh.1 b/ssh.1 3431diff --git a/ssh.1 b/ssh.1
3468index 424d6c3e8..26940ad55 100644 3432index 60de6087a..db5c65bc7 100644
3469--- a/ssh.1 3433--- a/ssh.1
3470+++ b/ssh.1 3434+++ b/ssh.1
3471@@ -497,7 +497,13 @@ For full details of the options listed below, and their possible values, see 3435@@ -503,7 +503,13 @@ For full details of the options listed below, and their possible values, see
3472 .It GatewayPorts 3436 .It GatewayPorts
3473 .It GlobalKnownHostsFile 3437 .It GlobalKnownHostsFile
3474 .It GSSAPIAuthentication 3438 .It GSSAPIAuthentication
@@ -3482,7 +3446,7 @@ index 424d6c3e8..26940ad55 100644
3482 .It HashKnownHosts 3446 .It HashKnownHosts
3483 .It Host 3447 .It Host
3484 .It HostbasedAuthentication 3448 .It HostbasedAuthentication
3485@@ -573,6 +579,8 @@ flag), 3449@@ -579,6 +585,8 @@ flag),
3486 (supported message integrity codes), 3450 (supported message integrity codes),
3487 .Ar kex 3451 .Ar kex
3488 (key exchange algorithms), 3452 (key exchange algorithms),
@@ -3492,27 +3456,29 @@ index 424d6c3e8..26940ad55 100644
3492 (key types), 3456 (key types),
3493 .Ar key-cert 3457 .Ar key-cert
3494diff --git a/ssh.c b/ssh.c 3458diff --git a/ssh.c b/ssh.c
3495index ee51823cd..2da9f5d0d 100644 3459index 15aee569e..110cf9c19 100644
3496--- a/ssh.c 3460--- a/ssh.c
3497+++ b/ssh.c 3461+++ b/ssh.c
3498@@ -736,6 +736,8 @@ main(int ac, char **av) 3462@@ -747,6 +747,8 @@ main(int ac, char **av)
3499 cp = mac_alg_list('\n'); 3463 else if (strcmp(optarg, "kex") == 0 ||
3500 else if (strcmp(optarg, "kex") == 0) 3464 strcasecmp(optarg, "KexAlgorithms") == 0)
3501 cp = kex_alg_list('\n'); 3465 cp = kex_alg_list('\n');
3502+ else if (strcmp(optarg, "kex-gss") == 0) 3466+ else if (strcmp(optarg, "kex-gss") == 0)
3503+ cp = kex_gss_alg_list('\n'); 3467+ cp = kex_gss_alg_list('\n');
3504 else if (strcmp(optarg, "key") == 0) 3468 else if (strcmp(optarg, "key") == 0)
3505 cp = sshkey_alg_list(0, 0, 0, '\n'); 3469 cp = sshkey_alg_list(0, 0, 0, '\n');
3506 else if (strcmp(optarg, "key-cert") == 0) 3470 else if (strcmp(optarg, "key-cert") == 0)
3507@@ -748,7 +750,7 @@ main(int ac, char **av) 3471@@ -772,8 +774,8 @@ main(int ac, char **av)
3508 cp = xstrdup("2"); 3472 } else if (strcmp(optarg, "help") == 0) {
3509 else if (strcmp(optarg, "help") == 0) {
3510 cp = xstrdup( 3473 cp = xstrdup(
3511- "cipher\ncipher-auth\nkex\nkey\n" 3474 "cipher\ncipher-auth\ncompression\nkex\n"
3512+ "cipher\ncipher-auth\nkex\nkex-gss\nkey\n" 3475- "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
3513 "key-cert\nkey-plain\nmac\n" 3476- "protocol-version\nsig");
3514 "protocol-version\nsig"); 3477+ "kex-gss\nkey\nkey-cert\nkey-plain\n"
3478+ "key-sig\nmac\nprotocol-version\nsig");
3515 } 3479 }
3480 if (cp == NULL)
3481 fatal("Unsupported query \"%s\"", optarg);
3516diff --git a/ssh_config b/ssh_config 3482diff --git a/ssh_config b/ssh_config
3517index 5e8ef548b..1ff999b68 100644 3483index 5e8ef548b..1ff999b68 100644
3518--- a/ssh_config 3484--- a/ssh_config
@@ -3527,10 +3493,10 @@ index 5e8ef548b..1ff999b68 100644
3527 # CheckHostIP yes 3493 # CheckHostIP yes
3528 # AddressFamily any 3494 # AddressFamily any
3529diff --git a/ssh_config.5 b/ssh_config.5 3495diff --git a/ssh_config.5 b/ssh_config.5
3530index 02a87892d..f4668673b 100644 3496index 06a32d314..3f4906972 100644
3531--- a/ssh_config.5 3497--- a/ssh_config.5
3532+++ b/ssh_config.5 3498+++ b/ssh_config.5
3533@@ -758,10 +758,67 @@ The default is 3499@@ -766,10 +766,67 @@ The default is
3534 Specifies whether user authentication based on GSSAPI is allowed. 3500 Specifies whether user authentication based on GSSAPI is allowed.
3535 The default is 3501 The default is
3536 .Cm no . 3502 .Cm no .
@@ -3599,10 +3565,10 @@ index 02a87892d..f4668673b 100644
3599 Indicates that 3565 Indicates that
3600 .Xr ssh 1 3566 .Xr ssh 1
3601diff --git a/sshconnect2.c b/sshconnect2.c 3567diff --git a/sshconnect2.c b/sshconnect2.c
3602index 87fa70a40..a4ec75ca1 100644 3568index af00fb30c..03bc87eb4 100644
3603--- a/sshconnect2.c 3569--- a/sshconnect2.c
3604+++ b/sshconnect2.c 3570+++ b/sshconnect2.c
3605@@ -78,8 +78,6 @@ 3571@@ -80,8 +80,6 @@
3606 #endif 3572 #endif
3607 3573
3608 /* import */ 3574 /* import */
@@ -3611,9 +3577,9 @@ index 87fa70a40..a4ec75ca1 100644
3611 extern Options options; 3577 extern Options options;
3612 3578
3613 /* 3579 /*
3614@@ -161,6 +159,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3580@@ -163,6 +161,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3615 char *s, *all_key; 3581 char *s, *all_key;
3616 int r; 3582 int r, use_known_hosts_order = 0;
3617 3583
3618+#if defined(GSSAPI) && defined(WITH_OPENSSL) 3584+#if defined(GSSAPI) && defined(WITH_OPENSSL)
3619+ char *orig = NULL, *gss = NULL; 3585+ char *orig = NULL, *gss = NULL;
@@ -3623,8 +3589,8 @@ index 87fa70a40..a4ec75ca1 100644
3623 xxx_host = host; 3589 xxx_host = host;
3624 xxx_hostaddr = hostaddr; 3590 xxx_hostaddr = hostaddr;
3625 3591
3626@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3592@@ -206,6 +209,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3627 order_hostkeyalgs(host, hostaddr, port)); 3593 compat_pkalg_proposal(options.hostkeyalgorithms);
3628 } 3594 }
3629 3595
3630+#if defined(GSSAPI) && defined(WITH_OPENSSL) 3596+#if defined(GSSAPI) && defined(WITH_OPENSSL)
@@ -3659,10 +3625,11 @@ index 87fa70a40..a4ec75ca1 100644
3659 if (options.rekey_limit || options.rekey_interval) 3625 if (options.rekey_limit || options.rekey_interval)
3660 ssh_packet_set_rekey_limits(ssh, options.rekey_limit, 3626 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
3661 options.rekey_interval); 3627 options.rekey_interval);
3662@@ -211,16 +243,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3628@@ -224,16 +256,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3663 # ifdef OPENSSL_HAS_ECC 3629 # ifdef OPENSSL_HAS_ECC
3664 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; 3630 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
3665 # endif 3631 # endif
3632-#endif
3666+# ifdef GSSAPI 3633+# ifdef GSSAPI
3667+ if (options.gss_keyex) { 3634+ if (options.gss_keyex) {
3668+ ssh->kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; 3635+ ssh->kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
@@ -3674,7 +3641,7 @@ index 87fa70a40..a4ec75ca1 100644
3674+ ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client; 3641+ ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client;
3675+ } 3642+ }
3676+# endif 3643+# endif
3677 #endif 3644+#endif /* WITH_OPENSSL */
3678 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; 3645 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
3679 ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; 3646 ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
3680 ssh->kex->verify_host_key=&verify_host_key_callback; 3647 ssh->kex->verify_host_key=&verify_host_key_callback;
@@ -3706,7 +3673,7 @@ index 87fa70a40..a4ec75ca1 100644
3706 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) 3673 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
3707 fatal("kex_prop2buf: %s", ssh_err(r)); 3674 fatal("kex_prop2buf: %s", ssh_err(r));
3708 3675
3709@@ -317,6 +379,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); 3676@@ -330,6 +392,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *);
3710 static int input_gssapi_token(int type, u_int32_t, struct ssh *); 3677 static int input_gssapi_token(int type, u_int32_t, struct ssh *);
3711 static int input_gssapi_error(int, u_int32_t, struct ssh *); 3678 static int input_gssapi_error(int, u_int32_t, struct ssh *);
3712 static int input_gssapi_errtok(int, u_int32_t, struct ssh *); 3679 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -3714,7 +3681,7 @@ index 87fa70a40..a4ec75ca1 100644
3714 #endif 3681 #endif
3715 3682
3716 void userauth(struct ssh *, char *); 3683 void userauth(struct ssh *, char *);
3717@@ -333,6 +396,11 @@ static char *authmethods_get(void); 3684@@ -346,6 +409,11 @@ static char *authmethods_get(void);
3718 3685
3719 Authmethod authmethods[] = { 3686 Authmethod authmethods[] = {
3720 #ifdef GSSAPI 3687 #ifdef GSSAPI
@@ -3726,7 +3693,7 @@ index 87fa70a40..a4ec75ca1 100644
3726 {"gssapi-with-mic", 3693 {"gssapi-with-mic",
3727 userauth_gssapi, 3694 userauth_gssapi,
3728 userauth_gssapi_cleanup, 3695 userauth_gssapi_cleanup,
3729@@ -697,12 +765,25 @@ userauth_gssapi(struct ssh *ssh) 3696@@ -716,12 +784,25 @@ userauth_gssapi(struct ssh *ssh)
3730 OM_uint32 min; 3697 OM_uint32 min;
3731 int r, ok = 0; 3698 int r, ok = 0;
3732 gss_OID mech = NULL; 3699 gss_OID mech = NULL;
@@ -3753,7 +3720,7 @@ index 87fa70a40..a4ec75ca1 100644
3753 3720
3754 /* Check to see whether the mechanism is usable before we offer it */ 3721 /* Check to see whether the mechanism is usable before we offer it */
3755 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && 3722 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
3756@@ -711,13 +792,15 @@ userauth_gssapi(struct ssh *ssh) 3723@@ -730,13 +811,15 @@ userauth_gssapi(struct ssh *ssh)
3757 elements[authctxt->mech_tried]; 3724 elements[authctxt->mech_tried];
3758 /* My DER encoding requires length<128 */ 3725 /* My DER encoding requires length<128 */
3759 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, 3726 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
@@ -3770,7 +3737,7 @@ index 87fa70a40..a4ec75ca1 100644
3770 if (!ok || mech == NULL) 3737 if (!ok || mech == NULL)
3771 return 0; 3738 return 0;
3772 3739
3773@@ -957,6 +1040,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 3740@@ -976,6 +1059,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
3774 free(lang); 3741 free(lang);
3775 return r; 3742 return r;
3776 } 3743 }
@@ -3827,21 +3794,10 @@ index 87fa70a40..a4ec75ca1 100644
3827 3794
3828 static int 3795 static int
3829diff --git a/sshd.c b/sshd.c 3796diff --git a/sshd.c b/sshd.c
3830index 11571c010..3a5c1ea78 100644 3797index 60b2aaf73..d92f03aaf 100644
3831--- a/sshd.c 3798--- a/sshd.c
3832+++ b/sshd.c 3799+++ b/sshd.c
3833@@ -123,6 +123,10 @@ 3800@@ -817,8 +817,8 @@ notify_hostkeys(struct ssh *ssh)
3834 #include "version.h"
3835 #include "ssherr.h"
3836
3837+#ifdef USE_SECURITY_SESSION_API
3838+#include <Security/AuthSession.h>
3839+#endif
3840+
3841 /* Re-exec fds */
3842 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
3843 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
3844@@ -796,8 +800,8 @@ notify_hostkeys(struct ssh *ssh)
3845 } 3801 }
3846 debug3("%s: sent %u hostkeys", __func__, nkeys); 3802 debug3("%s: sent %u hostkeys", __func__, nkeys);
3847 if (nkeys == 0) 3803 if (nkeys == 0)
@@ -3852,7 +3808,7 @@ index 11571c010..3a5c1ea78 100644
3852 sshpkt_fatal(ssh, r, "%s: send", __func__); 3808 sshpkt_fatal(ssh, r, "%s: send", __func__);
3853 sshbuf_free(buf); 3809 sshbuf_free(buf);
3854 } 3810 }
3855@@ -1773,7 +1777,8 @@ main(int ac, char **av) 3811@@ -1852,7 +1852,8 @@ main(int ac, char **av)
3856 free(fp); 3812 free(fp);
3857 } 3813 }
3858 accumulate_host_timing_secret(cfg, NULL); 3814 accumulate_host_timing_secret(cfg, NULL);
@@ -3862,68 +3818,7 @@ index 11571c010..3a5c1ea78 100644
3862 logit("sshd: no hostkeys available -- exiting."); 3818 logit("sshd: no hostkeys available -- exiting.");
3863 exit(1); 3819 exit(1);
3864 } 3820 }
3865@@ -2069,6 +2074,60 @@ main(int ac, char **av) 3821@@ -2347,6 +2348,48 @@ do_ssh2_kex(struct ssh *ssh)
3866 rdomain == NULL ? "" : "\"");
3867 free(laddr);
3868
3869+#ifdef USE_SECURITY_SESSION_API
3870+ /*
3871+ * Create a new security session for use by the new user login if
3872+ * the current session is the root session or we are not launched
3873+ * by inetd (eg: debugging mode or server mode). We do not
3874+ * necessarily need to create a session if we are launched from
3875+ * inetd because Panther xinetd will create a session for us.
3876+ *
3877+ * The only case where this logic will fail is if there is an
3878+ * inetd running in a non-root session which is not creating
3879+ * new sessions for us. Then all the users will end up in the
3880+ * same session (bad).
3881+ *
3882+ * When the client exits, the session will be destroyed for us
3883+ * automatically.
3884+ *
3885+ * We must create the session before any credentials are stored
3886+ * (including AFS pags, which happens a few lines below).
3887+ */
3888+ {
3889+ OSStatus err = 0;
3890+ SecuritySessionId sid = 0;
3891+ SessionAttributeBits sattrs = 0;
3892+
3893+ err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
3894+ if (err)
3895+ error("SessionGetInfo() failed with error %.8X",
3896+ (unsigned) err);
3897+ else
3898+ debug("Current Session ID is %.8X / Session Attributes are %.8X",
3899+ (unsigned) sid, (unsigned) sattrs);
3900+
3901+ if (inetd_flag && !(sattrs & sessionIsRoot))
3902+ debug("Running in inetd mode in a non-root session... "
3903+ "assuming inetd created the session for us.");
3904+ else {
3905+ debug("Creating new security session...");
3906+ err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
3907+ if (err)
3908+ error("SessionCreate() failed with error %.8X",
3909+ (unsigned) err);
3910+
3911+ err = SessionGetInfo(callerSecuritySession, &sid,
3912+ &sattrs);
3913+ if (err)
3914+ error("SessionGetInfo() failed with error %.8X",
3915+ (unsigned) err);
3916+ else
3917+ debug("New Session ID is %.8X / Session Attributes are %.8X",
3918+ (unsigned) sid, (unsigned) sattrs);
3919+ }
3920+ }
3921+#endif
3922+
3923 /*
3924 * We don't want to listen forever unless the other side
3925 * successfully authenticates itself. So we set up an alarm which is
3926@@ -2265,6 +2324,48 @@ do_ssh2_kex(struct ssh *ssh)
3927 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 3822 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
3928 list_hostkey_types()); 3823 list_hostkey_types());
3929 3824
@@ -3972,7 +3867,7 @@ index 11571c010..3a5c1ea78 100644
3972 /* start key exchange */ 3867 /* start key exchange */
3973 if ((r = kex_setup(ssh, myproposal)) != 0) 3868 if ((r = kex_setup(ssh, myproposal)) != 0)
3974 fatal("kex_setup: %s", ssh_err(r)); 3869 fatal("kex_setup: %s", ssh_err(r));
3975@@ -2280,7 +2381,18 @@ do_ssh2_kex(struct ssh *ssh) 3870@@ -2362,7 +2405,18 @@ do_ssh2_kex(struct ssh *ssh)
3976 # ifdef OPENSSL_HAS_ECC 3871 # ifdef OPENSSL_HAS_ECC
3977 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 3872 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
3978 # endif 3873 # endif
@@ -4006,10 +3901,10 @@ index 19b7c91a1..2c48105f8 100644
4006 # Set this to 'yes' to enable PAM authentication, account processing, 3901 # Set this to 'yes' to enable PAM authentication, account processing,
4007 # and session processing. If this is enabled, PAM authentication will 3902 # and session processing. If this is enabled, PAM authentication will
4008diff --git a/sshd_config.5 b/sshd_config.5 3903diff --git a/sshd_config.5 b/sshd_config.5
4009index 9486f2a1c..cec3c3c4e 100644 3904index 70ccea449..f6b41a2f8 100644
4010--- a/sshd_config.5 3905--- a/sshd_config.5
4011+++ b/sshd_config.5 3906+++ b/sshd_config.5
4012@@ -655,6 +655,11 @@ Specifies whether to automatically destroy the user's credentials cache 3907@@ -646,6 +646,11 @@ Specifies whether to automatically destroy the user's credentials cache
4013 on logout. 3908 on logout.
4014 The default is 3909 The default is
4015 .Cm yes . 3910 .Cm yes .
@@ -4021,7 +3916,7 @@ index 9486f2a1c..cec3c3c4e 100644
4021 .It Cm GSSAPIStrictAcceptorCheck 3916 .It Cm GSSAPIStrictAcceptorCheck
4022 Determines whether to be strict about the identity of the GSSAPI acceptor 3917 Determines whether to be strict about the identity of the GSSAPI acceptor
4023 a client authenticates against. 3918 a client authenticates against.
4024@@ -669,6 +674,31 @@ machine's default store. 3919@@ -660,6 +665,31 @@ machine's default store.
4025 This facility is provided to assist with operation on multi homed machines. 3920 This facility is provided to assist with operation on multi homed machines.
4026 The default is 3921 The default is
4027 .Cm yes . 3922 .Cm yes .
@@ -4054,18 +3949,18 @@ index 9486f2a1c..cec3c3c4e 100644
4054 Specifies the key types that will be accepted for hostbased authentication 3949 Specifies the key types that will be accepted for hostbased authentication
4055 as a list of comma-separated patterns. 3950 as a list of comma-separated patterns.
4056diff --git a/sshkey.c b/sshkey.c 3951diff --git a/sshkey.c b/sshkey.c
4057index ef90563b3..4d2048b6a 100644 3952index 57995ee68..fd5b77246 100644
4058--- a/sshkey.c 3953--- a/sshkey.c
4059+++ b/sshkey.c 3954+++ b/sshkey.c
4060@@ -145,6 +145,7 @@ static const struct keytype keytypes[] = { 3955@@ -154,6 +154,7 @@ static const struct keytype keytypes[] = {
4061 # endif /* OPENSSL_HAS_NISTP521 */ 3956 KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 },
4062 # endif /* OPENSSL_HAS_ECC */ 3957 # endif /* OPENSSL_HAS_ECC */
4063 #endif /* WITH_OPENSSL */ 3958 #endif /* WITH_OPENSSL */
4064+ { "null", "null", NULL, KEY_NULL, 0, 0, 0 }, 3959+ { "null", "null", NULL, KEY_NULL, 0, 0, 0 },
4065 { NULL, NULL, NULL, -1, -1, 0, 0 } 3960 { NULL, NULL, NULL, -1, -1, 0, 0 }
4066 }; 3961 };
4067 3962
4068@@ -233,7 +234,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) 3963@@ -255,7 +256,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
4069 const struct keytype *kt; 3964 const struct keytype *kt;
4070 3965
4071 for (kt = keytypes; kt->type != -1; kt++) { 3966 for (kt = keytypes; kt->type != -1; kt++) {
@@ -4075,13 +3970,13 @@ index ef90563b3..4d2048b6a 100644
4075 if (!include_sigonly && kt->sigonly) 3970 if (!include_sigonly && kt->sigonly)
4076 continue; 3971 continue;
4077diff --git a/sshkey.h b/sshkey.h 3972diff --git a/sshkey.h b/sshkey.h
4078index 1119a7b07..1bf30d055 100644 3973index 71a3fddcb..37a43a67a 100644
4079--- a/sshkey.h 3974--- a/sshkey.h
4080+++ b/sshkey.h 3975+++ b/sshkey.h
4081@@ -65,6 +65,7 @@ enum sshkey_types { 3976@@ -69,6 +69,7 @@ enum sshkey_types {
4082 KEY_ED25519_CERT, 3977 KEY_ECDSA_SK_CERT,
4083 KEY_XMSS, 3978 KEY_ED25519_SK,
4084 KEY_XMSS_CERT, 3979 KEY_ED25519_SK_CERT,
4085+ KEY_NULL, 3980+ KEY_NULL,
4086 KEY_UNSPEC 3981 KEY_UNSPEC
4087 }; 3982 };
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 2f7ac943d..734118a19 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
1From 26d9fe60e31c78018bdfd49bba1196ea7c44405d Mon Sep 17 00:00:00 2001 1From 3558be2914c0127489faae40ce2eae66142c3287 Mon Sep 17 00:00:00 2001
2From: Richard Kettlewell <rjk@greenend.org.uk> 2From: Richard Kettlewell <rjk@greenend.org.uk>
3Date: Sun, 9 Feb 2014 16:09:52 +0000 3Date: Sun, 9 Feb 2014 16:09:52 +0000
4Subject: Various keepalive extensions 4Subject: Various keepalive extensions
@@ -16,7 +16,7 @@ keepalives.
16Author: Ian Jackson <ian@chiark.greenend.org.uk> 16Author: Ian Jackson <ian@chiark.greenend.org.uk>
17Author: Matthew Vernon <matthew@debian.org> 17Author: Matthew Vernon <matthew@debian.org>
18Author: Colin Watson <cjwatson@debian.org> 18Author: Colin Watson <cjwatson@debian.org>
19Last-Update: 2018-10-19 19Last-Update: 2020-02-21
20 20
21Patch-Name: keepalive-extensions.patch 21Patch-Name: keepalive-extensions.patch
22--- 22---
@@ -26,27 +26,27 @@ Patch-Name: keepalive-extensions.patch
26 3 files changed, 34 insertions(+), 4 deletions(-) 26 3 files changed, 34 insertions(+), 4 deletions(-)
27 27
28diff --git a/readconf.c b/readconf.c 28diff --git a/readconf.c b/readconf.c
29index a7fb7ca15..09787c0e5 100644 29index 0fc996871..2399208f8 100644
30--- a/readconf.c 30--- a/readconf.c
31+++ b/readconf.c 31+++ b/readconf.c
32@@ -177,6 +177,7 @@ typedef enum { 32@@ -176,6 +176,7 @@ typedef enum {
33 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
34 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 33 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
35 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, 34 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
35 oSecurityKeyProvider,
36+ oProtocolKeepAlives, oSetupTimeOut, 36+ oProtocolKeepAlives, oSetupTimeOut,
37 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 37 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
38 } OpCodes; 38 } OpCodes;
39 39
40@@ -326,6 +327,8 @@ static struct { 40@@ -326,6 +327,8 @@ static struct {
41 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
42 { "ignoreunknown", oIgnoreUnknown }, 41 { "ignoreunknown", oIgnoreUnknown },
43 { "proxyjump", oProxyJump }, 42 { "proxyjump", oProxyJump },
43 { "securitykeyprovider", oSecurityKeyProvider },
44+ { "protocolkeepalives", oProtocolKeepAlives }, 44+ { "protocolkeepalives", oProtocolKeepAlives },
45+ { "setuptimeout", oSetupTimeOut }, 45+ { "setuptimeout", oSetupTimeOut },
46 46
47 { NULL, oBadOption } 47 { NULL, oBadOption }
48 }; 48 };
49@@ -1449,6 +1452,8 @@ parse_keytypes: 49@@ -1495,6 +1498,8 @@ parse_keytypes:
50 goto parse_flag; 50 goto parse_flag;
51 51
52 case oServerAliveInterval: 52 case oServerAliveInterval:
@@ -55,7 +55,7 @@ index a7fb7ca15..09787c0e5 100644
55 intptr = &options->server_alive_interval; 55 intptr = &options->server_alive_interval;
56 goto parse_time; 56 goto parse_time;
57 57
58@@ -2142,8 +2147,13 @@ fill_default_options(Options * options) 58@@ -2198,8 +2203,13 @@ fill_default_options(Options * options)
59 options->rekey_interval = 0; 59 options->rekey_interval = 0;
60 if (options->verify_host_key_dns == -1) 60 if (options->verify_host_key_dns == -1)
61 options->verify_host_key_dns = 0; 61 options->verify_host_key_dns = 0;
@@ -72,24 +72,25 @@ index a7fb7ca15..09787c0e5 100644
72 options->server_alive_count_max = 3; 72 options->server_alive_count_max = 3;
73 if (options->control_master == -1) 73 if (options->control_master == -1)
74diff --git a/ssh_config.5 b/ssh_config.5 74diff --git a/ssh_config.5 b/ssh_config.5
75index f4668673b..bc04d8d02 100644 75index 3f4906972..3079db19b 100644
76--- a/ssh_config.5 76--- a/ssh_config.5
77+++ b/ssh_config.5 77+++ b/ssh_config.5
78@@ -265,8 +265,12 @@ Valid arguments are 78@@ -266,9 +266,13 @@ If set to
79 If set to
80 .Cm yes , 79 .Cm yes ,
81 passphrase/password querying will be disabled. 80 user interaction such as password prompts and host key confirmation requests
81 will be disabled.
82+In addition, the 82+In addition, the
83+.Cm ServerAliveInterval 83+.Cm ServerAliveInterval
84+option will be set to 300 seconds by default (Debian-specific). 84+option will be set to 300 seconds by default (Debian-specific).
85 This option is useful in scripts and other batch jobs where no user 85 This option is useful in scripts and other batch jobs where no user
86-is present to supply the password. 86 is present to interact with
87+is present to supply the password, 87-.Xr ssh 1 .
88+.Xr ssh 1 ,
88+and where it is desirable to detect a broken network swiftly. 89+and where it is desirable to detect a broken network swiftly.
89 The argument must be 90 The argument must be
90 .Cm yes 91 .Cm yes
91 or 92 or
92@@ -1557,7 +1561,14 @@ from the server, 93@@ -1593,7 +1597,14 @@ from the server,
93 will send a message through the encrypted 94 will send a message through the encrypted
94 channel to request a response from the server. 95 channel to request a response from the server.
95 The default 96 The default
@@ -105,7 +106,7 @@ index f4668673b..bc04d8d02 100644
105 .It Cm SetEnv 106 .It Cm SetEnv
106 Directly specify one or more environment variables and their contents to 107 Directly specify one or more environment variables and their contents to
107 be sent to the server. 108 be sent to the server.
108@@ -1637,6 +1648,12 @@ Specifies whether the system should send TCP keepalive messages to the 109@@ -1673,6 +1684,12 @@ Specifies whether the system should send TCP keepalive messages to the
109 other side. 110 other side.
110 If they are sent, death of the connection or crash of one 111 If they are sent, death of the connection or crash of one
111 of the machines will be properly noticed. 112 of the machines will be properly noticed.
@@ -119,10 +120,10 @@ index f4668673b..bc04d8d02 100644
119 connections will die if the route is down temporarily, and some people 120 connections will die if the route is down temporarily, and some people
120 find it annoying. 121 find it annoying.
121diff --git a/sshd_config.5 b/sshd_config.5 122diff --git a/sshd_config.5 b/sshd_config.5
122index cec3c3c4e..eec224158 100644 123index f6b41a2f8..ebd09f891 100644
123--- a/sshd_config.5 124--- a/sshd_config.5
124+++ b/sshd_config.5 125+++ b/sshd_config.5
125@@ -1615,6 +1615,9 @@ This avoids infinitely hanging sessions. 126@@ -1668,6 +1668,9 @@ This avoids infinitely hanging sessions.
126 .Pp 127 .Pp
127 To disable TCP keepalive messages, the value should be set to 128 To disable TCP keepalive messages, the value should be set to
128 .Cm no . 129 .Cm no .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 639b216d6..6d48d7589 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
1From fdcf8c0343564121a89be817386c5feabd40c609 Mon Sep 17 00:00:00 2001 1From c18e3c8125fc4553951705a1da8c86395d219bb1 Mon Sep 17 00:00:00 2001
2From: Scott Moser <smoser@ubuntu.com> 2From: Scott Moser <smoser@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:10:03 +0000 3Date: Sun, 9 Feb 2014 16:10:03 +0000
4Subject: Mention ssh-keygen in ssh fingerprint changed warning 4Subject: Mention ssh-keygen in ssh fingerprint changed warning
@@ -14,10 +14,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch
14 1 file changed, 8 insertions(+), 1 deletion(-) 14 1 file changed, 8 insertions(+), 1 deletion(-)
15 15
16diff --git a/sshconnect.c b/sshconnect.c 16diff --git a/sshconnect.c b/sshconnect.c
17index 644057bc4..41e75a275 100644 17index 4a5d4a003..b796d3c8a 100644
18--- a/sshconnect.c 18--- a/sshconnect.c
19+++ b/sshconnect.c 19+++ b/sshconnect.c
20@@ -990,9 +990,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, 20@@ -991,9 +991,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
21 error("%s. This could either mean that", key_msg); 21 error("%s. This could either mean that", key_msg);
22 error("DNS SPOOFING is happening or the IP address for the host"); 22 error("DNS SPOOFING is happening or the IP address for the host");
23 error("and its host key have changed at the same time."); 23 error("and its host key have changed at the same time.");
@@ -32,7 +32,7 @@ index 644057bc4..41e75a275 100644
32 } 32 }
33 /* The host key has changed. */ 33 /* The host key has changed. */
34 warn_changed_key(host_key); 34 warn_changed_key(host_key);
35@@ -1001,6 +1005,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, 35@@ -1002,6 +1006,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
36 error("Offending %s key in %s:%lu", 36 error("Offending %s key in %s:%lu",
37 sshkey_type(host_found->key), 37 sshkey_type(host_found->key),
38 host_found->file, host_found->line); 38 host_found->file, host_found->line);
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 9b5baee08..02a798b85 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
1From ed88eee326ca80e1e0fdb6f9ef0346f6d5e021a8 Mon Sep 17 00:00:00 2001 1From ba0377ab3e6b68f7ab747f500991a0445c7f4086 Mon Sep 17 00:00:00 2001
2From: Kurt Roeckx <kurt@roeckx.be> 2From: Kurt Roeckx <kurt@roeckx.be>
3Date: Sun, 9 Feb 2014 16:10:14 +0000 3Date: Sun, 9 Feb 2014 16:10:14 +0000
4Subject: Don't check the status field of the OpenSSL version 4Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 46e1f8712..34ec87094 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
1From 8fb8f70b0534897791c61f2757e97bd13385944e Mon Sep 17 00:00:00 2001 1From 39fe318a4b572deeb3f7d03e55d319c0ab112a28 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:09 +0000 3Date: Sun, 9 Feb 2014 16:10:09 +0000
4Subject: Adjust various OpenBSD-specific references in manual pages 4Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,11 +44,11 @@ index ef0de0850..149846c8c 100644
44 .Sh SEE ALSO 44 .Sh SEE ALSO
45 .Xr ssh-keygen 1 , 45 .Xr ssh-keygen 1 ,
46diff --git a/ssh-keygen.1 b/ssh-keygen.1 46diff --git a/ssh-keygen.1 b/ssh-keygen.1
47index 957d2f0f0..143a2349f 100644 47index 7af564297..d6a7870e0 100644
48--- a/ssh-keygen.1 48--- a/ssh-keygen.1
49+++ b/ssh-keygen.1 49+++ b/ssh-keygen.1
50@@ -191,9 +191,7 @@ key in 50@@ -196,9 +196,7 @@ key in
51 .Pa ~/.ssh/id_ed25519 51 .Pa ~/.ssh/id_ed25519_sk
52 or 52 or
53 .Pa ~/.ssh/id_rsa . 53 .Pa ~/.ssh/id_rsa .
54-Additionally, the system administrator may use this to generate host keys, 54-Additionally, the system administrator may use this to generate host keys,
@@ -58,7 +58,7 @@ index 957d2f0f0..143a2349f 100644
58 .Pp 58 .Pp
59 Normally this program generates the key and asks for a file in which 59 Normally this program generates the key and asks for a file in which
60 to store the private key. 60 to store the private key.
61@@ -256,9 +254,7 @@ If 61@@ -261,9 +259,7 @@ If
62 .Fl f 62 .Fl f
63 has also been specified, its argument is used as a prefix to the 63 has also been specified, its argument is used as a prefix to the
64 default path for the resulting host key files. 64 default path for the resulting host key files.
@@ -69,7 +69,7 @@ index 957d2f0f0..143a2349f 100644
69 .It Fl a Ar rounds 69 .It Fl a Ar rounds
70 When saving a private key, this option specifies the number of KDF 70 When saving a private key, this option specifies the number of KDF
71 (key derivation function) rounds used. 71 (key derivation function) rounds used.
72@@ -798,7 +794,7 @@ option. 72@@ -783,7 +779,7 @@ option.
73 Valid generator values are 2, 3, and 5. 73 Valid generator values are 2, 3, and 5.
74 .Pp 74 .Pp
75 Screened DH groups may be installed in 75 Screened DH groups may be installed in
@@ -77,8 +77,8 @@ index 957d2f0f0..143a2349f 100644
77+.Pa /etc/ssh/moduli . 77+.Pa /etc/ssh/moduli .
78 It is important that this file contains moduli of a range of bit lengths and 78 It is important that this file contains moduli of a range of bit lengths and
79 that both ends of a connection share common moduli. 79 that both ends of a connection share common moduli.
80 .Sh CERTIFICATES 80 .Pp
81@@ -1049,7 +1045,7 @@ on all machines 81@@ -1154,7 +1150,7 @@ on all machines
82 where the user wishes to log in using public key authentication. 82 where the user wishes to log in using public key authentication.
83 There is no need to keep the contents of this file secret. 83 There is no need to keep the contents of this file secret.
84 .Pp 84 .Pp
@@ -88,10 +88,10 @@ index 957d2f0f0..143a2349f 100644
88 The file format is described in 88 The file format is described in
89 .Xr moduli 5 . 89 .Xr moduli 5 .
90diff --git a/ssh.1 b/ssh.1 90diff --git a/ssh.1 b/ssh.1
91index 20e4c4efa..4923031f4 100644 91index cf991e4ee..17b0e984f 100644
92--- a/ssh.1 92--- a/ssh.1
93+++ b/ssh.1 93+++ b/ssh.1
94@@ -873,6 +873,10 @@ implements public key authentication protocol automatically, 94@@ -887,6 +887,10 @@ implements public key authentication protocol automatically,
95 using one of the DSA, ECDSA, Ed25519 or RSA algorithms. 95 using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
96 The HISTORY section of 96 The HISTORY section of
97 .Xr ssl 8 97 .Xr ssl 8
@@ -103,7 +103,7 @@ index 20e4c4efa..4923031f4 100644
103 .Pp 103 .Pp
104 The file 104 The file
105diff --git a/sshd.8 b/sshd.8 105diff --git a/sshd.8 b/sshd.8
106index 57a7fd66b..4abc01d66 100644 106index 730520231..5ce0ea4fa 100644
107--- a/sshd.8 107--- a/sshd.8
108+++ b/sshd.8 108+++ b/sshd.8
109@@ -65,7 +65,7 @@ over an insecure network. 109@@ -65,7 +65,7 @@ over an insecure network.
@@ -115,7 +115,7 @@ index 57a7fd66b..4abc01d66 100644
115 It forks a new 115 It forks a new
116 daemon for each incoming connection. 116 daemon for each incoming connection.
117 The forked daemons handle 117 The forked daemons handle
118@@ -884,7 +884,7 @@ This file is for host-based authentication (see 118@@ -904,7 +904,7 @@ This file is for host-based authentication (see
119 .Xr ssh 1 ) . 119 .Xr ssh 1 ) .
120 It should only be writable by root. 120 It should only be writable by root.
121 .Pp 121 .Pp
@@ -124,7 +124,7 @@ index 57a7fd66b..4abc01d66 100644
124 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" 124 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
125 key exchange method. 125 key exchange method.
126 The file format is described in 126 The file format is described in
127@@ -982,7 +982,6 @@ The content of this file is not sensitive; it can be world-readable. 127@@ -1002,7 +1002,6 @@ The content of this file is not sensitive; it can be world-readable.
128 .Xr ssh-keyscan 1 , 128 .Xr ssh-keyscan 1 ,
129 .Xr chroot 2 , 129 .Xr chroot 2 ,
130 .Xr hosts_access 5 , 130 .Xr hosts_access 5 ,
@@ -133,10 +133,10 @@ index 57a7fd66b..4abc01d66 100644
133 .Xr sshd_config 5 , 133 .Xr sshd_config 5 ,
134 .Xr inetd 8 , 134 .Xr inetd 8 ,
135diff --git a/sshd_config.5 b/sshd_config.5 135diff --git a/sshd_config.5 b/sshd_config.5
136index 46537f177..270805060 100644 136index c926f584c..25f4b8117 100644
137--- a/sshd_config.5 137--- a/sshd_config.5
138+++ b/sshd_config.5 138+++ b/sshd_config.5
139@@ -393,8 +393,7 @@ Certificates signed using other algorithms will not be accepted for 139@@ -387,8 +387,7 @@ Certificates signed using other algorithms will not be accepted for
140 public key or host-based authentication. 140 public key or host-based authentication.
141 .It Cm ChallengeResponseAuthentication 141 .It Cm ChallengeResponseAuthentication
142 Specifies whether challenge-response authentication is allowed (e.g. via 142 Specifies whether challenge-response authentication is allowed (e.g. via
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 7a811f9af..32a7a1fed 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
1From 6a8dfab1a067a52b004594fadb3a90578a8cc094 Mon Sep 17 00:00:00 2001 1From a4f868858c3395cacb59c58786b501317b9a3d03 Mon Sep 17 00:00:00 2001
2From: Matthew Vernon <matthew@debian.org> 2From: Matthew Vernon <matthew@debian.org>
3Date: Sun, 9 Feb 2014 16:10:05 +0000 3Date: Sun, 9 Feb 2014 16:10:05 +0000
4Subject: Include the Debian version in our identification 4Subject: Include the Debian version in our identification
@@ -18,10 +18,10 @@ Patch-Name: package-versioning.patch
18 2 files changed, 7 insertions(+), 2 deletions(-) 18 2 files changed, 7 insertions(+), 2 deletions(-)
19 19
20diff --git a/kex.c b/kex.c 20diff --git a/kex.c b/kex.c
21index e09355dbd..65ed6af02 100644 21index 574c76093..f638942d3 100644
22--- a/kex.c 22--- a/kex.c
23+++ b/kex.c 23+++ b/kex.c
24@@ -1239,7 +1239,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, 24@@ -1244,7 +1244,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
25 if (version_addendum != NULL && *version_addendum == '\0') 25 if (version_addendum != NULL && *version_addendum == '\0')
26 version_addendum = NULL; 26 version_addendum = NULL;
27 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", 27 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
@@ -31,11 +31,11 @@ index e09355dbd..65ed6af02 100644
31 version_addendum == NULL ? "" : version_addendum)) != 0) { 31 version_addendum == NULL ? "" : version_addendum)) != 0) {
32 error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); 32 error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
33diff --git a/version.h b/version.h 33diff --git a/version.h b/version.h
34index 6b3fadf89..a24017eca 100644 34index c2affcb2a..d79126cc3 100644
35--- a/version.h 35--- a/version.h
36+++ b/version.h 36+++ b/version.h
37@@ -3,4 +3,9 @@ 37@@ -3,4 +3,9 @@
38 #define SSH_VERSION "OpenSSH_8.1" 38 #define SSH_VERSION "OpenSSH_8.2"
39 39
40 #define SSH_PORTABLE "p1" 40 #define SSH_PORTABLE "p1"
41-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 41-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/regress-2020.patch b/debian/patches/regress-2020.patch
deleted file mode 100644
index 785945d33..000000000
--- a/debian/patches/regress-2020.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1From 7ee24da2b84bf463dd5e8611479fa7a5acaa40e4 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 3 Jan 2020 03:02:26 +0000
4Subject: upstream: what bozo decided to use 2020 as a future date in a regress
5
6test?
7
8OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
9
10Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381
11Last-Update: 2020-01-09
12
13Patch-Name: regress-2020.patch
14---
15 regress/cert-hostkey.sh | 2 +-
16 regress/cert-userkey.sh | 2 +-
17 2 files changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
20index 86ea62504..844adabcc 100644
21--- a/regress/cert-hostkey.sh
22+++ b/regress/cert-hostkey.sh
23@@ -252,7 +252,7 @@ test_one() {
24 test_one "user-certificate" failure "-n $HOSTS"
25 test_one "empty principals" success "-h"
26 test_one "wrong principals" failure "-h -n foo"
27-test_one "cert not yet valid" failure "-h -V20200101:20300101"
28+test_one "cert not yet valid" failure "-h -V20300101:20320101"
29 test_one "cert expired" failure "-h -V19800101:19900101"
30 test_one "cert valid interval" success "-h -V-1w:+2w"
31 test_one "cert has constraints" failure "-h -Oforce-command=false"
32diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
33index 38c14a698..5cd02fc3f 100644
34--- a/regress/cert-userkey.sh
35+++ b/regress/cert-userkey.sh
36@@ -338,7 +338,7 @@ test_one() {
37 test_one "correct principal" success "-n ${USER}"
38 test_one "host-certificate" failure "-n ${USER} -h"
39 test_one "wrong principals" failure "-n foo"
40-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
41+test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
42 test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
43 test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
44 test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 15102b004..7281395ae 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
1From 5c1ed7182e928fcf03d11c1bcc51c26c2c42629d Mon Sep 17 00:00:00 2001 1From 2fe72c4e855be0fc87dbdc296632394b6cfe957a Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 5 Mar 2017 02:02:11 +0000 3Date: Sun, 5 Mar 2017 02:02:11 +0000
4Subject: Restore reading authorized_keys2 by default 4Subject: Restore reading authorized_keys2 by default
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 222a996f1..d73cc283c 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
1From 57c1dd662f9259f58a47801e2d4b0f84e973441d Mon Sep 17 00:00:00 2001 1From 31d42cd8624f29508f772447e617ab043a6487d9 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Tue, 7 Oct 2014 13:22:41 +0100 3Date: Tue, 7 Oct 2014 13:22:41 +0100
4Subject: Restore TCP wrappers support 4Subject: Restore TCP wrappers support
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch
28 3 files changed, 89 insertions(+) 28 3 files changed, 89 insertions(+)
29 29
30diff --git a/configure.ac b/configure.ac 30diff --git a/configure.ac b/configure.ac
31index 1c2512314..e894db9fc 100644 31index efafb6bd8..cee7cbc51 100644
32--- a/configure.ac 32--- a/configure.ac
33+++ b/configure.ac 33+++ b/configure.ac
34@@ -1521,6 +1521,62 @@ else 34@@ -1556,6 +1556,62 @@ else
35 AC_MSG_RESULT([no]) 35 AC_MSG_RESULT([no])
36 fi 36 fi
37 37
@@ -94,7 +94,7 @@ index 1c2512314..e894db9fc 100644
94 # Check whether user wants to use ldns 94 # Check whether user wants to use ldns
95 LDNS_MSG="no" 95 LDNS_MSG="no"
96 AC_ARG_WITH(ldns, 96 AC_ARG_WITH(ldns,
97@@ -5242,6 +5298,7 @@ echo " PAM support: $PAM_MSG" 97@@ -5413,6 +5469,7 @@ echo " PAM support: $PAM_MSG"
98 echo " OSF SIA support: $SIA_MSG" 98 echo " OSF SIA support: $SIA_MSG"
99 echo " KerberosV support: $KRB5_MSG" 99 echo " KerberosV support: $KRB5_MSG"
100 echo " SELinux support: $SELINUX_MSG" 100 echo " SELinux support: $SELINUX_MSG"
@@ -103,10 +103,10 @@ index 1c2512314..e894db9fc 100644
103 echo " libedit support: $LIBEDIT_MSG" 103 echo " libedit support: $LIBEDIT_MSG"
104 echo " libldns support: $LDNS_MSG" 104 echo " libldns support: $LDNS_MSG"
105diff --git a/sshd.8 b/sshd.8 105diff --git a/sshd.8 b/sshd.8
106index fb133c14b..57a7fd66b 100644 106index c5f8987d2..730520231 100644
107--- a/sshd.8 107--- a/sshd.8
108+++ b/sshd.8 108+++ b/sshd.8
109@@ -873,6 +873,12 @@ the user's home directory becomes accessible. 109@@ -893,6 +893,12 @@ the user's home directory becomes accessible.
110 This file should be writable only by the user, and need not be 110 This file should be writable only by the user, and need not be
111 readable by anyone else. 111 readable by anyone else.
112 .Pp 112 .Pp
@@ -119,7 +119,7 @@ index fb133c14b..57a7fd66b 100644
119 .It Pa /etc/hosts.equiv 119 .It Pa /etc/hosts.equiv
120 This file is for host-based authentication (see 120 This file is for host-based authentication (see
121 .Xr ssh 1 ) . 121 .Xr ssh 1 ) .
122@@ -975,6 +981,7 @@ The content of this file is not sensitive; it can be world-readable. 122@@ -995,6 +1001,7 @@ The content of this file is not sensitive; it can be world-readable.
123 .Xr ssh-keygen 1 , 123 .Xr ssh-keygen 1 ,
124 .Xr ssh-keyscan 1 , 124 .Xr ssh-keyscan 1 ,
125 .Xr chroot 2 , 125 .Xr chroot 2 ,
@@ -128,12 +128,12 @@ index fb133c14b..57a7fd66b 100644
128 .Xr moduli 5 , 128 .Xr moduli 5 ,
129 .Xr sshd_config 5 , 129 .Xr sshd_config 5 ,
130diff --git a/sshd.c b/sshd.c 130diff --git a/sshd.c b/sshd.c
131index 3a5c1ea78..4e32fd10d 100644 131index d92f03aaf..62dc55cf2 100644
132--- a/sshd.c 132--- a/sshd.c
133+++ b/sshd.c 133+++ b/sshd.c
134@@ -127,6 +127,13 @@ 134@@ -124,6 +124,13 @@
135 #include <Security/AuthSession.h> 135 #include "ssherr.h"
136 #endif 136 #include "sk-api.h"
137 137
138+#ifdef LIBWRAP 138+#ifdef LIBWRAP
139+#include <tcpd.h> 139+#include <tcpd.h>
@@ -145,7 +145,7 @@ index 3a5c1ea78..4e32fd10d 100644
145 /* Re-exec fds */ 145 /* Re-exec fds */
146 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 146 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
147 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 147 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
148@@ -2062,6 +2069,24 @@ main(int ac, char **av) 148@@ -2138,6 +2145,24 @@ main(int ac, char **av)
149 #ifdef SSH_AUDIT_EVENTS 149 #ifdef SSH_AUDIT_EVENTS
150 audit_connection_from(remote_ip, remote_port); 150 audit_connection_from(remote_ip, remote_port);
151 #endif 151 #endif
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index 37a1fec98..02c505531 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
1From 08ef8cb952462442660914b42de3f84f31ec1a6d Mon Sep 17 00:00:00 2001 1From a2dabf35ce0228c86a288d11cc847a9d9801604f Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 8 Apr 2019 10:46:29 +0100 3Date: Mon, 8 Apr 2019 10:46:29 +0100
4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP 4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
@@ -24,10 +24,10 @@ Patch-Name: revert-ipqos-defaults.patch
24 4 files changed, 8 insertions(+), 12 deletions(-) 24 4 files changed, 8 insertions(+), 12 deletions(-)
25 25
26diff --git a/readconf.c b/readconf.c 26diff --git a/readconf.c b/readconf.c
27index 253574ce0..9812b8d98 100644 27index e82024678..1b9494d7c 100644
28--- a/readconf.c 28--- a/readconf.c
29+++ b/readconf.c 29+++ b/readconf.c
30@@ -2174,9 +2174,9 @@ fill_default_options(Options * options) 30@@ -2230,9 +2230,9 @@ fill_default_options(Options * options)
31 if (options->visual_host_key == -1) 31 if (options->visual_host_key == -1)
32 options->visual_host_key = 0; 32 options->visual_host_key = 0;
33 if (options->ip_qos_interactive == -1) 33 if (options->ip_qos_interactive == -1)
@@ -40,10 +40,10 @@ index 253574ce0..9812b8d98 100644
40 options->request_tty = REQUEST_TTY_AUTO; 40 options->request_tty = REQUEST_TTY_AUTO;
41 if (options->proxy_use_fdpass == -1) 41 if (options->proxy_use_fdpass == -1)
42diff --git a/servconf.c b/servconf.c 42diff --git a/servconf.c b/servconf.c
43index 5576098a5..4464d51a5 100644 43index 7bbc25c2e..470ad3619 100644
44--- a/servconf.c 44--- a/servconf.c
45+++ b/servconf.c 45+++ b/servconf.c
46@@ -423,9 +423,9 @@ fill_default_server_options(ServerOptions *options) 46@@ -452,9 +452,9 @@ fill_default_server_options(ServerOptions *options)
47 if (options->permit_tun == -1) 47 if (options->permit_tun == -1)
48 options->permit_tun = SSH_TUNMODE_NO; 48 options->permit_tun = SSH_TUNMODE_NO;
49 if (options->ip_qos_interactive == -1) 49 if (options->ip_qos_interactive == -1)
@@ -56,10 +56,10 @@ index 5576098a5..4464d51a5 100644
56 options->version_addendum = xstrdup(""); 56 options->version_addendum = xstrdup("");
57 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 57 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
58diff --git a/ssh_config.5 b/ssh_config.5 58diff --git a/ssh_config.5 b/ssh_config.5
59index d27655e15..b71d5ede9 100644 59index 5c90d3e02..6b4e4f43b 100644
60--- a/ssh_config.5 60--- a/ssh_config.5
61+++ b/ssh_config.5 61+++ b/ssh_config.5
62@@ -1110,11 +1110,9 @@ If one argument is specified, it is used as the packet class unconditionally. 62@@ -1133,11 +1133,9 @@ If one argument is specified, it is used as the packet class unconditionally.
63 If two values are specified, the first is automatically selected for 63 If two values are specified, the first is automatically selected for
64 interactive sessions and the second for non-interactive sessions. 64 interactive sessions and the second for non-interactive sessions.
65 The default is 65 The default is
@@ -74,10 +74,10 @@ index d27655e15..b71d5ede9 100644
74 .It Cm KbdInteractiveAuthentication 74 .It Cm KbdInteractiveAuthentication
75 Specifies whether to use keyboard-interactive authentication. 75 Specifies whether to use keyboard-interactive authentication.
76diff --git a/sshd_config.5 b/sshd_config.5 76diff --git a/sshd_config.5 b/sshd_config.5
77index 02e29cb6f..ba533af9e 100644 77index b8bea2ad7..fd205e418 100644
78--- a/sshd_config.5 78--- a/sshd_config.5
79+++ b/sshd_config.5 79+++ b/sshd_config.5
80@@ -892,11 +892,9 @@ If one argument is specified, it is used as the packet class unconditionally. 80@@ -907,11 +907,9 @@ If one argument is specified, it is used as the packet class unconditionally.
81 If two values are specified, the first is automatically selected for 81 If two values are specified, the first is automatically selected for
82 interactive sessions and the second for non-interactive sessions. 82 interactive sessions and the second for non-interactive sessions.
83 The default is 83 The default is
diff --git a/debian/patches/sandbox-seccomp-clock_gettime64.patch b/debian/patches/sandbox-seccomp-clock_gettime64.patch
deleted file mode 100644
index d3e0bc40c..000000000
--- a/debian/patches/sandbox-seccomp-clock_gettime64.patch
+++ /dev/null
@@ -1,30 +0,0 @@
1From ba675f490d681365db5a4e4ea6419e8690da6f30 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 7 Jan 2020 16:26:45 -0800
4Subject: seccomp: Allow clock_gettime64() in sandbox.
5
6This helps sshd accept connections on mips platforms with
7upcoming glibc ( 2.31 )
8
9Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b110cefdfbf5a20f49b774a55062d6ded2fb6e22
10Last-Update: 2020-01-11
11
12Patch-Name: sandbox-seccomp-clock_gettime64.patch
13---
14 sandbox-seccomp-filter.c | 3 +++
15 1 file changed, 3 insertions(+)
16
17diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
18index 3ef30c9d5..999c46c9f 100644
19--- a/sandbox-seccomp-filter.c
20+++ b/sandbox-seccomp-filter.c
21@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
22 #ifdef __NR_clock_nanosleep_time64
23 SC_ALLOW(__NR_clock_nanosleep_time64),
24 #endif
25+#ifdef __NR_clock_gettime64
26+ SC_ALLOW(__NR_clock_gettime64),
27+#endif
28 #ifdef __NR__newselect
29 SC_ALLOW(__NR__newselect),
30 #endif
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep.patch b/debian/patches/sandbox-seccomp-clock_nanosleep.patch
deleted file mode 100644
index 2023717b9..000000000
--- a/debian/patches/sandbox-seccomp-clock_nanosleep.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From cb38e55b8af8756b2d6d6f6a1c1a5f949e15b980 Mon Sep 17 00:00:00 2001
2From: Darren Tucker <dtucker@dtucker.net>
3Date: Wed, 13 Nov 2019 23:19:35 +1100
4Subject: seccomp: Allow clock_nanosleep() in sandbox.
5
6seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
7glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
8
9Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56
10Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=546274a6f89489d2e6be8a8b62f2bb63c87a61fd
11Last-Update: 2020-01-11
12
13Patch-Name: sandbox-seccomp-clock_nanosleep.patch
14---
15 sandbox-seccomp-filter.c | 3 +++
16 1 file changed, 3 insertions(+)
17
18diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
19index b5cda70bb..be2397671 100644
20--- a/sandbox-seccomp-filter.c
21+++ b/sandbox-seccomp-filter.c
22@@ -242,6 +242,9 @@ static const struct sock_filter preauth_insns[] = {
23 #ifdef __NR_nanosleep
24 SC_ALLOW(__NR_nanosleep),
25 #endif
26+#ifdef __NR_clock_nanosleep
27+ SC_ALLOW(__NR_clock_nanosleep),
28+#endif
29 #ifdef __NR__newselect
30 SC_ALLOW(__NR__newselect),
31 #endif
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch b/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
deleted file mode 100644
index b8d7ad569..000000000
--- a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From f0cfb9ad4b83693731505c945c0685de64483c8d Mon Sep 17 00:00:00 2001
2From: Darren Tucker <dtucker@dtucker.net>
3Date: Mon, 16 Dec 2019 13:55:56 +1100
4Subject: Allow clock_nanosleep_time64 in seccomp sandbox.
5
6Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
7
8Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5af6fd5461bb709304e6979c8b7856c7af921c9e
9Last-Update: 2020-01-11
10
11Patch-Name: sandbox-seccomp-clock_nanosleep_time64.patch
12---
13 sandbox-seccomp-filter.c | 3 +++
14 1 file changed, 3 insertions(+)
15
16diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
17index be2397671..3ef30c9d5 100644
18--- a/sandbox-seccomp-filter.c
19+++ b/sandbox-seccomp-filter.c
20@@ -245,6 +245,9 @@ static const struct sock_filter preauth_insns[] = {
21 #ifdef __NR_clock_nanosleep
22 SC_ALLOW(__NR_clock_nanosleep),
23 #endif
24+#ifdef __NR_clock_nanosleep_time64
25+ SC_ALLOW(__NR_clock_nanosleep_time64),
26+#endif
27 #ifdef __NR__newselect
28 SC_ALLOW(__NR__newselect),
29 #endif
diff --git a/debian/patches/sandbox-seccomp-ipc.patch b/debian/patches/sandbox-seccomp-ipc.patch
deleted file mode 100644
index c84290726..000000000
--- a/debian/patches/sandbox-seccomp-ipc.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From 2e128b223e8e73ace57a0726130bfbcf920d0f9e Mon Sep 17 00:00:00 2001
2From: Jeremy Drake <github@jdrake.com>
3Date: Fri, 11 Oct 2019 18:31:05 -0700
4Subject: Deny (non-fatal) ipc in preauth privsep child.
5
6As noted in openssh/openssh-portable#149, i386 does not have have
7_NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc,
8https://linux.die.net/man/2/ipc). Add this syscall, if present, to the
9list of syscalls that seccomp will deny non-fatally.
10
11Bug-Debian: https://bugs.debian.org/946242
12Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89
13Last-Update: 2020-01-11
14
15Patch-Name: sandbox-seccomp-ipc.patch
16---
17 sandbox-seccomp-filter.c | 3 +++
18 1 file changed, 3 insertions(+)
19
20diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
21index 999c46c9f..0914e48ba 100644
22--- a/sandbox-seccomp-filter.c
23+++ b/sandbox-seccomp-filter.c
24@@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
25 #ifdef __NR_shmdt
26 SC_DENY(__NR_shmdt, EACCES),
27 #endif
28+#ifdef __NR_ipc
29+ SC_DENY(__NR_ipc, EACCES),
30+#endif
31
32 /* Syscalls to permit */
33 #ifdef __NR_brk
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index e69c9c46e..8935b8e04 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
1From 2d8e679834c81fc381d02974986e08cafe3efa29 Mon Sep 17 00:00:00 2001 1From 5166a6af68da4778c7e2c2d117bb56361c7aa361 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> 2From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:09:59 +0000 3Date: Sun, 9 Feb 2014 16:09:59 +0000
4Subject: Adjust scp quoting in verbose mode 4Subject: Adjust scp quoting in verbose mode
@@ -17,10 +17,10 @@ Patch-Name: scp-quoting.patch
17 1 file changed, 10 insertions(+), 2 deletions(-) 17 1 file changed, 10 insertions(+), 2 deletions(-)
18 18
19diff --git a/scp.c b/scp.c 19diff --git a/scp.c b/scp.c
20index 0348d0673..5a7a92a7e 100644 20index 6901e0c94..9b64aa5f4 100644
21--- a/scp.c 21--- a/scp.c
22+++ b/scp.c 22+++ b/scp.c
23@@ -199,8 +199,16 @@ do_local_cmd(arglist *a) 23@@ -201,8 +201,16 @@ do_local_cmd(arglist *a)
24 24
25 if (verbose_mode) { 25 if (verbose_mode) {
26 fprintf(stderr, "Executing:"); 26 fprintf(stderr, "Executing:");
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 02d740fe3..63e44af55 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
1From 3131e3bb3c56a6c6ee8cb9d68f542af04cd9e8ff Mon Sep 17 00:00:00 2001 1From b108c6bbe4b3691600a272b27fa24d9080018db7 Mon Sep 17 00:00:00 2001
2From: Manoj Srivastava <srivasta@debian.org> 2From: Manoj Srivastava <srivasta@debian.org>
3Date: Sun, 9 Feb 2014 16:09:49 +0000 3Date: Sun, 9 Feb 2014 16:09:49 +0000
4Subject: Handle SELinux authorisation roles 4Subject: Handle SELinux authorisation roles
@@ -9,7 +9,7 @@ SELinux maintainer, so we'll keep it until we have something better.
9 9
10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
11Bug-Debian: http://bugs.debian.org/394795 11Bug-Debian: http://bugs.debian.org/394795
12Last-Update: 2019-06-05 12Last-Update: 2020-02-21
13 13
14Patch-Name: selinux-role.patch 14Patch-Name: selinux-role.patch
15--- 15---
@@ -81,10 +81,10 @@ index 1c217268c..92a6bcaf4 100644
81 if (auth2_setup_methods_lists(authctxt) != 0) 81 if (auth2_setup_methods_lists(authctxt) != 0)
82 ssh_packet_disconnect(ssh, 82 ssh_packet_disconnect(ssh,
83diff --git a/monitor.c b/monitor.c 83diff --git a/monitor.c b/monitor.c
84index bead9e204..04db44c9c 100644 84index ebf76c7f9..947fdfadc 100644
85--- a/monitor.c 85--- a/monitor.c
86+++ b/monitor.c 86+++ b/monitor.c
87@@ -117,6 +117,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *); 87@@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *);
88 int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); 88 int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
89 int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); 89 int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
90 int mm_answer_authserv(struct ssh *, int, struct sshbuf *); 90 int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
@@ -92,7 +92,7 @@ index bead9e204..04db44c9c 100644
92 int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); 92 int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
93 int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); 93 int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
94 int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); 94 int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
95@@ -197,6 +198,7 @@ struct mon_table mon_dispatch_proto20[] = { 95@@ -198,6 +199,7 @@ struct mon_table mon_dispatch_proto20[] = {
96 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 96 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
97 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 97 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
98 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 98 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -100,7 +100,7 @@ index bead9e204..04db44c9c 100644
100 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 100 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
101 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 101 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
102 #ifdef USE_PAM 102 #ifdef USE_PAM
103@@ -819,6 +821,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) 103@@ -820,6 +822,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
104 104
105 /* Allow service/style information on the auth context */ 105 /* Allow service/style information on the auth context */
106 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 106 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -108,7 +108,7 @@ index bead9e204..04db44c9c 100644
108 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 108 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
109 109
110 #ifdef USE_PAM 110 #ifdef USE_PAM
111@@ -852,16 +855,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) 111@@ -853,16 +856,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
112 monitor_permit_authentications(1); 112 monitor_permit_authentications(1);
113 113
114 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || 114 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
@@ -154,7 +154,7 @@ index bead9e204..04db44c9c 100644
154 return (0); 154 return (0);
155 } 155 }
156 156
157@@ -1528,7 +1557,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) 157@@ -1554,7 +1583,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
158 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 158 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
159 if (res == 0) 159 if (res == 0)
160 goto error; 160 goto error;
@@ -177,7 +177,7 @@ index 2b1a2d590..4d87284aa 100644
177 177
178 struct ssh; 178 struct ssh;
179diff --git a/monitor_wrap.c b/monitor_wrap.c 179diff --git a/monitor_wrap.c b/monitor_wrap.c
180index fdca39a6a..933ce9a3d 100644 180index 6edb509a3..b49c268d3 100644
181--- a/monitor_wrap.c 181--- a/monitor_wrap.c
182+++ b/monitor_wrap.c 182+++ b/monitor_wrap.c
183@@ -364,10 +364,10 @@ mm_auth2_read_banner(void) 183@@ -364,10 +364,10 @@ mm_auth2_read_banner(void)
@@ -231,13 +231,13 @@ index fdca39a6a..933ce9a3d 100644
231 int 231 int
232 mm_auth_password(struct ssh *ssh, char *password) 232 mm_auth_password(struct ssh *ssh, char *password)
233diff --git a/monitor_wrap.h b/monitor_wrap.h 233diff --git a/monitor_wrap.h b/monitor_wrap.h
234index 92dda574b..0f09dba09 100644 234index 485590c18..370b08e17 100644
235--- a/monitor_wrap.h 235--- a/monitor_wrap.h
236+++ b/monitor_wrap.h 236+++ b/monitor_wrap.h
237@@ -46,7 +46,8 @@ DH *mm_choose_dh(int, int, int); 237@@ -47,7 +47,8 @@ DH *mm_choose_dh(int, int, int);
238 #endif 238 #endif
239 int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, 239 int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
240 const u_char *, size_t, const char *, u_int compat); 240 const u_char *, size_t, const char *, const char *, u_int compat);
241-void mm_inform_authserv(char *, char *); 241-void mm_inform_authserv(char *, char *);
242+void mm_inform_authserv(char *, char *, char *); 242+void mm_inform_authserv(char *, char *, char *);
243+void mm_inform_authrole(char *); 243+void mm_inform_authrole(char *);
@@ -363,10 +363,10 @@ index ea4f9c584..60d72ffe7 100644
363 char *platform_krb5_get_principal_name(const char *); 363 char *platform_krb5_get_principal_name(const char *);
364 int platform_sys_dir_uid(uid_t); 364 int platform_sys_dir_uid(uid_t);
365diff --git a/session.c b/session.c 365diff --git a/session.c b/session.c
366index f1a47f766..df7d7cf55 100644 366index 06a33442a..871799590 100644
367--- a/session.c 367--- a/session.c
368+++ b/session.c 368+++ b/session.c
369@@ -1356,7 +1356,7 @@ safely_chroot(const char *path, uid_t uid) 369@@ -1360,7 +1360,7 @@ safely_chroot(const char *path, uid_t uid)
370 370
371 /* Set login name, uid, gid, and groups. */ 371 /* Set login name, uid, gid, and groups. */
372 void 372 void
@@ -375,7 +375,7 @@ index f1a47f766..df7d7cf55 100644
375 { 375 {
376 char uidstr[32], *chroot_path, *tmp; 376 char uidstr[32], *chroot_path, *tmp;
377 377
378@@ -1384,7 +1384,7 @@ do_setusercontext(struct passwd *pw) 378@@ -1388,7 +1388,7 @@ do_setusercontext(struct passwd *pw)
379 endgrent(); 379 endgrent();
380 #endif 380 #endif
381 381
@@ -384,7 +384,7 @@ index f1a47f766..df7d7cf55 100644
384 384
385 if (!in_chroot && options.chroot_directory != NULL && 385 if (!in_chroot && options.chroot_directory != NULL &&
386 strcasecmp(options.chroot_directory, "none") != 0) { 386 strcasecmp(options.chroot_directory, "none") != 0) {
387@@ -1525,7 +1525,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) 387@@ -1529,7 +1529,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
388 388
389 /* Force a password change */ 389 /* Force a password change */
390 if (s->authctxt->force_pwchange) { 390 if (s->authctxt->force_pwchange) {
@@ -393,7 +393,7 @@ index f1a47f766..df7d7cf55 100644
393 child_close_fds(ssh); 393 child_close_fds(ssh);
394 do_pwchange(s); 394 do_pwchange(s);
395 exit(1); 395 exit(1);
396@@ -1543,7 +1543,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) 396@@ -1547,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
397 /* When PAM is enabled we rely on it to do the nologin check */ 397 /* When PAM is enabled we rely on it to do the nologin check */
398 if (!options.use_pam) 398 if (!options.use_pam)
399 do_nologin(pw); 399 do_nologin(pw);
@@ -402,7 +402,7 @@ index f1a47f766..df7d7cf55 100644
402 /* 402 /*
403 * PAM session modules in do_setusercontext may have 403 * PAM session modules in do_setusercontext may have
404 * generated messages, so if this in an interactive 404 * generated messages, so if this in an interactive
405@@ -1942,7 +1942,7 @@ session_pty_req(struct ssh *ssh, Session *s) 405@@ -1946,7 +1946,7 @@ session_pty_req(struct ssh *ssh, Session *s)
406 sshpkt_fatal(ssh, r, "%s: parse packet", __func__); 406 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
407 407
408 if (!use_privsep) 408 if (!use_privsep)
@@ -425,10 +425,10 @@ index ce59dabd9..675c91146 100644
425 const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); 425 const char *session_get_remote_name_or_ip(struct ssh *, u_int, int);
426 426
427diff --git a/sshd.c b/sshd.c 427diff --git a/sshd.c b/sshd.c
428index 4e32fd10d..ea8beacb4 100644 428index 62dc55cf2..65916fc6d 100644
429--- a/sshd.c 429--- a/sshd.c
430+++ b/sshd.c 430+++ b/sshd.c
431@@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) 431@@ -595,7 +595,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
432 reseed_prngs(); 432 reseed_prngs();
433 433
434 /* Drop privileges */ 434 /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index 59c651095..8c1046a74 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,8 +23,3 @@ debian-config.patch
23restore-authorized_keys2.patch 23restore-authorized_keys2.patch
24conch-old-privkey-format.patch 24conch-old-privkey-format.patch
25revert-ipqos-defaults.patch 25revert-ipqos-defaults.patch
26regress-2020.patch
27sandbox-seccomp-clock_nanosleep.patch
28sandbox-seccomp-clock_nanosleep_time64.patch
29sandbox-seccomp-clock_gettime64.patch
30sandbox-seccomp-ipc.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index d7f69011e..43fb1d145 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
1From 5d1aab0eb6baeb044516660a0bde36cba2a3f9c2 Mon Sep 17 00:00:00 2001 1From c19bcc02b07b450d585d0fd10ccd96174aeb3b7c Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:00 +0000 3Date: Sun, 9 Feb 2014 16:10:00 +0000
4Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand 4Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
@@ -8,7 +8,7 @@ I (Colin Watson) agree with Vincent and think it does.
8 8
9Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 9Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
10Bug-Debian: http://bugs.debian.org/492728 10Bug-Debian: http://bugs.debian.org/492728
11Last-Update: 2013-09-14 11Last-Update: 2020-02-21
12 12
13Patch-Name: shell-path.patch 13Patch-Name: shell-path.patch
14--- 14---
@@ -16,21 +16,21 @@ Patch-Name: shell-path.patch
16 1 file changed, 2 insertions(+), 2 deletions(-) 16 1 file changed, 2 insertions(+), 2 deletions(-)
17 17
18diff --git a/sshconnect.c b/sshconnect.c 18diff --git a/sshconnect.c b/sshconnect.c
19index 6230dad32..644057bc4 100644 19index 4711af782..4a5d4a003 100644
20--- a/sshconnect.c 20--- a/sshconnect.c
21+++ b/sshconnect.c 21+++ b/sshconnect.c
22@@ -260,7 +260,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, 22@@ -260,7 +260,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
23 /* Execute the proxy command. Note that we gave up any 23 /* Execute the proxy command. Note that we gave up any
24 extra privileges above. */ 24 extra privileges above. */
25 signal(SIGPIPE, SIG_DFL); 25 ssh_signal(SIGPIPE, SIG_DFL);
26- execv(argv[0], argv); 26- execv(argv[0], argv);
27+ execvp(argv[0], argv); 27+ execvp(argv[0], argv);
28 perror(argv[0]); 28 perror(argv[0]);
29 exit(1); 29 exit(1);
30 } 30 }
31@@ -1387,7 +1387,7 @@ ssh_local_cmd(const char *args) 31@@ -1388,7 +1388,7 @@ ssh_local_cmd(const char *args)
32 if (pid == 0) { 32 if (pid == 0) {
33 signal(SIGPIPE, SIG_DFL); 33 ssh_signal(SIGPIPE, SIG_DFL);
34 debug3("Executing %s -c \"%s\"", shell, args); 34 debug3("Executing %s -c \"%s\"", shell, args);
35- execl(shell, shell, "-c", args, (char *)NULL); 35- execl(shell, shell, "-c", args, (char *)NULL);
36+ execlp(shell, shell, "-c", args, (char *)NULL); 36+ execlp(shell, shell, "-c", args, (char *)NULL);
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 0dd4c662e..e7849e6c3 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,11 +1,11 @@
1From a8b5ec5c28805f0ab6b1b05474531521ac42eb12 Mon Sep 17 00:00:00 2001 1From ad09303388f0172ab6e028aaf27d87cf873d123d Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:13 +0000 3Date: Sun, 9 Feb 2014 16:10:13 +0000
4Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) 4Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
5 5
6Bug-Debian: http://bugs.debian.org/711623 6Bug-Debian: http://bugs.debian.org/711623
7Forwarded: no 7Forwarded: no
8Last-Update: 2013-06-08 8Last-Update: 2020-02-21
9 9
10Patch-Name: ssh-agent-setgid.patch 10Patch-Name: ssh-agent-setgid.patch
11--- 11---
@@ -13,13 +13,13 @@ Patch-Name: ssh-agent-setgid.patch
13 1 file changed, 15 insertions(+) 13 1 file changed, 15 insertions(+)
14 14
15diff --git a/ssh-agent.1 b/ssh-agent.1 15diff --git a/ssh-agent.1 b/ssh-agent.1
16index 83b2b41c8..7230704a3 100644 16index fff0db6bc..99e4f6d2e 100644
17--- a/ssh-agent.1 17--- a/ssh-agent.1
18+++ b/ssh-agent.1 18+++ b/ssh-agent.1
19@@ -206,6 +206,21 @@ environment variable holds the agent's process ID. 19@@ -201,6 +201,21 @@ socket and stores its pathname in this variable.
20 .Pp 20 It is accessible only to the current user,
21 The agent exits automatically when the command given on the command 21 but is easily abused by root or another instance of the same user.
22 line terminates. 22 .El
23+.Pp 23+.Pp
24+In Debian, 24+In Debian,
25+.Nm 25+.Nm
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index af95ce67e..8f796719d 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
1From e9f961ffa4e4e73ed22103b5697147d135d88b4f Mon Sep 17 00:00:00 2001 1From 4b1e0000a099f988553ccc4b274e1790b5114c12 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:10 +0000 3Date: Sun, 9 Feb 2014 16:10:10 +0000
4Subject: ssh(1): Refer to ssh-argv0(1) 4Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch
18 1 file changed, 1 insertion(+) 18 1 file changed, 1 insertion(+)
19 19
20diff --git a/ssh.1 b/ssh.1 20diff --git a/ssh.1 b/ssh.1
21index 4923031f4..24530e511 100644 21index 17b0e984f..b33a8049f 100644
22--- a/ssh.1 22--- a/ssh.1
23+++ b/ssh.1 23+++ b/ssh.1
24@@ -1584,6 +1584,7 @@ if an error occurred. 24@@ -1610,6 +1610,7 @@ if an error occurred.
25 .Xr sftp 1 , 25 .Xr sftp 1 ,
26 .Xr ssh-add 1 , 26 .Xr ssh-add 1 ,
27 .Xr ssh-agent 1 , 27 .Xr ssh-agent 1 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index 5c2b58257..99116e9c4 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
1From 42c820f76fddf2f2e537dbe10842aa39f6154059 Mon Sep 17 00:00:00 2001 1From 11d571f137c76d8c2e38b1c1a537b04cc279f8e3 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@ubuntu.com> 2From: Colin Watson <cjwatson@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:09:50 +0000 3Date: Sun, 9 Feb 2014 16:09:50 +0000
4Subject: Accept obsolete ssh-vulnkey configuration options 4Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch
17 2 files changed, 2 insertions(+) 17 2 files changed, 2 insertions(+)
18 18
19diff --git a/readconf.c b/readconf.c 19diff --git a/readconf.c b/readconf.c
20index 3c68d1a88..a7fb7ca15 100644 20index da8022dd0..0fc996871 100644
21--- a/readconf.c 21--- a/readconf.c
22+++ b/readconf.c 22+++ b/readconf.c
23@@ -192,6 +192,7 @@ static struct { 23@@ -191,6 +191,7 @@ static struct {
24 { "fallbacktorsh", oDeprecated }, 24 { "fallbacktorsh", oDeprecated },
25 { "globalknownhostsfile2", oDeprecated }, 25 { "globalknownhostsfile2", oDeprecated },
26 { "rhostsauthentication", oDeprecated }, 26 { "rhostsauthentication", oDeprecated },
@@ -29,10 +29,10 @@ index 3c68d1a88..a7fb7ca15 100644
29 { "useroaming", oDeprecated }, 29 { "useroaming", oDeprecated },
30 { "usersh", oDeprecated }, 30 { "usersh", oDeprecated },
31diff --git a/servconf.c b/servconf.c 31diff --git a/servconf.c b/servconf.c
32index f63eb0b94..73b93c636 100644 32index 191575a16..bf3cd84a4 100644
33--- a/servconf.c 33--- a/servconf.c
34+++ b/servconf.c 34+++ b/servconf.c
35@@ -621,6 +621,7 @@ static struct { 35@@ -656,6 +656,7 @@ static struct {
36 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 36 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
37 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 37 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
38 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 38 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 2e4e5bbec..234d95ad2 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
1From 3d1a993f484e9043e57af3ae37b7c9c608d5a5f1 Mon Sep 17 00:00:00 2001 1From 387c2c1954773733bae9fca21a92db62c31180bd Mon Sep 17 00:00:00 2001
2From: Natalie Amery <nmamery@chiark.greenend.org.uk> 2From: Natalie Amery <nmamery@chiark.greenend.org.uk>
3Date: Sun, 9 Feb 2014 16:09:54 +0000 3Date: Sun, 9 Feb 2014 16:09:54 +0000
4Subject: "LogLevel SILENT" compatibility 4Subject: "LogLevel SILENT" compatibility
@@ -33,10 +33,10 @@ index d9c2d136c..1749af6d1 100644
33 { "FATAL", SYSLOG_LEVEL_FATAL }, 33 { "FATAL", SYSLOG_LEVEL_FATAL },
34 { "ERROR", SYSLOG_LEVEL_ERROR }, 34 { "ERROR", SYSLOG_LEVEL_ERROR },
35diff --git a/ssh.c b/ssh.c 35diff --git a/ssh.c b/ssh.c
36index 2da9f5d0d..7b482dcb0 100644 36index 110cf9c19..6138fd4d3 100644
37--- a/ssh.c 37--- a/ssh.c
38+++ b/ssh.c 38+++ b/ssh.c
39@@ -1268,7 +1268,7 @@ main(int ac, char **av) 39@@ -1305,7 +1305,7 @@ main(int ac, char **av)
40 /* Do not allocate a tty if stdin is not a tty. */ 40 /* Do not allocate a tty if stdin is not a tty. */
41 if ((!isatty(fileno(stdin)) || stdin_null_flag) && 41 if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
42 options.request_tty != REQUEST_TTY_FORCE) { 42 options.request_tty != REQUEST_TTY_FORCE) {
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index 7fb76cf3d..fdcfca30d 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
1From ab765b2bd55062a704f09da8f8c1c4ad1d6630a7 Mon Sep 17 00:00:00 2001 1From a208834b2d1811dac7054d7fdcdd04672f8b19f6 Mon Sep 17 00:00:00 2001
2From: Michael Biebl <biebl@debian.org> 2From: Michael Biebl <biebl@debian.org>
3Date: Mon, 21 Dec 2015 16:08:47 +0000 3Date: Mon, 21 Dec 2015 16:08:47 +0000
4Subject: Add systemd readiness notification support 4Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
14 2 files changed, 33 insertions(+) 14 2 files changed, 33 insertions(+)
15 15
16diff --git a/configure.ac b/configure.ac 16diff --git a/configure.ac b/configure.ac
17index e894db9fc..c119d6fd1 100644 17index cee7cbc51..5db3013de 100644
18--- a/configure.ac 18--- a/configure.ac
19+++ b/configure.ac 19+++ b/configure.ac
20@@ -4499,6 +4499,29 @@ AC_ARG_WITH([kerberos5], 20@@ -4664,6 +4664,29 @@ AC_ARG_WITH([kerberos5],
21 AC_SUBST([GSSLIBS]) 21 AC_SUBST([GSSLIBS])
22 AC_SUBST([K5LIBS]) 22 AC_SUBST([K5LIBS])
23 23
@@ -47,7 +47,7 @@ index e894db9fc..c119d6fd1 100644
47 # Looking for programs, paths and files 47 # Looking for programs, paths and files
48 48
49 PRIVSEP_PATH=/var/empty 49 PRIVSEP_PATH=/var/empty
50@@ -5305,6 +5328,7 @@ echo " libldns support: $LDNS_MSG" 50@@ -5476,6 +5499,7 @@ echo " libldns support: $LDNS_MSG"
51 echo " Solaris process contract support: $SPC_MSG" 51 echo " Solaris process contract support: $SPC_MSG"
52 echo " Solaris project support: $SP_MSG" 52 echo " Solaris project support: $SP_MSG"
53 echo " Solaris privilege support: $SPP_MSG" 53 echo " Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index e894db9fc..c119d6fd1 100644
56 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 56 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
57 echo " BSD Auth support: $BSD_AUTH_MSG" 57 echo " BSD Auth support: $BSD_AUTH_MSG"
58diff --git a/sshd.c b/sshd.c 58diff --git a/sshd.c b/sshd.c
59index 4e8ff0662..5e7679a33 100644 59index da876a900..c069505a0 100644
60--- a/sshd.c 60--- a/sshd.c
61+++ b/sshd.c 61+++ b/sshd.c
62@@ -85,6 +85,10 @@ 62@@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index 4e8ff0662..5e7679a33 100644
70 #include "xmalloc.h" 70 #include "xmalloc.h"
71 #include "ssh.h" 71 #include "ssh.h"
72 #include "ssh2.h" 72 #include "ssh2.h"
73@@ -1951,6 +1955,11 @@ main(int ac, char **av) 73@@ -2027,6 +2031,11 @@ main(int ac, char **av)
74 } 74 }
75 } 75 }
76 76
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9a1b434fa..8bd35addf 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001 1From 3309e464e5ae6c940ddd584eed4d2d403f4c168c Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:09:58 +0000 3Date: Sun, 9 Feb 2014 16:09:58 +0000
4Subject: Allow harmless group-writability 4Subject: Allow harmless group-writability
@@ -51,10 +51,10 @@ index 7a10210b6..587f53721 100644
51 pw->pw_name, buf); 51 pw->pw_name, buf);
52 auth_debug_add("Bad file modes for %.200s", buf); 52 auth_debug_add("Bad file modes for %.200s", buf);
53diff --git a/auth.c b/auth.c 53diff --git a/auth.c b/auth.c
54index 47c27773c..fc0c05bae 100644 54index 687c57b42..aed3c13ac 100644
55--- a/auth.c 55--- a/auth.c
56+++ b/auth.c 56+++ b/auth.c
57@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, 57@@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
58 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); 58 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
59 if (options.strict_modes && 59 if (options.strict_modes &&
60 (stat(user_hostfile, &st) == 0) && 60 (stat(user_hostfile, &st) == 0) &&
@@ -65,10 +65,10 @@ index 47c27773c..fc0c05bae 100644
65 "bad owner or modes for %.200s", 65 "bad owner or modes for %.200s",
66 pw->pw_name, user_hostfile); 66 pw->pw_name, user_hostfile);
67diff --git a/misc.c b/misc.c 67diff --git a/misc.c b/misc.c
68index 88833d7ff..42eeb425a 100644 68index 3a31d5c18..073d3be19 100644
69--- a/misc.c 69--- a/misc.c
70+++ b/misc.c 70+++ b/misc.c
71@@ -59,8 +59,9 @@ 71@@ -61,8 +61,9 @@
72 #include <netdb.h> 72 #include <netdb.h>
73 #ifdef HAVE_PATHS_H 73 #ifdef HAVE_PATHS_H
74 # include <paths.h> 74 # include <paths.h>
@@ -79,7 +79,7 @@ index 88833d7ff..42eeb425a 100644
79 #ifdef SSH_TUN_OPENBSD 79 #ifdef SSH_TUN_OPENBSD
80 #include <net/if.h> 80 #include <net/if.h>
81 #endif 81 #endif
82@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...) 82@@ -1124,6 +1125,55 @@ percent_expand(const char *string, ...)
83 #undef EXPAND_MAX_KEYS 83 #undef EXPAND_MAX_KEYS
84 } 84 }
85 85
@@ -135,7 +135,7 @@ index 88833d7ff..42eeb425a 100644
135 int 135 int
136 tun_open(int tun, int mode, char **ifname) 136 tun_open(int tun, int mode, char **ifname)
137 { 137 {
138@@ -1869,8 +1919,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 138@@ -1909,8 +1959,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
139 snprintf(err, errlen, "%s is not a regular file", buf); 139 snprintf(err, errlen, "%s is not a regular file", buf);
140 return -1; 140 return -1;
141 } 141 }
@@ -145,7 +145,7 @@ index 88833d7ff..42eeb425a 100644
145 snprintf(err, errlen, "bad ownership or modes for file %s", 145 snprintf(err, errlen, "bad ownership or modes for file %s",
146 buf); 146 buf);
147 return -1; 147 return -1;
148@@ -1885,8 +1934,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 148@@ -1925,8 +1974,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
149 strlcpy(buf, cp, sizeof(buf)); 149 strlcpy(buf, cp, sizeof(buf));
150 150
151 if (stat(buf, &st) == -1 || 151 if (stat(buf, &st) == -1 ||
@@ -156,12 +156,12 @@ index 88833d7ff..42eeb425a 100644
156 "bad ownership or modes for directory %s", buf); 156 "bad ownership or modes for directory %s", buf);
157 return -1; 157 return -1;
158diff --git a/misc.h b/misc.h 158diff --git a/misc.h b/misc.h
159index bcc34f980..869895d3a 100644 159index 4a05db2da..5db594b91 100644
160--- a/misc.h 160--- a/misc.h
161+++ b/misc.h 161+++ b/misc.h
162@@ -181,6 +181,8 @@ int opt_match(const char **opts, const char *term); 162@@ -188,6 +188,8 @@ struct notifier_ctx *notify_start(int, const char *, ...)
163 char *read_passphrase(const char *, int); 163 __attribute__((format(printf, 2, 3)));
164 int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); 164 void notify_complete(struct notifier_ctx *);
165 165
166+int secure_permissions(struct stat *st, uid_t uid); 166+int secure_permissions(struct stat *st, uid_t uid);
167+ 167+
@@ -169,10 +169,10 @@ index bcc34f980..869895d3a 100644
169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) 170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
171diff --git a/readconf.c b/readconf.c 171diff --git a/readconf.c b/readconf.c
172index 09787c0e5..16d2729dd 100644 172index 2399208f8..7f251dd4a 100644
173--- a/readconf.c 173--- a/readconf.c
174+++ b/readconf.c 174+++ b/readconf.c
175@@ -1855,8 +1855,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, 175@@ -1902,8 +1902,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
176 176
177 if (fstat(fileno(f), &sb) == -1) 177 if (fstat(fileno(f), &sb) == -1)
178 fatal("fstat %s: %s", filename, strerror(errno)); 178 fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 09787c0e5..16d2729dd 100644
183 } 183 }
184 184
185diff --git a/ssh.1 b/ssh.1 185diff --git a/ssh.1 b/ssh.1
186index 26940ad55..20e4c4efa 100644 186index db5c65bc7..cf991e4ee 100644
187--- a/ssh.1 187--- a/ssh.1
188+++ b/ssh.1 188+++ b/ssh.1
189@@ -1484,6 +1484,8 @@ The file format and configuration options are described in 189@@ -1506,6 +1506,8 @@ The file format and configuration options are described in
190 .Xr ssh_config 5 . 190 .Xr ssh_config 5 .
191 Because of the potential for abuse, this file must have strict permissions: 191 Because of the potential for abuse, this file must have strict permissions:
192 read/write for the user, and not writable by others. 192 read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index 26940ad55..20e4c4efa 100644
196 .It Pa ~/.ssh/environment 196 .It Pa ~/.ssh/environment
197 Contains additional definitions for environment variables; see 197 Contains additional definitions for environment variables; see
198diff --git a/ssh_config.5 b/ssh_config.5 198diff --git a/ssh_config.5 b/ssh_config.5
199index bc04d8d02..2c74b57c0 100644 199index 3079db19b..e61a0fd43 100644
200--- a/ssh_config.5 200--- a/ssh_config.5
201+++ b/ssh_config.5 201+++ b/ssh_config.5
202@@ -1907,6 +1907,8 @@ The format of this file is described above. 202@@ -1952,6 +1952,8 @@ The format of this file is described above.
203 This file is used by the SSH client. 203 This file is used by the SSH client.
204 Because of the potential for abuse, this file must have strict permissions: 204 Because of the potential for abuse, this file must have strict permissions:
205 read/write for the user, and not writable by others. 205 read/write for the user, and not writable by others.
diff --git a/debian/rules b/debian/rules
index 5e415fc7f..b4dbec715 100755
--- a/debian/rules
+++ b/debian/rules
@@ -78,6 +78,7 @@ ifeq ($(DEB_HOST_ARCH_OS),linux)
78confflags += --with-selinux 78confflags += --with-selinux
79confflags += --with-audit=linux 79confflags += --with-audit=linux
80confflags += --with-systemd 80confflags += --with-systemd
81confflags += --with-security-key-builtin
81endif 82endif
82 83
83# The deb build wants xauth; the udeb build doesn't. 84# The deb build wants xauth; the udeb build doesn't.
@@ -184,8 +185,10 @@ override_dh_install-indep:
184 dh_install 185 dh_install
185 186
186override_dh_installdocs: 187override_dh_installdocs:
187 dh_installdocs -Nopenssh-server -Nopenssh-sftp-server 188 dh_installdocs \
188 dh_installdocs -popenssh-server -popenssh-sftp-server \ 189 -Nopenssh-server -Nopenssh-sftp-server -Nopenssh-sk-helper
190 dh_installdocs \
191 -popenssh-server -popenssh-sftp-server -popenssh-sk-helper \
189 --link-doc=openssh-client 192 --link-doc=openssh-client
190 # Avoid breaking dh_installexamples later. 193 # Avoid breaking dh_installexamples later.
191 mkdir -p debian/openssh-server/usr/share/doc/openssh-client 194 mkdir -p debian/openssh-server/usr/share/doc/openssh-client
diff --git a/defines.h b/defines.h
index 7855fbf90..a347a44ff 100644
--- a/defines.h
+++ b/defines.h
@@ -96,6 +96,9 @@ enum
96#ifndef IPTOS_DSCP_EF 96#ifndef IPTOS_DSCP_EF
97# define IPTOS_DSCP_EF 0xb8 97# define IPTOS_DSCP_EF 0xb8
98#endif /* IPTOS_DSCP_EF */ 98#endif /* IPTOS_DSCP_EF */
99#ifndef IPTOS_DSCP_LE
100# define IPTOS_DSCP_LE 0x01
101#endif /* IPTOS_DSCP_LE */
99#ifndef IPTOS_PREC_CRITIC_ECP 102#ifndef IPTOS_PREC_CRITIC_ECP
100# define IPTOS_PREC_CRITIC_ECP 0xa0 103# define IPTOS_PREC_CRITIC_ECP 0xa0
101#endif 104#endif
@@ -251,6 +254,14 @@ typedef unsigned int u_int32_t;
251#define __BIT_TYPES_DEFINED__ 254#define __BIT_TYPES_DEFINED__
252#endif 255#endif
253 256
257#ifndef UINT32_MAX
258# if defined(HAVE_DECL_UINT32_MAX) && (HAVE_DECL_UINT32_MAX == 0)
259# if (SIZEOF_INT == 4)
260# define UINT32_MAX UINT_MAX
261# endif
262# endif
263#endif
264
254/* 64-bit types */ 265/* 64-bit types */
255#ifndef HAVE_INT64_T 266#ifndef HAVE_INT64_T
256# if (SIZEOF_LONG_INT == 8) 267# if (SIZEOF_LONG_INT == 8)
@@ -333,6 +344,7 @@ typedef unsigned int size_t;
333 344
334#ifndef HAVE_SSIZE_T 345#ifndef HAVE_SSIZE_T
335typedef int ssize_t; 346typedef int ssize_t;
347#define SSIZE_MAX INT_MAX
336# define HAVE_SSIZE_T 348# define HAVE_SSIZE_T
337#endif /* HAVE_SSIZE_T */ 349#endif /* HAVE_SSIZE_T */
338 350
diff --git a/digest-openssl.c b/digest-openssl.c
index 11efbf7c0..dbbea4251 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -32,9 +32,6 @@
32#include "digest.h" 32#include "digest.h"
33#include "ssherr.h" 33#include "ssherr.h"
34 34
35#ifndef HAVE_EVP_RIPEMD160
36# define EVP_ripemd160 NULL
37#endif
38#ifndef HAVE_EVP_SHA256 35#ifndef HAVE_EVP_SHA256
39# define EVP_sha256 NULL 36# define EVP_sha256 NULL
40#endif 37#endif
diff --git a/entropy.c b/entropy.c
index 5de68016b..19ddeeafa 100644
--- a/entropy.c
+++ b/entropy.c
@@ -84,7 +84,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
84 struct sockaddr_storage addr; 84 struct sockaddr_storage addr;
85 struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; 85 struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
86 struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; 86 struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
87 mysig_t old_sigpipe; 87 sshsig_t old_sigpipe;
88 88
89 /* Sanity checks */ 89 /* Sanity checks */
90 if (socket_path == NULL && tcp_port == 0) 90 if (socket_path == NULL && tcp_port == 0)
@@ -110,7 +110,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
110 strlen(socket_path) + 1; 110 strlen(socket_path) + 1;
111 } 111 }
112 112
113 old_sigpipe = signal(SIGPIPE, SIG_IGN); 113 old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
114 114
115 errors = 0; 115 errors = 0;
116 rval = -1; 116 rval = -1;
@@ -160,7 +160,7 @@ reopen:
160 160
161 rval = 0; 161 rval = 0;
162done: 162done:
163 signal(SIGPIPE, old_sigpipe); 163 ssh_signal(SIGPIPE, old_sigpipe);
164 if (fd != -1) 164 if (fd != -1)
165 close(fd); 165 close(fd);
166 return rval; 166 return rval;
diff --git a/hash.c b/hash.c
index 5875d41fa..fb81e4786 100644
--- a/hash.c
+++ b/hash.c
@@ -1,27 +1,45 @@
1/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ 1/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
2 2
3/* $OpenBSD: hash.c,v 1.5 2018/01/13 00:24:09 naddy Exp $ */ 3/* $OpenBSD: hash.c,v 1.6 2019/11/29 00:11:21 djm Exp $ */
4/* 4/*
5 * Public domain. Author: Christian Weisgerber <naddy@openbsd.org> 5 * Public domain. Author: Christian Weisgerber <naddy@openbsd.org>
6 * API compatible reimplementation of function from nacl 6 * API compatible reimplementation of function from nacl
7 */ 7 */
8 8
9#include "includes.h"
10
9#include "crypto_api.h" 11#include "crypto_api.h"
10 12
11#include <stdarg.h> 13#include <stdarg.h>
12 14
13#include "digest.h" 15#ifdef WITH_OPENSSL
14#include "log.h" 16#include <openssl/evp.h>
15#include "ssherr.h"
16 17
17int 18int
18crypto_hash_sha512(unsigned char *out, const unsigned char *in, 19crypto_hash_sha512(unsigned char *out, const unsigned char *in,
19 unsigned long long inlen) 20 unsigned long long inlen)
20{ 21{
21 int r;
22 22
23 if ((r = ssh_digest_memory(SSH_DIGEST_SHA512, in, inlen, out, 23 if (!EVP_Digest(in, inlen, out, NULL, EVP_sha512(), NULL))
24 crypto_hash_sha512_BYTES)) != 0) 24 return -1;
25 fatal("%s: %s", __func__, ssh_err(r)); 25 return 0;
26}
27
28#else
29# ifdef HAVE_SHA2_H
30# include <sha2.h>
31# endif
32
33int
34crypto_hash_sha512(unsigned char *out, const unsigned char *in,
35 unsigned long long inlen)
36{
37
38 SHA2_CTX ctx;
39
40 SHA512Init(&ctx);
41 SHA512Update(&ctx, in, inlen);
42 SHA512Final(out, &ctx);
26 return 0; 43 return 0;
27} 44}
45#endif /* WITH_OPENSSL */
diff --git a/hmac.c b/hmac.c
index a79e8569c..32688876d 100644
--- a/hmac.c
+++ b/hmac.c
@@ -21,7 +21,6 @@
21 21
22#include <stdlib.h> 22#include <stdlib.h>
23#include <string.h> 23#include <string.h>
24#include <stdlib.h>
25 24
26#include "sshbuf.h" 25#include "sshbuf.h"
27#include "digest.h" 26#include "digest.h"
diff --git a/hostfile.c b/hostfile.c
index 96ab880d4..4a0349a60 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.76 2019/07/07 01:05:00 dtucker Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.77 2020/01/25 00:21:08 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -566,6 +566,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
566 /* Remove all entries for the specified host from the file */ 566 /* Remove all entries for the specified host from the file */
567 if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip, 567 if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip,
568 HKF_WANT_PARSE_KEY)) != 0) { 568 HKF_WANT_PARSE_KEY)) != 0) {
569 oerrno = errno;
569 error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); 570 error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
570 goto fail; 571 goto fail;
571 } 572 }
diff --git a/kex.c b/kex.c
index f450bc2c7..2abfbb95a 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */ 1/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -33,7 +33,9 @@
33#include <stdlib.h> 33#include <stdlib.h>
34#include <string.h> 34#include <string.h>
35#include <unistd.h> 35#include <unistd.h>
36#ifdef HAVE_POLL_H
36#include <poll.h> 37#include <poll.h>
38#endif
37 39
38#ifdef WITH_OPENSSL 40#ifdef WITH_OPENSSL
39#include <openssl/crypto.h> 41#include <openssl/crypto.h>
@@ -129,7 +131,7 @@ static const struct kexalg gss_kexalgs[] = {
129 NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, 131 NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
130 { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, 132 { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
131#endif 133#endif
132 { NULL, 0, -1, -1 }, 134 { NULL, 0, -1, -1},
133}; 135};
134 136
135static char * 137static char *
@@ -856,11 +858,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
856 858
857 if (name == NULL) 859 if (name == NULL)
858 return SSH_ERR_NO_COMPRESS_ALG_MATCH; 860 return SSH_ERR_NO_COMPRESS_ALG_MATCH;
861#ifdef WITH_ZLIB
859 if (strcmp(name, "zlib@openssh.com") == 0) { 862 if (strcmp(name, "zlib@openssh.com") == 0) {
860 comp->type = COMP_DELAYED; 863 comp->type = COMP_DELAYED;
861 } else if (strcmp(name, "zlib") == 0) { 864 } else if (strcmp(name, "zlib") == 0) {
862 comp->type = COMP_ZLIB; 865 comp->type = COMP_ZLIB;
863 } else if (strcmp(name, "none") == 0) { 866 } else
867#endif /* WITH_ZLIB */
868 if (strcmp(name, "none") == 0) {
864 comp->type = COMP_NONE; 869 comp->type = COMP_NONE;
865 } else { 870 } else {
866 error("%s: unsupported compression scheme %s", __func__, name); 871 error("%s: unsupported compression scheme %s", __func__, name);
diff --git a/kexgen.c b/kexgen.c
index d353ed8b0..c0e8c2f44 100644
--- a/kexgen.c
+++ b/kexgen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgen.c,v 1.3 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: kexgen.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Markus Friedl. All rights reserved. 3 * Copyright (c) 2019 Markus Friedl. All rights reserved.
4 * 4 *
@@ -212,7 +212,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
212 goto out; 212 goto out;
213 213
214 if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, 214 if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
215 kex->hostkey_alg, ssh->compat)) != 0) 215 kex->hostkey_alg, ssh->compat, NULL)) != 0)
216 goto out; 216 goto out;
217 217
218 if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) 218 if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
diff --git a/kexgexc.c b/kexgexc.c
index 1c65b8a18..323a659b7 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -199,7 +199,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
199 goto out; 199 goto out;
200 200
201 if ((r = sshkey_verify(server_host_key, signature, slen, hash, 201 if ((r = sshkey_verify(server_host_key, signature, slen, hash,
202 hashlen, kex->hostkey_alg, ssh->compat)) != 0) 202 hashlen, kex->hostkey_alg, ssh->compat, NULL)) != 0)
203 goto out; 203 goto out;
204 204
205 if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) 205 if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
diff --git a/krl.c b/krl.c
index a7f690955..03476dedd 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */ 17/* $OpenBSD: krl.c,v 1.47 2020/01/25 23:02:13 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -813,7 +813,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
813 goto out; 813 goto out;
814 814
815 if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, 815 if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
816 sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) 816 sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0)
817 goto out; 817 goto out;
818 KRL_DBG(("%s: signature sig len %zu", __func__, slen)); 818 KRL_DBG(("%s: signature sig len %zu", __func__, slen));
819 if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) 819 if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
@@ -1079,7 +1079,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
1079 } 1079 }
1080 /* Check signature over entire KRL up to this point */ 1080 /* Check signature over entire KRL up to this point */
1081 if ((r = sshkey_verify(key, blob, blen, 1081 if ((r = sshkey_verify(key, blob, blen,
1082 sshbuf_ptr(buf), sig_off, NULL, 0)) != 0) 1082 sshbuf_ptr(buf), sig_off, NULL, 0, NULL)) != 0)
1083 goto out; 1083 goto out;
1084 /* Check if this key has already signed this KRL */ 1084 /* Check if this key has already signed this KRL */
1085 for (i = 0; i < nca_used; i++) { 1085 for (i = 0; i < nca_used; i++) {
@@ -1336,19 +1336,11 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
1336{ 1336{
1337 struct sshbuf *krlbuf = NULL; 1337 struct sshbuf *krlbuf = NULL;
1338 struct ssh_krl *krl = NULL; 1338 struct ssh_krl *krl = NULL;
1339 int oerrno = 0, r, fd; 1339 int oerrno = 0, r;
1340 1340
1341 if (path == NULL) 1341 if (path == NULL)
1342 return 0; 1342 return 0;
1343 1343 if ((r = sshbuf_load_file(path, &krlbuf)) != 0) {
1344 if ((krlbuf = sshbuf_new()) == NULL)
1345 return SSH_ERR_ALLOC_FAIL;
1346 if ((fd = open(path, O_RDONLY)) == -1) {
1347 r = SSH_ERR_SYSTEM_ERROR;
1348 oerrno = errno;
1349 goto out;
1350 }
1351 if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
1352 oerrno = errno; 1344 oerrno = errno;
1353 goto out; 1345 goto out;
1354 } 1346 }
@@ -1357,8 +1349,6 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
1357 debug2("%s: checking KRL %s", __func__, path); 1349 debug2("%s: checking KRL %s", __func__, path);
1358 r = ssh_krl_check_key(krl, key); 1350 r = ssh_krl_check_key(krl, key);
1359 out: 1351 out:
1360 if (fd != -1)
1361 close(fd);
1362 sshbuf_free(krlbuf); 1352 sshbuf_free(krlbuf);
1363 ssh_krl_free(krl); 1353 ssh_krl_free(krl);
1364 if (r != 0) 1354 if (r != 0)
diff --git a/mac.c b/mac.c
index de346ed20..f3dda6692 100644
--- a/mac.c
+++ b/mac.c
@@ -30,7 +30,6 @@
30#include <stdlib.h> 30#include <stdlib.h>
31#include <string.h> 31#include <string.h>
32#include <stdio.h> 32#include <stdio.h>
33#include <stdlib.h>
34 33
35#include "digest.h" 34#include "digest.h"
36#include "hmac.h" 35#include "hmac.h"
diff --git a/match.c b/match.c
index 25c866a43..3a8fa9d78 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.c,v 1.40 2019/10/04 04:13:39 djm Exp $ */ 1/* $OpenBSD: match.c,v 1.41 2019/11/13 04:47:52 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,6 +42,7 @@
42#include <ctype.h> 42#include <ctype.h>
43#include <stdlib.h> 43#include <stdlib.h>
44#include <string.h> 44#include <string.h>
45#include <stdarg.h>
45#include <stdio.h> 46#include <stdio.h>
46 47
47#include "xmalloc.h" 48#include "xmalloc.h"
@@ -178,7 +179,7 @@ match_usergroup_pattern_list(const char *string, const char *pattern)
178 /* Windows usernames may be Unicode and are not case sensitive */ 179 /* Windows usernames may be Unicode and are not case sensitive */
179 return cygwin_ug_match_pattern_list(string, pattern); 180 return cygwin_ug_match_pattern_list(string, pattern);
180#else 181#else
181 /* Case insensitive match */ 182 /* Case sensitive match */
182 return match_pattern_list(string, pattern, 0); 183 return match_pattern_list(string, pattern, 0);
183#endif 184#endif
184} 185}
diff --git a/misc.c b/misc.c
index 42eeb425a..073d3be19 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.142 2019/09/03 08:32:11 djm Exp $ */ 1/* $OpenBSD: misc.c,v 1.146 2020/01/28 01:49:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -38,7 +38,9 @@
38#ifdef HAVE_LIBGEN_H 38#ifdef HAVE_LIBGEN_H
39# include <libgen.h> 39# include <libgen.h>
40#endif 40#endif
41#ifdef HAVE_POLL_H
41#include <poll.h> 42#include <poll.h>
43#endif
42#include <signal.h> 44#include <signal.h>
43#include <stdarg.h> 45#include <stdarg.h>
44#include <stdio.h> 46#include <stdio.h>
@@ -237,12 +239,12 @@ set_rdomain(int fd, const char *name)
237} 239}
238 240
239/* 241/*
240 * Wait up to *timeoutp milliseconds for fd to be readable. Updates 242 * Wait up to *timeoutp milliseconds for events on fd. Updates
241 * *timeoutp with time remaining. 243 * *timeoutp with time remaining.
242 * Returns 0 if fd ready or -1 on timeout or error (see errno). 244 * Returns 0 if fd ready or -1 on timeout or error (see errno).
243 */ 245 */
244int 246static int
245waitrfd(int fd, int *timeoutp) 247waitfd(int fd, int *timeoutp, short events)
246{ 248{
247 struct pollfd pfd; 249 struct pollfd pfd;
248 struct timeval t_start; 250 struct timeval t_start;
@@ -250,7 +252,7 @@ waitrfd(int fd, int *timeoutp)
250 252
251 monotime_tv(&t_start); 253 monotime_tv(&t_start);
252 pfd.fd = fd; 254 pfd.fd = fd;
253 pfd.events = POLLIN; 255 pfd.events = events;
254 for (; *timeoutp >= 0;) { 256 for (; *timeoutp >= 0;) {
255 r = poll(&pfd, 1, *timeoutp); 257 r = poll(&pfd, 1, *timeoutp);
256 oerrno = errno; 258 oerrno = errno;
@@ -269,6 +271,16 @@ waitrfd(int fd, int *timeoutp)
269} 271}
270 272
271/* 273/*
274 * Wait up to *timeoutp milliseconds for fd to be readable. Updates
275 * *timeoutp with time remaining.
276 * Returns 0 if fd ready or -1 on timeout or error (see errno).
277 */
278int
279waitrfd(int fd, int *timeoutp) {
280 return waitfd(fd, timeoutp, POLLIN);
281}
282
283/*
272 * Attempt a non-blocking connect(2) to the specified address, waiting up to 284 * Attempt a non-blocking connect(2) to the specified address, waiting up to
273 * *timeoutp milliseconds for the connection to complete. If the timeout is 285 * *timeoutp milliseconds for the connection to complete. If the timeout is
274 * <=0, then wait indefinitely. 286 * <=0, then wait indefinitely.
@@ -294,7 +306,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
294 } else if (errno != EINPROGRESS) 306 } else if (errno != EINPROGRESS)
295 return -1; 307 return -1;
296 308
297 if (waitrfd(sockfd, timeoutp) == -1) 309 if (waitfd(sockfd, timeoutp, POLLIN | POLLOUT) == -1)
298 return -1; 310 return -1;
299 311
300 /* Completed or failed */ 312 /* Completed or failed */
@@ -1282,6 +1294,33 @@ tohex(const void *vp, size_t l)
1282 return (r); 1294 return (r);
1283} 1295}
1284 1296
1297/*
1298 * Extend string *sp by the specified format. If *sp is not NULL (or empty),
1299 * then the separator 'sep' will be prepended before the formatted arguments.
1300 * Extended strings are heap allocated.
1301 */
1302void
1303xextendf(char **sp, const char *sep, const char *fmt, ...)
1304{
1305 va_list ap;
1306 char *tmp1, *tmp2;
1307
1308 va_start(ap, fmt);
1309 xvasprintf(&tmp1, fmt, ap);
1310 va_end(ap);
1311
1312 if (*sp == NULL || **sp == '\0') {
1313 free(*sp);
1314 *sp = tmp1;
1315 return;
1316 }
1317 xasprintf(&tmp2, "%s%s%s", *sp, sep == NULL ? "" : sep, tmp1);
1318 free(tmp1);
1319 free(*sp);
1320 *sp = tmp2;
1321}
1322
1323
1285u_int64_t 1324u_int64_t
1286get_u64(const void *vp) 1325get_u64(const void *vp)
1287{ 1326{
@@ -1570,6 +1609,7 @@ static const struct {
1570 { "cs6", IPTOS_DSCP_CS6 }, 1609 { "cs6", IPTOS_DSCP_CS6 },
1571 { "cs7", IPTOS_DSCP_CS7 }, 1610 { "cs7", IPTOS_DSCP_CS7 },
1572 { "ef", IPTOS_DSCP_EF }, 1611 { "ef", IPTOS_DSCP_EF },
1612 { "le", IPTOS_DSCP_LE },
1573 { "lowdelay", IPTOS_LOWDELAY }, 1613 { "lowdelay", IPTOS_LOWDELAY },
1574 { "throughput", IPTOS_THROUGHPUT }, 1614 { "throughput", IPTOS_THROUGHPUT },
1575 { "reliability", IPTOS_RELIABILITY }, 1615 { "reliability", IPTOS_RELIABILITY },
@@ -2257,3 +2297,20 @@ opt_match(const char **opts, const char *term)
2257 return 0; 2297 return 0;
2258} 2298}
2259 2299
2300sshsig_t
2301ssh_signal(int signum, sshsig_t handler)
2302{
2303 struct sigaction sa, osa;
2304
2305 /* mask all other signals while in handler */
2306 bzero(&sa, sizeof(sa));
2307 sa.sa_handler = handler;
2308 sigfillset(&sa.sa_mask);
2309 if (signum != SIGALRM)
2310 sa.sa_flags = SA_RESTART;
2311 if (sigaction(signum, &sa, &osa) == -1) {
2312 debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
2313 return SIG_ERR;
2314 }
2315 return osa.sa_handler;
2316}
diff --git a/misc.h b/misc.h
index 869895d3a..5db594b91 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.81 2019/09/03 08:32:11 djm Exp $ */ 1/* $OpenBSD: misc.h,v 1.84 2020/01/24 23:54:40 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -69,6 +69,8 @@ long convtime(const char *);
69char *tilde_expand_filename(const char *, uid_t); 69char *tilde_expand_filename(const char *, uid_t);
70char *percent_expand(const char *, ...) __attribute__((__sentinel__)); 70char *percent_expand(const char *, ...) __attribute__((__sentinel__));
71char *tohex(const void *, size_t); 71char *tohex(const void *, size_t);
72void xextendf(char **s, const char *sep, const char *fmt, ...)
73 __attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__ (3)));
72void sanitise_stdfd(void); 74void sanitise_stdfd(void);
73void ms_subtract_diff(struct timeval *, int *); 75void ms_subtract_diff(struct timeval *, int *);
74void ms_to_timeval(struct timeval *, int); 76void ms_to_timeval(struct timeval *, int);
@@ -178,8 +180,13 @@ int opt_match(const char **opts, const char *term);
178#define RP_ALLOW_EOF 0x0004 180#define RP_ALLOW_EOF 0x0004
179#define RP_USE_ASKPASS 0x0008 181#define RP_USE_ASKPASS 0x0008
180 182
183struct notifier_ctx;
184
181char *read_passphrase(const char *, int); 185char *read_passphrase(const char *, int);
182int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); 186int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
187struct notifier_ctx *notify_start(int, const char *, ...)
188 __attribute__((format(printf, 2, 3)));
189void notify_complete(struct notifier_ctx *);
183 190
184int secure_permissions(struct stat *st, uid_t uid); 191int secure_permissions(struct stat *st, uid_t uid);
185 192
@@ -187,4 +194,6 @@ int secure_permissions(struct stat *st, uid_t uid);
187#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 194#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
188#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) 195#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
189 196
197typedef void (*sshsig_t)(int);
198sshsig_t ssh_signal(int, sshsig_t);
190#endif /* _MISC_H */ 199#endif /* _MISC_H */
diff --git a/moduli b/moduli
index a6c13d8c2..1e2cd34f2 100644
--- a/moduli
+++ b/moduli
@@ -1,452 +1,406 @@
1# $OpenBSD: moduli,v 1.24 2019/04/26 08:37:16 dtucker Exp $ 1# $OpenBSD: moduli,v 1.25 2019/10/22 07:06:35 dtucker Exp $
2# Time Type Tests Tries Size Generator Modulus 2# Time Type Tests Tries Size Generator Modulus
320181031113618 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0BE8103 320190427132703 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B43F297B
420181031113634 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C7C3CF 420190427132708 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B43FDA33
520181031113642 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C8204B 520190427132804 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B4AA694B
620181031113722 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0E7A6DB 620190427132920 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B536A28B
720181031113747 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0F5096B 720190427132946 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B560B7BB
820181031113822 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE11027BF 820190427133034 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B5B8CC93
920181031113906 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE12EA013 920190427133141 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B6380E53
1020181031113934 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE13F42E7 1020190427133220 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B67E17AF
1120181031114007 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE15AA2C3 1120190427133327 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B6FFFE13
1220181031114101 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE18AB6BB 1220190427133429 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B76DEEFF
1320181031114215 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE1C69837 1320190427133520 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B7CAADE3
1420181031114328 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE207143B 1420190427133535 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B7E1C767
1520181031114445 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE24E3977 1520190427133548 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B7F2489F
1620181031114549 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2843EE7 1620190427133556 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B7FB8D0F
1720181031114559 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE285908B 1720190427133620 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B8202A8F
1820181031114647 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2A7511B 1820190427133650 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B852B3EB
1920181031114706 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2B08EBF 1920190427133730 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B8996103
2020181031114734 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2C326CF 2020190427133826 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B9059367
2120181031114807 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2E0BCBB 2120190427133853 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B934CE3F
2220181031114901 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE30D862B 2220190427133934 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B97C218F
2320181031114935 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32AADEF 2320190427134021 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7B9D20303
2420181031114949 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32F8FDB 2420190427134054 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BA0922D3
2520181031115050 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE372E443 2520190427134141 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BA60986F
2620181031115213 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE3C3748F 2620190427134218 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BAA3065B
2720181031115339 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4158847 2720190427134236 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BABBEA8B
2820181031115400 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4262F2F 2820190427134255 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BAD95503
2920181031115438 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE452029F 2920190427134319 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BAFE825F
3020181031115505 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE467FAEB 3020190427134323 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BAFEAF23
3120181031115602 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4A3A77B 3120190427134415 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BB58DFA7
3220181031115728 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4F4FEC3 3220190427134430 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BB6E0833
3320181031115752 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50404F3 3320190427134447 2 6 100 2047 5 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BB86B387
3420181031115803 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50889BB 3420190427134458 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BB9466DB
3520181031115940 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE57A3D23 3520190427134557 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BC0557EB
3620181031120037 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5CC4913 3620190427134619 2 6 100 2047 2 D89645A8729D536F81F6D80ACE07FEA130E55B5076785AB086044CD7C09718E6309ECDB7D645DF39726B92D14BA56A5D5362D6E6A839FD131805A20868A85956B460A31467BB58F14DB8C6DA03A030B2002DF101FD01B47E93D4CBA0AEDC33E4A3111DD61535FD9E38191503F02D7B848C11C3F1819AEEECFD3F2992F4A6BE6433CA9674F225939A22A926CC47080CD0E17681FF0660AC456B2524204485FAC04EB9687CFC6C8FDA3AAA60035F2686668FD75F9975C02C2D8EC4AFD865AD904732A6011C986334B60E617AB6E5055BE357B43B1B647F382CAE57AA0920FC0F664A07B94F2642EA7D99CBAC3A5D126B356DA271178A93E7F7C20F17F7BC28DADB
3720181031120051 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5D944FB 3720190427134649 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6E1990C3
3820181031120113 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5EF41F7 3820190427134736 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6E6DBD63
3920181031120225 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE646894F 3920190427134803 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6E9D4323
4020181031120258 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE670C3B7 4020190427134834 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6ED04E7B
4120181031120333 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AD617 4120190427134847 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6EE19F73
4220181031120339 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AE223 4220190427134920 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6F1A344B
4320181031120356 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6ADE1B3 4320190427135005 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6F6D5747
4420181031120414 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6BD0ACF 4420190427135106 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6FDCEC0F
4520181031120712 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7ACC18B 4520190427135120 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA6FF14F7F
4620181031120724 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7B37CAB 4620190427135144 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA70192257
4720181031120737 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7BF34CF 4720190427135211 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7045D11B
4820181031120819 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F719A3 4820190427135226 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7058B803
4920181031120825 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F7A70F 4920190427135246 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7079721F
5020181031120834 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FD3383 5020190427135301 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA708DD1FF
5120181031120841 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FF6C03 5120190427135418 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7121862F
5220181031120850 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE806800F 5220190427135521 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7198F48B
5320181031120856 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE807F56B 5320190427135603 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA71E5F087
5420181031120905 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE80BD7DF 5420190427135644 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA722E63EF
5520181031120923 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE81F7F6F 5520190427135717 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA72641AB7
5620181031121031 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE88D9BB7 5620190427135822 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA72DF5AFB
5720181031121153 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79F990A17 5720190427135842 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA72FF319B
5820181031121230 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FC4B55B 5820190427135852 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA730ADC3F
5920181031121305 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FF25EFF 5920190427135857 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA730C5F93
6020181031121338 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0250433 6020190427140013 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7396C23F
6120181031121452 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0A900D3 6120190427140042 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA73C9FE3F
6220181031121515 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0C7B767 6220190427140048 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA73CD560B
6320181031121531 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0DB38C3 6320190427140242 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA74AE206B
6420181031121542 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0E45E73 6420190427140252 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA74B7C6BB
6520181031121642 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A13B7883 6520190427140257 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA74B963A7
6620181031121702 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A155F0FF 6620190427140321 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA74E0E027
6720181031121739 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A19802C3 6720190427140332 2 6 100 2047 2 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA74EEB823
6820181031121744 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A198FC0B 6820190427140404 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA752ACD17
6920181031121802 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1B38723 6920190427140438 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA75648B1F
7020181031121819 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1CBBC3F 7020190427140451 2 6 100 2047 5 CC95B326545FBD4D1FB7F94FF6FAB4F18A24F90BB106535592E25F9AA5453A4077D4BC59388DBC2DACB4E19BB39974160F7BA6BF3F5F3F3464BE09FBE3E52676B1F63C260C55B827A2987ECD5BD7405DEF87B6BB23B8A6AF7C73C99E338DF0F906B7813398F1BFFC489C5C8007E370CFD82CB53B5BCBAA85781944B123AE3BF4DB294BF5C8E3F915B3523EB2546052EA02ADC5008F9D339F3F9FFD87325BCAE65C6B6C8DEBD12ECD3B23E0FF02913BEBC8A4245CDA50F2C0D67B6144C28E1C770EA15D566C5F4126025E5BA6C8C0AD259D8E35B5BD81CFAED74F65A007EC7CCD56362B20FDC9E0A38C7149D18166E9DAA5AA8F02833528D3F1FA9BFA7576A0F7
7120181031121927 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A24638B7 7120190427142510 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D254CBF7FF
7220181031121954 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A26FE49F 7220190427142834 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2554C6403
7320181031121959 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A272126F 7320190427143431 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2563401E3
7420181031122023 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2962B0B 7420190427144119 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2573D72E3
7520181031122035 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2A69E27 7520190427144211 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25757529B
7620181031122128 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2F49F9B 7620190427144648 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2580C5933
7720181031122137 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2FC98C7 7720190427144934 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D258726557
7820181031122211 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A32E8983 7820190427145348 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D259170323
7920181031122217 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A332034B 7920190427145853 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D259D92B83
8020181031122230 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A341BC13 8020190427145926 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D259E64733
8120181031122415 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A3E82A8B 8120190427150049 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25A14FEE3
8220181031122441 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A405F593 8220190427150137 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25A2B00CB
8320181031122523 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A44029BB 8320190427150433 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25A990E67
8420181031122645 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4A62F13 8420190427150837 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25B33F1BB
8520181031122739 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4D96A23 8520190427151112 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25B94E713
8620181031122811 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4F1B05B 8620190427151214 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25BB89367
8720181031122853 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5184683 8720190427151319 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25BDB8C9F
8820181031122948 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A549FBCF 8820190427151415 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25BF8D833
8920181031123010 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5593157 8920190427151906 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25CB34BEF
9020181031123029 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5681F87 9020190427152724 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25DF6F3CF
9120181031123056 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A57EC4B3 9120190427152824 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25E177EAB
9220181031123230 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5DD04FF 9220190427153358 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25ED44D97
9320181031123244 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5E3B3D7 9320190427153435 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25EE50097
9420181031123450 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A660A94F 9420190427153608 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D25F1B3BCB
9520181031123530 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A68FC267 9520190427154311 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26029D67B
9620181031125435 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11528E4B7 9620190427154456 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26067D5E3
9720181031125919 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B115D90A53 9720190427154845 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D260F495E7
9820181031130156 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116301C17 9820190427155437 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D261D6A03F
9920181031130212 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11631DCAF 9920190427155532 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D261F2537F
10020181031130646 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4CA3B 10020190427155940 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D262925453
10120181031130658 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4E133 10120190427160027 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D262A94017
10220181031130803 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B117068663 10220190427160325 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26318723F
10320181031130826 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1170E270F 10320190427160413 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2632FC493
10420181031131600 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1184656D3 10420190427160752 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D263B95227
10520181031131740 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11883D577 10520190427161711 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26525F033
10620181031131908 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118B728DB 10620190427161805 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D265415FB7
10720181031131956 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D00F87 10720190427161907 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26560764B
10820181031132017 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D567E7 10820190427161936 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2656C7C93
10920181031132405 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1196905F7 10920190427162028 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26585361B
11020181031132450 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11980B233 11020190427162429 2 6 100 3071 5 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D2661B96FF
11120181031132510 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119877CCB 11120190427162459 2 6 100 3071 2 EF52C73892BD2FCB8A179AD029498CCEE7582B996D44496776EB45A2420A94FF5A3F181128D16BACA21069880556EDBD46177615CD36B752F8C71C48E40138C7A62508701FAC6E2B5E1E1D22F6895D3A03CBB0E5EB983B32DD6D04108DA0A4194D16EE6C59A79AE638C5868F23C3514D5336C547A71CCDC197142699C4C6CFED5176774D603D491D9EDAE89A930C775480B1B4202E5F2057C58AF144E30378A25A24046A05CF76ACBDA6D51D917E75CE0E706F9F2C2D0865A96A2AD93187C06AE3FCCDF6A003C8A10DC276207968F9ED6278CDF50EB6149CD4F231D4B80E2EFC1DE24D775EF73C8487B70AC10EAD2C3B39B7AEF950ECCF9A5A214602EABA215A08A069080FCF9758BD73E1C896D05982102C31CBF4E618C5B8EFC64C90F7D07275E13D082C0B8B711B5AF2B9EE1898F96C2F4A545BE527B83C4A4BB31AB44DECAF513D737302C848CF1B3D7E8A8C820C0CE30A8AB9085D7AFEA6F609957547451282C409F92A72E478D02C995C201529DE1E882131B5D6825482C5D26627D173
11220181031132628 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119B78FAF 11220190427163105 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA2077A9CFF
11320181031133030 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11A5CA257 11320190427163212 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA207A09A9F
11420181031133638 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B5728B7 11420190427164520 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA209B0D057
11520181031133714 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B698D4F 11520190427164606 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA209C7A943
11620181031133816 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B8BE2EF 11620190427165028 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20A6FBC4B
11720181031134152 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C1D39BB 11720190427165353 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20AEF3423
11820181031134307 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C4B4083 11820190427165600 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20B3AA69B
11920181031134804 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D1356A7 11920190427165714 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20B65C33B
12020181031135113 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D93FB63 12020190427170957 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20D5776A3
12120181031135414 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E0CAEBB 12120190427171202 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20D9FDC07
12220181031135744 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E9CB9E3 12220190427172203 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20F2B2D83
12320181031140159 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F4E4B63 12320190427172705 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA20FEFD873
12420181031140258 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F72025B 12420190427172835 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA21025A363
12520181031140622 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11FFAA343 12520190427173404 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA210F9D88F
12620181031140654 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B120087713 12620190427173442 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA2110BBCB7
12720181031140849 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12052E023 12720190427173611 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA211402547
12820181031141317 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1210F24F7 12820190427173706 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA2115B820B
12920181031141517 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1215A8893 12920190427174401 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA21266C603
13020181031141539 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12161A467 13020190427174732 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA212E9A117
13120181031142722 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1234E3F83 13120190427174818 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA212FE36C7
13220181031143116 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B123D4E7B7 13220190427174942 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA21330698F
13320181031144633 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD211E4B 13320190427175118 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA21365CA3B
13420181031144827 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD69A2F3 13420190427175402 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA213CB4C47
13520181031145126 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BDE3D567 13520190427175430 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA213D703CF
13620181031145403 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BE4DA06B 13620190427180058 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA214CFEEAB
13720181031150010 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BF499357 13720190427180239 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA2150B283F
13820181031150458 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C00F4FE3 13820190427180622 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA215957E67
13920181031150931 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C0C7C2CF 13920190427180808 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA215D1C7E7
14020181031151259 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C159195F 14020190427181543 2 6 100 3071 5 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA216F254E7
14120181031151525 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C1B99ABF 14120190427181657 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA2171AD62B
14220181031152039 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C29330EB 14220190427181804 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA21740CA23
14320181031152155 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2C100E7 14320190427182222 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA217E2A27B
14420181031152224 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2CD60CF 14420190427182944 2 6 100 3071 2 E7A9F2E16494A110F823F0C90DFE9CC40005B24122176C6C6525F90F736433F094527C6DB9032736C471474E93E7DAB28D9CC80DC6C93EF27473EFE0F4A3A3AFBC07C0BA0DEFA0C73C075700D69F950499B634B197AD2B4E32712E80AEC3D463DAD26397FEB80B1DE1DBF96C7BF1CAEF1A47E39D135A5D941BF1ECE9186CF23C785E2B368B8AFC24E120EA6956EB97206AD0C80DE87D092190A049E0E12F340E41C6EFE13F1C19A63763B90C4E9099D0011FA62913194E4671998FAE8847EA077F506D394ACBCF139DF20A9C36BDC1B82F905BF1975C9D4322EF2E9165EC2C0FAAEEABED7EF759F4D4BD764A5BA4043085CE3D679B0CE5C79340CF92E35D7A931A0B4A52B3447EBF7E2E2633EE221989B8A9E2C598A058CFBFCA4800BAFFBD8F9B9B3068AC18A0A030EC0CDE39439DFFFA8C42EDF7D4FC1D4E6D455A7387BCBE7EF973B3452E026707189CE35086A3B7B82BE0DF2824972794435DC8A76AC110CE46FADCF5C0BC070A61F14CEFB6B8EFCEA85B0F320D441B7DC1CBA218F91ABB
14520181031152510 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C33CEF4F 14520190427191350 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB06D9C63
14620181031152907 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C3E0892F 14620190427193032 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB19AD8BF
14720181031153155 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C44E0077 14720190427193226 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB1B52E13
14820181031153227 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C45D1D9F 14820190427194033 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB2420833
14920181031153350 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C493C143 14920190427194143 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB24E8C1B
15020181031153609 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C4EF9D0B 15020190427194534 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB28C1B9F
15120181031153956 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5898C03 15120190427195025 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB2D9B683
15220181031154033 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C59B843B 15220190427200441 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB3D5BDBB
15320181031154104 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5A94107 15320190427200910 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB41E828F
15420181031154333 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C60D5BBB 15420190427203550 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB5FC5F93
15520181031154832 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C6DD0793 15520190427204712 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB6C292E7
15620181031155320 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C7A1DB4B 15620190427205522 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB7523047
15720181031155718 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C842B8B7 15720190427205918 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB78FF793
15820181031160130 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C8EEDABB 15820190427210138 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB7B09B5F
15920181031160435 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C96EA9B7 15920190427213042 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BB9B8FA83
16020181031161312 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CAE0E013 16020190427220612 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBC34BAF3
16120181031161424 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB0BFEAB 16120190427220717 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBC40CF27
16220181031161443 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB10BF07 16220190427223040 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBDE07BDF
16320181031161804 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB9812B3 16320190427224207 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBEAC020B
16420181031162300 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC62B69B 16420190427225544 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBFA0517B
16520181031162439 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC9EFAAB 16520190427225725 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBFB42443
16620181031162719 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD0A69F7 16620190427230157 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BBFFCBDA3
16720181031162832 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD357E3F 16720190427230300 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC007FC8F
16820181031162924 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD51C05F 16820190427232729 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC1BDEC33
16920181031162948 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD5A0C83 16920190427233229 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC20E4B23
17020181031163058 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD82F3D3 17020190428002642 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC5CB86FF
17120181031163809 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1925064B 17120190428005024 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC76DE89F
17220181031164609 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A19BA1E2B 17220190428010602 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC87A476F
17320181031170331 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1B0331C7 17320190428011939 2 6 100 4095 5 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC96A3ADF
17420181031174642 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1E40577F 17420190428012220 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BC991C9FB
17520181031175327 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1EBA2BA3 17520190428014930 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BCB79076B
17620181031190736 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A24551BC7 17620190428020757 2 6 100 4095 2 C8B676221E5E1670A7D8A039B224651E125FCE8393C9DC1C00DFD350538A7D84219E4790BD9470ED74505201C5FD36D901D13488AB33CF19BEEFC5B9EE374AFEEE4569372FE8CA2866B92743F2CA86051FF1E3A9AB3216F842E237A2F21DF50C680338A6F93CE6E9A72128AA227B77ECC7EB37303B80AA665F95ED9D99BA77C6CAB012B272D8B127CBB74A59B33EDE005092CC75C122E4A09F213F9B5CD2585F69666276841B92AD0518126450E0CF525DDE0702FDED5B24BE6D0568C763881794EDBF5630EC593B35903DA7D89523B43C09CAE7C9CCECE2C299F1D97E5E2E647A7157DFB736E5C34358DA3D436925BF236DFAB6995A699287F657FF3CB27200DF2EBE7CE4CC51D3294A0F4F8D164F182577374BB15972E285BAC72DF4053BADDB95238B8020904367E17B8584EC13A69B7B5BA6012F58A17C80D9F8E25F8D64FA47D89C4A79AA43FF2327356728225B009D1E5B767FFE1EDF25F349423954FF624EEB0670383D91F4DE6C4185C9D25F4195B61C5319D293E27F3A05C97E060A0B52E9564D02D39E5CE9325D31141007FAE82B9810B6E622AE9E3004DE60265C25DA6F0771CA443DFE43119866E9332EFBF73742819F11DA41BF3A7E9E0261B3746DD98708655C438914A7B7CE01553C0A0B305A9FF5677AF925CE3D90E2C3450EDE4802208DAC8A8EEDEFFB3D132294A87ACAC19FE70B5A9FD8C86BCCB52093
17720181031192252 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A256E6A8B 17720190428025220 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7521AD053
17820181031193735 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26848667 17820190428025407 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC752345FFB
17920181031194031 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26B3187F 17920190428025851 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC752844A6F
18020181031194403 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26EC656B 18020190428031529 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC753ACFB07
18120181031194833 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A273A8833 18120190428031846 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC753E2D33B
18220181031195443 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27A959BF 18220190428032328 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7542EDD57
18320181031195836 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27EBBC83 18320190428035554 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7567990F3
18420181031200940 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A28B88307 18420190428042013 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7582C82BF
18520181031203106 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2A47E5BF 18520190428050027 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC75AF97D73
18620181031203858 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2AD76CDB 18620190428050527 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC75B4C45BB
18720181031204443 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2B3F16FF 18720190428052456 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC75CA9706B
18820181031205841 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C416607 18820190428061050 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC75FE63173
18920181031210215 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C7C62CF 18920190428061741 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7605A3267
19020181031211110 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2D1C8377 19020190428062806 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC76110E4BB
19120181031212747 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2E532EF7 19120190428063248 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7615D3893
19220181031214614 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2FAEF903 19220190428065456 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC762ECD727
19320181031215951 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A30A680FB 19320190428072307 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC764DBADE7
19420181031222543 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A328D6FAB 19420190428072618 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7650BB867
19520181031222846 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A32BD423F 19520190428073203 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC765675D03
19620181031224038 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A339269AB 19620190428073641 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC765AE9C13
19720181031225211 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34692BDB 19720190428081223 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC7681FD677
19820181031225338 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A347B8EFF 19820190428085346 2 6 100 4095 5 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC76AF9B57F
19920181031225926 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34DFF2BB 19920190428085754 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC76B3A4623
20020181031231202 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A35C67F5F 20020190428092309 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC76CFBCEB3
20120181031233350 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A3758AE93 20120190428094646 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC76E9D523B
20220181031233800 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A379DD5F3 20220190428101257 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC770689153
20320181101001517 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3B843C3 20320190428101848 2 6 100 4095 2 E673598807FAF65E41EFEC75371D9AD2684AC881287DD888940132E92A2007D6E9813AFC8880A8079F83130299E3B609A7CE849DAD80899C0A429CA828331E420E4220A961DF1F8B404073D1889D5DD5666A84EE4371DD16E8A17192343D45D58387BAFAD6ACBDD7DEC72E0707753F5DD3DB00CBDC69F78849C58AB5FAA84BD91528C90ABE465ED65C5C32F9A5FE06CAA0BF5166F5F7887A3584F021C47EE91229B1CDBB5E8C39FA9A58C36349626B1AC1F5A4EF05DD658D2F9482BE4A3BE28FC9CF811EEC3BBEE80C2E1A208AD9FB0D186B00375F3854C7F1E9E185C6F87D0E8E5AEF0F93948C2214071C37DDC331700390488077A641CC4C292D4EC017450A4CC51C825694F6058F3C4E7D1225219BD4E9CA63E7DB2402698DE641DDAC693D9DB8F7F113CC42A74DFCB2A34FF87FCA8965B2E4EC4CE6AA3A7DBD24E22F9505FB9A3AB3A8DD87B6ACDF0C4FBA8CC1D7947888C40EF86B39797CDCC929E0CF8C9BC5BBDB0D87D9B673FA8318EF87A71DA8E4711BD27124712A46103C1B59895482394586A1D9A6FE88F3DE32B1C76D817489DE1C14D3E0EB844758C531E18A43EA7AF68DA14DDEA76209D36DD5079A64A0254A699903031444D2C79F763D78FB23A28231D022ECE95538EF2BFC103956822A2997653ADF5836943304510000A4CAA891C242887751B94AEBBC6C7432D4A4F8291A29CBC1B1C369EBC770CCEFF3
20420181101001909 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3FC854F 20420190428110748 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC99D407B73
20520181101003052 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C4D5B923 20520190428112009 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC99D83912F
20620181101003946 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C578D833 20620190428115643 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC99E63A057
20720181101004718 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C60301F7 20720190428131948 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A05C8127
20820181101011451 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C80CD293 20820190428135735 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A143214B
20920181101012546 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C8D7E023 20920190428142816 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A1FA46CB
21020181101013857 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9CDF40F 21020190428160214 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A431C843
21120181101014111 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9EF64FB 21120190428174103 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A6857F3F
21220181101014518 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA3777C7 21220190428181614 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A7562EAF
21320181101014810 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA6853C3 21320190428182957 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A79EECDB
21420181101015518 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CAE81C2F 21420190428195728 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9A9A88FAB
21520181101022434 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD0FC883 21520190428222417 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9AD22FC93
21620181101022626 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD297D7B 21620190428233944 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9AEE4A0CB
21720181101023305 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CDA00627 21720190428235622 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9AF40263B
21820181101024528 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CE8651DF 21820190429025928 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9B38823AF
21920181101024730 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEA46B8F 21920190429040856 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9B51ACAE3
22020181101025218 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEFBF913 22020190429131804 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9BAD6C8DB
22120181101030928 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D039AC1B 22120190429152815 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9BDD41EC7
22220181101031126 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D0557A5B 22220190429154748 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9BE3AA3F3
22320181101032741 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D184F8BB 22320190429160150 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9BE7FF337
22420181101033140 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1C803A3 22420190429185032 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C251776B
22520181101033414 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1F094A7 22520190429192706 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C31D91AB
22620181101033713 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D21F8203 22620190429204434 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C4DFB63B
22720181101034124 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D268646B 22720190429213137 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C5EEC927
22820181101035424 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D3556B5B 22820190429215410 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C6692A87
22920181101042126 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D556768F 22920190429220800 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C6B3F02B
23020181101043318 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D62CB7EF 23020190429223049 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C730C29F
23120181101050055 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D835583B 23120190430000451 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9C94D7E97
23220181101052304 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D9D786F3 23220190430052906 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9D0847223
23320181101053022 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DA550ABB 23320190430082937 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9D487C277
23420181101055828 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EBE23 23420190430084607 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9D4DE81BB
23520181101055855 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EC45F 23520190430090713 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9D550DBF7
23620181101061019 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD2F3B53 23620190430123953 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9DA1295FB
23720181101061349 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD68BE4B 23720190430124627 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9DA2E37E3
23820181101061523 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD7D755B 23820190430124917 2 6 100 6143 5 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9DA358FFF
23920181101063404 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DED7E937 23920190430174204 2 6 100 6143 2 D9C0DD366432DD078B6FCB8D9B9C70FDB7CF0EF78241CBB6C3519072DDCD4B3D01758114F47AA82D7544B67791880CC07A413DCDF6E063D4EF381DCC5B2C35D44B85F2AAD28396C2DB079D27FBF3922059CD1F9EA1C48D23940D293B2D195EBA299921DBBFCE0B528D19DE35D640AFE5414B7B3251F839BDA667A754D94C5056FA1FC57C87FA51CD781F2C6EC3C7446AD3EB9272E0F2358EB18FC68B79A9D76BCADD6155F8D02C0CF9DDD0F8E9565E1B7719F2E269DD45F47F435393E9678C609DA7B2DBC5955F09BC30DF2F972CF8646F4E9E258FA1997E81D361D1823CCF4EC2248895DB88A02FB506D2C60855F0B59B9266E842AD392B68BA4FDD1154EC2A5D6429399A094C5DF29618BD60A88D77A122F7EEBF3B90FF645C3B27C8D144D0E6192BA5F6ABA4C59781693BE4467DBEA60C86E2E2638D575E38F88CAFA091E19A727C5CF536A5F6A3108912794366BE9EFDBC564A9E181BA50D71723DA7F9C6FB4E9EF6E2556F76FCCF9322BDA6D43FBECDF2F0FC54D220B51472AE2F5D794A166B258F406513421B46D90A16A3BE07D8127248F0979F4C22E1C20061BFA26781E36BAE9AD705A5F27BBEC8F1AC383BAD5FE03EB3BF4298AA8D1E59EAD8795F745F57676871F519430A8E4D39B0F11B1BD3F8F8D7BB27ACE06582B57C787F6450601E3A1542D261A7543BE0AAF12226F5CF367251F90CFDE58957268F88B0B0A3841F38551C08D562FFD4BBD3556461DA3DEB7B2D5368E3AAFBA7728A3D77B3BCEEA0190203737B6CD933818D75900C5EF03E72C37022F43592FF4E1A815DE106381A60EC82051712A7F7135DD8B59B6EB55479462BCA6A0EF2D497AFC37455C602AC013F3B4D21D513E5DC5A93454320B7F2985DE2E4142D2612689E23F0621ED6641B446B60B4300F47ACE216AFA5819B80C7924B2BAA9D4968594A0065FA5FC72FE0D9C3E3B1C24E2C7A03ED3D3A830599DC133752684A098040AFA535E6DE5D947E0BFD7C20F1BBF78DD0AB3F01939D542DA76FBD901B75C2ED2FF4F59BEBC8D9D446276D125DA554B198937DAB4D747D558FC8226253DF4CC9E0B7359B
24020181101064144 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DF60EDC7 24020190501015403 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF4C4CD31B
24120181101064624 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DFAC40E3 24120190501022114 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF4CE92ED7
24220181101070243 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E0D7FD93 24220190501042111 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF4FC887E7
24320181101070718 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E12169CB 24320190501044420 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF504F6BC7
24420181101074507 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC509A2DF 24420190501092454 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF56E17D3B
24520181101080039 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC560A423 24520190501095809 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF579FDFFB
24620181101090537 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC6F28D1F 24620190501104939 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF58D1C8DF
24720181101092350 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC75F93C3 24720190501114320 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5A1085BB
24820181101133727 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4ACDA5C3BF 24820190501120300 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5A7C0557
24920181101153921 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD0A30BD7 24920190501125217 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5B94767B
25020181101171128 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD2DFFEAB 25020190501135152 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5CF6DBEB
25120181101174632 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD3B43EF3 25120190501135808 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5D12465F
25220181101182605 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD4A147DB 25220190501140313 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5D27DD13
25320181101203006 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD79B0197 25320190501153432 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF5F3BAF7F
25420181101204455 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD7F055F3 25420190501162224 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF60500A0F
25520181101205817 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD837F15B 25520190501164449 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF60CD8F03
25620181102024420 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE097172B 25620190501171953 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF6193989F
25720181102055827 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE5403DDB 25720190501181255 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF62D0A18B
25820181102071828 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE71BA84B 25820190501181928 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF62ED89B3
25920181102092836 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEA2D28E3 25920190501191404 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF64255C53
26020181102103738 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEBD11737 26020190502020811 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF6DB1B0C3
26120181102114713 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AED6CB613 26120190502043728 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF71163633
26220181102115644 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEDA11D23 26220190502044701 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF7142CB77
26320181102121940 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEE243617 26320190502083730 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF76799A3F
26420181102130721 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEF3698BF 26420190502101202 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF7899A53F
26520181102141842 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF0DFB873 26520190502121725 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF7B633E2B
26620181102154420 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2D2C0A3 26620190502135746 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF7DA12BBB
26720181102154806 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2DFCAFB 26720190502152849 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF7FA1BA1B
26820181102163042 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF3D211A3 26820190502160005 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF804BE18B
26920181102165448 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF45675DB 26920190502183409 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF83B25FF7
27020181102181017 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF614E323 27020190502184333 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF83E03DC7
27120181102193623 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF80E023F 27120190502195056 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF8558212B
27220181102203258 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF956439F 27220190502230736 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF89B6A733
27320181102221408 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFBAC649B 27320190503000307 2 6 100 6143 2 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF8AEFC32B
27420181102225455 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFC958F53 27420190503005024 2 6 100 6143 5 D775D98222C19B71B1640F95F44179182E462E941B1ED2AABD7B9A92A387C5A10014F3150A4E2F48FAA83BBA757A7AFAD52FFBA351FF9DCED93B94669353E737D5DC74052A46299579F2F942AB66574E855A7E915834BD378408F0932BE8537F9863EF3EF0072EAC02EFD86A91573B63E45009CDAC495E6AAE87A2FD70395EC22F249492AFD7D007CF1718799D821E220AA90AB881E64096726963959F094A6ACE215A417B8163EAECEACA5B5454951324DB52FA2768FD22E9F0C2A1EEDD1B4DADA051455654FE405425EB73BF3536DB3B7FD9898F562EDF0BD5DA0EC15379CAEB4CFA2E2B4745D496617503427274AB3D9DBEDFFDCB5B7DC263E9F743A17FB094AE65E546468D398F0F5E3FCAF12B9799DEFDAFCB765F8AAF5D8B6BA2C24E1E1969339991AC01C542F56528446B5233819724F6CFE2E7B5797E4910993FF0EE87A1C696D60CB70EE6BCF27FC18E0B0BAF3AB97158130B0A8A1732A99A9E56713BFADC95BCD2ABD1996BF52E719441D9CFE948DF65F3BD454CF8198F43472F47F0F73703BAEF1E266B1F109AB3466B1D41E7E25AE6CA9CF42C73540245E8BE948FC620264DED7F1235A5962418BFA028C8F9657558E3A164668F9302B4A0D184DDF237275EF6C803B5DA901EA1A4E86E9FB5AACDED09EC4983A2B3089BDE76CC6D5EDE0FF746935912E63C4543A080977D92728F513A8FDEFD13F72B578B776552AAF9E7DAE4D292642762CB6F41BD9A4E668430C3C3E1CE6AE4BE5C520865E316DE2085420294EFF8D170322AB506042E08F3B621443273414FE2A9B5EB17DA967F8273999D7F1A562DD36E8827476767523F0C0BED30EBCECDD3BE963544DD22FBCFB58CAD4BCB0AF4756AAEB9B32E0302D55A30F0BE267729B831AB43BCF0F9D979EB01982BB9AD905F978B0EECC66C24FDD43E3C9A61DAD3847CD7A26573E5624ACA6497C4FC2846E743DCE94ED80CE5B85E4D94E9B04B5101CC5B93ECC5446D909EFD66B90BF9DE30B2184A762A47F850FEC2B275CBEC5F8C2D8129140345F92A62B10827FE5391D421CDDD3477525D7962802F86FB6DD776DF8BF82007
27520181102232700 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFD502EE3 27520190503045229 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FA4B7281B
27620181103011316 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFFC84A6B 27620190503092435 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FA864A07F
27720181103033644 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B031123EB 27720190503093933 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FA88F5C2F
27820181103045613 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B04EC8B2B 27820190503185714 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FAFF88A27
27920181103061743 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B06C56A47 27920190503230135 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FB32C1D93
28020181103094430 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B0B7BA467 28020190503234726 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FB3BF61BB
28120181103110754 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1949920F8B 28120190504153114 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FC025AE83
28220181103141747 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194E3CB3E3 28220190504154716 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FC050C637
28320181103152440 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194FD1CDE7 28320190505075209 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FCCC7F353
28420181103155517 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195089F093 28420190505133417 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FD1174883
28520181103161259 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1950F052F7 28520190505152053 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FD261BF7B
28620181103173322 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1952DF5333 28620190505185240 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FD5010593
28720181103181221 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1953CC5B37 28720190505231615 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FD84F2C0F
28820181103194325 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1955FDACA3 28820190506025944 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FDB0D615B
28920181103194542 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195602AE57 28920190506082750 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FDF1EA583
29020181103205409 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1957A5593B 29020190506141740 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FE367BF13
29120181103221714 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1959A6D687 29120190506155945 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FE49E685F
29220181104161809 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973A572FF 29220190506184902 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FE6B14C57
29320181104162823 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973D9C983 29320190507012130 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FEB851FAB
29420181104163116 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973E18163 29420190507110329 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FF2961E2B
29520181104164151 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19741666EB 29520190507112946 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FF2E05E37
29620181104183842 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976CE68FB 29620190507194630 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FF8E43DF3
29720181104184621 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976F40FA7 29720190508021744 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FFD99E7A7
29820181104192058 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1977BCD9FB 29820190508045924 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907691FFF893853
29920181104213223 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197ACC31C7 29920190508063102 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C9076920009BB29B
30020181104215616 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197B54F0A3 30020190508092907 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907692002A72887
30120181104233753 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197DA923D7 30120190508110153 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C907692003BC28B3
30220181104235806 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E18BC83 30220190508121005 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C90769200482D15B
30320181105001724 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E83B0E7 30320190508161323 2 6 100 7679 5 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C9076920075F623F
30420181105010241 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197F8509D7 30420190508190839 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C9076920096A38B3
30520181105022532 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198168A38B 30520190508203511 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C90769200A69CC8B
30620181105042426 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19842450D7 30620190508210427 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C90769200AB84E7B
30720181105052112 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19856CA53F 30720190509004938 2 6 100 7679 2 E60357473FEBA954D9BFDA68596E33AE69E4A8A2A0CE6C5D7B251FD41F2457FFF47E29CCA0C471CC7C84F62E65BA526ABE7EBAC2C668FFFEDC89A7DFDF65D36B844356F7A13A6879843F03027D6C35087572513D1205706B4E95A74E4698BCEB488211E99B6D5E5DDF686A848713BCB3D552EE815018A468BF4CA25CDF0CC0C020372C6A65A7F54168631D355F64C79704C6C06F457420A9B538AB1827B516C54A125C967F587C1B4E76B93C4D8DF6EE4C6B028F71C3678D6E4D57DD2A879B6D54F25224FE49B3B69EBC90E200248F0370C28D5D3E11D44644B2D468CD71BD3835BEBE7A50E4B9D9A96C0661C050CF023E807EE3E96883893F4C7587E514E88B857F8E1C72652FEEC0AA977198CE6FD5276755BDDC91D7A3CE1DED826D5AD28793EE7387898F174489D46E48523BA118E12C17F81AE8437E74FF38701B3D0C14B5ABE29EB710B1D866D6839D489B63F18486A65C646C004A41B588767B8C897CA0D3C64D511977A87A6E9C41D339526A7A9614117266BAF1A2769B1678335A91113150C82D09DB6F9476366AF6689A5B14A23A0FBC53E851C365D31074660B375088CC2724A2484EC2E77595BD30F497BA27655EFD00B17458762D171A466EDA544DD4AA2A6045222A1A4D020C15053385E0AF6EE7AB7DA719F1C77C8B0F251832EBC2487AD6AD47121A384ADE5DB49C0F1ADB6D5C12204312B157457513532568AB67821C56D739027851C122BF764F6A27C2EE58A01F56F061E662883C1CDA43AF6D2E04650E06C4CDF3711FCE07BC0523823CCE4D4DC718C9E6DAC48BF27AE985D72207E6AAB59B17DBACEADA7D7467A83B5659207968B0C0FA307308678FECEC0F7218F65E23AA2C22B92707A8BFFDA056127F0EE83CF3C328E2E95CAB8D351087FD79FDAE3D3E6ADB8F6BD210DA1384268E29A3A799CC0FDC0E86DBE39CDFA0DA7E2119F2EA13830A627B25C9F4A8EA319CCF51D62B109AA98AC026B3EDE897E9D356F0FC924D856EF3259B7D7C5CA6CAE64BCFF1C794D8E7A0381926A48D18119884DAEBC59F4E8A08A3DF0D6B73D0FBB049E278BCC43E70EEEF57687F2727965F475CDA5BCB72F084AC36FC8050F9E8AA78D59F7B12BD661037241A9EFB9B1EF5C4236A0B5C204E384FCC146EFB8E59B3514B4B1DEA266E713E256AE8E585AD2CDC6B755EA5957A5EEB6D9454A8B8739E3A37AE7729C8F6F04630304B1B4F17A01F6C489A580E4DDA00D8DF77BA031FAAB8D25245A960DAB17F55CA272AE1827FD34034D2BDF103BCB0C1579C7820CF170F729CE29E0B8F7C8C6DBD63EFE00CD3471C8CEDF3A658504D7CB8D2E6DB9EC90ED647E3C90769200D51DFAB
30820181105052812 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19858EBEEB 30820190509105756 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61341842364B
30920181105053259 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1985A24167 30920190509134417 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61341A7E713B
31020181105060205 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19864B479F 31020190510014735 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613424440853
31120181105104043 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198B9EEEC3 31120190510021831 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613424A3F527
31220181105111928 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198C77AA37 31220190510095146 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61342A862CB3
31320181105162143 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416C2EDFD4B 31320190510104217 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61342B26B11B
31420181106022607 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CB3AFEA3 31420190510124305 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61342CB7BAAF
31520181106061722 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CE37F7FB 31520190510183844 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343152EC53
31620181106094748 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D109F343 31620190511013807 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613436BB5C93
31720181106111032 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D2224817 31720190511023729 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA6134377A3DE3
31820181106145715 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D526B7D3 31820190511061010 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343A3CB94B
31920181106182511 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D7F88093 31920190511065659 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343AD1C49B
32020181106185324 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D85194CB 32020190511075233 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343B822463
32120181107004801 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD089B0F 32120190511075658 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343B879A1B
32220181107010004 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD2A3B6B 32220190511133030 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61343FD923B7
32320181107033546 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DF3A214F 32320190512000745 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613447E9C323
32420181107042839 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DFE1C77F 32420190512021640 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613449847C13
32520181107045255 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E02B64E3 32520190512035011 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61344AADE76B
32620181107093859 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E3F7C30F 32620190512114314 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613450A66E2B
32720181107111504 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E533987B 32720190512122509 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613451226CFB
32820181107115050 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E5A3AA83 32820190512154010 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61345380D013
32920181107192529 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EB936ECF 32920190512224408 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613458C13FAF
33020181108001017 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EF491CEF 33020190513162038 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613465BAE2FF
33120181108055511 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F33826BF 33120190513164957 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA6134660F9513
33220181108085903 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F58E9E8B 33220190513174641 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613466B7D857
33320181108093954 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F6069543 33320190513203241 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613468AFB71B
33420181108144923 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F9FC5BCB 33420190514054626 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61346F48E5E3
33520181108194100 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416FDB2EF23 33520190514120932 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613473E636DB
33620181109005641 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41701B64E6B 33620190514132116 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613474BC789B
33720181109074202 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417064EC2FF 33720190514170000 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA6134774F3CE7
33820181109125150 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170A2F02DB 33820190514183309 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61347861830F
33920181109160619 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170C92055B 33920190515012547 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61347D3CEAC7
34020181109161624 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170CA966AF 34020190515032651 2 6 100 7679 5 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61347EA64427
34120181109172619 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170D7B99EB 34120190515054441 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA613480431773
34220181110021145 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171409B02B 34220190515060337 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA6134807308A3
34320181110062711 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417172F0403 34320190515115634 2 6 100 7679 2 F9012DFC89C23BCB012C92F22ACC6FD45E01611A520DA5324949CE74B83561192683B3AB03AE38E842F4519639B26423CA2EC376080E10F280A9536468FA6CAEFA62A67EAE90B20C8431E9D05DBB7847FC9389AF2289534D38B888F3E45B801049DC15919DD6EC0607841EEEEA748AB755B3596DD9D4B9E9F962CCB8B7BD1223B8F75CE74C6EB4689681AAF890D4DD492527B718BDA900143438237591AA78582ECD9B3F4615FE6484079FA323E60C82CE874DC3EC73C0EEB94A3FCDD52CABD2479E70EFDA60411603B896C7427DAF66953F1E826750C7BAD405C79551CEEE64DA1DB13F71E7400D14EEF87D3AEC977BE555453E0842ABB4590A626547DF09AFBA196099092CC112C4C7224EE0EA47DC3AEA33226FBF3067881F6DF335D8445EC93E3B2103777A4CE58392DCFADACF543E89E68C50C75F5DF3F96D04D28D28659390989D8652E18A50B9AA4BF4B879319C2ADDA631DE74A9BB017F0A8BB38A224D38A7AC86E61EC374B6A29D5C5144CECD9A8500026C01A0E0B4316BC1D01FF47FC2CC2742606DBC625D3C632C49C209363134D6DF942D4E8D7EF875DA33A8BE390BB47ACA0533ED1CBC50F89E1FCAFCDFAF49061D09F6620F23315DF93F6C3E21911078C041DD4569A81F6F7CD7BF122E25A4FCD8F3B6640055B7ADAA95879A8F0DA7D1F436C5621C5275FCA02EAB6BD0C8AE2C85B9E096475E17ECE218C18A0300965661CC5DB6A35A4BF5832944ABF064572516C08E70FA1C629EB92554E2A3D79AB3A15569AA60F141BCF54A84D25550439E97B0C97DC8C3B4294BFB12A1D7011D5467527BFFE9588CF495EF2ABC1BBCEA2CA7AF7B73097745FB91CDE3158247A1D11935403CC6C93777BF165A620EDB9FDCA7C948C3FD1217FA631D0E82A0E1F5F24EBDF2D09BFF8FD3B2D8C25F3E6FD836BD0B9822AE1E2250C176C07DFBC1830B963D827CA9DD687B1050753D754D8D8EF7AA08CBA970EEB4D96F0B0BD7EAD21FD8D10E40A82C5FD1638FC144C04A2F3039555DF2F4B55D6B24FA1BD59B39F6A7B6CE57069A5A1846C1339393A8C5F838EFF310ACB0669CCD96DD950313EDF91B4E7C745EA486FBFF7A27BE5683C4F6A9526D87EFF6C4BCF54AA71975DE90F9F825817519F59F3B71A52FC265702E2987416202C074DD9003F7108C4F68396CB2D17060D3A345949A03BAD2AA9380F0139CC9FABB94283BE5AB0481674D8B91C59A8CDDDED9487E60AF45924D1A5A4B46116635413F30B81E41EA85A91E85320839809E8E16D8E91DEE92DE9979910071E5D2492B92ED9A647A0E5C82B9608FFFCC216C70AA49EBC7BC3C1B38711F301A4981E540FCAA61348472A24B
34420181110153547 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171D11BFBF 34420190516064842 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE07D939FF
34520181110171812 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171E461903 34520190516065439 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE07DFD413
34620181110193333 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171FE2013B 34620190516171952 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE0EEEAE77
34720181111070228 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172812EAEB 34720190516223059 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE1267AA83
34820181111152029 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172BC07FE7 34820190517040917 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE15F2A5DB
34920181111213014 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41730368927 34920190517174034 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE1EDB650F
35020181112101949 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4608E66C77 35020190517225112 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE2237E3C7
35120181112120627 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460A539D5F 35120190517225713 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE223EFDA3
35220181112155435 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460D765A73 35220190518051358 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE264C4DDB
35320181112211414 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4611D8F2D7 35320190518123927 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE2B27B6E3
35420181113033731 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46170D027F 35420190518200907 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE3000BE2B
35520181113122018 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E0FB427 35520190518234940 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE3260724B
35620181113122849 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E245A3F 35620190519034803 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE34E930B3
35720181113143304 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461FC358AF 35720190519043750 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE35698F73
35820181113155105 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4620C4118B 35820190519112652 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE39BD6F53
35920181113165341 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621936EAF 35920190519161045 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE3CB453CF
36020181113171216 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621C96C57 36020190519171125 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE3D50C107
36120181114050208 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C462B2BBD5B 36120190520011710 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE42594D67
36220181114141440 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4632523CCF 36220190520015559 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE42B03D8F
36320181114160132 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4633A72497 36320190520172254 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE4C275593
36420181114185818 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4635EC630B 36420190520175900 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE4C7C6447
36520181114200207 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4636B93337 36520190520181531 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE4C9FB21B
36620181114220623 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C463844D7C3 36620190520225911 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE4F633F8B
36720181115101522 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4641A155C7 36720190521034046 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE523DCD17
36820181115120812 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46430AFEB3 36820190521135614 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE587E7033
36920181115125440 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464390BAB3 36920190521161205 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE59D6D05B
37020181115150855 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464535BB4B 37020190522055500 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE62168C87
37120181115170837 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4646B220EF 37120190522062713 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE62621963
37220181115231105 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464B3844E3 37220190522153949 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE67DC228F
37320181116000709 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464BE2332F 37320190522235154 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE6CC181BB
37420181116053629 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464EAB7A73 37420190523020515 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE6E0EC53B
37520181116122404 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46538BEADB 37520190523032756 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE6EDB0003
37620181116141535 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4654E5E903 37620190523085816 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE720E2853
37720181116230159 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465B551BBB 37720190523142410 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE754B0527
37820181117015828 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465D3CDE9F 37820190523163329 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE76828013
37920181117025015 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465DD9203F 37920190523222139 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE79E6DC37
38020181117031140 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465E163313 38020190523234647 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE7AB3986B
38120181117071114 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466102759F 38120190524041236 2 6 100 8191 2 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE7D4A9A03
38220181117161936 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4667A72DC3 38220190524050757 2 6 100 8191 5 F3B0550B7173F23F08A73D5EE6F4557082FC3C45A779CFA5D879D7A31EAC067D6AB8B193E2F54830F7F5446CE701B789C85011BFDBEC472593F907D1B1CB0CD7B69366605155A9E0413D775A61370FA8A1ACB1CFE9CA68D6681FDFECADA901BE736FBA7B5B192FB91354AA20403C02FFEF3B7B74FB70F58A0F8F2D16AFE013A48CA905152B1B8C88635955742E45CF60989BC66A79B852066199FBC3623E5B07A1B80CA0CCBDFD19B0F1892DF98E40FF362483FB8BAAB903C5D0A64AF4195B2BC2CE744A68FD333A45D106BBD6DFA18A7E2B36AEEA9E712B3422A67FBE2A6EAD036816C05423104E3532267CB504E22E4BE8923DDFAA11239C1660A9B106DDC582A5BCE531AD37FA29BBA8C3D08BE6B54BE52CD8917C00358098D7FFADAD9646C1372AD484B4205FD7AC68E2DE7BA1074FDDF42E1AA85C31F0ED03B15E61862B0CD7FEA0D5D16B294F6B20854387FA51F52D63A2FA7D1DF1F206AA90FEDA0F174D29669B0A85C53A4842ADE5DE407302FD727C89D7A9377E11DA89A2E19455A878E21D92472E938EE32128F5FA57BB0786D6143EECB4705E2BB9A05118CD81CFF31AB14EC7D9136DA9C6C51A650B3922ADDE56E1578F856FE15A5E2D40DD378A04E4217DF6CA94D3CFC710811773EC6F86D57BFF236DCC44A2D29E9E0C6076C93C9982225E436170B6DBAFA930A96B060AE2A1328DC74D9F25E9C7614B4EC691E1CDEA31653831B9043A2F6EC9398683F2662AFC9D80194B5E4E81F7B6E248BA37EF4EC0C570387E426646BEF82EDFDE692589949171A9C7881B5D8CCC1FCF25389399547C3F51C5E8602BBC65B4A60AC2823DD6FDE5634A18593217862612C69CF7A4C9404A54061885224580E1A3E25CA2F0E1B9E28A3313DD6CDC5E1C4D047414F93AC0F2BF0CF7464C664B793884B7059F205C8E4E5D7E4368D0A01B828FC97D992C038CC394BBC794793997993F047D72F92A89CF2C3B714D38CEABFF0301F1175A40970610C78865EC20162706CAE3E424D86395F5B18BFBADFFB45E65181F19CD56D7E20046548200E4F974BC586E61BB0F13D78C7BFDA7B769E0829B99D83CBD98F12D0CFE674D1678C62117D92540401AC876D55D64BE54A9C46AB75771426EDBF8AE860F360F249D2D99EA9B148AA76DE2AF2C9913CD92AB1361CCD8D90F007A2D173529968A60C7CFF67F900ACCDEAA1AB1E6533855FA07050861E975F9727A8430F3B487CC551ABD3CD31AC913C08BAED10CFF1B643ECE7FCA1C26412C6E4379C1D62541F8DA91F30C0EA30342339BB83805804CCB9A6A88ED1A06CFF57B3F6F3F0284AC03729006DF36821EE76C0572B498C63B362387E6BA135838E5B7081FD67C117C78656532415FC97F1CF67B05B60E79A6E30DB0B43261E82B747707FD18B3D3352865AF4B33E5EF78B74B9463E52FB4B8EBCE7DC7D22F
38320181117215936 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466BB5F597 38320190524112900 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA874126A29AB
38420181118001148 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466D436643 38420190525131506 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87423F2A92B
38520181118040056 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C467005CF4B 38520190526001201 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8742B40BBE7
38620181118070300 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211133D9A97 38620190526014333 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8742C374D4F
38720181118160610 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21119A92B8B 38720190526130857 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87433C8A94B
38820181119005538 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2111FD14FAB 38820190527020602 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8743C33C0AB
38920181119071041 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211241066AB 38920190527152902 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87444CFEC17
39020181119085941 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211254A0343 39020190527233208 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87449F3E5EB
39120181119153022 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21129CA56FB 39120190528023632 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8744BE03913
39220181119193618 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112C8E0D93 39220190528054207 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8744DCB4EE3
39320181119234643 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112F6601C7 39320190529055546 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8745CDA1163
39420181120010634 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2113048398B 39420190529150702 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA874628F4F13
39520181120045702 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21132D1168F 39520190529225135 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA874674DCFB7
39620181120121931 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21137C65BFB 39620190530003835 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8746857824B
39720181121150916 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21149914247 39720190530025644 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87469BAEC13
39820181121230020 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EAE7D3B 39820190530124124 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8746FA3C743
39920181121233310 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EFEE58B 39920190531095523 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8747BD0C137
40020181122074348 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211542C97AF 40020190531151758 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8747EF30573
40120181122122936 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21157397D47 40120190531200613 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87481BBAEB3
40220181122134740 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115803DB63 40220190531220436 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA87482DFCFEB
40320181122213432 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115CF3077F 40320190603194754 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8748A8D6A3B
40420181122232736 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115E1C6FCB 40420190603211522 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8748B643883
40520181123013244 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F5E2D97 40520190603221036 2 6 100 8191 5 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8748BE5C9AF
40620181123013752 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F623A23 40620190604030038 2 6 100 8191 2 F122963CFEE6139B56681827DC42F5A3E93AB62CB5E7052D5CEBDA60FE7FA3C7FACD12B72B38A1D609BE215CAD2B82637CA2D651119887DFBF697D6330C983B8BB1C00C8015762672AEFEB3EF5A24A16747F9181C752A0E584F123B163EF002C7D5D0C7A0A6EE9C97591CF767147C484586D704CE9D33FAB0D424DE0CB3C41980798B202D90F2003F9709437FCDBE62DB3B9316C65C3F924BD69847170A8753BDEC24925D5ACDC5227BA7ACB3145E9D0DAB5593586A2CE07C1D3D7E54437977FA8877361FC1A6FFC90CFC91DC9D674FF4F60F2643647DC14E3B2F37DC28F453A7770C89F47A4CA673F74664B24E831D647594D520925AE724E541ED1B24EFE5EF00AA65B1E74D780156D86753688937B586C5417BCBE7977E9424D7449D07525D948C489AF07400E4692244A94D5E6B328A17DF8D5CD19230CD2A1F898639E196C45D322946B886A2157A7B24AC3B144FA6867062CB194C6B3740C34AE015BB88B8005E194316DEB0B8FFA14CE48967ED3C947398DD943BE43112F3F83F5C69E2DC204D0406DCFF7E133477FB81ECC7204E369443606D9D22D634BA93AAC4888C8B1E1D14FE67E1C430C03A4FF3A3B9768B0AD7F2FF9AE53CADBC78251B6382C81B36793787BF3CCAD43BC2909534C1F91FFF514CC9A9EC8A512316BC40BCDD4F431CF5FC2D69A2FEB2C00A137BF7C9D4F7A7C2AF7CD24602650ABC352E26358BE02E3D20CD107D1DEB6421B3F017B40BA2F343FD4660E99C3751983328A78D4B9192C24C74CCE5DD649ABE2FED5E3321C0C0ED9A843361C725D89AF0A62F1801360048B25E70FBD17B5B419E8E6C4B3BC568367C294B3243FFF3671DCA209453C41954BB8389300B4609C8519BA17786D5414711019F66A5CB10194929D5522109DF156E23B683A1F5ADD128392CC4B4F2CCFD5DEC1C8B2AE0E47C16E66BBD95CE323D8E6045C7CCD3952849FE86DE5A357A7FADDBC6A68D16E4700E90EF7E0A7E9A3FC009BA4A4F75137DC07AFB4BB0AD6D8A1A6B70B7BC2E1C0AD2AEC6DB21A2D31389F1102F81A2ADC85B630544CE4A79AEE55D42F5006F5369390376CF6D5AA060007EB489625D50B57C154C9D68D0DF431C890C7C425B5C16C0BCCFED4D3DF72EDCF449F007621427D04222C7E1756F0868BF29EAB8D71D73C17533A8765D8471744F5F7F0CE0A6939FC48EB0E705677EAF0A841975444787500CE24B632F0F8F96327FA95E4E3A2B7832807CB501195D1D3FDFFB58C359DA9892E601E9B3A2245726C61AA351B89AA150CC90ED96A2C6521F3D6AB5E4C0957F9A5DD63E734308489EA4B581C747404AF9782937434D691AF43A6F99A39B38E3DCDFA03A8EF3D01FFBEF4733E091AC57521759FD69FC3C8F4824C4F1A9C3C3582B8DF44771287E6870B6391D8E466EC44884C8ADC9276B6C1FC745F769BA8748EB8B233
40720181123032802 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211608810CB
40820181123054205 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21161EAF243
40920181123185533 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2116A336C63
41020181124051353 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A23417
41120181124051939 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A81107
41220181124102146 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21173C1D793
41320181124105734 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117416EF17
41420181124114011 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211747D7B4B
41520181124162540 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117764D6CF
41620181124195401 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21179863787
41720181124221336 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117AE70AF7
41820181125005223 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117C7CCCA7
41920181125060115 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117F8262DB
42020181125063720 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117FD8EA63
42120181125071430 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211803251C3
42220181125172444 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21185F9BDF3
42320181126120755 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211914B6C57
42420181126180517 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA20E92F77
42520181127132421 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA2E7C1F6B
42620181127185312 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA32237C3F
42720181127232536 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA353F763B
42820181127233956 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA355F350B
42920181128191837 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4281917F
43020181128221658 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA44764C13
43120181129071050 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4A5411D3
43220181129083522 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4B386FC3
43320181129195812 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5262DD0F
43420181129230915 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA547B23C3
43520181129232739 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA54A6C53B
43620181130011847 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA55D16287
43720181130055628 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA58CB384B
43820181130162040 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5F85360B
43920181201010704 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA652B1403
44020181201012529 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6552017F
44120181201070700 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA68F8AE73
44220181201120437 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6C1C6B53
44320181201153708 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6E492B5B
44420181201212404 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71E3AEBB
44520181201213749 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71FF6D23
44620181202153927 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA7D41FB5F
44720181203042444 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA852BE5A7
44820181203093150 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA88559E07
44920181203160725 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8C5B7A9F
45020181203195346 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8EA11AB7
45120181203212839 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8F91F893
45220181203214143 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8FAACDB7
diff --git a/moduli.c b/moduli.c
index 4f6f8da8d..8dd36b1cf 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.36 2019/10/04 03:26:58 dtucker Exp $ */ 1/* $OpenBSD: moduli.c,v 1.37 2019/11/15 06:00:20 djm Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -578,7 +578,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
578 char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) 578 char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
579{ 579{
580 BIGNUM *q, *p, *a; 580 BIGNUM *q, *p, *a;
581 BN_CTX *ctx;
582 char *cp, *lp; 581 char *cp, *lp;
583 u_int32_t count_in = 0, count_out = 0, count_possible = 0; 582 u_int32_t count_in = 0, count_out = 0, count_possible = 0;
584 u_int32_t generator_known, in_tests, in_tries, in_type, in_size; 583 u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
@@ -602,8 +601,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
602 fatal("BN_new failed"); 601 fatal("BN_new failed");
603 if ((q = BN_new()) == NULL) 602 if ((q = BN_new()) == NULL)
604 fatal("BN_new failed"); 603 fatal("BN_new failed");
605 if ((ctx = BN_CTX_new()) == NULL)
606 fatal("BN_CTX_new failed");
607 604
608 debug2("%.24s Final %u Miller-Rabin trials (%x generator)", 605 debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
609 ctime(&time_start), trials, generator_wanted); 606 ctime(&time_start), trials, generator_wanted);
@@ -753,7 +750,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
753 * that p is also prime. A single pass will weed out the 750 * that p is also prime. A single pass will weed out the
754 * vast majority of composite q's. 751 * vast majority of composite q's.
755 */ 752 */
756 is_prime = BN_is_prime_ex(q, 1, ctx, NULL); 753 is_prime = BN_is_prime_ex(q, 1, NULL, NULL);
757 if (is_prime < 0) 754 if (is_prime < 0)
758 fatal("BN_is_prime_ex failed"); 755 fatal("BN_is_prime_ex failed");
759 if (is_prime == 0) { 756 if (is_prime == 0) {
@@ -769,7 +766,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
769 * will show up on the first Rabin-Miller iteration so it 766 * will show up on the first Rabin-Miller iteration so it
770 * doesn't hurt to specify a high iteration count. 767 * doesn't hurt to specify a high iteration count.
771 */ 768 */
772 is_prime = BN_is_prime_ex(p, trials, ctx, NULL); 769 is_prime = BN_is_prime_ex(p, trials, NULL, NULL);
773 if (is_prime < 0) 770 if (is_prime < 0)
774 fatal("BN_is_prime_ex failed"); 771 fatal("BN_is_prime_ex failed");
775 if (is_prime == 0) { 772 if (is_prime == 0) {
@@ -779,7 +776,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
779 debug("%10u: p is almost certainly prime", count_in); 776 debug("%10u: p is almost certainly prime", count_in);
780 777
781 /* recheck q more rigorously */ 778 /* recheck q more rigorously */
782 is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL); 779 is_prime = BN_is_prime_ex(q, trials - 1, NULL, NULL);
783 if (is_prime < 0) 780 if (is_prime < 0)
784 fatal("BN_is_prime_ex failed"); 781 fatal("BN_is_prime_ex failed");
785 if (is_prime == 0) { 782 if (is_prime == 0) {
@@ -802,7 +799,6 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
802 free(lp); 799 free(lp);
803 BN_free(p); 800 BN_free(p);
804 BN_free(q); 801 BN_free(q);
805 BN_CTX_free(ctx);
806 802
807 if (checkpoint_file != NULL) 803 if (checkpoint_file != NULL)
808 unlink(checkpoint_file); 804 unlink(checkpoint_file);
diff --git a/monitor.c b/monitor.c
index 04db44c9c..947fdfadc 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -95,6 +95,7 @@
95#include "authfd.h" 95#include "authfd.h"
96#include "match.h" 96#include "match.h"
97#include "ssherr.h" 97#include "ssherr.h"
98#include "sk-api.h"
98 99
99#ifdef GSSAPI 100#ifdef GSSAPI
100static Gssctxt *gsscontext = NULL; 101static Gssctxt *gsscontext = NULL;
@@ -407,11 +408,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
407 pmonitor->m_recvfd = -1; 408 pmonitor->m_recvfd = -1;
408 409
409 monitor_set_child_handler(pmonitor->m_pid); 410 monitor_set_child_handler(pmonitor->m_pid);
410 signal(SIGHUP, &monitor_child_handler); 411 ssh_signal(SIGHUP, &monitor_child_handler);
411 signal(SIGTERM, &monitor_child_handler); 412 ssh_signal(SIGTERM, &monitor_child_handler);
412 signal(SIGINT, &monitor_child_handler); 413 ssh_signal(SIGINT, &monitor_child_handler);
413#ifdef SIGXFSZ 414#ifdef SIGXFSZ
414 signal(SIGXFSZ, SIG_IGN); 415 ssh_signal(SIGXFSZ, SIG_IGN);
415#endif 416#endif
416 417
417 mon_dispatch = mon_dispatch_postauth20; 418 mon_dispatch = mon_dispatch_postauth20;
@@ -561,7 +562,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
561 562
562/* allowed key state */ 563/* allowed key state */
563static int 564static int
564monitor_allowed_key(u_char *blob, u_int bloblen) 565monitor_allowed_key(const u_char *blob, u_int bloblen)
565{ 566{
566 /* make sure key is allowed */ 567 /* make sure key is allowed */
567 if (key_blob == NULL || key_bloblen != bloblen || 568 if (key_blob == NULL || key_bloblen != bloblen ||
@@ -697,7 +698,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
697 698
698 if ((key = get_hostkey_by_index(keyid)) != NULL) { 699 if ((key = get_hostkey_by_index(keyid)) != NULL) {
699 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, 700 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
700 compat)) != 0) 701 options.sk_provider, compat)) != 0)
701 fatal("%s: sshkey_sign failed: %s", 702 fatal("%s: sshkey_sign failed: %s",
702 __func__, ssh_err(r)); 703 __func__, ssh_err(r));
703 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && 704 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
@@ -1293,7 +1294,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
1293} 1294}
1294 1295
1295static int 1296static int
1296monitor_valid_userblob(u_char *data, u_int datalen) 1297monitor_valid_userblob(const u_char *data, u_int datalen)
1297{ 1298{
1298 struct sshbuf *b; 1299 struct sshbuf *b;
1299 const u_char *p; 1300 const u_char *p;
@@ -1302,10 +1303,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1302 u_char type; 1303 u_char type;
1303 int r, fail = 0; 1304 int r, fail = 0;
1304 1305
1305 if ((b = sshbuf_new()) == NULL) 1306 if ((b = sshbuf_from(data, datalen)) == NULL)
1306 fatal("%s: sshbuf_new", __func__); 1307 fatal("%s: sshbuf_from", __func__);
1307 if ((r = sshbuf_put(b, data, datalen)) != 0)
1308 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1309 1308
1310 if (datafellows & SSH_OLD_SESSIONID) { 1309 if (datafellows & SSH_OLD_SESSIONID) {
1311 p = sshbuf_ptr(b); 1310 p = sshbuf_ptr(b);
@@ -1360,8 +1359,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1360} 1359}
1361 1360
1362static int 1361static int
1363monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1362monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
1364 char *chost) 1363 const char *cuser, const char *chost)
1365{ 1364{
1366 struct sshbuf *b; 1365 struct sshbuf *b;
1367 const u_char *p; 1366 const u_char *p;
@@ -1370,10 +1369,9 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1370 int r, fail = 0; 1369 int r, fail = 0;
1371 u_char type; 1370 u_char type;
1372 1371
1373 if ((b = sshbuf_new()) == NULL) 1372 if ((b = sshbuf_from(data, datalen)) == NULL)
1374 fatal("%s: sshbuf_new", __func__); 1373 fatal("%s: sshbuf_new", __func__);
1375 if ((r = sshbuf_put(b, data, datalen)) != 0 || 1374 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1376 (r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1377 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1375 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1378 1376
1379 if ((session_id2 == NULL) || 1377 if ((session_id2 == NULL) ||
@@ -1433,14 +1431,15 @@ int
1433mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) 1431mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1434{ 1432{
1435 struct sshkey *key; 1433 struct sshkey *key;
1436 u_char *signature, *data, *blob; 1434 const u_char *signature, *data, *blob;
1437 char *sigalg; 1435 char *sigalg = NULL, *fp = NULL;
1438 size_t signaturelen, datalen, bloblen; 1436 size_t signaturelen, datalen, bloblen;
1439 int r, ret, valid_data = 0, encoded_ret; 1437 int r, ret, req_presence = 0, valid_data = 0, encoded_ret;
1438 struct sshkey_sig_details *sig_details = NULL;
1440 1439
1441 if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || 1440 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
1442 (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || 1441 (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||
1443 (r = sshbuf_get_string(m, &data, &datalen)) != 0 || 1442 (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||
1444 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) 1443 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
1445 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1444 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1446 1445
@@ -1475,30 +1474,57 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1475 if (!valid_data) 1474 if (!valid_data)
1476 fatal("%s: bad signature data blob", __func__); 1475 fatal("%s: bad signature data blob", __func__);
1477 1476
1477 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
1478 SSH_FP_DEFAULT)) == NULL)
1479 fatal("%s: sshkey_fingerprint failed", __func__);
1480
1478 ret = sshkey_verify(key, signature, signaturelen, data, datalen, 1481 ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1479 sigalg, ssh->compat); 1482 sigalg, ssh->compat, &sig_details);
1480 debug3("%s: %s %p signature %s", __func__, auth_method, key, 1483 debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
1481 (ret == 0) ? "verified" : "unverified"); 1484 (ret == 0) ? "verified" : "unverified",
1485 (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
1486
1487 if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) {
1488 req_presence = (options.pubkey_auth_options &
1489 PUBKEYAUTH_TOUCH_REQUIRED) ||
1490 !key_opts->no_require_user_presence;
1491 if (req_presence &&
1492 (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) {
1493 error("public key %s %s signature for %s%s from %.128s "
1494 "port %d rejected: user presence "
1495 "(authenticator touch) requirement not met ",
1496 sshkey_type(key), fp,
1497 authctxt->valid ? "" : "invalid user ",
1498 authctxt->user, ssh_remote_ipaddr(ssh),
1499 ssh_remote_port(ssh));
1500 ret = SSH_ERR_SIGNATURE_INVALID;
1501 }
1502 }
1482 auth2_record_key(authctxt, ret == 0, key); 1503 auth2_record_key(authctxt, ret == 0, key);
1483 1504
1484 free(blob);
1485 free(signature);
1486 free(data);
1487 free(sigalg);
1488
1489 if (key_blobtype == MM_USERKEY) 1505 if (key_blobtype == MM_USERKEY)
1490 auth_activate_options(ssh, key_opts); 1506 auth_activate_options(ssh, key_opts);
1491 monitor_reset_key_state(); 1507 monitor_reset_key_state();
1492 1508
1493 sshkey_free(key);
1494 sshbuf_reset(m); 1509 sshbuf_reset(m);
1495 1510
1496 /* encode ret != 0 as positive integer, since we're sending u32 */ 1511 /* encode ret != 0 as positive integer, since we're sending u32 */
1497 encoded_ret = (ret != 0); 1512 encoded_ret = (ret != 0);
1498 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) 1513 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 ||
1514 (r = sshbuf_put_u8(m, sig_details != NULL)) != 0)
1499 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1515 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1516 if (sig_details != NULL) {
1517 if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 ||
1518 (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0)
1519 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1520 }
1521 sshkey_sig_details_free(sig_details);
1500 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1522 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1501 1523
1524 free(sigalg);
1525 free(fp);
1526 sshkey_free(key);
1527
1502 return ret == 0; 1528 return ret == 0;
1503} 1529}
1504 1530
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 933ce9a3d..b49c268d3 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.117 2019/12/15 18:57:30 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max)
215 215
216int 216int
217mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, 217mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
218 const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) 218 const u_char *data, size_t datalen, const char *hostkey_alg,
219 const char *sk_provider, u_int compat)
219{ 220{
220 struct kex *kex = *pmonitor->m_pkex; 221 struct kex *kex = *pmonitor->m_pkex;
221 struct sshbuf *m; 222 struct sshbuf *m;
@@ -223,7 +224,6 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
223 int r; 224 int r;
224 225
225 debug3("%s entering", __func__); 226 debug3("%s entering", __func__);
226
227 if ((m = sshbuf_new()) == NULL) 227 if ((m = sshbuf_new()) == NULL)
228 fatal("%s: sshbuf_new failed", __func__); 228 fatal("%s: sshbuf_new failed", __func__);
229 if ((r = sshbuf_put_u32(m, ndx)) != 0 || 229 if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
@@ -514,15 +514,19 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
514 514
515int 515int
516mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, 516mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
517 const u_char *data, size_t datalen, const char *sigalg, u_int compat) 517 const u_char *data, size_t datalen, const char *sigalg, u_int compat,
518 struct sshkey_sig_details **sig_detailsp)
518{ 519{
519 struct sshbuf *m; 520 struct sshbuf *m;
520 u_int encoded_ret = 0; 521 u_int encoded_ret = 0;
521 int r; 522 int r;
523 u_char sig_details_present, flags;
524 u_int counter;
522 525
523 debug3("%s entering", __func__); 526 debug3("%s entering", __func__);
524 527
525 528 if (sig_detailsp != NULL)
529 *sig_detailsp = NULL;
526 if ((m = sshbuf_new()) == NULL) 530 if ((m = sshbuf_new()) == NULL)
527 fatal("%s: sshbuf_new failed", __func__); 531 fatal("%s: sshbuf_new failed", __func__);
528 if ((r = sshkey_puts(key, m)) != 0 || 532 if ((r = sshkey_puts(key, m)) != 0 ||
@@ -537,8 +541,19 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
537 mm_request_receive_expect(pmonitor->m_recvfd, 541 mm_request_receive_expect(pmonitor->m_recvfd,
538 MONITOR_ANS_KEYVERIFY, m); 542 MONITOR_ANS_KEYVERIFY, m);
539 543
540 if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0) 544 if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
545 (r = sshbuf_get_u8(m, &sig_details_present)) != 0)
541 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 546 fatal("%s: buffer error: %s", __func__, ssh_err(r));
547 if (sig_details_present && encoded_ret == 0) {
548 if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
549 (r = sshbuf_get_u8(m, &flags)) != 0)
550 fatal("%s: buffer error: %s", __func__, ssh_err(r));
551 if (sig_detailsp != NULL) {
552 *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
553 (*sig_detailsp)->sk_counter = counter;
554 (*sig_detailsp)->sk_flags = flags;
555 }
556 }
542 557
543 sshbuf_free(m); 558 sshbuf_free(m);
544 559
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 0f09dba09..370b08e17 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.h,v 1.42 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.h,v 1.44 2019/11/25 00:51:37 djm Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -38,6 +38,7 @@ struct monitor;
38struct Authctxt; 38struct Authctxt;
39struct sshkey; 39struct sshkey;
40struct sshauthopt; 40struct sshauthopt;
41struct sshkey_sig_details;
41 42
42void mm_log_handler(LogLevel, const char *, void *); 43void mm_log_handler(LogLevel, const char *, void *);
43int mm_is_monitor(void); 44int mm_is_monitor(void);
@@ -45,7 +46,7 @@ int mm_is_monitor(void);
45DH *mm_choose_dh(int, int, int); 46DH *mm_choose_dh(int, int, int);
46#endif 47#endif
47int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, 48int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
48 const u_char *, size_t, const char *, u_int compat); 49 const u_char *, size_t, const char *, const char *, u_int compat);
49void mm_inform_authserv(char *, char *, char *); 50void mm_inform_authserv(char *, char *, char *);
50void mm_inform_authrole(char *); 51void mm_inform_authrole(char *);
51struct passwd *mm_getpwnamallow(struct ssh *, const char *); 52struct passwd *mm_getpwnamallow(struct ssh *, const char *);
@@ -58,7 +59,7 @@ int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
58int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *, 59int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
59 const char *, struct sshkey *); 60 const char *, struct sshkey *);
60int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, 61int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
61 const u_char *, size_t, const char *, u_int); 62 const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **);
62 63
63#ifdef GSSAPI 64#ifdef GSSAPI
64OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 65OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
diff --git a/msg.c b/msg.c
index 1bd20f3d3..99c25cd25 100644
--- a/msg.c
+++ b/msg.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: msg.c,v 1.17 2018/07/09 21:59:10 markus Exp $ */ 1/* $OpenBSD: msg.c,v 1.18 2020/01/22 04:49:16 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -47,16 +47,16 @@ ssh_msg_send(int fd, u_char type, struct sshbuf *m)
47 u_char buf[5]; 47 u_char buf[5];
48 u_int mlen = sshbuf_len(m); 48 u_int mlen = sshbuf_len(m);
49 49
50 debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff); 50 debug3("%s: type %u", __func__, (unsigned int)type & 0xff);
51 51
52 put_u32(buf, mlen + 1); 52 put_u32(buf, mlen + 1);
53 buf[4] = type; /* 1st byte of payload is mesg-type */ 53 buf[4] = type; /* 1st byte of payload is mesg-type */
54 if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) { 54 if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
55 error("ssh_msg_send: write"); 55 error("%s: write: %s", __func__, strerror(errno));
56 return (-1); 56 return (-1);
57 } 57 }
58 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) { 58 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) {
59 error("ssh_msg_send: write"); 59 error("%s: write: %s", __func__, strerror(errno));
60 return (-1); 60 return (-1);
61 } 61 }
62 return (0); 62 return (0);
@@ -73,12 +73,12 @@ ssh_msg_recv(int fd, struct sshbuf *m)
73 73
74 if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) { 74 if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
75 if (errno != EPIPE) 75 if (errno != EPIPE)
76 error("ssh_msg_recv: read: header"); 76 error("%s: read header: %s", __func__, strerror(errno));
77 return (-1); 77 return (-1);
78 } 78 }
79 msg_len = get_u32(buf); 79 msg_len = get_u32(buf);
80 if (msg_len > 256 * 1024) { 80 if (msg_len > 256 * 1024) {
81 error("ssh_msg_recv: read: bad msg_len %u", msg_len); 81 error("%s: read: bad msg_len %u", __func__, msg_len);
82 return (-1); 82 return (-1);
83 } 83 }
84 sshbuf_reset(m); 84 sshbuf_reset(m);
@@ -87,7 +87,7 @@ ssh_msg_recv(int fd, struct sshbuf *m)
87 return -1; 87 return -1;
88 } 88 }
89 if (atomicio(read, fd, p, msg_len) != msg_len) { 89 if (atomicio(read, fd, p, msg_len) != msg_len) {
90 error("ssh_msg_recv: read: %s", strerror(errno)); 90 error("%s: read: %s", __func__, strerror(errno));
91 return (-1); 91 return (-1);
92 } 92 }
93 return (0); 93 return (0);
diff --git a/mux.c b/mux.c
index f3ea11cdc..5efc849c4 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: mux.c,v 1.81 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -1911,7 +1911,7 @@ mux_client_request_session(int fd)
1911 return -1; 1911 return -1;
1912 } 1912 }
1913 1913
1914 signal(SIGPIPE, SIG_IGN); 1914 ssh_signal(SIGPIPE, SIG_IGN);
1915 1915
1916 if (stdin_null_flag) { 1916 if (stdin_null_flag) {
1917 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1) 1917 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2012,10 +2012,10 @@ mux_client_request_session(int fd)
2012 fatal("%s pledge(): %s", __func__, strerror(errno)); 2012 fatal("%s pledge(): %s", __func__, strerror(errno));
2013 platform_pledge_mux(); 2013 platform_pledge_mux();
2014 2014
2015 signal(SIGHUP, control_client_sighandler); 2015 ssh_signal(SIGHUP, control_client_sighandler);
2016 signal(SIGINT, control_client_sighandler); 2016 ssh_signal(SIGINT, control_client_sighandler);
2017 signal(SIGTERM, control_client_sighandler); 2017 ssh_signal(SIGTERM, control_client_sighandler);
2018 signal(SIGWINCH, control_client_sigrelay); 2018 ssh_signal(SIGWINCH, control_client_sigrelay);
2019 2019
2020 rawmode = tty_flag; 2020 rawmode = tty_flag;
2021 if (tty_flag) 2021 if (tty_flag)
@@ -2145,7 +2145,7 @@ mux_client_request_stdio_fwd(int fd)
2145 return -1; 2145 return -1;
2146 } 2146 }
2147 2147
2148 signal(SIGPIPE, SIG_IGN); 2148 ssh_signal(SIGPIPE, SIG_IGN);
2149 2149
2150 if (stdin_null_flag) { 2150 if (stdin_null_flag) {
2151 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1) 2151 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
@@ -2219,10 +2219,10 @@ mux_client_request_stdio_fwd(int fd)
2219 } 2219 }
2220 muxclient_request_id++; 2220 muxclient_request_id++;
2221 2221
2222 signal(SIGHUP, control_client_sighandler); 2222 ssh_signal(SIGHUP, control_client_sighandler);
2223 signal(SIGINT, control_client_sighandler); 2223 ssh_signal(SIGINT, control_client_sighandler);
2224 signal(SIGTERM, control_client_sighandler); 2224 ssh_signal(SIGTERM, control_client_sighandler);
2225 signal(SIGWINCH, control_client_sigrelay); 2225 ssh_signal(SIGWINCH, control_client_sigrelay);
2226 2226
2227 /* 2227 /*
2228 * Stick around until the controlee closes the client_fd. 2228 * Stick around until the controlee closes the client_fd.
diff --git a/myproposal.h b/myproposal.h
index 34bd10c9f..5312e6058 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */ 1/* $OpenBSD: myproposal.h,v 1.67 2020/01/24 00:28:57 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -24,103 +24,47 @@
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */ 25 */
26 26
27#include <openssl/opensslv.h> 27#define KEX_SERVER_KEX \
28 28 "curve25519-sha256," \
29/* conditional algorithm support */ 29 "curve25519-sha256@libssh.org," \
30
31#ifdef OPENSSL_HAS_ECC
32#ifdef OPENSSL_HAS_NISTP521
33# define KEX_ECDH_METHODS \
34 "ecdh-sha2-nistp256," \ 30 "ecdh-sha2-nistp256," \
35 "ecdh-sha2-nistp384," \ 31 "ecdh-sha2-nistp384," \
36 "ecdh-sha2-nistp521," 32 "ecdh-sha2-nistp521," \
37# define HOSTKEY_ECDSA_CERT_METHODS \
38 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
39 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
40 "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
41# define HOSTKEY_ECDSA_METHODS \
42 "ecdsa-sha2-nistp256," \
43 "ecdsa-sha2-nistp384," \
44 "ecdsa-sha2-nistp521,"
45#else
46# define KEX_ECDH_METHODS \
47 "ecdh-sha2-nistp256," \
48 "ecdh-sha2-nistp384,"
49# define HOSTKEY_ECDSA_CERT_METHODS \
50 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
51 "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
52# define HOSTKEY_ECDSA_METHODS \
53 "ecdsa-sha2-nistp256," \
54 "ecdsa-sha2-nistp384,"
55#endif
56#else
57# define KEX_ECDH_METHODS
58# define HOSTKEY_ECDSA_CERT_METHODS
59# define HOSTKEY_ECDSA_METHODS
60#endif
61
62#ifdef OPENSSL_HAVE_EVPGCM
63# define AESGCM_CIPHER_MODES \
64 ",aes128-gcm@openssh.com,aes256-gcm@openssh.com"
65#else
66# define AESGCM_CIPHER_MODES
67#endif
68
69#ifdef HAVE_EVP_SHA256
70# define KEX_SHA2_METHODS \
71 "diffie-hellman-group-exchange-sha256," \ 33 "diffie-hellman-group-exchange-sha256," \
72 "diffie-hellman-group16-sha512," \ 34 "diffie-hellman-group16-sha512," \
73 "diffie-hellman-group18-sha512," 35 "diffie-hellman-group18-sha512," \
74# define KEX_SHA2_GROUP14 \ 36 "diffie-hellman-group14-sha256"
75 "diffie-hellman-group14-sha256,"
76#define SHA2_HMAC_MODES \
77 "hmac-sha2-256," \
78 "hmac-sha2-512,"
79#else
80# define KEX_SHA2_METHODS
81# define KEX_SHA2_GROUP14
82# define SHA2_HMAC_MODES
83#endif
84
85#ifdef WITH_OPENSSL
86# ifdef HAVE_EVP_SHA256
87# define KEX_CURVE25519_METHODS \
88 "curve25519-sha256," \
89 "curve25519-sha256@libssh.org,"
90# else
91# define KEX_CURVE25519_METHODS ""
92# endif
93#define KEX_SERVER_KEX \
94 KEX_CURVE25519_METHODS \
95 KEX_ECDH_METHODS \
96 KEX_SHA2_METHODS \
97 KEX_SHA2_GROUP14 \
98 "diffie-hellman-group14-sha1"
99 37
100#define KEX_CLIENT_KEX KEX_SERVER_KEX 38#define KEX_CLIENT_KEX KEX_SERVER_KEX
101 39
102#define KEX_DEFAULT_PK_ALG \ 40#define KEX_DEFAULT_PK_ALG \
103 HOSTKEY_ECDSA_CERT_METHODS \ 41 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
42 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
43 "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
44 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
104 "ssh-ed25519-cert-v01@openssh.com," \ 45 "ssh-ed25519-cert-v01@openssh.com," \
46 "sk-ssh-ed25519-cert-v01@openssh.com," \
105 "rsa-sha2-512-cert-v01@openssh.com," \ 47 "rsa-sha2-512-cert-v01@openssh.com," \
106 "rsa-sha2-256-cert-v01@openssh.com," \ 48 "rsa-sha2-256-cert-v01@openssh.com," \
107 "ssh-rsa-cert-v01@openssh.com," \ 49 "ssh-rsa-cert-v01@openssh.com," \
108 HOSTKEY_ECDSA_METHODS \ 50 "ecdsa-sha2-nistp256," \
51 "ecdsa-sha2-nistp384," \
52 "ecdsa-sha2-nistp521," \
53 "sk-ecdsa-sha2-nistp256@openssh.com," \
109 "ssh-ed25519," \ 54 "ssh-ed25519," \
55 "sk-ssh-ed25519@openssh.com," \
110 "rsa-sha2-512," \ 56 "rsa-sha2-512," \
111 "rsa-sha2-256," \ 57 "rsa-sha2-256," \
112 "ssh-rsa" 58 "ssh-rsa"
113 59
114/* the actual algorithms */ 60#define KEX_SERVER_ENCRYPT \
115
116#define KEX_SERVER_ENCRYPT \
117 "chacha20-poly1305@openssh.com," \ 61 "chacha20-poly1305@openssh.com," \
118 "aes128-ctr,aes192-ctr,aes256-ctr" \ 62 "aes128-ctr,aes192-ctr,aes256-ctr," \
119 AESGCM_CIPHER_MODES 63 "aes128-gcm@openssh.com,aes256-gcm@openssh.com"
120 64
121#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT 65#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
122 66
123#define KEX_SERVER_MAC \ 67#define KEX_SERVER_MAC \
124 "umac-64-etm@openssh.com," \ 68 "umac-64-etm@openssh.com," \
125 "umac-128-etm@openssh.com," \ 69 "umac-128-etm@openssh.com," \
126 "hmac-sha2-256-etm@openssh.com," \ 70 "hmac-sha2-256-etm@openssh.com," \
@@ -136,42 +80,14 @@
136 80
137/* Not a KEX value, but here so all the algorithm defaults are together */ 81/* Not a KEX value, but here so all the algorithm defaults are together */
138#define SSH_ALLOWED_CA_SIGALGS \ 82#define SSH_ALLOWED_CA_SIGALGS \
139 HOSTKEY_ECDSA_METHODS \ 83 "ecdsa-sha2-nistp256," \
84 "ecdsa-sha2-nistp384," \
85 "ecdsa-sha2-nistp521," \
86 "sk-ecdsa-sha2-nistp256@openssh.com," \
140 "ssh-ed25519," \ 87 "ssh-ed25519," \
88 "sk-ssh-ed25519@openssh.com," \
141 "rsa-sha2-512," \ 89 "rsa-sha2-512," \
142 "rsa-sha2-256," \ 90 "rsa-sha2-256"
143 "ssh-rsa"
144
145#else /* WITH_OPENSSL */
146
147#define KEX_SERVER_KEX \
148 "curve25519-sha256," \
149 "curve25519-sha256@libssh.org"
150#define KEX_DEFAULT_PK_ALG \
151 "ssh-ed25519-cert-v01@openssh.com," \
152 "ssh-ed25519"
153#define KEX_SERVER_ENCRYPT \
154 "chacha20-poly1305@openssh.com," \
155 "aes128-ctr,aes192-ctr,aes256-ctr"
156#define KEX_SERVER_MAC \
157 "umac-64-etm@openssh.com," \
158 "umac-128-etm@openssh.com," \
159 "hmac-sha2-256-etm@openssh.com," \
160 "hmac-sha2-512-etm@openssh.com," \
161 "hmac-sha1-etm@openssh.com," \
162 "umac-64@openssh.com," \
163 "umac-128@openssh.com," \
164 "hmac-sha2-256," \
165 "hmac-sha2-512," \
166 "hmac-sha1"
167
168#define KEX_CLIENT_KEX KEX_SERVER_KEX
169#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
170#define KEX_CLIENT_MAC KEX_SERVER_MAC
171
172#define SSH_ALLOWED_CA_SIGALGS "ssh-ed25519"
173
174#endif /* WITH_OPENSSL */
175 91
176#define KEX_DEFAULT_COMP "none,zlib@openssh.com" 92#define KEX_DEFAULT_COMP "none,zlib@openssh.com"
177#define KEX_DEFAULT_LANG "" 93#define KEX_DEFAULT_LANG ""
@@ -199,4 +115,3 @@
199 KEX_DEFAULT_COMP, \ 115 KEX_DEFAULT_COMP, \
200 KEX_DEFAULT_LANG, \ 116 KEX_DEFAULT_LANG, \
201 KEX_DEFAULT_LANG 117 KEX_DEFAULT_LANG
202
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 1162dc550..3eb188f0b 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -7,12 +7,15 @@ VPATH=@srcdir@
7CC=@CC@ 7CC=@CC@
8LD=@LD@ 8LD=@LD@
9CFLAGS=@CFLAGS@ 9CFLAGS=@CFLAGS@
10CFLAGS_NOPIE=@CFLAGS_NOPIE@
10CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ 11CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
12PICFLAG=@PICFLAG@
11LIBS=@LIBS@ 13LIBS=@LIBS@
12AR=@AR@ 14AR=@AR@
13RANLIB=@RANLIB@ 15RANLIB=@RANLIB@
14INSTALL=@INSTALL@ 16INSTALL=@INSTALL@
15LDFLAGS=-L. @LDFLAGS@ 17LDFLAGS=-L. @LDFLAGS@
18LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
16 19
17OPENBSD=base64.o \ 20OPENBSD=base64.o \
18 basename.o \ 21 basename.o \
@@ -25,6 +28,7 @@ OPENBSD=base64.o \
25 explicit_bzero.o \ 28 explicit_bzero.o \
26 fmt_scaled.o \ 29 fmt_scaled.o \
27 freezero.o \ 30 freezero.o \
31 fnmatch.o \
28 getcwd.o \ 32 getcwd.o \
29 getgrouplist.o \ 33 getgrouplist.o \
30 getopt_long.o \ 34 getopt_long.o \
@@ -40,7 +44,6 @@ OPENBSD=base64.o \
40 readpassphrase.o \ 44 readpassphrase.o \
41 reallocarray.o \ 45 reallocarray.o \
42 recallocarray.o \ 46 recallocarray.o \
43 rmd160.o \
44 rresvport.o \ 47 rresvport.o \
45 setenv.o \ 48 setenv.o \
46 setproctitle.o \ 49 setproctitle.o \
@@ -96,7 +99,7 @@ PORTS= port-aix.o \
96 port-uw.o 99 port-uw.o
97 100
98.c.o: 101.c.o:
99 $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 102 $(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $<
100 103
101all: libopenbsd-compat.a 104all: libopenbsd-compat.a
102 105
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 7a26ee40c..829e0c075 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -426,3 +426,13 @@ int _ssh_compat_fflush(FILE *f)
426 return fflush(f); 426 return fflush(f);
427} 427}
428#endif 428#endif
429
430#ifndef HAVE_LOCALTIME_R
431struct tm *
432localtime_r(const time_t *timep, struct tm *result)
433{
434 struct tm *tm = localtime(timep);
435 *result = *tm;
436 return result;
437}
438#endif
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index cb158cd5c..3a7dd6f4c 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -64,14 +64,6 @@ struct timeval {
64int utimes(char *, struct timeval *); 64int utimes(char *, struct timeval *);
65#endif /* HAVE_UTIMES */ 65#endif /* HAVE_UTIMES */
66 66
67#ifndef HAVE_UTIMENSAT
68/* start with the high bits and work down to minimise risk of overlap */
69# ifndef AT_SYMLINK_NOFOLLOW
70# define AT_SYMLINK_NOFOLLOW 0x80000000
71# endif
72int utimensat(int, const char *, const struct timespec[2], int);
73#endif
74
75#ifndef AT_FDCWD 67#ifndef AT_FDCWD
76# define AT_FDCWD (-2) 68# define AT_FDCWD (-2)
77#endif 69#endif
@@ -88,16 +80,27 @@ int fchownat(int, const char *, uid_t, gid_t, int);
88int truncate (const char *, off_t); 80int truncate (const char *, off_t);
89#endif /* HAVE_TRUNCATE */ 81#endif /* HAVE_TRUNCATE */
90 82
91#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
92#ifndef HAVE_STRUCT_TIMESPEC 83#ifndef HAVE_STRUCT_TIMESPEC
93struct timespec { 84struct timespec {
94 time_t tv_sec; 85 time_t tv_sec;
95 long tv_nsec; 86 long tv_nsec;
96}; 87};
97#endif 88#endif /* !HAVE_STRUCT_TIMESPEC */
89
90#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
91# include <time.h>
98int nanosleep(const struct timespec *, struct timespec *); 92int nanosleep(const struct timespec *, struct timespec *);
99#endif 93#endif
100 94
95#ifndef HAVE_UTIMENSAT
96# include <time.h>
97/* start with the high bits and work down to minimise risk of overlap */
98# ifndef AT_SYMLINK_NOFOLLOW
99# define AT_SYMLINK_NOFOLLOW 0x80000000
100# endif
101int utimensat(int, const char *, const struct timespec[2], int);
102#endif /* !HAVE_UTIMENSAT */
103
101#ifndef HAVE_USLEEP 104#ifndef HAVE_USLEEP
102int usleep(unsigned int useconds); 105int usleep(unsigned int useconds);
103#endif 106#endif
@@ -177,4 +180,12 @@ int flock(int, int);
177# define fflush(x) (_ssh_compat_fflush(x)) 180# define fflush(x) (_ssh_compat_fflush(x))
178#endif 181#endif
179 182
183#ifndef HAVE_LOCALTIME_R
184struct tm *localtime_r(const time_t *, struct tm *);
185#endif
186
187#ifndef HAVE_REALPATH
188#define realpath(x, y) (sftp_realpath((x), (y)))
189#endif
190
180#endif /* _BSD_MISC_H */ 191#endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index 123a9be56..1ab41f42b 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -65,6 +65,8 @@
65#include <string.h> 65#include <string.h>
66#include <unistd.h> 66#include <unistd.h>
67 67
68#include "misc.h"
69
68#ifndef O_NOCTTY 70#ifndef O_NOCTTY
69#define O_NOCTTY 0 71#define O_NOCTTY 0
70#endif 72#endif
@@ -97,16 +99,16 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
97 */ 99 */
98 int ptm; 100 int ptm;
99 char *pts; 101 char *pts;
100 mysig_t old_signal; 102 sshsig_t old_signal;
101 103
102 if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1) 104 if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1)
103 return (-1); 105 return (-1);
104 106
105 /* XXX: need to close ptm on error? */ 107 /* XXX: need to close ptm on error? */
106 old_signal = signal(SIGCHLD, SIG_DFL); 108 old_signal = ssh_signal(SIGCHLD, SIG_DFL);
107 if (grantpt(ptm) < 0) 109 if (grantpt(ptm) < 0)
108 return (-1); 110 return (-1);
109 signal(SIGCHLD, old_signal); 111 ssh_signal(SIGCHLD, old_signal);
110 112
111 if (unlockpt(ptm) < 0) 113 if (unlockpt(ptm) < 0)
112 return (-1); 114 return (-1);
diff --git a/openbsd-compat/bsd-signal.c b/openbsd-compat/bsd-signal.c
index 0b816a3a6..38d5e972e 100644
--- a/openbsd-compat/bsd-signal.c
+++ b/openbsd-compat/bsd-signal.c
@@ -23,34 +23,6 @@
23 23
24#include "openbsd-compat/bsd-signal.h" 24#include "openbsd-compat/bsd-signal.h"
25 25
26#undef signal
27
28mysig_t
29mysignal(int sig, mysig_t act)
30{
31#ifdef HAVE_SIGACTION
32 struct sigaction sa, osa;
33
34 if (sigaction(sig, NULL, &osa) == -1)
35 return (mysig_t) -1;
36 if (osa.sa_handler != act) {
37 memset(&sa, 0, sizeof(sa));
38 sigemptyset(&sa.sa_mask);
39 sa.sa_flags = 0;
40#ifdef SA_INTERRUPT
41 if (sig == SIGALRM)
42 sa.sa_flags |= SA_INTERRUPT;
43#endif
44 sa.sa_handler = act;
45 if (sigaction(sig, &sa, NULL) == -1)
46 return (mysig_t) -1;
47 }
48 return (osa.sa_handler);
49#else
50 return (signal(sig, act));
51#endif
52}
53
54#if !defined(HAVE_STRSIGNAL) 26#if !defined(HAVE_STRSIGNAL)
55char *strsignal(int sig) 27char *strsignal(int sig)
56{ 28{
diff --git a/openbsd-compat/bsd-signal.h b/openbsd-compat/bsd-signal.h
index 4cb8cb7a0..8d8c44419 100644
--- a/openbsd-compat/bsd-signal.h
+++ b/openbsd-compat/bsd-signal.h
@@ -19,6 +19,8 @@
19 19
20#include "includes.h" 20#include "includes.h"
21 21
22#include <signal.h>
23
22#ifndef _NSIG 24#ifndef _NSIG
23# ifdef NSIG 25# ifdef NSIG
24# define _NSIG NSIG 26# define _NSIG NSIG
@@ -27,11 +29,6 @@
27# endif 29# endif
28#endif 30#endif
29 31
30/* wrapper for signal interface */
31typedef void (*mysig_t)(int);
32mysig_t mysignal(int sig, mysig_t act);
33#define signal(a,b) mysignal(a,b)
34
35#if !defined(HAVE_STRSIGNAL) 32#if !defined(HAVE_STRSIGNAL)
36char *strsignal(int); 33char *strsignal(int);
37#endif 34#endif
diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c
index e3bd87d98..10d876439 100644
--- a/openbsd-compat/bsd-statvfs.c
+++ b/openbsd-compat/bsd-statvfs.c
@@ -29,6 +29,11 @@
29# define MNAMELEN 32 29# define MNAMELEN 32
30#endif 30#endif
31 31
32#ifdef HAVE_STRUCT_STATFS_F_FILES
33# define HAVE_STRUCT_STATFS
34#endif
35
36#ifdef HAVE_STRUCT_STATFS
32static void 37static void
33copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) 38copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from)
34{ 39{
@@ -48,11 +53,12 @@ copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from)
48#endif 53#endif
49 to->f_namemax = MNAMELEN; 54 to->f_namemax = MNAMELEN;
50} 55}
56#endif
51 57
52# ifndef HAVE_STATVFS 58# ifndef HAVE_STATVFS
53int statvfs(const char *path, struct statvfs *buf) 59int statvfs(const char *path, struct statvfs *buf)
54{ 60{
55# ifdef HAVE_STATFS 61# if defined(HAVE_STATFS) && defined(HAVE_STRUCT_STATFS)
56 struct statfs fs; 62 struct statfs fs;
57 63
58 memset(&fs, 0, sizeof(fs)); 64 memset(&fs, 0, sizeof(fs));
@@ -70,7 +76,7 @@ int statvfs(const char *path, struct statvfs *buf)
70# ifndef HAVE_FSTATVFS 76# ifndef HAVE_FSTATVFS
71int fstatvfs(int fd, struct statvfs *buf) 77int fstatvfs(int fd, struct statvfs *buf)
72{ 78{
73# ifdef HAVE_FSTATFS 79# if defined(HAVE_FSTATFS) && defined(HAVE_STRUCT_STATFS)
74 struct statfs fs; 80 struct statfs fs;
75 81
76 memset(&fs, 0, sizeof(fs)); 82 memset(&fs, 0, sizeof(fs));
diff --git a/openbsd-compat/fnmatch.c b/openbsd-compat/fnmatch.c
new file mode 100644
index 000000000..da841d203
--- /dev/null
+++ b/openbsd-compat/fnmatch.c
@@ -0,0 +1,495 @@
1/* $OpenBSD: fnmatch.c,v 1.21 2016/03/01 20:29:03 millert Exp $ */
2
3/* Copyright (c) 2011, VMware, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * * Neither the name of the VMware, Inc. nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29/*
30 * Copyright (c) 2008, 2016 Todd C. Miller <millert@openbsd.org>
31 *
32 * Permission to use, copy, modify, and distribute this software for any
33 * purpose with or without fee is hereby granted, provided that the above
34 * copyright notice and this permission notice appear in all copies.
35 *
36 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43 */
44
45/* Authored by William A. Rowe Jr. <wrowe; apache.org, vmware.com>, April 2011
46 *
47 * Derived from The Open Group Base Specifications Issue 7, IEEE Std 1003.1-2008
48 * as described in;
49 * http://pubs.opengroup.org/onlinepubs/9699919799/functions/fnmatch.html
50 *
51 * Filename pattern matches defined in section 2.13, "Pattern Matching Notation"
52 * from chapter 2. "Shell Command Language"
53 * http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_13
54 * where; 1. A bracket expression starting with an unquoted <circumflex> '^'
55 * character CONTINUES to specify a non-matching list; 2. an explicit <period> '.'
56 * in a bracket expression matching list, e.g. "[.abc]" does NOT match a leading
57 * <period> in a filename; 3. a <left-square-bracket> '[' which does not introduce
58 * a valid bracket expression is treated as an ordinary character; 4. a differing
59 * number of consecutive slashes within pattern and string will NOT match;
60 * 5. a trailing '\' in FNM_ESCAPE mode is treated as an ordinary '\' character.
61 *
62 * Bracket expansion defined in section 9.3.5, "RE Bracket Expression",
63 * from chapter 9, "Regular Expressions"
64 * http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_03_05
65 * with no support for collating symbols, equivalence class expressions or
66 * character class expressions. A partial range expression with a leading
67 * hyphen following a valid range expression will match only the ordinary
68 * <hyphen> and the ending character (e.g. "[a-m-z]" will match characters
69 * 'a' through 'm', a <hyphen> '-', or a 'z').
70 *
71 * Supports BSD extensions FNM_LEADING_DIR to match pattern to the end of one
72 * path segment of string, and FNM_CASEFOLD to ignore alpha case.
73 *
74 * NOTE: Only POSIX/C single byte locales are correctly supported at this time.
75 * Notably, non-POSIX locales with FNM_CASEFOLD produce undefined results,
76 * particularly in ranges of mixed case (e.g. "[A-z]") or spanning alpha and
77 * nonalpha characters within a range.
78 *
79 * XXX comments below indicate porting required for multi-byte character sets
80 * and non-POSIX locale collation orders; requires mbr* APIs to track shift
81 * state of pattern and string (rewinding pattern and string repeatedly).
82 *
83 * Certain parts of the code assume 0x00-0x3F are unique with any MBCS (e.g.
84 * UTF-8, SHIFT-JIS, etc). Any implementation allowing '\' as an alternate
85 * path delimiter must be aware that 0x5C is NOT unique within SHIFT-JIS.
86 */
87
88/* OPENBSD ORIGINAL: lib/libc/gen/fnmatch.c */
89
90#include "includes.h"
91#ifndef HAVE_FNMATCH
92
93#include <fnmatch.h>
94#include <string.h>
95#include <ctype.h>
96
97#include "charclass.h"
98
99#define RANGE_MATCH 1
100#define RANGE_NOMATCH 0
101#define RANGE_ERROR (-1)
102
103static int
104classmatch(const char *pattern, char test, int foldcase, const char **ep)
105{
106 const char * const mismatch = pattern;
107 const char *colon;
108 struct cclass *cc;
109 int rval = RANGE_NOMATCH;
110 size_t len;
111
112 if (pattern[0] != '[' || pattern[1] != ':') {
113 *ep = mismatch;
114 return RANGE_ERROR;
115 }
116 pattern += 2;
117
118 if ((colon = strchr(pattern, ':')) == NULL || colon[1] != ']') {
119 *ep = mismatch;
120 return RANGE_ERROR;
121 }
122 *ep = colon + 2;
123 len = (size_t)(colon - pattern);
124
125 if (foldcase && strncmp(pattern, "upper:]", 7) == 0)
126 pattern = "lower:]";
127 for (cc = cclasses; cc->name != NULL; cc++) {
128 if (!strncmp(pattern, cc->name, len) && cc->name[len] == '\0') {
129 if (cc->isctype((unsigned char)test))
130 rval = RANGE_MATCH;
131 break;
132 }
133 }
134 if (cc->name == NULL) {
135 /* invalid character class, treat as normal text */
136 *ep = mismatch;
137 rval = RANGE_ERROR;
138 }
139 return rval;
140}
141
142/* Most MBCS/collation/case issues handled here. Wildcard '*' is not handled.
143 * EOS '\0' and the FNM_PATHNAME '/' delimiters are not advanced over,
144 * however the "\/" sequence is advanced to '/'.
145 *
146 * Both pattern and string are **char to support pointer increment of arbitrary
147 * multibyte characters for the given locale, in a later iteration of this code
148 */
149static int fnmatch_ch(const char **pattern, const char **string, int flags)
150{
151 const char * const mismatch = *pattern;
152 const int nocase = !!(flags & FNM_CASEFOLD);
153 const int escape = !(flags & FNM_NOESCAPE);
154 const int slash = !!(flags & FNM_PATHNAME);
155 int result = FNM_NOMATCH;
156 const char *startch;
157 int negate;
158
159 if (**pattern == '[') {
160 ++*pattern;
161
162 /* Handle negation, either leading ! or ^ operators */
163 negate = (**pattern == '!') || (**pattern == '^');
164 if (negate)
165 ++*pattern;
166
167 /* ']' is an ordinary char at the start of the range pattern */
168 if (**pattern == ']')
169 goto leadingclosebrace;
170
171 while (**pattern) {
172 if (**pattern == ']') {
173 ++*pattern;
174 /* XXX: Fix for MBCS character width */
175 ++*string;
176 return (result ^ negate);
177 }
178
179 if (escape && (**pattern == '\\')) {
180 ++*pattern;
181
182 /* Patterns must terminate with ']', not EOS */
183 if (!**pattern)
184 break;
185 }
186
187 /* Patterns must terminate with ']' not '/' */
188 if (slash && (**pattern == '/'))
189 break;
190
191 /* Match character classes. */
192 switch (classmatch(*pattern, **string, nocase, pattern)) {
193 case RANGE_MATCH:
194 result = 0;
195 continue;
196 case RANGE_NOMATCH:
197 /* Valid character class but no match. */
198 continue;
199 default:
200 /* Not a valid character class. */
201 break;
202 }
203 if (!**pattern)
204 break;
205
206leadingclosebrace:
207 /* Look at only well-formed range patterns;
208 * "x-]" is not allowed unless escaped ("x-\]")
209 * XXX: Fix for locale/MBCS character width
210 */
211 if (((*pattern)[1] == '-') && ((*pattern)[2] != ']')) {
212 startch = *pattern;
213 *pattern += (escape && ((*pattern)[2] == '\\')) ? 3 : 2;
214
215 /*
216 * NOT a properly balanced [expr] pattern, EOS
217 * terminated or ranges containing a slash in
218 * FNM_PATHNAME mode pattern fall out to to the
219 * rewind and test '[' literal code path.
220 */
221 if (!**pattern || (slash && (**pattern == '/')))
222 break;
223
224 /* XXX: handle locale/MBCS comparison, advance by MBCS char width */
225 if ((**string >= *startch) && (**string <= **pattern))
226 result = 0;
227 else if (nocase &&
228 (isupper((unsigned char)**string) ||
229 isupper((unsigned char)*startch) ||
230 isupper((unsigned char)**pattern)) &&
231 (tolower((unsigned char)**string) >=
232 tolower((unsigned char)*startch)) &&
233 (tolower((unsigned char)**string) <=
234 tolower((unsigned char)**pattern)))
235 result = 0;
236
237 ++*pattern;
238 continue;
239 }
240
241 /* XXX: handle locale/MBCS comparison, advance by MBCS char width */
242 if ((**string == **pattern))
243 result = 0;
244 else if (nocase && (isupper((unsigned char)**string) ||
245 isupper((unsigned char)**pattern)) &&
246 (tolower((unsigned char)**string) ==
247 tolower((unsigned char)**pattern)))
248 result = 0;
249
250 ++*pattern;
251 }
252 /*
253 * NOT a properly balanced [expr] pattern;
254 * Rewind and reset result to test '[' literal
255 */
256 *pattern = mismatch;
257 result = FNM_NOMATCH;
258 } else if (**pattern == '?') {
259 /* Optimize '?' match before unescaping **pattern */
260 if (!**string || (slash && (**string == '/')))
261 return FNM_NOMATCH;
262 result = 0;
263 goto fnmatch_ch_success;
264 } else if (escape && (**pattern == '\\') && (*pattern)[1]) {
265 ++*pattern;
266 }
267
268 /* XXX: handle locale/MBCS comparison, advance by the MBCS char width */
269 if (**string == **pattern)
270 result = 0;
271 else if (nocase && (isupper((unsigned char)**string) ||
272 isupper((unsigned char)**pattern)) &&
273 (tolower((unsigned char)**string) ==
274 tolower((unsigned char)**pattern)))
275 result = 0;
276
277 /* Refuse to advance over trailing slash or NULs */
278 if (**string == '\0' || **pattern == '\0' ||
279 (slash && ((**string == '/') || (**pattern == '/'))))
280 return result;
281
282fnmatch_ch_success:
283 ++*pattern;
284 ++*string;
285 return result;
286}
287
288
289int fnmatch(const char *pattern, const char *string, int flags)
290{
291 static const char dummystring[2] = {' ', 0};
292 const int escape = !(flags & FNM_NOESCAPE);
293 const int slash = !!(flags & FNM_PATHNAME);
294 const int leading_dir = !!(flags & FNM_LEADING_DIR);
295 const char *dummyptr, *matchptr, *strendseg;
296 int wild;
297 /* For '*' wild processing only; surpress 'used before initialization'
298 * warnings with dummy initialization values;
299 */
300 const char *strstartseg = NULL;
301 const char *mismatch = NULL;
302 int matchlen = 0;
303
304 if (*pattern == '*')
305 goto firstsegment;
306
307 while (*pattern && *string) {
308 /*
309 * Pre-decode "\/" which has no special significance, and
310 * match balanced slashes, starting a new segment pattern.
311 */
312 if (slash && escape && (*pattern == '\\') && (pattern[1] == '/'))
313 ++pattern;
314 if (slash && (*pattern == '/') && (*string == '/')) {
315 ++pattern;
316 ++string;
317 }
318
319firstsegment:
320 /*
321 * At the beginning of each segment, validate leading period
322 * behavior.
323 */
324 if ((flags & FNM_PERIOD) && (*string == '.')) {
325 if (*pattern == '.')
326 ++pattern;
327 else if (escape && (*pattern == '\\') && (pattern[1] == '.'))
328 pattern += 2;
329 else
330 return FNM_NOMATCH;
331 ++string;
332 }
333
334 /*
335 * Determine the end of string segment. Presumes '/'
336 * character is unique, not composite in any MBCS encoding
337 */
338 if (slash) {
339 strendseg = strchr(string, '/');
340 if (!strendseg)
341 strendseg = strchr(string, '\0');
342 } else {
343 strendseg = strchr(string, '\0');
344 }
345
346 /*
347 * Allow pattern '*' to be consumed even with no remaining
348 * string to match.
349 */
350 while (*pattern) {
351 if ((string > strendseg) ||
352 ((string == strendseg) && (*pattern != '*')))
353 break;
354
355 if (slash && ((*pattern == '/') ||
356 (escape && (*pattern == '\\') && (pattern[1] == '/'))))
357 break;
358
359 /*
360 * Reduce groups of '*' and '?' to n '?' matches
361 * followed by one '*' test for simplicity.
362 */
363 for (wild = 0; (*pattern == '*') || (*pattern == '?'); ++pattern) {
364 if (*pattern == '*') {
365 wild = 1;
366 } else if (string < strendseg) { /* && (*pattern == '?') */
367 /* XXX: Advance 1 char for MBCS locale */
368 ++string;
369 }
370 else { /* (string >= strendseg) && (*pattern == '?') */
371 return FNM_NOMATCH;
372 }
373 }
374
375 if (wild) {
376 strstartseg = string;
377 mismatch = pattern;
378
379 /*
380 * Count fixed (non '*') char matches remaining
381 * in pattern * excluding '/' (or "\/") and '*'.
382 */
383 for (matchptr = pattern, matchlen = 0; 1; ++matchlen) {
384 if ((*matchptr == '\0') ||
385 (slash && ((*matchptr == '/') ||
386 (escape && (*matchptr == '\\') &&
387 (matchptr[1] == '/'))))) {
388 /* Compare precisely this many
389 * trailing string chars, the
390 * resulting match needs no
391 * wildcard loop.
392 */
393 /* XXX: Adjust for MBCS */
394 if (string + matchlen > strendseg)
395 return FNM_NOMATCH;
396
397 string = strendseg - matchlen;
398 wild = 0;
399 break;
400 }
401
402 if (*matchptr == '*') {
403 /*
404 * Ensure at least this many
405 * trailing string chars remain
406 * for the first comparison.
407 */
408 /* XXX: Adjust for MBCS */
409 if (string + matchlen > strendseg)
410 return FNM_NOMATCH;
411
412 /*
413 * Begin first wild comparison
414 * at the current position.
415 */
416 break;
417 }
418
419 /*
420 * Skip forward in pattern by a single
421 * character match Use a dummy
422 * fnmatch_ch() test to count one
423 * "[range]" escape.
424 */
425 /* XXX: Adjust for MBCS */
426 if (escape && (*matchptr == '\\') &&
427 matchptr[1]) {
428 matchptr += 2;
429 } else if (*matchptr == '[') {
430 dummyptr = dummystring;
431 fnmatch_ch(&matchptr, &dummyptr,
432 flags);
433 } else {
434 ++matchptr;
435 }
436 }
437 }
438
439 /* Incrementally match string against the pattern. */
440 while (*pattern && (string < strendseg)) {
441 /* Success; begin a new wild pattern search. */
442 if (*pattern == '*')
443 break;
444
445 if (slash && ((*string == '/') ||
446 (*pattern == '/') || (escape &&
447 (*pattern == '\\') && (pattern[1] == '/'))))
448 break;
449
450 /*
451 * Compare ch's (the pattern is advanced over
452 * "\/" to the '/', but slashes will mismatch,
453 * and are not consumed).
454 */
455 if (!fnmatch_ch(&pattern, &string, flags))
456 continue;
457
458 /*
459 * Failed to match, loop against next char
460 * offset of string segment until not enough
461 * string chars remain to match the fixed
462 * pattern.
463 */
464 if (wild) {
465 /* XXX: Advance 1 char for MBCS locale */
466 string = ++strstartseg;
467 if (string + matchlen > strendseg)
468 return FNM_NOMATCH;
469
470 pattern = mismatch;
471 continue;
472 } else
473 return FNM_NOMATCH;
474 }
475 }
476
477 if (*string && !((slash || leading_dir) && (*string == '/')))
478 return FNM_NOMATCH;
479
480 if (*pattern && !(slash && ((*pattern == '/') ||
481 (escape && (*pattern == '\\') && (pattern[1] == '/')))))
482 return FNM_NOMATCH;
483
484 if (leading_dir && !*pattern && *string == '/')
485 return 0;
486 }
487
488 /* Where both pattern and string are at EOS, declare success. */
489 if (!*string && !*pattern)
490 return 0;
491
492 /* Pattern didn't match to the end of string. */
493 return FNM_NOMATCH;
494}
495#endif /* HAVE_FNMATCH */
diff --git a/openbsd-compat/fnmatch.h b/openbsd-compat/fnmatch.h
new file mode 100644
index 000000000..d3bc4a863
--- /dev/null
+++ b/openbsd-compat/fnmatch.h
@@ -0,0 +1,66 @@
1/* $OpenBSD: fnmatch.h,v 1.8 2005/12/13 00:35:22 millert Exp $ */
2/* $NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $ */
3
4/*-
5 * Copyright (c) 1992, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)fnmatch.h 8.1 (Berkeley) 6/2/93
33 */
34
35/* OPENBSD ORIGINAL: include/fnmatch.h */
36
37#ifndef HAVE_FNMATCH_H
38/* Ensure we define FNM_CASEFOLD */
39#define __BSD_VISIBLE 1
40
41#ifndef _FNMATCH_H_
42#define _FNMATCH_H_
43
44#ifdef HAVE_SYS_CDEFS_H
45#include <sys/cdefs.h>
46#endif
47
48#define FNM_NOMATCH 1 /* Match failed. */
49#define FNM_NOSYS 2 /* Function not supported (unused). */
50
51#define FNM_NOESCAPE 0x01 /* Disable backslash escaping. */
52#define FNM_PATHNAME 0x02 /* Slash must be matched by slash. */
53#define FNM_PERIOD 0x04 /* Period must be matched by period. */
54#if __BSD_VISIBLE
55#define FNM_LEADING_DIR 0x08 /* Ignore /<tail> after Imatch. */
56#define FNM_CASEFOLD 0x10 /* Case insensitive search. */
57#define FNM_IGNORECASE FNM_CASEFOLD
58#define FNM_FILE_NAME FNM_PATHNAME
59#endif
60
61/* __BEGIN_DECLS */
62int fnmatch(const char *, const char *, int);
63/* __END_DECLS */
64
65#endif /* !_FNMATCH_H_ */
66#endif /* ! HAVE_FNMATCH_H */
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 7c97e67f5..1e346a8f6 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: glob.c,v 1.38 2011/09/22 06:27:29 djm Exp $ */ 1/* $OpenBSD: glob.c,v 1.48 2019/02/04 16:45:40 millert Exp $ */
2/* 2/*
3 * Copyright (c) 1989, 1993 3 * Copyright (c) 1989, 1993
4 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -70,6 +70,9 @@
70#include <limits.h> 70#include <limits.h>
71#include <pwd.h> 71#include <pwd.h>
72#include <stdlib.h> 72#include <stdlib.h>
73#ifdef HAVE_STDINT_H
74#include <stdint.h>
75#endif
73#include <string.h> 76#include <string.h>
74#include <unistd.h> 77#include <unistd.h>
75 78
@@ -131,12 +134,9 @@ typedef char Char;
131#define ismeta(c) (((c)&M_QUOTE) != 0) 134#define ismeta(c) (((c)&M_QUOTE) != 0)
132 135
133#define GLOB_LIMIT_MALLOC 65536 136#define GLOB_LIMIT_MALLOC 65536
134#define GLOB_LIMIT_STAT 128 137#define GLOB_LIMIT_STAT 2048
135#define GLOB_LIMIT_READDIR 16384 138#define GLOB_LIMIT_READDIR 16384
136 139
137/* Limit of recursion during matching attempts. */
138#define GLOB_LIMIT_RECUR 64
139
140struct glob_lim { 140struct glob_lim {
141 size_t glim_malloc; 141 size_t glim_malloc;
142 size_t glim_stat; 142 size_t glim_stat;
@@ -150,7 +150,7 @@ struct glob_path_stat {
150 150
151static int compare(const void *, const void *); 151static int compare(const void *, const void *);
152static int compare_gps(const void *, const void *); 152static int compare_gps(const void *, const void *);
153static int g_Ctoc(const Char *, char *, u_int); 153static int g_Ctoc(const Char *, char *, size_t);
154static int g_lstat(Char *, struct stat *, glob_t *); 154static int g_lstat(Char *, struct stat *, glob_t *);
155static DIR *g_opendir(Char *, glob_t *); 155static DIR *g_opendir(Char *, glob_t *);
156static Char *g_strchr(const Char *, int); 156static Char *g_strchr(const Char *, int);
@@ -169,7 +169,7 @@ static const Char *
169static int globexp1(const Char *, glob_t *, struct glob_lim *); 169static int globexp1(const Char *, glob_t *, struct glob_lim *);
170static int globexp2(const Char *, const Char *, glob_t *, 170static int globexp2(const Char *, const Char *, glob_t *,
171 struct glob_lim *); 171 struct glob_lim *);
172static int match(Char *, Char *, Char *, int); 172static int match(Char *, Char *, Char *);
173#ifdef DEBUG 173#ifdef DEBUG
174static void qprintf(const char *, Char *); 174static void qprintf(const char *, Char *);
175#endif 175#endif
@@ -180,12 +180,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
180{ 180{
181 const u_char *patnext; 181 const u_char *patnext;
182 int c; 182 int c;
183 Char *bufnext, *bufend, patbuf[MAXPATHLEN]; 183 Char *bufnext, *bufend, patbuf[PATH_MAX];
184 struct glob_lim limit = { 0, 0, 0 }; 184 struct glob_lim limit = { 0, 0, 0 };
185 185
186 if (strnlen(pattern, PATH_MAX) == PATH_MAX)
187 return(GLOB_NOMATCH);
188
189 patnext = (u_char *) pattern; 186 patnext = (u_char *) pattern;
190 if (!(flags & GLOB_APPEND)) { 187 if (!(flags & GLOB_APPEND)) {
191 pglob->gl_pathc = 0; 188 pglob->gl_pathc = 0;
@@ -198,13 +195,15 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
198 pglob->gl_errfunc = errfunc; 195 pglob->gl_errfunc = errfunc;
199 pglob->gl_matchc = 0; 196 pglob->gl_matchc = 0;
200 197
201 if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 || 198 if (strnlen(pattern, PATH_MAX) == PATH_MAX)
202 pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX || 199 return(GLOB_NOMATCH);
203 pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) 200
201 if (pglob->gl_offs >= SSIZE_MAX || pglob->gl_pathc >= SSIZE_MAX ||
202 pglob->gl_pathc >= SSIZE_MAX - pglob->gl_offs - 1)
204 return GLOB_NOSPACE; 203 return GLOB_NOSPACE;
205 204
206 bufnext = patbuf; 205 bufnext = patbuf;
207 bufend = bufnext + MAXPATHLEN - 1; 206 bufend = bufnext + PATH_MAX - 1;
208 if (flags & GLOB_NOESCAPE) 207 if (flags & GLOB_NOESCAPE)
209 while (bufnext < bufend && (c = *patnext++) != EOS) 208 while (bufnext < bufend && (c = *patnext++) != EOS)
210 *bufnext++ = c; 209 *bufnext++ = c;
@@ -261,7 +260,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob,
261 int i, rv; 260 int i, rv;
262 Char *lm, *ls; 261 Char *lm, *ls;
263 const Char *pe, *pm, *pl; 262 const Char *pe, *pm, *pl;
264 Char patbuf[MAXPATHLEN]; 263 Char patbuf[PATH_MAX];
265 264
266 /* copy part up to the brace */ 265 /* copy part up to the brace */
267 for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++) 266 for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
@@ -472,10 +471,11 @@ static int
472glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) 471glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
473{ 472{
474 const Char *qpatnext; 473 const Char *qpatnext;
475 int c, err, oldpathc; 474 int c, err;
476 Char *bufnext, patbuf[MAXPATHLEN]; 475 size_t oldpathc;
476 Char *bufnext, patbuf[PATH_MAX];
477 477
478 qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob); 478 qpatnext = globtilde(pattern, patbuf, PATH_MAX, pglob);
479 oldpathc = pglob->gl_pathc; 479 oldpathc = pglob->gl_pathc;
480 bufnext = patbuf; 480 bufnext = patbuf;
481 481
@@ -545,7 +545,7 @@ glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
545 qprintf("glob0:", patbuf); 545 qprintf("glob0:", patbuf);
546#endif 546#endif
547 547
548 if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limitp)) != 0) 548 if ((err = glob1(patbuf, patbuf+PATH_MAX-1, pglob, limitp)) != 0)
549 return(err); 549 return(err);
550 550
551 /* 551 /*
@@ -566,9 +566,9 @@ glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
566 if ((pglob->gl_flags & GLOB_KEEPSTAT)) { 566 if ((pglob->gl_flags & GLOB_KEEPSTAT)) {
567 /* Keep the paths and stat info synced during sort */ 567 /* Keep the paths and stat info synced during sort */
568 struct glob_path_stat *path_stat; 568 struct glob_path_stat *path_stat;
569 int i; 569 size_t i;
570 int n = pglob->gl_pathc - oldpathc; 570 size_t n = pglob->gl_pathc - oldpathc;
571 int o = pglob->gl_offs + oldpathc; 571 size_t o = pglob->gl_offs + oldpathc;
572 572
573 if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL) 573 if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL)
574 return GLOB_NOSPACE; 574 return GLOB_NOSPACE;
@@ -609,13 +609,13 @@ compare_gps(const void *_p, const void *_q)
609static int 609static int
610glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) 610glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
611{ 611{
612 Char pathbuf[MAXPATHLEN]; 612 Char pathbuf[PATH_MAX];
613 613
614 /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */ 614 /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
615 if (*pattern == EOS) 615 if (*pattern == EOS)
616 return(0); 616 return(0);
617 return(glob2(pathbuf, pathbuf+MAXPATHLEN-1, 617 return(glob2(pathbuf, pathbuf+PATH_MAX-1,
618 pathbuf, pathbuf+MAXPATHLEN-1, 618 pathbuf, pathbuf+PATH_MAX-1,
619 pattern, pattern_last, pglob, limitp)); 619 pattern, pattern_last, pglob, limitp));
620} 620}
621 621
@@ -639,8 +639,6 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
639 for (anymeta = 0;;) { 639 for (anymeta = 0;;) {
640 if (*pattern == EOS) { /* End of pattern? */ 640 if (*pattern == EOS) { /* End of pattern? */
641 *pathend = EOS; 641 *pathend = EOS;
642 if (g_lstat(pathbuf, &sb, pglob))
643 return(0);
644 642
645 if ((pglob->gl_flags & GLOB_LIMIT) && 643 if ((pglob->gl_flags & GLOB_LIMIT) &&
646 limitp->glim_stat++ >= GLOB_LIMIT_STAT) { 644 limitp->glim_stat++ >= GLOB_LIMIT_STAT) {
@@ -649,6 +647,8 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
649 *pathend = EOS; 647 *pathend = EOS;
650 return(GLOB_NOSPACE); 648 return(GLOB_NOSPACE);
651 } 649 }
650 if (g_lstat(pathbuf, &sb, pglob))
651 return(0);
652 652
653 if (((pglob->gl_flags & GLOB_MARK) && 653 if (((pglob->gl_flags & GLOB_MARK) &&
654 pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || 654 pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
@@ -700,7 +700,7 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
700 struct dirent *dp; 700 struct dirent *dp;
701 DIR *dirp; 701 DIR *dirp;
702 int err; 702 int err;
703 char buf[MAXPATHLEN]; 703 char buf[PATH_MAX];
704 704
705 /* 705 /*
706 * The readdirfunc declaration can't be prototyped, because it is 706 * The readdirfunc declaration can't be prototyped, because it is
@@ -760,7 +760,7 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
760 break; 760 break;
761 } 761 }
762 762
763 if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) { 763 if (!match(pathend, pattern, restpattern)) {
764 *pathend = EOS; 764 *pathend = EOS;
765 continue; 765 continue;
766 } 766 }
@@ -797,38 +797,33 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
797 struct stat *sb) 797 struct stat *sb)
798{ 798{
799 char **pathv; 799 char **pathv;
800 ssize_t i; 800 size_t i, newn, len;
801 size_t newn, len;
802 char *copy = NULL; 801 char *copy = NULL;
803 const Char *p; 802 const Char *p;
804 struct stat **statv; 803 struct stat **statv;
805 804
806 newn = 2 + pglob->gl_pathc + pglob->gl_offs; 805 newn = 2 + pglob->gl_pathc + pglob->gl_offs;
807 if (pglob->gl_offs >= INT_MAX || 806 if (pglob->gl_offs >= SSIZE_MAX ||
808 pglob->gl_pathc >= INT_MAX || 807 pglob->gl_pathc >= SSIZE_MAX ||
809 newn >= INT_MAX || 808 newn >= SSIZE_MAX ||
810 SIZE_MAX / sizeof(*pathv) <= newn || 809 SIZE_MAX / sizeof(*pathv) <= newn ||
811 SIZE_MAX / sizeof(*statv) <= newn) { 810 SIZE_MAX / sizeof(*statv) <= newn) {
812 nospace: 811 nospace:
813 for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) { 812 for (i = pglob->gl_offs; i < newn - 2; i++) {
814 if (pglob->gl_pathv && pglob->gl_pathv[i]) 813 if (pglob->gl_pathv && pglob->gl_pathv[i])
815 free(pglob->gl_pathv[i]); 814 free(pglob->gl_pathv[i]);
816 if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 && 815 if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 &&
817 pglob->gl_pathv && pglob->gl_pathv[i]) 816 pglob->gl_pathv && pglob->gl_pathv[i])
818 free(pglob->gl_statv[i]); 817 free(pglob->gl_statv[i]);
819 } 818 }
820 if (pglob->gl_pathv) { 819 free(pglob->gl_pathv);
821 free(pglob->gl_pathv); 820 pglob->gl_pathv = NULL;
822 pglob->gl_pathv = NULL; 821 free(pglob->gl_statv);
823 } 822 pglob->gl_statv = NULL;
824 if (pglob->gl_statv) {
825 free(pglob->gl_statv);
826 pglob->gl_statv = NULL;
827 }
828 return(GLOB_NOSPACE); 823 return(GLOB_NOSPACE);
829 } 824 }
830 825
831 pathv = realloc(pglob->gl_pathv, newn * sizeof(*pathv)); 826 pathv = reallocarray(pglob->gl_pathv, newn, sizeof(*pathv));
832 if (pathv == NULL) 827 if (pathv == NULL)
833 goto nospace; 828 goto nospace;
834 if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { 829 if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
@@ -840,7 +835,7 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
840 pglob->gl_pathv = pathv; 835 pglob->gl_pathv = pathv;
841 836
842 if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) { 837 if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) {
843 statv = realloc(pglob->gl_statv, newn * sizeof(*statv)); 838 statv = reallocarray(pglob->gl_statv, newn, sizeof(*statv));
844 if (statv == NULL) 839 if (statv == NULL)
845 goto nospace; 840 goto nospace;
846 if (pglob->gl_statv == NULL && pglob->gl_offs > 0) { 841 if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
@@ -894,17 +889,24 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
894 889
895/* 890/*
896 * pattern matching function for filenames. Each occurrence of the * 891 * pattern matching function for filenames. Each occurrence of the *
897 * pattern causes a recursion level. 892 * pattern causes an iteration.
893 *
894 * Note, this function differs from the original as per the discussion
895 * here: https://research.swtch.com/glob
896 *
897 * Basically we removed the recursion and made it use the algorithm
898 * from Russ Cox to not go quadratic on cases like a file called
899 * ("a" x 100) . "x" matched against a pattern like "a*a*a*a*a*a*a*y".
898 */ 900 */
899static int 901static int
900match(Char *name, Char *pat, Char *patend, int recur) 902match(Char *name, Char *pat, Char *patend)
901{ 903{
902 int ok, negate_range; 904 int ok, negate_range;
903 Char c, k; 905 Char c, k;
906 Char *nextp = NULL;
907 Char *nextn = NULL;
904 908
905 if (recur-- == 0) 909loop:
906 return(GLOB_NOSPACE);
907
908 while (pat < patend) { 910 while (pat < patend) {
909 c = *pat++; 911 c = *pat++;
910 switch (c & M_MASK) { 912 switch (c & M_MASK) {
@@ -913,19 +915,19 @@ match(Char *name, Char *pat, Char *patend, int recur)
913 pat++; /* eat consecutive '*' */ 915 pat++; /* eat consecutive '*' */
914 if (pat == patend) 916 if (pat == patend)
915 return(1); 917 return(1);
916 do { 918 if (*name == EOS)
917 if (match(name, pat, patend, recur)) 919 return(0);
918 return(1); 920 nextn = name + 1;
919 } while (*name++ != EOS); 921 nextp = pat - 1;
920 return(0); 922 break;
921 case M_ONE: 923 case M_ONE:
922 if (*name++ == EOS) 924 if (*name++ == EOS)
923 return(0); 925 goto fail;
924 break; 926 break;
925 case M_SET: 927 case M_SET:
926 ok = 0; 928 ok = 0;
927 if ((k = *name++) == EOS) 929 if ((k = *name++) == EOS)
928 return(0); 930 goto fail;
929 if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS) 931 if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
930 ++pat; 932 ++pat;
931 while (((c = *pat++) & M_MASK) != M_END) { 933 while (((c = *pat++) & M_MASK) != M_END) {
@@ -944,36 +946,43 @@ match(Char *name, Char *pat, Char *patend, int recur)
944 ok = 1; 946 ok = 1;
945 } 947 }
946 if (ok == negate_range) 948 if (ok == negate_range)
947 return(0); 949 goto fail;
948 break; 950 break;
949 default: 951 default:
950 if (*name++ != c) 952 if (*name++ != c)
951 return(0); 953 goto fail;
952 break; 954 break;
953 } 955 }
954 } 956 }
955 return(*name == EOS); 957 if (*name == EOS)
958 return(1);
959
960fail:
961 if (nextn) {
962 pat = nextp;
963 name = nextn;
964 goto loop;
965 }
966 return(0);
956} 967}
957 968
958/* Free allocated data belonging to a glob_t structure. */ 969/* Free allocated data belonging to a glob_t structure. */
959void 970void
960globfree(glob_t *pglob) 971globfree(glob_t *pglob)
961{ 972{
962 int i; 973 size_t i;
963 char **pp; 974 char **pp;
964 975
965 if (pglob->gl_pathv != NULL) { 976 if (pglob->gl_pathv != NULL) {
966 pp = pglob->gl_pathv + pglob->gl_offs; 977 pp = pglob->gl_pathv + pglob->gl_offs;
967 for (i = pglob->gl_pathc; i--; ++pp) 978 for (i = pglob->gl_pathc; i--; ++pp)
968 if (*pp) 979 free(*pp);
969 free(*pp);
970 free(pglob->gl_pathv); 980 free(pglob->gl_pathv);
971 pglob->gl_pathv = NULL; 981 pglob->gl_pathv = NULL;
972 } 982 }
973 if (pglob->gl_statv != NULL) { 983 if (pglob->gl_statv != NULL) {
974 for (i = 0; i < pglob->gl_pathc; i++) { 984 for (i = 0; i < pglob->gl_pathc; i++) {
975 if (pglob->gl_statv[i] != NULL) 985 free(pglob->gl_statv[i]);
976 free(pglob->gl_statv[i]);
977 } 986 }
978 free(pglob->gl_statv); 987 free(pglob->gl_statv);
979 pglob->gl_statv = NULL; 988 pglob->gl_statv = NULL;
@@ -983,7 +992,7 @@ globfree(glob_t *pglob)
983static DIR * 992static DIR *
984g_opendir(Char *str, glob_t *pglob) 993g_opendir(Char *str, glob_t *pglob)
985{ 994{
986 char buf[MAXPATHLEN]; 995 char buf[PATH_MAX];
987 996
988 if (!*str) 997 if (!*str)
989 strlcpy(buf, ".", sizeof buf); 998 strlcpy(buf, ".", sizeof buf);
@@ -1001,7 +1010,7 @@ g_opendir(Char *str, glob_t *pglob)
1001static int 1010static int
1002g_lstat(Char *fn, struct stat *sb, glob_t *pglob) 1011g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
1003{ 1012{
1004 char buf[MAXPATHLEN]; 1013 char buf[PATH_MAX];
1005 1014
1006 if (g_Ctoc(fn, buf, sizeof(buf))) 1015 if (g_Ctoc(fn, buf, sizeof(buf)))
1007 return(-1); 1016 return(-1);
@@ -1013,7 +1022,7 @@ g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
1013static int 1022static int
1014g_stat(Char *fn, struct stat *sb, glob_t *pglob) 1023g_stat(Char *fn, struct stat *sb, glob_t *pglob)
1015{ 1024{
1016 char buf[MAXPATHLEN]; 1025 char buf[PATH_MAX];
1017 1026
1018 if (g_Ctoc(fn, buf, sizeof(buf))) 1027 if (g_Ctoc(fn, buf, sizeof(buf)))
1019 return(-1); 1028 return(-1);
@@ -1033,7 +1042,7 @@ g_strchr(const Char *str, int ch)
1033} 1042}
1034 1043
1035static int 1044static int
1036g_Ctoc(const Char *str, char *buf, u_int len) 1045g_Ctoc(const Char *str, char *buf, size_t len)
1037{ 1046{
1038 1047
1039 while (len--) { 1048 while (len--) {
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h
index f069a05dc..1692d36cc 100644
--- a/openbsd-compat/glob.h
+++ b/openbsd-compat/glob.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $ */ 1/* $OpenBSD: glob.h,v 1.14 2019/02/04 16:45:40 millert Exp $ */
2/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ 2/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
3 3
4/* 4/*
@@ -46,6 +46,7 @@
46#define _COMPAT_GLOB_H_ 46#define _COMPAT_GLOB_H_
47 47
48#include <sys/stat.h> 48#include <sys/stat.h>
49#include <sys/types.h>
49 50
50# define glob_t _ssh_compat_glob_t 51# define glob_t _ssh_compat_glob_t
51# define glob(a, b, c, d) _ssh__compat_glob(a, b, c, d) 52# define glob(a, b, c, d) _ssh__compat_glob(a, b, c, d)
@@ -53,9 +54,9 @@
53 54
54struct stat; 55struct stat;
55typedef struct { 56typedef struct {
56 int gl_pathc; /* Count of total paths so far. */ 57 size_t gl_pathc; /* Count of total paths so far. */
57 int gl_matchc; /* Count of paths matching pattern. */ 58 size_t gl_matchc; /* Count of paths matching pattern. */
58 int gl_offs; /* Reserved at beginning of gl_pathv. */ 59 size_t gl_offs; /* Reserved at beginning of gl_pathv. */
59 int gl_flags; /* Copy of flags parameter to glob. */ 60 int gl_flags; /* Copy of flags parameter to glob. */
60 char **gl_pathv; /* List of paths matching pattern. */ 61 char **gl_pathv; /* List of paths matching pattern. */
61 struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */ 62 struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index fda6706f8..4a16702ef 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -44,9 +44,9 @@
44#include "getrrsetbyname.h" 44#include "getrrsetbyname.h"
45#include "sha1.h" 45#include "sha1.h"
46#include "sha2.h" 46#include "sha2.h"
47#include "rmd160.h"
48#include "md5.h" 47#include "md5.h"
49#include "blf.h" 48#include "blf.h"
49#include "fnmatch.h"
50 50
51#ifndef HAVE_BASENAME 51#ifndef HAVE_BASENAME
52char *basename(const char *path); 52char *basename(const char *path);
@@ -73,7 +73,7 @@ int getpagesize(void);
73char *getcwd(char *pt, size_t size); 73char *getcwd(char *pt, size_t size);
74#endif 74#endif
75 75
76#ifdef HAVE_MEMMEM 76#if defined(HAVE_DECL_MEMMEM) && HAVE_DECL_MEMMEM == 0
77void *memmem(const void *, size_t, const void *, size_t); 77void *memmem(const void *, size_t, const void *, size_t);
78#endif 78#endif
79 79
@@ -322,6 +322,10 @@ void explicit_bzero(void *p, size_t n);
322void freezero(void *, size_t); 322void freezero(void *, size_t);
323#endif 323#endif
324 324
325#ifndef HAVE_LOCALTIME_R
326struct tm *localtime_r(const time_t *, struct tm *);
327#endif
328
325char *xcrypt(const char *password, const char *salt); 329char *xcrypt(const char *password, const char *salt);
326char *shadow_pw(struct passwd *pw); 330char *shadow_pw(struct passwd *pw);
327 331
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 917bc6f7c..abdcb8763 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -87,12 +87,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
87# endif 87# endif
88#endif 88#endif
89 89
90#if defined(HAVE_EVP_RIPEMD160)
91# if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160)
92# undef HAVE_EVP_RIPEMD160
93# endif
94#endif
95
96/* LibreSSL/OpenSSL 1.1x API compat */ 90/* LibreSSL/OpenSSL 1.1x API compat */
97#ifndef HAVE_DSA_GET0_PQG 91#ifndef HAVE_DSA_GET0_PQG
98void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, 92void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index fc80dc39f..e1ad3f117 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -26,6 +26,8 @@
26 */ 26 */
27#include "includes.h" 27#include "includes.h"
28 28
29#ifdef _AIX
30
29#include "xmalloc.h" 31#include "xmalloc.h"
30#include "sshbuf.h" 32#include "sshbuf.h"
31#include "ssherr.h" 33#include "ssherr.h"
@@ -36,8 +38,6 @@
36#include "ssh_api.h" 38#include "ssh_api.h"
37#include "log.h" 39#include "log.h"
38 40
39#ifdef _AIX
40
41#include <errno.h> 41#include <errno.h>
42#if defined(HAVE_NETDB_H) 42#if defined(HAVE_NETDB_H)
43# include <netdb.h> 43# include <netdb.h>
diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
index bb535626f..617bffceb 100644
--- a/openbsd-compat/port-net.c
+++ b/openbsd-compat/port-net.c
@@ -137,6 +137,7 @@ sys_set_process_rdomain(const char *name)
137 137
138#if defined(SSH_TUN_LINUX) 138#if defined(SSH_TUN_LINUX)
139#include <linux/if_tun.h> 139#include <linux/if_tun.h>
140#define TUN_CTRL_DEV "/dev/net/tun"
140 141
141int 142int
142sys_tun_open(int tun, int mode, char **ifname) 143sys_tun_open(int tun, int mode, char **ifname)
@@ -147,10 +148,9 @@ sys_tun_open(int tun, int mode, char **ifname)
147 148
148 if (ifname != NULL) 149 if (ifname != NULL)
149 *ifname = NULL; 150 *ifname = NULL;
150 151 if ((fd = open(TUN_CTRL_DEV, O_RDWR)) == -1) {
151 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { 152 debug("%s: failed to open tunnel control device \"%s\": %s",
152 debug("%s: failed to open tunnel control interface: %s", 153 __func__, TUN_CTRL_DEV, strerror(errno));
153 __func__, strerror(errno));
154 return (-1); 154 return (-1);
155 } 155 }
156 156
diff --git a/openbsd-compat/rmd160.c b/openbsd-compat/rmd160.c
deleted file mode 100644
index e915141a5..000000000
--- a/openbsd-compat/rmd160.c
+++ /dev/null
@@ -1,378 +0,0 @@
1/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24/*
25 * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
26 * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
27 * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
28 */
29
30#include "includes.h"
31
32#ifndef WITH_OPENSSL
33
34#include <sys/types.h>
35#ifdef HAVE_ENDIAN_H
36#include <endian.h>
37#endif
38#include <string.h>
39#include <rmd160.h>
40
41#define PUT_64BIT_LE(cp, value) do { \
42 (cp)[7] = (value) >> 56; \
43 (cp)[6] = (value) >> 48; \
44 (cp)[5] = (value) >> 40; \
45 (cp)[4] = (value) >> 32; \
46 (cp)[3] = (value) >> 24; \
47 (cp)[2] = (value) >> 16; \
48 (cp)[1] = (value) >> 8; \
49 (cp)[0] = (value); } while (0)
50
51#define PUT_32BIT_LE(cp, value) do { \
52 (cp)[3] = (value) >> 24; \
53 (cp)[2] = (value) >> 16; \
54 (cp)[1] = (value) >> 8; \
55 (cp)[0] = (value); } while (0)
56
57#define H0 0x67452301U
58#define H1 0xEFCDAB89U
59#define H2 0x98BADCFEU
60#define H3 0x10325476U
61#define H4 0xC3D2E1F0U
62
63#define K0 0x00000000U
64#define K1 0x5A827999U
65#define K2 0x6ED9EBA1U
66#define K3 0x8F1BBCDCU
67#define K4 0xA953FD4EU
68
69#define KK0 0x50A28BE6U
70#define KK1 0x5C4DD124U
71#define KK2 0x6D703EF3U
72#define KK3 0x7A6D76E9U
73#define KK4 0x00000000U
74
75/* rotate x left n bits. */
76#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
77
78#define F0(x, y, z) ((x) ^ (y) ^ (z))
79#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
80#define F2(x, y, z) (((x) | (~y)) ^ (z))
81#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
82#define F4(x, y, z) ((x) ^ ((y) | (~z)))
83
84#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
85 do { \
86 a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
87 c = ROL(10, c); \
88 } while(0)
89
90#define X(i) x[i]
91
92static u_int8_t PADDING[RMD160_BLOCK_LENGTH] = {
93 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
94 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
95 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
96};
97
98void
99RMD160Init(RMD160_CTX *ctx)
100{
101 ctx->count = 0;
102 ctx->state[0] = H0;
103 ctx->state[1] = H1;
104 ctx->state[2] = H2;
105 ctx->state[3] = H3;
106 ctx->state[4] = H4;
107}
108
109void
110RMD160Update(RMD160_CTX *ctx, const u_int8_t *input, size_t len)
111{
112 size_t have, off, need;
113
114 have = (ctx->count / 8) % RMD160_BLOCK_LENGTH;
115 need = RMD160_BLOCK_LENGTH - have;
116 ctx->count += 8 * len;
117 off = 0;
118
119 if (len >= need) {
120 if (have) {
121 memcpy(ctx->buffer + have, input, need);
122 RMD160Transform(ctx->state, ctx->buffer);
123 off = need;
124 have = 0;
125 }
126 /* now the buffer is empty */
127 while (off + RMD160_BLOCK_LENGTH <= len) {
128 RMD160Transform(ctx->state, input+off);
129 off += RMD160_BLOCK_LENGTH;
130 }
131 }
132 if (off < len)
133 memcpy(ctx->buffer + have, input+off, len-off);
134}
135
136void
137RMD160Pad(RMD160_CTX *ctx)
138{
139 u_int8_t size[8];
140 size_t padlen;
141
142 PUT_64BIT_LE(size, ctx->count);
143
144 /*
145 * pad to RMD160_BLOCK_LENGTH byte blocks, at least one byte from
146 * PADDING plus 8 bytes for the size
147 */
148 padlen = RMD160_BLOCK_LENGTH - ((ctx->count / 8) % RMD160_BLOCK_LENGTH);
149 if (padlen < 1 + 8)
150 padlen += RMD160_BLOCK_LENGTH;
151 RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
152 RMD160Update(ctx, size, 8);
153}
154
155void
156RMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx)
157{
158 int i;
159
160 RMD160Pad(ctx);
161 for (i = 0; i < 5; i++)
162 PUT_32BIT_LE(digest + i*4, ctx->state[i]);
163 memset(ctx, 0, sizeof (*ctx));
164}
165
166void
167RMD160Transform(u_int32_t state[5], const u_int8_t block[RMD160_BLOCK_LENGTH])
168{
169 u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
170
171#if BYTE_ORDER == LITTLE_ENDIAN
172 memcpy(x, block, RMD160_BLOCK_LENGTH);
173#else
174 int i;
175
176 for (i = 0; i < 16; i++)
177 x[i] = (u_int32_t)(
178 (u_int32_t)(block[i*4 + 0]) |
179 (u_int32_t)(block[i*4 + 1]) << 8 |
180 (u_int32_t)(block[i*4 + 2]) << 16 |
181 (u_int32_t)(block[i*4 + 3]) << 24);
182#endif
183
184 a = state[0];
185 b = state[1];
186 c = state[2];
187 d = state[3];
188 e = state[4];
189
190 /* Round 1 */
191 R(a, b, c, d, e, F0, K0, 11, 0);
192 R(e, a, b, c, d, F0, K0, 14, 1);
193 R(d, e, a, b, c, F0, K0, 15, 2);
194 R(c, d, e, a, b, F0, K0, 12, 3);
195 R(b, c, d, e, a, F0, K0, 5, 4);
196 R(a, b, c, d, e, F0, K0, 8, 5);
197 R(e, a, b, c, d, F0, K0, 7, 6);
198 R(d, e, a, b, c, F0, K0, 9, 7);
199 R(c, d, e, a, b, F0, K0, 11, 8);
200 R(b, c, d, e, a, F0, K0, 13, 9);
201 R(a, b, c, d, e, F0, K0, 14, 10);
202 R(e, a, b, c, d, F0, K0, 15, 11);
203 R(d, e, a, b, c, F0, K0, 6, 12);
204 R(c, d, e, a, b, F0, K0, 7, 13);
205 R(b, c, d, e, a, F0, K0, 9, 14);
206 R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
207 /* Round 2 */
208 R(e, a, b, c, d, F1, K1, 7, 7);
209 R(d, e, a, b, c, F1, K1, 6, 4);
210 R(c, d, e, a, b, F1, K1, 8, 13);
211 R(b, c, d, e, a, F1, K1, 13, 1);
212 R(a, b, c, d, e, F1, K1, 11, 10);
213 R(e, a, b, c, d, F1, K1, 9, 6);
214 R(d, e, a, b, c, F1, K1, 7, 15);
215 R(c, d, e, a, b, F1, K1, 15, 3);
216 R(b, c, d, e, a, F1, K1, 7, 12);
217 R(a, b, c, d, e, F1, K1, 12, 0);
218 R(e, a, b, c, d, F1, K1, 15, 9);
219 R(d, e, a, b, c, F1, K1, 9, 5);
220 R(c, d, e, a, b, F1, K1, 11, 2);
221 R(b, c, d, e, a, F1, K1, 7, 14);
222 R(a, b, c, d, e, F1, K1, 13, 11);
223 R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
224 /* Round 3 */
225 R(d, e, a, b, c, F2, K2, 11, 3);
226 R(c, d, e, a, b, F2, K2, 13, 10);
227 R(b, c, d, e, a, F2, K2, 6, 14);
228 R(a, b, c, d, e, F2, K2, 7, 4);
229 R(e, a, b, c, d, F2, K2, 14, 9);
230 R(d, e, a, b, c, F2, K2, 9, 15);
231 R(c, d, e, a, b, F2, K2, 13, 8);
232 R(b, c, d, e, a, F2, K2, 15, 1);
233 R(a, b, c, d, e, F2, K2, 14, 2);
234 R(e, a, b, c, d, F2, K2, 8, 7);
235 R(d, e, a, b, c, F2, K2, 13, 0);
236 R(c, d, e, a, b, F2, K2, 6, 6);
237 R(b, c, d, e, a, F2, K2, 5, 13);
238 R(a, b, c, d, e, F2, K2, 12, 11);
239 R(e, a, b, c, d, F2, K2, 7, 5);
240 R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
241 /* Round 4 */
242 R(c, d, e, a, b, F3, K3, 11, 1);
243 R(b, c, d, e, a, F3, K3, 12, 9);
244 R(a, b, c, d, e, F3, K3, 14, 11);
245 R(e, a, b, c, d, F3, K3, 15, 10);
246 R(d, e, a, b, c, F3, K3, 14, 0);
247 R(c, d, e, a, b, F3, K3, 15, 8);
248 R(b, c, d, e, a, F3, K3, 9, 12);
249 R(a, b, c, d, e, F3, K3, 8, 4);
250 R(e, a, b, c, d, F3, K3, 9, 13);
251 R(d, e, a, b, c, F3, K3, 14, 3);
252 R(c, d, e, a, b, F3, K3, 5, 7);
253 R(b, c, d, e, a, F3, K3, 6, 15);
254 R(a, b, c, d, e, F3, K3, 8, 14);
255 R(e, a, b, c, d, F3, K3, 6, 5);
256 R(d, e, a, b, c, F3, K3, 5, 6);
257 R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
258 /* Round 5 */
259 R(b, c, d, e, a, F4, K4, 9, 4);
260 R(a, b, c, d, e, F4, K4, 15, 0);
261 R(e, a, b, c, d, F4, K4, 5, 5);
262 R(d, e, a, b, c, F4, K4, 11, 9);
263 R(c, d, e, a, b, F4, K4, 6, 7);
264 R(b, c, d, e, a, F4, K4, 8, 12);
265 R(a, b, c, d, e, F4, K4, 13, 2);
266 R(e, a, b, c, d, F4, K4, 12, 10);
267 R(d, e, a, b, c, F4, K4, 5, 14);
268 R(c, d, e, a, b, F4, K4, 12, 1);
269 R(b, c, d, e, a, F4, K4, 13, 3);
270 R(a, b, c, d, e, F4, K4, 14, 8);
271 R(e, a, b, c, d, F4, K4, 11, 11);
272 R(d, e, a, b, c, F4, K4, 8, 6);
273 R(c, d, e, a, b, F4, K4, 5, 15);
274 R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
275
276 aa = a ; bb = b; cc = c; dd = d; ee = e;
277
278 a = state[0];
279 b = state[1];
280 c = state[2];
281 d = state[3];
282 e = state[4];
283
284 /* Parallel round 1 */
285 R(a, b, c, d, e, F4, KK0, 8, 5);
286 R(e, a, b, c, d, F4, KK0, 9, 14);
287 R(d, e, a, b, c, F4, KK0, 9, 7);
288 R(c, d, e, a, b, F4, KK0, 11, 0);
289 R(b, c, d, e, a, F4, KK0, 13, 9);
290 R(a, b, c, d, e, F4, KK0, 15, 2);
291 R(e, a, b, c, d, F4, KK0, 15, 11);
292 R(d, e, a, b, c, F4, KK0, 5, 4);
293 R(c, d, e, a, b, F4, KK0, 7, 13);
294 R(b, c, d, e, a, F4, KK0, 7, 6);
295 R(a, b, c, d, e, F4, KK0, 8, 15);
296 R(e, a, b, c, d, F4, KK0, 11, 8);
297 R(d, e, a, b, c, F4, KK0, 14, 1);
298 R(c, d, e, a, b, F4, KK0, 14, 10);
299 R(b, c, d, e, a, F4, KK0, 12, 3);
300 R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
301 /* Parallel round 2 */
302 R(e, a, b, c, d, F3, KK1, 9, 6);
303 R(d, e, a, b, c, F3, KK1, 13, 11);
304 R(c, d, e, a, b, F3, KK1, 15, 3);
305 R(b, c, d, e, a, F3, KK1, 7, 7);
306 R(a, b, c, d, e, F3, KK1, 12, 0);
307 R(e, a, b, c, d, F3, KK1, 8, 13);
308 R(d, e, a, b, c, F3, KK1, 9, 5);
309 R(c, d, e, a, b, F3, KK1, 11, 10);
310 R(b, c, d, e, a, F3, KK1, 7, 14);
311 R(a, b, c, d, e, F3, KK1, 7, 15);
312 R(e, a, b, c, d, F3, KK1, 12, 8);
313 R(d, e, a, b, c, F3, KK1, 7, 12);
314 R(c, d, e, a, b, F3, KK1, 6, 4);
315 R(b, c, d, e, a, F3, KK1, 15, 9);
316 R(a, b, c, d, e, F3, KK1, 13, 1);
317 R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
318 /* Parallel round 3 */
319 R(d, e, a, b, c, F2, KK2, 9, 15);
320 R(c, d, e, a, b, F2, KK2, 7, 5);
321 R(b, c, d, e, a, F2, KK2, 15, 1);
322 R(a, b, c, d, e, F2, KK2, 11, 3);
323 R(e, a, b, c, d, F2, KK2, 8, 7);
324 R(d, e, a, b, c, F2, KK2, 6, 14);
325 R(c, d, e, a, b, F2, KK2, 6, 6);
326 R(b, c, d, e, a, F2, KK2, 14, 9);
327 R(a, b, c, d, e, F2, KK2, 12, 11);
328 R(e, a, b, c, d, F2, KK2, 13, 8);
329 R(d, e, a, b, c, F2, KK2, 5, 12);
330 R(c, d, e, a, b, F2, KK2, 14, 2);
331 R(b, c, d, e, a, F2, KK2, 13, 10);
332 R(a, b, c, d, e, F2, KK2, 13, 0);
333 R(e, a, b, c, d, F2, KK2, 7, 4);
334 R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
335 /* Parallel round 4 */
336 R(c, d, e, a, b, F1, KK3, 15, 8);
337 R(b, c, d, e, a, F1, KK3, 5, 6);
338 R(a, b, c, d, e, F1, KK3, 8, 4);
339 R(e, a, b, c, d, F1, KK3, 11, 1);
340 R(d, e, a, b, c, F1, KK3, 14, 3);
341 R(c, d, e, a, b, F1, KK3, 14, 11);
342 R(b, c, d, e, a, F1, KK3, 6, 15);
343 R(a, b, c, d, e, F1, KK3, 14, 0);
344 R(e, a, b, c, d, F1, KK3, 6, 5);
345 R(d, e, a, b, c, F1, KK3, 9, 12);
346 R(c, d, e, a, b, F1, KK3, 12, 2);
347 R(b, c, d, e, a, F1, KK3, 9, 13);
348 R(a, b, c, d, e, F1, KK3, 12, 9);
349 R(e, a, b, c, d, F1, KK3, 5, 7);
350 R(d, e, a, b, c, F1, KK3, 15, 10);
351 R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
352 /* Parallel round 5 */
353 R(b, c, d, e, a, F0, KK4, 8, 12);
354 R(a, b, c, d, e, F0, KK4, 5, 15);
355 R(e, a, b, c, d, F0, KK4, 12, 10);
356 R(d, e, a, b, c, F0, KK4, 9, 4);
357 R(c, d, e, a, b, F0, KK4, 12, 1);
358 R(b, c, d, e, a, F0, KK4, 5, 5);
359 R(a, b, c, d, e, F0, KK4, 14, 8);
360 R(e, a, b, c, d, F0, KK4, 6, 7);
361 R(d, e, a, b, c, F0, KK4, 8, 6);
362 R(c, d, e, a, b, F0, KK4, 13, 2);
363 R(b, c, d, e, a, F0, KK4, 6, 13);
364 R(a, b, c, d, e, F0, KK4, 5, 14);
365 R(e, a, b, c, d, F0, KK4, 15, 0);
366 R(d, e, a, b, c, F0, KK4, 13, 3);
367 R(c, d, e, a, b, F0, KK4, 11, 9);
368 R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
369
370 t = state[1] + cc + d;
371 state[1] = state[2] + dd + e;
372 state[2] = state[3] + ee + a;
373 state[3] = state[4] + aa + b;
374 state[4] = state[0] + bb + c;
375 state[0] = t;
376}
377
378#endif /* !WITH_OPENSSL */
diff --git a/openbsd-compat/rmd160.h b/openbsd-compat/rmd160.h
deleted file mode 100644
index 99c1dcdc0..000000000
--- a/openbsd-compat/rmd160.h
+++ /dev/null
@@ -1,61 +0,0 @@
1/* $OpenBSD: rmd160.h,v 1.17 2012/12/05 23:19:57 deraadt Exp $ */
2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#ifndef _RMD160_H
26#define _RMD160_H
27
28#ifndef WITH_OPENSSL
29
30#define RMD160_BLOCK_LENGTH 64
31#define RMD160_DIGEST_LENGTH 20
32#define RMD160_DIGEST_STRING_LENGTH (RMD160_DIGEST_LENGTH * 2 + 1)
33
34/* RMD160 context. */
35typedef struct RMD160Context {
36 u_int32_t state[5]; /* state */
37 u_int64_t count; /* number of bits, mod 2^64 */
38 u_int8_t buffer[RMD160_BLOCK_LENGTH]; /* input buffer */
39} RMD160_CTX;
40
41void RMD160Init(RMD160_CTX *);
42void RMD160Transform(u_int32_t [5], const u_int8_t [RMD160_BLOCK_LENGTH])
43 __attribute__((__bounded__(__minbytes__,1,5)))
44 __attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH)));
45void RMD160Update(RMD160_CTX *, const u_int8_t *, size_t)
46 __attribute__((__bounded__(__string__,2,3)));
47void RMD160Pad(RMD160_CTX *);
48void RMD160Final(u_int8_t [RMD160_DIGEST_LENGTH], RMD160_CTX *)
49 __attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH)));
50char *RMD160End(RMD160_CTX *, char *)
51 __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH)));
52char *RMD160File(const char *, char *)
53 __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH)));
54char *RMD160FileChunk(const char *, char *, off_t, off_t)
55 __attribute__((__bounded__(__minbytes__,2,RMD160_DIGEST_STRING_LENGTH)));
56char *RMD160Data(const u_int8_t *, size_t, char *)
57 __attribute__((__bounded__(__string__,1,2)))
58 __attribute__((__bounded__(__minbytes__,3,RMD160_DIGEST_STRING_LENGTH)));
59
60#endif /* !WITH_OPENSSL */
61#endif /* _RMD160_H */
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index e63324c99..e36cc24ef 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -42,7 +42,7 @@
42 !defined(HAVE_SHA512UPDATE) 42 !defined(HAVE_SHA512UPDATE)
43 43
44/* no-op out, similar to DEF_WEAK but only needed here */ 44/* no-op out, similar to DEF_WEAK but only needed here */
45#define MAKE_CLONE(x, y) void __ssh_compat_make_clone_##x_##y(void); 45#define MAKE_CLONE(x, y) void __ssh_compat_make_clone_##x_##y(void)
46 46
47#include <string.h> 47#include <string.h>
48#include <sha2.h> 48#include <sha2.h>
diff --git a/packet.c b/packet.c
index 817da43b5..6d3e9172d 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: packet.c,v 1.290 2020/01/30 07:20:05 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -58,7 +58,9 @@
58#include <string.h> 58#include <string.h>
59#include <unistd.h> 59#include <unistd.h>
60#include <limits.h> 60#include <limits.h>
61#ifdef HAVE_POLL_H
61#include <poll.h> 62#include <poll.h>
63#endif
62#include <signal.h> 64#include <signal.h>
63#include <time.h> 65#include <time.h>
64 66
@@ -74,7 +76,9 @@
74# endif 76# endif
75#endif 77#endif
76 78
79#ifdef WITH_ZLIB
77#include <zlib.h> 80#include <zlib.h>
81#endif
78 82
79#include "xmalloc.h" 83#include "xmalloc.h"
80#include "compat.h" 84#include "compat.h"
@@ -148,9 +152,11 @@ struct session_state {
148 /* Scratch buffer for packet compression/decompression. */ 152 /* Scratch buffer for packet compression/decompression. */
149 struct sshbuf *compression_buffer; 153 struct sshbuf *compression_buffer;
150 154
155#ifdef WITH_ZLIB
151 /* Incoming/outgoing compression dictionaries */ 156 /* Incoming/outgoing compression dictionaries */
152 z_stream compression_in_stream; 157 z_stream compression_in_stream;
153 z_stream compression_out_stream; 158 z_stream compression_out_stream;
159#endif
154 int compression_in_started; 160 int compression_in_started;
155 int compression_out_started; 161 int compression_out_started;
156 int compression_in_failures; 162 int compression_in_failures;
@@ -528,9 +534,9 @@ ssh_remote_ipaddr(struct ssh *ssh)
528 ssh->local_ipaddr = get_local_ipaddr(sock); 534 ssh->local_ipaddr = get_local_ipaddr(sock);
529 ssh->local_port = get_local_port(sock); 535 ssh->local_port = get_local_port(sock);
530 } else { 536 } else {
531 ssh->remote_ipaddr = strdup("UNKNOWN"); 537 ssh->remote_ipaddr = xstrdup("UNKNOWN");
532 ssh->remote_port = 65535; 538 ssh->remote_port = 65535;
533 ssh->local_ipaddr = strdup("UNKNOWN"); 539 ssh->local_ipaddr = xstrdup("UNKNOWN");
534 ssh->local_port = 65535; 540 ssh->local_port = 65535;
535 } 541 }
536 } 542 }
@@ -607,6 +613,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
607 state->newkeys[mode] = NULL; 613 state->newkeys[mode] = NULL;
608 ssh_clear_newkeys(ssh, mode); /* next keys */ 614 ssh_clear_newkeys(ssh, mode); /* next keys */
609 } 615 }
616#ifdef WITH_ZLIB
610 /* compression state is in shared mem, so we can only release it once */ 617 /* compression state is in shared mem, so we can only release it once */
611 if (do_close && state->compression_buffer) { 618 if (do_close && state->compression_buffer) {
612 sshbuf_free(state->compression_buffer); 619 sshbuf_free(state->compression_buffer);
@@ -633,6 +640,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
633 inflateEnd(stream); 640 inflateEnd(stream);
634 } 641 }
635 } 642 }
643#endif /* WITH_ZLIB */
636 cipher_free(state->send_context); 644 cipher_free(state->send_context);
637 cipher_free(state->receive_context); 645 cipher_free(state->receive_context);
638 state->send_context = state->receive_context = NULL; 646 state->send_context = state->receive_context = NULL;
@@ -688,6 +696,7 @@ ssh_packet_init_compression(struct ssh *ssh)
688 return 0; 696 return 0;
689} 697}
690 698
699#ifdef WITH_ZLIB
691static int 700static int
692start_compression_out(struct ssh *ssh, int level) 701start_compression_out(struct ssh *ssh, int level)
693{ 702{
@@ -819,6 +828,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
819 /* NOTREACHED */ 828 /* NOTREACHED */
820} 829}
821 830
831#else /* WITH_ZLIB */
832
833static int
834start_compression_out(struct ssh *ssh, int level)
835{
836 return SSH_ERR_INTERNAL_ERROR;
837}
838
839static int
840start_compression_in(struct ssh *ssh)
841{
842 return SSH_ERR_INTERNAL_ERROR;
843}
844
845static int
846compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
847{
848 return SSH_ERR_INTERNAL_ERROR;
849}
850
851static int
852uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
853{
854 return SSH_ERR_INTERNAL_ERROR;
855}
856#endif /* WITH_ZLIB */
857
822void 858void
823ssh_clear_newkeys(struct ssh *ssh, int mode) 859ssh_clear_newkeys(struct ssh *ssh, int mode)
824{ 860{
@@ -1814,6 +1850,7 @@ static void
1814sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) 1850sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
1815{ 1851{
1816 char *tag = NULL, remote_id[512]; 1852 char *tag = NULL, remote_id[512];
1853 int oerrno = errno;
1817 1854
1818 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); 1855 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
1819 1856
@@ -1841,6 +1878,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
1841 case SSH_ERR_NO_HOSTKEY_ALG_MATCH: 1878 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
1842 if (ssh && ssh->kex && ssh->kex->failed_choice) { 1879 if (ssh && ssh->kex && ssh->kex->failed_choice) {
1843 ssh_packet_clear_keys(ssh); 1880 ssh_packet_clear_keys(ssh);
1881 errno = oerrno;
1844 logdie("Unable to negotiate with %s: %s. " 1882 logdie("Unable to negotiate with %s: %s. "
1845 "Their offer: %s", remote_id, ssh_err(r), 1883 "Their offer: %s", remote_id, ssh_err(r),
1846 ssh->kex->failed_choice); 1884 ssh->kex->failed_choice);
@@ -1853,6 +1891,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
1853 __func__); 1891 __func__);
1854 } 1892 }
1855 ssh_packet_clear_keys(ssh); 1893 ssh_packet_clear_keys(ssh);
1894 errno = oerrno;
1856 logdie("%s%sConnection %s %s: %s", 1895 logdie("%s%sConnection %s %s: %s",
1857 tag != NULL ? tag : "", tag != NULL ? ": " : "", 1896 tag != NULL ? tag : "", tag != NULL ? ": " : "",
1858 ssh->state->server_side ? "from" : "to", 1897 ssh->state->server_side ? "from" : "to",
diff --git a/pathnames.h b/pathnames.h
index cb44caa4d..f7ca5a75a 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pathnames.h,v 1.28 2018/02/23 15:58:37 markus Exp $ */ 1/* $OpenBSD: pathnames.h,v 1.31 2019/11/12 19:33:08 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -77,6 +77,8 @@
77#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" 77#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
78#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" 78#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
79#define _PATH_SSH_CLIENT_ID_XMSS _PATH_SSH_USER_DIR "/id_xmss" 79#define _PATH_SSH_CLIENT_ID_XMSS _PATH_SSH_USER_DIR "/id_xmss"
80#define _PATH_SSH_CLIENT_ID_ECDSA_SK _PATH_SSH_USER_DIR "/id_ecdsa_sk"
81#define _PATH_SSH_CLIENT_ID_ED25519_SK _PATH_SSH_USER_DIR "/id_ed25519_sk"
80 82
81/* 83/*
82 * Configuration file in user's home directory. This file need not be 84 * Configuration file in user's home directory. This file need not be
@@ -132,6 +134,11 @@
132#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" 134#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper"
133#endif 135#endif
134 136
137/* Location of ssh-sk-helper to support keys in security keys */
138#ifndef _PATH_SSH_SK_HELPER
139#define _PATH_SSH_SK_HELPER "/usr/libexec/ssh-sk-helper"
140#endif
141
135/* xauth for X11 forwarding */ 142/* xauth for X11 forwarding */
136#ifndef _PATH_XAUTH 143#ifndef _PATH_XAUTH
137#define _PATH_XAUTH "/usr/X11R6/bin/xauth" 144#define _PATH_XAUTH "/usr/X11R6/bin/xauth"
diff --git a/progressmeter.c b/progressmeter.c
index 0e58eddec..8baf798f1 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: progressmeter.c,v 1.48 2019/05/03 06:06:30 dtucker Exp $ */ 1/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2003 Nils Nordman. All rights reserved. 3 * Copyright (c) 2003 Nils Nordman. All rights reserved.
4 * 4 *
@@ -233,7 +233,6 @@ refresh_progress_meter(int force_update)
233static void 233static void
234sig_alarm(int ignore) 234sig_alarm(int ignore)
235{ 235{
236 signal(SIGALRM, sig_alarm);
237 alarm_fired = 1; 236 alarm_fired = 1;
238 alarm(UPDATE_INTERVAL); 237 alarm(UPDATE_INTERVAL);
239} 238}
@@ -253,8 +252,8 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
253 setscreensize(); 252 setscreensize();
254 refresh_progress_meter(1); 253 refresh_progress_meter(1);
255 254
256 signal(SIGALRM, sig_alarm); 255 ssh_signal(SIGALRM, sig_alarm);
257 signal(SIGWINCH, sig_winch); 256 ssh_signal(SIGWINCH, sig_winch);
258 alarm(UPDATE_INTERVAL); 257 alarm(UPDATE_INTERVAL);
259} 258}
260 259
@@ -277,7 +276,6 @@ stop_progress_meter(void)
277static void 276static void
278sig_winch(int sig) 277sig_winch(int sig)
279{ 278{
280 signal(SIGWINCH, sig_winch);
281 win_resized = 1; 279 win_resized = 1;
282} 280}
283 281
diff --git a/readconf.c b/readconf.c
index 9812b8d98..1b9494d7c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.309 2019/09/06 14:45:34 naddy Exp $ */ 1/* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,9 +35,9 @@
35#endif 35#endif
36#include <pwd.h> 36#include <pwd.h>
37#include <signal.h> 37#include <signal.h>
38#include <stdarg.h>
39#include <stdio.h> 38#include <stdio.h>
40#include <string.h> 39#include <string.h>
40#include <stdarg.h>
41#include <unistd.h> 41#include <unistd.h>
42#ifdef USE_SYSTEM_GLOB 42#ifdef USE_SYSTEM_GLOB
43# include <glob.h> 43# include <glob.h>
@@ -122,8 +122,6 @@
122 ForwardAgent no 122 ForwardAgent no
123 ForwardX11 no 123 ForwardX11 no
124 PasswordAuthentication yes 124 PasswordAuthentication yes
125 RSAAuthentication yes
126 RhostsRSAAuthentication yes
127 StrictHostKeyChecking yes 125 StrictHostKeyChecking yes
128 TcpKeepAlive no 126 TcpKeepAlive no
129 IdentityFile ~/.ssh/identity 127 IdentityFile ~/.ssh/identity
@@ -147,15 +145,15 @@ typedef enum {
147 oHost, oMatch, oInclude, 145 oHost, oMatch, oInclude,
148 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, 146 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
149 oGatewayPorts, oExitOnForwardFailure, 147 oGatewayPorts, oExitOnForwardFailure,
150 oPasswordAuthentication, oRSAAuthentication, 148 oPasswordAuthentication,
151 oChallengeResponseAuthentication, oXAuthLocation, 149 oChallengeResponseAuthentication, oXAuthLocation,
152 oIdentityFile, oHostname, oPort, oCipher, oRemoteForward, oLocalForward, 150 oIdentityFile, oHostname, oPort, oRemoteForward, oLocalForward,
153 oCertificateFile, oAddKeysToAgent, oIdentityAgent, 151 oCertificateFile, oAddKeysToAgent, oIdentityAgent,
154 oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 152 oUser, oEscapeChar, oProxyCommand,
155 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 153 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
156 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 154 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
157 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, 155 oTCPKeepAlive, oNumberOfPasswordPrompts,
158 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs, 156 oLogFacility, oLogLevel, oCiphers, oMacs,
159 oPubkeyAuthentication, 157 oPubkeyAuthentication,
160 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 158 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
161 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 159 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -177,6 +175,7 @@ typedef enum {
177 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
178 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
179 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, 177 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
178 oSecurityKeyProvider,
180 oProtocolKeepAlives, oSetupTimeOut, 179 oProtocolKeepAlives, oSetupTimeOut,
181 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 180 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
182} OpCodes; 181} OpCodes;
@@ -203,6 +202,9 @@ static struct {
203 { "afstokenpassing", oUnsupported }, 202 { "afstokenpassing", oUnsupported },
204 { "kerberosauthentication", oUnsupported }, 203 { "kerberosauthentication", oUnsupported },
205 { "kerberostgtpassing", oUnsupported }, 204 { "kerberostgtpassing", oUnsupported },
205 { "rsaauthentication", oUnsupported },
206 { "rhostsrsaauthentication", oUnsupported },
207 { "compressionlevel", oUnsupported },
206 208
207 /* Sometimes-unsupported options */ 209 /* Sometimes-unsupported options */
208#if defined(GSSAPI) 210#if defined(GSSAPI)
@@ -231,9 +233,6 @@ static struct {
231 { "smartcarddevice", oUnsupported }, 233 { "smartcarddevice", oUnsupported },
232 { "pkcs11provider", oUnsupported }, 234 { "pkcs11provider", oUnsupported },
233#endif 235#endif
234 { "rsaauthentication", oUnsupported },
235 { "rhostsrsaauthentication", oUnsupported },
236 { "compressionlevel", oUnsupported },
237 236
238 { "forwardagent", oForwardAgent }, 237 { "forwardagent", oForwardAgent },
239 { "forwardx11", oForwardX11 }, 238 { "forwardx11", oForwardX11 },
@@ -327,12 +326,23 @@ static struct {
327 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 326 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
328 { "ignoreunknown", oIgnoreUnknown }, 327 { "ignoreunknown", oIgnoreUnknown },
329 { "proxyjump", oProxyJump }, 328 { "proxyjump", oProxyJump },
329 { "securitykeyprovider", oSecurityKeyProvider },
330 { "protocolkeepalives", oProtocolKeepAlives }, 330 { "protocolkeepalives", oProtocolKeepAlives },
331 { "setuptimeout", oSetupTimeOut }, 331 { "setuptimeout", oSetupTimeOut },
332 332
333 { NULL, oBadOption } 333 { NULL, oBadOption }
334}; 334};
335 335
336static char *kex_default_pk_alg_filtered;
337
338const char *
339kex_default_pk_alg(void)
340{
341 if (kex_default_pk_alg_filtered == NULL)
342 fatal("kex_default_pk_alg not initialized.");
343 return kex_default_pk_alg_filtered;
344}
345
336/* 346/*
337 * Adds a local TCP/IP port forward to options. Never returns if there is an 347 * Adds a local TCP/IP port forward to options. Never returns if there is an
338 * error. 348 * error.
@@ -537,7 +547,7 @@ execute_in_shell(const char *cmd)
537 execv(argv[0], argv); 547 execv(argv[0], argv);
538 error("Unable to execute '%.100s': %s", cmd, strerror(errno)); 548 error("Unable to execute '%.100s': %s", cmd, strerror(errno));
539 /* Die with signal to make this error apparent to parent. */ 549 /* Die with signal to make this error apparent to parent. */
540 signal(SIGTERM, SIG_DFL); 550 ssh_signal(SIGTERM, SIG_DFL);
541 kill(getpid(), SIGTERM); 551 kill(getpid(), SIGTERM);
542 _exit(1); 552 _exit(1);
543 } 553 }
@@ -846,6 +856,13 @@ static const struct multistate multistate_canonicalizehostname[] = {
846 { "always", SSH_CANONICALISE_ALWAYS }, 856 { "always", SSH_CANONICALISE_ALWAYS },
847 { NULL, -1 } 857 { NULL, -1 }
848}; 858};
859static const struct multistate multistate_compression[] = {
860#ifdef WITH_ZLIB
861 { "yes", COMP_ZLIB },
862#endif
863 { "no", COMP_NONE },
864 { NULL, -1 }
865};
849 866
850/* 867/*
851 * Processes a single option line as used in the configuration files. This 868 * Processes a single option line as used in the configuration files. This
@@ -938,6 +955,34 @@ parse_time:
938 955
939 case oForwardAgent: 956 case oForwardAgent:
940 intptr = &options->forward_agent; 957 intptr = &options->forward_agent;
958
959 arg = strdelim(&s);
960 if (!arg || *arg == '\0')
961 fatal("%s line %d: missing argument.",
962 filename, linenum);
963
964 value = -1;
965 multistate_ptr = multistate_flag;
966 for (i = 0; multistate_ptr[i].key != NULL; i++) {
967 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
968 value = multistate_ptr[i].value;
969 break;
970 }
971 }
972 if (value != -1) {
973 if (*activep && *intptr == -1)
974 *intptr = value;
975 break;
976 }
977 /* ForwardAgent wasn't 'yes' or 'no', assume a path */
978 if (*activep && *intptr == -1)
979 *intptr = 1;
980
981 charptr = &options->forward_agent_sock_path;
982 goto parse_agent_path;
983
984 case oForwardX11:
985 intptr = &options->forward_x11;
941 parse_flag: 986 parse_flag:
942 multistate_ptr = multistate_flag; 987 multistate_ptr = multistate_flag;
943 parse_multistate: 988 parse_multistate:
@@ -959,10 +1004,6 @@ parse_time:
959 *intptr = value; 1004 *intptr = value;
960 break; 1005 break;
961 1006
962 case oForwardX11:
963 intptr = &options->forward_x11;
964 goto parse_flag;
965
966 case oForwardX11Trusted: 1007 case oForwardX11Trusted:
967 intptr = &options->forward_x11_trusted; 1008 intptr = &options->forward_x11_trusted;
968 goto parse_flag; 1009 goto parse_flag;
@@ -1063,7 +1104,8 @@ parse_time:
1063 1104
1064 case oCompression: 1105 case oCompression:
1065 intptr = &options->compression; 1106 intptr = &options->compression;
1066 goto parse_flag; 1107 multistate_ptr = multistate_compression;
1108 goto parse_multistate;
1067 1109
1068 case oTCPKeepAlive: 1110 case oTCPKeepAlive:
1069 intptr = &options->tcp_keep_alive; 1111 intptr = &options->tcp_keep_alive;
@@ -1197,6 +1239,10 @@ parse_char_array:
1197 charptr = &options->pkcs11_provider; 1239 charptr = &options->pkcs11_provider;
1198 goto parse_string; 1240 goto parse_string;
1199 1241
1242 case oSecurityKeyProvider:
1243 charptr = &options->sk_provider;
1244 goto parse_string;
1245
1200 case oProxyCommand: 1246 case oProxyCommand:
1201 charptr = &options->proxy_command; 1247 charptr = &options->proxy_command;
1202 /* Ignore ProxyCommand if ProxyJump already specified */ 1248 /* Ignore ProxyCommand if ProxyJump already specified */
@@ -1606,12 +1652,12 @@ parse_keytypes:
1606 "files",filename, linenum, arg2); 1652 "files",filename, linenum, arg2);
1607 free(arg2); 1653 free(arg2);
1608 continue; 1654 continue;
1609 } else if (r != 0 || gl.gl_pathc < 0) 1655 } else if (r != 0)
1610 fatal("%.200s line %d: glob failed for %s.", 1656 fatal("%.200s line %d: glob failed for %s.",
1611 filename, linenum, arg2); 1657 filename, linenum, arg2);
1612 free(arg2); 1658 free(arg2);
1613 oactive = *activep; 1659 oactive = *activep;
1614 for (i = 0; i < (u_int)gl.gl_pathc; i++) { 1660 for (i = 0; i < gl.gl_pathc; i++) {
1615 debug3("%.200s line %d: Including file %s " 1661 debug3("%.200s line %d: Including file %s "
1616 "depth %d%s", filename, linenum, 1662 "depth %d%s", filename, linenum,
1617 gl.gl_pathv[i], depth, 1663 gl.gl_pathv[i], depth,
@@ -1785,6 +1831,7 @@ parse_keytypes:
1785 if (!arg || *arg == '\0') 1831 if (!arg || *arg == '\0')
1786 fatal("%.200s line %d: Missing argument.", 1832 fatal("%.200s line %d: Missing argument.",
1787 filename, linenum); 1833 filename, linenum);
1834 parse_agent_path:
1788 /* Extra validation if the string represents an env var. */ 1835 /* Extra validation if the string represents an env var. */
1789 if (arg[0] == '$' && !valid_env_name(arg + 1)) { 1836 if (arg[0] == '$' && !valid_env_name(arg + 1)) {
1790 fatal("%.200s line %d: Invalid environment name %s.", 1837 fatal("%.200s line %d: Invalid environment name %s.",
@@ -1901,6 +1948,7 @@ initialize_options(Options * options)
1901{ 1948{
1902 memset(options, 'X', sizeof(*options)); 1949 memset(options, 'X', sizeof(*options));
1903 options->forward_agent = -1; 1950 options->forward_agent = -1;
1951 options->forward_agent_sock_path = NULL;
1904 options->forward_x11 = -1; 1952 options->forward_x11 = -1;
1905 options->forward_x11_trusted = -1; 1953 options->forward_x11_trusted = -1;
1906 options->forward_x11_timeout = -1; 1954 options->forward_x11_timeout = -1;
@@ -1964,6 +2012,7 @@ initialize_options(Options * options)
1964 options->bind_address = NULL; 2012 options->bind_address = NULL;
1965 options->bind_interface = NULL; 2013 options->bind_interface = NULL;
1966 options->pkcs11_provider = NULL; 2014 options->pkcs11_provider = NULL;
2015 options->sk_provider = NULL;
1967 options->enable_ssh_keysign = - 1; 2016 options->enable_ssh_keysign = - 1;
1968 options->no_host_authentication_for_localhost = - 1; 2017 options->no_host_authentication_for_localhost = - 1;
1969 options->identities_only = - 1; 2018 options->identities_only = - 1;
@@ -2030,6 +2079,7 @@ void
2030fill_default_options(Options * options) 2079fill_default_options(Options * options)
2031{ 2080{
2032 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 2081 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
2082 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
2033 int r; 2083 int r;
2034 2084
2035 if (options->forward_agent == -1) 2085 if (options->forward_agent == -1)
@@ -2111,9 +2161,13 @@ fill_default_options(Options * options)
2111 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); 2161 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
2112#ifdef OPENSSL_HAS_ECC 2162#ifdef OPENSSL_HAS_ECC
2113 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); 2163 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
2164 add_identity_file(options, "~/",
2165 _PATH_SSH_CLIENT_ID_ECDSA_SK, 0);
2114#endif 2166#endif
2115 add_identity_file(options, "~/", 2167 add_identity_file(options, "~/",
2116 _PATH_SSH_CLIENT_ID_ED25519, 0); 2168 _PATH_SSH_CLIENT_ID_ED25519, 0);
2169 add_identity_file(options, "~/",
2170 _PATH_SSH_CLIENT_ID_ED25519_SK, 0);
2117 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); 2171 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
2118 } 2172 }
2119 if (options->escape_char == -1) 2173 if (options->escape_char == -1)
@@ -2124,6 +2178,8 @@ fill_default_options(Options * options)
2124 options->system_hostfiles[options->num_system_hostfiles++] = 2178 options->system_hostfiles[options->num_system_hostfiles++] =
2125 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2); 2179 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
2126 } 2180 }
2181 if (options->update_hostkeys == -1)
2182 options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO;
2127 if (options->num_user_hostfiles == 0) { 2183 if (options->num_user_hostfiles == 0) {
2128 options->user_hostfiles[options->num_user_hostfiles++] = 2184 options->user_hostfiles[options->num_user_hostfiles++] =
2129 xstrdup(_PATH_SSH_USER_HOSTFILE); 2185 xstrdup(_PATH_SSH_USER_HOSTFILE);
@@ -2189,8 +2245,13 @@ fill_default_options(Options * options)
2189 options->canonicalize_hostname = SSH_CANONICALISE_NO; 2245 options->canonicalize_hostname = SSH_CANONICALISE_NO;
2190 if (options->fingerprint_hash == -1) 2246 if (options->fingerprint_hash == -1)
2191 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 2247 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
2192 if (options->update_hostkeys == -1) 2248#ifdef ENABLE_SK_INTERNAL
2193 options->update_hostkeys = 0; 2249 if (options->sk_provider == NULL)
2250 options->sk_provider = xstrdup("internal");
2251#else
2252 if (options->sk_provider == NULL)
2253 options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
2254#endif
2194 2255
2195 /* Expand KEX name lists */ 2256 /* Expand KEX name lists */
2196 all_cipher = cipher_alg_list(',', 0); 2257 all_cipher = cipher_alg_list(',', 0);
@@ -2198,24 +2259,35 @@ fill_default_options(Options * options)
2198 all_kex = kex_alg_list(','); 2259 all_kex = kex_alg_list(',');
2199 all_key = sshkey_alg_list(0, 0, 1, ','); 2260 all_key = sshkey_alg_list(0, 0, 1, ',');
2200 all_sig = sshkey_alg_list(0, 1, 1, ','); 2261 all_sig = sshkey_alg_list(0, 1, 1, ',');
2262 /* remove unsupported algos from default lists */
2263 def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher);
2264 def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac);
2265 def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex);
2266 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
2267 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
2201#define ASSEMBLE(what, defaults, all) \ 2268#define ASSEMBLE(what, defaults, all) \
2202 do { \ 2269 do { \
2203 if ((r = kex_assemble_names(&options->what, \ 2270 if ((r = kex_assemble_names(&options->what, \
2204 defaults, all)) != 0) \ 2271 defaults, all)) != 0) \
2205 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 2272 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
2206 } while (0) 2273 } while (0)
2207 ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher); 2274 ASSEMBLE(ciphers, def_cipher, all_cipher);
2208 ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac); 2275 ASSEMBLE(macs, def_mac, all_mac);
2209 ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex); 2276 ASSEMBLE(kex_algorithms, def_kex, all_kex);
2210 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); 2277 ASSEMBLE(hostbased_key_types, def_key, all_key);
2211 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); 2278 ASSEMBLE(pubkey_key_types, def_key, all_key);
2212 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); 2279 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
2213#undef ASSEMBLE 2280#undef ASSEMBLE
2214 free(all_cipher); 2281 free(all_cipher);
2215 free(all_mac); 2282 free(all_mac);
2216 free(all_kex); 2283 free(all_kex);
2217 free(all_key); 2284 free(all_key);
2218 free(all_sig); 2285 free(all_sig);
2286 free(def_cipher);
2287 free(def_mac);
2288 free(def_kex);
2289 kex_default_pk_alg_filtered = def_key; /* save for later use */
2290 free(def_sig);
2219 2291
2220#define CLEAR_ON_NONE(v) \ 2292#define CLEAR_ON_NONE(v) \
2221 do { \ 2293 do { \
@@ -2230,6 +2302,7 @@ fill_default_options(Options * options)
2230 CLEAR_ON_NONE(options->control_path); 2302 CLEAR_ON_NONE(options->control_path);
2231 CLEAR_ON_NONE(options->revoked_host_keys); 2303 CLEAR_ON_NONE(options->revoked_host_keys);
2232 CLEAR_ON_NONE(options->pkcs11_provider); 2304 CLEAR_ON_NONE(options->pkcs11_provider);
2305 CLEAR_ON_NONE(options->sk_provider);
2233 if (options->jump_host != NULL && 2306 if (options->jump_host != NULL &&
2234 strcmp(options->jump_host, "none") == 0 && 2307 strcmp(options->jump_host, "none") == 0 &&
2235 options->jump_port == 0 && options->jump_user == NULL) { 2308 options->jump_port == 0 && options->jump_user == NULL) {
@@ -2663,14 +2736,19 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
2663void 2736void
2664dump_client_config(Options *o, const char *host) 2737dump_client_config(Options *o, const char *host)
2665{ 2738{
2666 int i; 2739 int i, r;
2667 char buf[8], *all_key; 2740 char buf[8], *all_key;
2668 2741
2669 /* This is normally prepared in ssh_kex2 */ 2742 /*
2743 * Expand HostKeyAlgorithms name lists. This isn't handled in
2744 * fill_default_options() like the other algorithm lists because
2745 * the host key algorithms are by default dynamically chosen based
2746 * on the host's keys found in known_hosts.
2747 */
2670 all_key = sshkey_alg_list(0, 0, 1, ','); 2748 all_key = sshkey_alg_list(0, 0, 1, ',');
2671 if (kex_assemble_names( &o->hostkeyalgorithms, 2749 if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(),
2672 KEX_DEFAULT_PK_ALG, all_key) != 0) 2750 all_key)) != 0)
2673 fatal("%s: kex_assemble_names failed", __func__); 2751 fatal("%s: expand HostKeyAlgorithms: %s", __func__, ssh_err(r));
2674 free(all_key); 2752 free(all_key);
2675 2753
2676 /* Most interesting options first: user, host, port */ 2754 /* Most interesting options first: user, host, port */
@@ -2692,7 +2770,6 @@ dump_client_config(Options *o, const char *host)
2692 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); 2770 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
2693 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); 2771 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
2694 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); 2772 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
2695 dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2696 dump_cfg_fmtint(oForwardX11, o->forward_x11); 2773 dump_cfg_fmtint(oForwardX11, o->forward_x11);
2697 dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); 2774 dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
2698 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); 2775 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
@@ -2736,7 +2813,7 @@ dump_client_config(Options *o, const char *host)
2736 /* String options */ 2813 /* String options */
2737 dump_cfg_string(oBindAddress, o->bind_address); 2814 dump_cfg_string(oBindAddress, o->bind_address);
2738 dump_cfg_string(oBindInterface, o->bind_interface); 2815 dump_cfg_string(oBindInterface, o->bind_interface);
2739 dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); 2816 dump_cfg_string(oCiphers, o->ciphers);
2740 dump_cfg_string(oControlPath, o->control_path); 2817 dump_cfg_string(oControlPath, o->control_path);
2741 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); 2818 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
2742 dump_cfg_string(oHostKeyAlias, o->host_key_alias); 2819 dump_cfg_string(oHostKeyAlias, o->host_key_alias);
@@ -2744,15 +2821,16 @@ dump_client_config(Options *o, const char *host)
2744 dump_cfg_string(oIdentityAgent, o->identity_agent); 2821 dump_cfg_string(oIdentityAgent, o->identity_agent);
2745 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); 2822 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
2746 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2823 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2747 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2824 dump_cfg_string(oKexAlgorithms, o->kex_algorithms);
2748 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); 2825 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms);
2749 dump_cfg_string(oLocalCommand, o->local_command); 2826 dump_cfg_string(oLocalCommand, o->local_command);
2750 dump_cfg_string(oRemoteCommand, o->remote_command); 2827 dump_cfg_string(oRemoteCommand, o->remote_command);
2751 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2828 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2752 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2829 dump_cfg_string(oMacs, o->macs);
2753#ifdef ENABLE_PKCS11 2830#ifdef ENABLE_PKCS11
2754 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); 2831 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2755#endif 2832#endif
2833 dump_cfg_string(oSecurityKeyProvider, o->sk_provider);
2756 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); 2834 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2757 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2835 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2758 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); 2836 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
@@ -2774,6 +2852,12 @@ dump_client_config(Options *o, const char *host)
2774 2852
2775 /* Special cases */ 2853 /* Special cases */
2776 2854
2855 /* oForwardAgent */
2856 if (o->forward_agent_sock_path == NULL)
2857 dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2858 else
2859 dump_cfg_string(oForwardAgent, o->forward_agent_sock_path);
2860
2777 /* oConnectTimeout */ 2861 /* oConnectTimeout */
2778 if (o->connection_timeout == -1) 2862 if (o->connection_timeout == -1)
2779 printf("connecttimeout none\n"); 2863 printf("connecttimeout none\n");
diff --git a/readconf.h b/readconf.h
index 0bff6d80a..a8a8870d7 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.129 2018/11/23 05:08:07 djm Exp $ */ 1/* $OpenBSD: readconf.h,v 1.132 2020/01/23 02:46:49 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -29,6 +29,7 @@ struct allowed_cname {
29 29
30typedef struct { 30typedef struct {
31 int forward_agent; /* Forward authentication agent. */ 31 int forward_agent; /* Forward authentication agent. */
32 char *forward_agent_sock_path; /* Optional path of the agent. */
32 int forward_x11; /* Forward X11 display. */ 33 int forward_x11; /* Forward X11 display. */
33 int forward_x11_timeout; /* Expiration for Cookies */ 34 int forward_x11_timeout; /* Expiration for Cookies */
34 int forward_x11_trusted; /* Trust Forward X11 display. */ 35 int forward_x11_trusted; /* Trust Forward X11 display. */
@@ -88,6 +89,7 @@ typedef struct {
88 char *bind_address; /* local socket address for connection to sshd */ 89 char *bind_address; /* local socket address for connection to sshd */
89 char *bind_interface; /* local interface for bind address */ 90 char *bind_interface; /* local interface for bind address */
90 char *pkcs11_provider; /* PKCS#11 provider */ 91 char *pkcs11_provider; /* PKCS#11 provider */
92 char *sk_provider; /* Security key provider */
91 int verify_host_key_dns; /* Verify host key using DNS */ 93 int verify_host_key_dns; /* Verify host key using DNS */
92 94
93 int num_identity_files; /* Number of files for RSA/DSA identities. */ 95 int num_identity_files; /* Number of files for RSA/DSA identities. */
@@ -203,6 +205,7 @@ typedef struct {
203#define SSH_STRICT_HOSTKEY_YES 2 205#define SSH_STRICT_HOSTKEY_YES 2
204#define SSH_STRICT_HOSTKEY_ASK 3 206#define SSH_STRICT_HOSTKEY_ASK 3
205 207
208const char *kex_default_pk_alg(void);
206void initialize_options(Options *); 209void initialize_options(Options *);
207void fill_default_options(Options *); 210void fill_default_options(Options *);
208void fill_default_options_for_canonicalization(Options *); 211void fill_default_options_for_canonicalization(Options *);
diff --git a/readpass.c b/readpass.c
index 7e52cae9c..974d67f0b 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -48,7 +48,7 @@
48#include "uidswap.h" 48#include "uidswap.h"
49 49
50static char * 50static char *
51ssh_askpass(char *askpass, const char *msg) 51ssh_askpass(char *askpass, const char *msg, const char *env_hint)
52{ 52{
53 pid_t pid, ret; 53 pid_t pid, ret;
54 size_t len; 54 size_t len;
@@ -58,25 +58,27 @@ ssh_askpass(char *askpass, const char *msg)
58 void (*osigchld)(int); 58 void (*osigchld)(int);
59 59
60 if (fflush(stdout) != 0) 60 if (fflush(stdout) != 0)
61 error("ssh_askpass: fflush: %s", strerror(errno)); 61 error("%s: fflush: %s", __func__, strerror(errno));
62 if (askpass == NULL) 62 if (askpass == NULL)
63 fatal("internal error: askpass undefined"); 63 fatal("internal error: askpass undefined");
64 if (pipe(p) == -1) { 64 if (pipe(p) == -1) {
65 error("ssh_askpass: pipe: %s", strerror(errno)); 65 error("%s: pipe: %s", __func__, strerror(errno));
66 return NULL; 66 return NULL;
67 } 67 }
68 osigchld = signal(SIGCHLD, SIG_DFL); 68 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
69 if ((pid = fork()) == -1) { 69 if ((pid = fork()) == -1) {
70 error("ssh_askpass: fork: %s", strerror(errno)); 70 error("%s: fork: %s", __func__, strerror(errno));
71 signal(SIGCHLD, osigchld); 71 ssh_signal(SIGCHLD, osigchld);
72 return NULL; 72 return NULL;
73 } 73 }
74 if (pid == 0) { 74 if (pid == 0) {
75 close(p[0]); 75 close(p[0]);
76 if (dup2(p[1], STDOUT_FILENO) == -1) 76 if (dup2(p[1], STDOUT_FILENO) == -1)
77 fatal("ssh_askpass: dup2: %s", strerror(errno)); 77 fatal("%s: dup2: %s", __func__, strerror(errno));
78 if (env_hint != NULL)
79 setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
78 execlp(askpass, askpass, msg, (char *)NULL); 80 execlp(askpass, askpass, msg, (char *)NULL);
79 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); 81 fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno));
80 } 82 }
81 close(p[1]); 83 close(p[1]);
82 84
@@ -96,7 +98,7 @@ ssh_askpass(char *askpass, const char *msg)
96 while ((ret = waitpid(pid, &status, 0)) == -1) 98 while ((ret = waitpid(pid, &status, 0)) == -1)
97 if (errno != EINTR) 99 if (errno != EINTR)
98 break; 100 break;
99 signal(SIGCHLD, osigchld); 101 ssh_signal(SIGCHLD, osigchld);
100 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { 102 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
101 explicit_bzero(buf, sizeof(buf)); 103 explicit_bzero(buf, sizeof(buf));
102 return NULL; 104 return NULL;
@@ -108,6 +110,9 @@ ssh_askpass(char *askpass, const char *msg)
108 return pass; 110 return pass;
109} 111}
110 112
113/* private/internal read_passphrase flags */
114#define RP_ASK_PERMISSION 0x8000 /* pass hint to askpass for confirm UI */
115
111/* 116/*
112 * Reads a passphrase from /dev/tty with echo turned off/on. Returns the 117 * Reads a passphrase from /dev/tty with echo turned off/on. Returns the
113 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If 118 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
@@ -119,6 +124,7 @@ read_passphrase(const char *prompt, int flags)
119{ 124{
120 char cr = '\r', *askpass = NULL, *ret, buf[1024]; 125 char cr = '\r', *askpass = NULL, *ret, buf[1024];
121 int rppflags, use_askpass = 0, ttyfd; 126 int rppflags, use_askpass = 0, ttyfd;
127 const char *askpass_hint = NULL;
122 128
123 rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; 129 rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
124 if (flags & RP_USE_ASKPASS) 130 if (flags & RP_USE_ASKPASS)
@@ -155,7 +161,9 @@ read_passphrase(const char *prompt, int flags)
155 askpass = getenv(SSH_ASKPASS_ENV); 161 askpass = getenv(SSH_ASKPASS_ENV);
156 else 162 else
157 askpass = _PATH_SSH_ASKPASS_DEFAULT; 163 askpass = _PATH_SSH_ASKPASS_DEFAULT;
158 if ((ret = ssh_askpass(askpass, prompt)) == NULL) 164 if ((flags & RP_ASK_PERMISSION) != 0)
165 askpass_hint = "confirm";
166 if ((ret = ssh_askpass(askpass, prompt, askpass_hint)) == NULL)
159 if (!(flags & RP_ALLOW_EOF)) 167 if (!(flags & RP_ALLOW_EOF))
160 return xstrdup(""); 168 return xstrdup("");
161 return ret; 169 return ret;
@@ -183,7 +191,8 @@ ask_permission(const char *fmt, ...)
183 vsnprintf(prompt, sizeof(prompt), fmt, args); 191 vsnprintf(prompt, sizeof(prompt), fmt, args);
184 va_end(args); 192 va_end(args);
185 193
186 p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); 194 p = read_passphrase(prompt,
195 RP_USE_ASKPASS|RP_ALLOW_EOF|RP_ASK_PERMISSION);
187 if (p != NULL) { 196 if (p != NULL) {
188 /* 197 /*
189 * Accept empty responses and responses consisting 198 * Accept empty responses and responses consisting
@@ -197,3 +206,89 @@ ask_permission(const char *fmt, ...)
197 206
198 return (allowed); 207 return (allowed);
199} 208}
209
210struct notifier_ctx {
211 pid_t pid;
212 void (*osigchld)(int);
213};
214
215struct notifier_ctx *
216notify_start(int force_askpass, const char *fmt, ...)
217{
218 va_list args;
219 char *prompt = NULL;
220 int devnull;
221 pid_t pid;
222 void (*osigchld)(int);
223 const char *askpass;
224 struct notifier_ctx *ret;
225
226 va_start(args, fmt);
227 xvasprintf(&prompt, fmt, args);
228 va_end(args);
229
230 if (fflush(NULL) != 0)
231 error("%s: fflush: %s", __func__, strerror(errno));
232 if (!force_askpass && isatty(STDERR_FILENO)) {
233 (void)write(STDERR_FILENO, "\r", 1);
234 (void)write(STDERR_FILENO, prompt, strlen(prompt));
235 (void)write(STDERR_FILENO, "\r\n", 2);
236 free(prompt);
237 return NULL;
238 }
239 if ((askpass = getenv("SSH_ASKPASS")) == NULL)
240 askpass = _PATH_SSH_ASKPASS_DEFAULT;
241 if (getenv("DISPLAY") == NULL || *askpass == '\0') {
242 debug3("%s: cannot notify", __func__);
243 free(prompt);
244 return NULL;
245 }
246 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
247 if ((pid = fork()) == -1) {
248 error("%s: fork: %s", __func__, strerror(errno));
249 ssh_signal(SIGCHLD, osigchld);
250 free(prompt);
251 return NULL;
252 }
253 if (pid == 0) {
254 if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
255 fatal("%s: open %s", __func__, strerror(errno));
256 if (dup2(devnull, STDIN_FILENO) == -1 ||
257 dup2(devnull, STDOUT_FILENO) == -1)
258 fatal("%s: dup2: %s", __func__, strerror(errno));
259 closefrom(STDERR_FILENO + 1);
260 setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */
261 execlp(askpass, askpass, prompt, (char *)NULL);
262 error("%s: exec(%s): %s", __func__, askpass, strerror(errno));
263 _exit(1);
264 /* NOTREACHED */
265 }
266 if ((ret = calloc(1, sizeof(*ret))) == NULL) {
267 kill(pid, SIGTERM);
268 fatal("%s: calloc failed", __func__);
269 }
270 ret->pid = pid;
271 ret->osigchld = osigchld;
272 free(prompt);
273 return ret;
274}
275
276void
277notify_complete(struct notifier_ctx *ctx)
278{
279 int ret;
280
281 if (ctx == NULL || ctx->pid <= 0) {
282 free(ctx);
283 return;
284 }
285 kill(ctx->pid, SIGTERM);
286 while ((ret = waitpid(ctx->pid, NULL, 0)) == -1) {
287 if (errno != EINTR)
288 break;
289 }
290 if (ret == -1)
291 fatal("%s: waitpid: %s", __func__, strerror(errno));
292 ssh_signal(SIGCHLD, ctx->osigchld);
293 free(ctx);
294}
diff --git a/regress/Makefile b/regress/Makefile
index 17e0a06e8..01e257a94 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $ 1# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
2 2
3tests: prep file-tests t-exec unit 3tests: prep file-tests t-exec unit
4 4
@@ -87,6 +87,7 @@ LTESTS= connect \
87 principals-command \ 87 principals-command \
88 cert-file \ 88 cert-file \
89 cfginclude \ 89 cfginclude \
90 servcfginclude \
90 allow-deny-users \ 91 allow-deny-users \
91 authinfo \ 92 authinfo \
92 sshsig 93 sshsig
@@ -122,7 +123,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
122 ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \ 123 ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
123 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ 124 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
124 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ 125 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
125 sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ 126 sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
126 sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ 127 sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
127 t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ 128 t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
128 t8.out t8.out.pub t9.out t9.out.pub testdata \ 129 t8.out t8.out.pub t9.out t9.out.pub testdata \
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 769c29e8d..524340816 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.10 2018/02/09 03:40:22 dtucker Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
@@ -26,7 +26,7 @@ case "x$SUDO" in
26esac 26esac
27 27
28trace "start agent" 28trace "start agent"
29eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null 29eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null
30r=$? 30r=$?
31if [ $r -ne 0 ]; then 31if [ $r -ne 0 ]; then
32 fail "could not start ssh-agent: exit code $r" 32 fail "could not start ssh-agent: exit code $r"
diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh
index 5205d9067..fbbaea518 100644
--- a/regress/agent-pkcs11.sh
+++ b/regress/agent-pkcs11.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-pkcs11.sh,v 1.6 2019/01/21 09:13:41 djm Exp $ 1# $OpenBSD: agent-pkcs11.sh,v 1.7 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="pkcs11 agent test" 4tid="pkcs11 agent test"
@@ -75,7 +75,7 @@ openssl pkcs8 -nocrypt -in $EC |\
75 softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin 75 softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin
76 76
77trace "start agent" 77trace "start agent"
78eval `${SSHAGENT} -s` > /dev/null 78eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
79r=$? 79r=$?
80if [ $r -ne 0 ]; then 80if [ $r -ne 0 ]; then
81 fail "could not start ssh-agent: exit code $r" 81 fail "could not start ssh-agent: exit code $r"
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
index 2d795ee32..9cd68d7ec 100644
--- a/regress/agent-ptrace.sh
+++ b/regress/agent-ptrace.sh
@@ -41,7 +41,7 @@ else
41fi 41fi
42 42
43trace "start agent" 43trace "start agent"
44eval `${SSHAGENT} -s` > /dev/null 44eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
45r=$? 45r=$?
46if [ $r -ne 0 ]; then 46if [ $r -ne 0 ]; then
47 fail "could not start ssh-agent: exit code $r" 47 fail "could not start ssh-agent: exit code $r"
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh
index 311c7bcba..6dec09285 100644
--- a/regress/agent-timeout.sh
+++ b/regress/agent-timeout.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-timeout.sh,v 1.5 2019/09/03 08:37:06 djm Exp $ 1# $OpenBSD: agent-timeout.sh,v 1.6 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="agent timeout test" 4tid="agent timeout test"
@@ -6,7 +6,7 @@ tid="agent timeout test"
6SSHAGENT_TIMEOUT=10 6SSHAGENT_TIMEOUT=10
7 7
8trace "start agent" 8trace "start agent"
9eval `${SSHAGENT} -s` > /dev/null 9eval `${SSHAGENT} -s ${EXTRA_AGENT_ARGS}` > /dev/null
10r=$? 10r=$?
11if [ $r -ne 0 ]; then 11if [ $r -ne 0 ]; then
12 fail "could not start ssh-agent: exit code $r" 12 fail "could not start ssh-agent: exit code $r"
diff --git a/regress/agent.sh b/regress/agent.sh
index 48fa12b0e..39403653c 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $ 1# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="simple agent test" 4tid="simple agent test"
@@ -8,13 +8,19 @@ if [ $? -ne 2 ]; then
8 fail "ssh-add -l did not fail with exit code 2" 8 fail "ssh-add -l did not fail with exit code 2"
9fi 9fi
10 10
11trace "start agent" 11trace "start agent, args ${EXTRA_AGENT_ARGS} -s"
12eval `${SSHAGENT} -s` > /dev/null 12eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
13r=$? 13r=$?
14if [ $r -ne 0 ]; then 14if [ $r -ne 0 ]; then
15 fatal "could not start ssh-agent: exit code $r" 15 fatal "could not start ssh-agent: exit code $r"
16fi 16fi
17 17
18eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null
19r=$?
20if [ $r -ne 0 ]; then
21 fatal "could not start second ssh-agent: exit code $r"
22fi
23
18${SSHADD} -l > /dev/null 2>&1 24${SSHADD} -l > /dev/null 2>&1
19if [ $? -ne 1 ]; then 25if [ $? -ne 1 ]; then
20 fail "ssh-add -l did not fail with exit code 1" 26 fail "ssh-add -l did not fail with exit code 1"
@@ -38,10 +44,15 @@ for t in ${SSH_KEYTYPES}; do
38 44
39 # add to authorized keys 45 # add to authorized keys
40 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 46 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41 # add privat key to agent 47 # add private key to agent
42 ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 48 ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
49 if [ $? -ne 0 ]; then
50 fail "ssh-add failed exit code $?"
51 fi
52 # add private key to second agent
53 SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
43 if [ $? -ne 0 ]; then 54 if [ $? -ne 0 ]; then
44 fail "ssh-add did succeed exit code 0" 55 fail "ssh-add failed exit code $?"
45 fi 56 fi
46 # Remove private key to ensure that we aren't accidentally using it. 57 # Remove private key to ensure that we aren't accidentally using it.
47 rm -f $OBJ/$t-agent 58 rm -f $OBJ/$t-agent
@@ -90,6 +101,11 @@ r=$?
90if [ $r -ne 0 ]; then 101if [ $r -ne 0 ]; then
91 fail "ssh-add -l via agent fwd failed (exit code $r)" 102 fail "ssh-add -l via agent fwd failed (exit code $r)"
92fi 103fi
104${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
105r=$?
106if [ $r -ne 0 ]; then
107 fail "ssh-add -l via agent path fwd failed (exit code $r)"
108fi
93${SSH} -A -F $OBJ/ssh_proxy somehost \ 109${SSH} -A -F $OBJ/ssh_proxy somehost \
94 "${SSH} -F $OBJ/ssh_proxy somehost exit 52" 110 "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
95r=$? 111r=$?
@@ -97,6 +113,30 @@ if [ $r -ne 52 ]; then
97 fail "agent fwd failed (exit code $r)" 113 fail "agent fwd failed (exit code $r)"
98fi 114fi
99 115
116trace "agent forwarding different agent"
117${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
118r=$?
119if [ $r -ne 0 ]; then
120 fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)"
121fi
122${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
123r=$?
124if [ $r -ne 0 ]; then
125 fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)"
126fi
127
128# Remove keys from forwarded agent, ssh-add on remote machine should now fail.
129SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
130r=$?
131if [ $r -ne 0 ]; then
132 fail "ssh-add -D failed: exit code $r"
133fi
134${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
135r=$?
136if [ $r -ne 1 ]; then
137 fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)"
138fi
139
100(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ 140(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
101 > $OBJ/authorized_keys_$USER 141 > $OBJ/authorized_keys_$USER
102for t in ${SSH_KEYTYPES}; do 142for t in ${SSH_KEYTYPES}; do
@@ -121,3 +161,4 @@ fi
121 161
122trace "kill agent" 162trace "kill agent"
123${SSHAGENT} -k > /dev/null 163${SSHAGENT} -k > /dev/null
164SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null
diff --git a/regress/cert-file.sh b/regress/cert-file.sh
index 1157a3582..94e672a99 100644
--- a/regress/cert-file.sh
+++ b/regress/cert-file.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-file.sh,v 1.7 2018/04/10 00:14:10 djm Exp $ 1# $OpenBSD: cert-file.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh with certificates" 4tid="ssh with certificates"
@@ -120,7 +120,7 @@ if [ $? -ne 2 ]; then
120fi 120fi
121 121
122trace "start agent" 122trace "start agent"
123eval `${SSHAGENT} -s` > /dev/null 123eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
124r=$? 124r=$?
125if [ $r -ne 0 ]; then 125if [ $r -ne 0 ]; then
126 fatal "could not start ssh-agent: exit code $r" 126 fatal "could not start ssh-agent: exit code $r"
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 844adabcc..097bf8463 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $ 1# $OpenBSD: cert-hostkey.sh,v 1.23 2020/01/03 03:02:26 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified host keys" 4tid="certified host keys"
@@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_*
9# Allow all hostkey/pubkey types, prefer certs for the client 9# Allow all hostkey/pubkey types, prefer certs for the client
10rsa=0 10rsa=0
11types="" 11types=""
12for i in `$SSH -Q key`; do 12for i in `$SSH -Q key | maybe_filter_sk`; do
13 if [ -z "$types" ]; then 13 if [ -z "$types" ]; then
14 types="$i" 14 types="$i"
15 continue 15 continue
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain
70touch $OBJ/host_revoked_cert 70touch $OBJ/host_revoked_cert
71cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca 71cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
72 72
73PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` 73PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
74 74
75if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then 75if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
76 PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" 76 PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
@@ -131,7 +131,7 @@ attempt_connect() {
131} 131}
132 132
133# Basic connect and revocation tests. 133# Basic connect and revocation tests.
134for privsep in yes sandbox ; do 134for privsep in yes ; do
135 for ktype in $PLAIN_TYPES ; do 135 for ktype in $PLAIN_TYPES ; do
136 verbose "$tid: host ${ktype} cert connect privsep $privsep" 136 verbose "$tid: host ${ktype} cert connect privsep $privsep"
137 ( 137 (
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do
169 kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig 169 kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
170done 170done
171cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 171cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
172for privsep in yes sandbox ; do 172for privsep in yes ; do
173 for ktype in $PLAIN_TYPES ; do 173 for ktype in $PLAIN_TYPES ; do
174 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 174 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
175 ( 175 (
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 5cd02fc3f..91596fa78 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $ 1# $OpenBSD: cert-userkey.sh,v 1.25 2020/01/03 03:02:26 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified user keys" 4tid="certified user keys"
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
9 9
10PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` 10PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
11EXTRA_TYPES="" 11EXTRA_TYPES=""
12rsa="" 12rsa=""
13 13
@@ -17,8 +17,10 @@ if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
17fi 17fi
18 18
19kname() { 19kname() {
20 case $ktype in 20 case $1 in
21 rsa-sha2-*) n="$ktype" ;; 21 rsa-sha2-*) n="$1" ;;
22 sk-ecdsa-*) n="sk-ecdsa" ;;
23 sk-ssh-ed25519*) n="sk-ssh-ed25519" ;;
22 # subshell because some seds will add a newline 24 # subshell because some seds will add a newline
23 *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; 25 *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
24 esac 26 esac
@@ -58,7 +60,7 @@ done
58# Test explicitly-specified principals 60# Test explicitly-specified principals
59for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do 61for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
60 t=$(kname $ktype) 62 t=$(kname $ktype)
61 for privsep in yes sandbox ; do 63 for privsep in yes ; do
62 _prefix="${ktype} privsep $privsep" 64 _prefix="${ktype} privsep $privsep"
63 65
64 # Setup for AuthorizedPrincipalsFile 66 # Setup for AuthorizedPrincipalsFile
@@ -195,7 +197,7 @@ basic_tests() {
195 197
196 for ktype in $PLAIN_TYPES ; do 198 for ktype in $PLAIN_TYPES ; do
197 t=$(kname $ktype) 199 t=$(kname $ktype)
198 for privsep in yes no ; do 200 for privsep in yes ; do
199 _prefix="${ktype} privsep $privsep $auth" 201 _prefix="${ktype} privsep $privsep $auth"
200 # Simple connect 202 # Simple connect
201 verbose "$tid: ${_prefix} connect" 203 verbose "$tid: ${_prefix} connect"
diff --git a/regress/connect.sh b/regress/connect.sh
index 1b344b603..46f12b7b3 100644
--- a/regress/connect.sh
+++ b/regress/connect.sh
@@ -1,11 +1,18 @@
1# $OpenBSD: connect.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ 1# $OpenBSD: connect.sh,v 1.8 2020/01/25 02:57:53 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="simple connect" 4tid="simple connect"
5 5
6start_sshd 6start_sshd
7 7
8trace "direct connect"
8${SSH} -F $OBJ/ssh_config somehost true 9${SSH} -F $OBJ/ssh_config somehost true
9if [ $? -ne 0 ]; then 10if [ $? -ne 0 ]; then
10 fail "ssh connect with failed" 11 fail "ssh direct connect failed"
12fi
13
14trace "proxy connect"
15${SSH} -F $OBJ/ssh_config -o "proxycommand $NC %h %p" somehost true
16if [ $? -ne 0 ]; then
17 fail "ssh proxycommand connect failed"
11fi 18fi
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 811b6b9ab..d6736e246 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: hostkey-agent.sh,v 1.7 2017/04/30 23:34:55 djm Exp $ 1# $OpenBSD: hostkey-agent.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="hostkey agent" 4tid="hostkey agent"
@@ -6,7 +6,7 @@ tid="hostkey agent"
6rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig 6rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig
7 7
8trace "start agent" 8trace "start agent"
9eval `${SSHAGENT} -s` > /dev/null 9eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
10r=$? 10r=$?
11[ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r" 11[ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r"
12 12
@@ -14,7 +14,7 @@ grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
14echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig 14echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
15 15
16trace "load hostkeys" 16trace "load hostkeys"
17for k in `${SSH} -Q key-plain` ; do 17for k in $SSH_KEYTYPES ; do
18 ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" 18 ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
19 ( 19 (
20 printf 'localhost-with-alias,127.0.0.1,::1 ' 20 printf 'localhost-with-alias,127.0.0.1,::1 '
@@ -30,8 +30,8 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
30 30
31unset SSH_AUTH_SOCK 31unset SSH_AUTH_SOCK
32 32
33for ps in no yes; do 33for ps in yes; do
34 for k in `${SSH} -Q key-plain` ; do 34 for k in $SSH_KEYTYPES ; do
35 verbose "key type $k privsep=$ps" 35 verbose "key type $k privsep=$ps"
36 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 36 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
37 echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy 37 echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy
diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh
index cc6bd9cf6..c3e100c3e 100644
--- a/regress/hostkey-rotate.sh
+++ b/regress/hostkey-rotate.sh
@@ -1,11 +1,8 @@
1# $OpenBSD: hostkey-rotate.sh,v 1.6 2019/08/30 05:08:28 dtucker Exp $ 1# $OpenBSD: hostkey-rotate.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="hostkey rotate" 4tid="hostkey rotate"
5 5
6# Need full names here since they are used in HostKeyAlgorithms
7HOSTKEY_TYPES="`${SSH} -Q key-plain`"
8
9rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig 6rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig
10 7
11grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig 8grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
@@ -20,7 +17,7 @@ secondary="$primary"
20trace "prepare hostkeys" 17trace "prepare hostkeys"
21nkeys=0 18nkeys=0
22all_algs="" 19all_algs=""
23for k in $HOSTKEY_TYPES; do 20for k in $SSH_HOSTKEY_TYPES; do
24 ${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k" 21 ${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k"
25 echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig 22 echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig
26 nkeys=`expr $nkeys + 1` 23 nkeys=`expr $nkeys + 1`
@@ -67,12 +64,12 @@ verbose "learn additional hostkeys"
67dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs 64dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs
68# Check that other keys learned 65# Check that other keys learned
69expect_nkeys $nkeys "learn hostkeys" 66expect_nkeys $nkeys "learn hostkeys"
70for k in $HOSTKEY_TYPES; do 67for k in $SSH_HOSTKEY_TYPES; do
71 check_key_present $k || fail "didn't learn keytype $k" 68 check_key_present $k || fail "didn't learn keytype $k"
72done 69done
73 70
74# Check each key type 71# Check each key type
75for k in $HOSTKEY_TYPES; do 72for k in $SSH_HOSTKEY_TYPES; do
76 verbose "learn additional hostkeys, type=$k" 73 verbose "learn additional hostkeys, type=$k"
77 dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs 74 dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs
78 expect_nkeys $nkeys "learn hostkeys $k" 75 expect_nkeys $nkeys "learn hostkeys $k"
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 5ba6bf6ab..bc030cb74 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: integrity.sh,v 1.23 2017/04/30 23:34:55 djm Exp $ 1# $OpenBSD: integrity.sh,v 1.24 2020/01/21 08:06:27 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
@@ -18,7 +18,7 @@ macs="$macs `${SSH} -Q cipher-auth`"
18# >> $OBJ/ssh_proxy 18# >> $OBJ/ssh_proxy
19 19
20# sshd-command for proxy (see test-exec.sh) 20# sshd-command for proxy (see test-exec.sh)
21cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" 21cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy"
22 22
23for m in $macs; do 23for m in $macs; do
24 trace "test $tid: mac $m" 24 trace "test $tid: mac $m"
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
index 8b8acd52f..3863e33b5 100644
--- a/regress/keygen-change.sh
+++ b/regress/keygen-change.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: keygen-change.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ 1# $OpenBSD: keygen-change.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="change passphrase for key" 4tid="change passphrase for key"
@@ -6,10 +6,7 @@ tid="change passphrase for key"
6S1="secret1" 6S1="secret1"
7S2="2secret" 7S2="2secret"
8 8
9KEYTYPES=`${SSH} -Q key-plain` 9for t in $SSH_KEYTYPES; do
10
11for t in $KEYTYPES; do
12 # generate user key for agent
13 trace "generating $t key" 10 trace "generating $t key"
14 rm -f $OBJ/$t-key 11 rm -f $OBJ/$t-key
15 ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key 12 ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
diff --git a/regress/keygen-moduli.sh b/regress/keygen-moduli.sh
index a8eccfb69..8be53f92f 100644
--- a/regress/keygen-moduli.sh
+++ b/regress/keygen-moduli.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: keygen-moduli.sh,v 1.3 2019/07/23 08:19:29 dtucker Exp $ 1# $OpenBSD: keygen-moduli.sh,v 1.4 2020/01/02 13:25:38 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="keygen moduli" 4tid="keygen moduli"
@@ -14,10 +14,10 @@ done
14# and "skip 2 and run to the end with checkpointing". Since our test data 14# and "skip 2 and run to the end with checkpointing". Since our test data
15# file has 3 lines, these should always result in 1 line of output. 15# file has 3 lines, these should always result in 1 line of output.
16if [ "x$dhgex" = "x1" ]; then 16if [ "x$dhgex" = "x1" ]; then
17 for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do 17 for i in "-O lines=1" "-O start-line=1 -O lines=1" "-O start-line=2 -O checkpoint=$OBJ/moduli.ckpt"; do
18 trace "keygen $i" 18 trace "keygen $i"
19 rm -f $OBJ/moduli.out $OBJ/moduli.ckpt 19 rm -f $OBJ/moduli.out $OBJ/moduli.ckpt
20 ${SSHKEYGEN} -T $OBJ/moduli.out -f ${SRC}/moduli.in $i 2>/dev/null || \ 20 ${SSHKEYGEN} -M screen -f ${SRC}/moduli.in $i $OBJ/moduli.out 2>/dev/null || \
21 fail "keygen screen failed $i" 21 fail "keygen screen failed $i"
22 lines=`wc -l <$OBJ/moduli.out` 22 lines=`wc -l <$OBJ/moduli.out`
23 test "$lines" -eq "1" || fail "expected 1 line, got $lines" 23 test "$lines" -eq "1" || fail "expected 1 line, got $lines"
diff --git a/regress/keyscan.sh b/regress/keyscan.sh
index 8940d24b6..75a14ee0e 100644
--- a/regress/keyscan.sh
+++ b/regress/keyscan.sh
@@ -1,10 +1,9 @@
1# $OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $ 1# $OpenBSD: keyscan.sh,v 1.13 2020/01/22 07:31:27 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="keyscan" 4tid="keyscan"
5 5
6KEYTYPES=`${SSH} -Q key-plain` 6for i in $SSH_KEYTYPES; do
7for i in $KEYTYPES; do
8 if [ -z "$algs" ]; then 7 if [ -z "$algs" ]; then
9 algs="$i" 8 algs="$i"
10 else 9 else
@@ -15,9 +14,9 @@ echo "HostKeyAlgorithms $algs" >> $OBJ/sshd_config
15 14
16start_sshd 15start_sshd
17 16
18for t in $KEYTYPES; do 17for t in $SSH_KEYTYPES; do
19 trace "keyscan type $t" 18 trace "keyscan type $t"
20 ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ 19 ${SSHKEYSCAN} -t $t -T 15 -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \
21 > /dev/null 2>&1 20 > /dev/null 2>&1
22 r=$? 21 r=$?
23 if [ $r -ne 0 ]; then 22 if [ $r -ne 0 ]; then
diff --git a/regress/keytype.sh b/regress/keytype.sh
index 13095088e..20a8ceaf2 100644
--- a/regress/keytype.sh
+++ b/regress/keytype.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: keytype.sh,v 1.8 2019/07/23 13:49:14 dtucker Exp $ 1# $OpenBSD: keytype.sh,v 1.10 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="login with different key types" 4tid="login with different key types"
@@ -16,43 +16,56 @@ for i in ${SSH_KEYTYPES}; do
16 ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 16 ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;;
17 ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 17 ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;;
18 ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 18 ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;;
19 sk-ssh-ed25519*) ktypes="$ktypes ed25519-sk" ;;
20 sk-ecdsa-sha2-nistp256*) ktypes="$ktypes ecdsa-sk" ;;
19 esac 21 esac
20done 22done
21 23
22for kt in $ktypes; do 24for kt in $ktypes; do
23 rm -f $OBJ/key.$kt 25 rm -f $OBJ/key.$kt
24 bits=`echo ${kt} | awk -F- '{print $2}'` 26 xbits=`echo ${kt} | awk -F- '{print $2}'`
25 type=`echo ${kt} | awk -F- '{print $1}'` 27 xtype=`echo ${kt} | awk -F- '{print $1}'`
28 case "$kt" in
29 *sk) type="$kt"; bits="n/a"; bits_arg="";;
30 *) type=$xtype; bits=$xbits; bits_arg="-b $bits";;
31 esac
26 verbose "keygen $type, $bits bits" 32 verbose "keygen $type, $bits bits"
27 ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ 33 ${SSHKEYGEN} $bits_arg -q -N '' -t $type -f $OBJ/key.$kt || \
28 fail "ssh-keygen for type $type, $bits bits failed" 34 fail "ssh-keygen for type $type, $bits bits failed"
29done 35done
30 36
37kname_to_ktype() {
38 case $1 in
39 dsa-1024) echo ssh-dss;;
40 ecdsa-256) echo ecdsa-sha2-nistp256;;
41 ecdsa-384) echo ecdsa-sha2-nistp384;;
42 ecdsa-521) echo ecdsa-sha2-nistp521;;
43 ed25519-512) echo ssh-ed25519;;
44 rsa-*) echo rsa-sha2-512,rsa-sha2-256,ssh-rsa;;
45 ed25519-sk) echo sk-ssh-ed25519@openssh.com;;
46 ecdsa-sk) echo sk-ecdsa-sha2-nistp256@openssh.com;;
47 esac
48}
49
31tries="1 2 3" 50tries="1 2 3"
32for ut in $ktypes; do 51for ut in $ktypes; do
33 htypes=$ut 52 user_type=`kname_to_ktype "$ut"`
53 htypes="$ut"
34 #htypes=$ktypes 54 #htypes=$ktypes
35 for ht in $htypes; do 55 for ht in $htypes; do
36 case $ht in 56 host_type=`kname_to_ktype "$ht"`
37 dsa-1024) t=ssh-dss;;
38 ecdsa-256) t=ecdsa-sha2-nistp256;;
39 ecdsa-384) t=ecdsa-sha2-nistp384;;
40 ecdsa-521) t=ecdsa-sha2-nistp521;;
41 ed25519-512) t=ssh-ed25519;;
42 rsa-*) t=rsa-sha2-512,rsa-sha2-256,ssh-rsa;;
43 esac
44 trace "ssh connect, userkey $ut, hostkey $ht" 57 trace "ssh connect, userkey $ut, hostkey $ht"
45 ( 58 (
46 grep -v HostKey $OBJ/sshd_proxy_bak 59 grep -v HostKey $OBJ/sshd_proxy_bak
47 echo HostKey $OBJ/key.$ht 60 echo HostKey $OBJ/key.$ht
48 echo PubkeyAcceptedKeyTypes $t 61 echo PubkeyAcceptedKeyTypes $user_type
49 echo HostKeyAlgorithms $t 62 echo HostKeyAlgorithms $host_type
50 ) > $OBJ/sshd_proxy 63 ) > $OBJ/sshd_proxy
51 ( 64 (
52 grep -v IdentityFile $OBJ/ssh_proxy_bak 65 grep -v IdentityFile $OBJ/ssh_proxy_bak
53 echo IdentityFile $OBJ/key.$ut 66 echo IdentityFile $OBJ/key.$ut
54 echo PubkeyAcceptedKeyTypes $t 67 echo PubkeyAcceptedKeyTypes $user_type
55 echo HostKeyAlgorithms $t 68 echo HostKeyAlgorithms $host_type
56 ) > $OBJ/ssh_proxy 69 ) > $OBJ/ssh_proxy
57 ( 70 (
58 printf 'localhost-with-alias,127.0.0.1,::1 ' 71 printf 'localhost-with-alias,127.0.0.1,::1 '
diff --git a/regress/krl.sh b/regress/krl.sh
index e18d0ec7f..c381225ed 100644
--- a/regress/krl.sh
+++ b/regress/krl.sh
@@ -1,16 +1,19 @@
1# $OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $ 1# $OpenBSD: krl.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="key revocation lists" 4tid="key revocation lists"
5 5
6# Use ed25519 by default since it's fast and it's supported when building 6# Use ed25519 by default since it's fast and it's supported when building
7# w/out OpenSSL. Populate ktype[2-4] with the other types if supported. 7# w/out OpenSSL. Populate ktype[2-4] with the other types if supported.
8ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519 8ktype1=ed25519; ktype2=ed25519; ktype3=ed25519;
9for t in `${SSH} -Q key-plain`; do 9ktype4=ed25519; ktype5=ed25519; ktype6=ed25519;
10for t in $SSH_KEYTYPES; do
10 case "$t" in 11 case "$t" in
11 ecdsa*) ktype2=ecdsa ;; 12 ecdsa*) ktype2=ecdsa ;;
12 ssh-rsa) ktype3=rsa ;; 13 ssh-rsa) ktype3=rsa ;;
13 ssh-dss) ktype4=dsa ;; 14 ssh-dss) ktype4=dsa ;;
15 sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
16 sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
14 esac 17 esac
15done 18done
16 19
@@ -34,6 +37,7 @@ serial: 10
34serial: 15 37serial: 15
35serial: 30 38serial: 30
36serial: 50 39serial: 50
40serial: 90
37serial: 999 41serial: 999
38# The following sum to 500-799 42# The following sum to 500-799
39serial: 500 43serial: 500
@@ -51,7 +55,7 @@ EOF
51 55
52# A specification that revokes some certificated by key ID. 56# A specification that revokes some certificated by key ID.
53touch $OBJ/revoked-keyid 57touch $OBJ/revoked-keyid
54for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do 58for n in 1 2 3 4 10 15 30 50 90 `jot 500 300` 999 1000 1001 1002; do
55 test "x$n" = "x499" && continue 59 test "x$n" = "x499" && continue
56 # Fill in by-ID revocation spec. 60 # Fill in by-ID revocation spec.
57 echo "id: revoked $n" >> $OBJ/revoked-keyid 61 echo "id: revoked $n" >> $OBJ/revoked-keyid
@@ -64,9 +68,11 @@ keygen() {
64 # supported. 68 # supported.
65 keytype=$ktype1 69 keytype=$ktype1
66 case $N in 70 case $N in
67 2 | 10 | 510 | 1001) keytype=$ktype2 ;; 71 2 | 10 | 510 | 1001) keytype=$ktype2 ;;
68 4 | 30 | 520 | 1002) keytype=$ktype3 ;; 72 4 | 30 | 520 | 1002) keytype=$ktype3 ;;
69 8 | 50 | 530 | 1003) keytype=$ktype4 ;; 73 8 | 50 | 530 | 1003) keytype=$ktype4 ;;
74 16 | 70 | 540 | 1004) keytype=$ktype5 ;;
75 32 | 90 | 550 | 1005) keytype=$ktype6 ;;
70 esac 76 esac
71 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ 77 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
72 || fatal "$SSHKEYGEN failed" 78 || fatal "$SSHKEYGEN failed"
@@ -78,7 +84,7 @@ keygen() {
78 84
79# Generate some keys. 85# Generate some keys.
80verbose "$tid: generating test keys" 86verbose "$tid: generating test keys"
81REVOKED_SERIALS="1 4 10 50 500 510 520 799 999" 87REVOKED_SERIALS="1 4 10 50 90 500 510 520 550 799 999"
82for n in $REVOKED_SERIALS ; do 88for n in $REVOKED_SERIALS ; do
83 f=`keygen $n` 89 f=`keygen $n`
84 RKEYS="$RKEYS ${f}.pub" 90 RKEYS="$RKEYS ${f}.pub"
diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh
index 5c30af006..010a88cd7 100644
--- a/regress/limit-keytype.sh
+++ b/regress/limit-keytype.sh
@@ -1,20 +1,25 @@
1# $OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $ 1# $OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="restrict pubkey type" 4tid="restrict pubkey type"
5 5
6# XXX sk-* keys aren't actually tested ATM.
7
6rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key* 8rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key*
7rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key* 9rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key*
8 10
9mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 11mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
10mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig 12mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
11 13
12ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1 14ktype1=ed25519; ktype2=ed25519; ktype3=ed25519;
13for t in `${SSH} -Q key-plain`; do 15ktype4=ed25519; ktype5=ed25519; ktype6=ed25519;
16for t in $SSH_KEYTYPES ; do
14 case "$t" in 17 case "$t" in
15 ssh-rsa) ktype2=rsa ;; 18 ssh-rsa) ktype2=rsa ;;
16 ecdsa*) ktype3=ecdsa ;; # unused 19 ecdsa*) ktype3=ecdsa ;; # unused
17 ssh-dss) ktype4=dsa ;; 20 ssh-dss) ktype4=dsa ;;
21 sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
22 sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
18 esac 23 esac
19done 24done
20 25
@@ -31,6 +36,10 @@ ${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/user_key3 || \
31 fatal "ssh-keygen failed" 36 fatal "ssh-keygen failed"
32${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \ 37${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \
33 fatal "ssh-keygen failed" 38 fatal "ssh-keygen failed"
39${SSHKEYGEN} -q -N '' -t $ktype5 -f $OBJ/user_key5 || \
40 fatal "ssh-keygen failed"
41${SSHKEYGEN} -q -N '' -t $ktype6 -f $OBJ/user_key6 || \
42 fatal "ssh-keygen failed"
34${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ 43${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
35 -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || 44 -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 ||
36 fatal "couldn't sign user_key1" 45 fatal "couldn't sign user_key1"
@@ -68,6 +77,8 @@ keytype() {
68 ed25519) printf "ssh-ed25519" ;; 77 ed25519) printf "ssh-ed25519" ;;
69 dsa) printf "ssh-dss" ;; 78 dsa) printf "ssh-dss" ;;
70 rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;; 79 rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;;
80 sk-ecdsa) printf "sk-ecdsa-*" ;;
81 sk-ssh-ed25519) printf "sk-ssh-ed25519-*" ;;
71 esac 82 esac
72} 83}
73 84
diff --git a/regress/misc/Makefile b/regress/misc/Makefile
index 14c0c279f..cf95f265c 100644
--- a/regress/misc/Makefile
+++ b/regress/misc/Makefile
@@ -1,3 +1,3 @@
1SUBDIR= kexfuzz 1SUBDIR= kexfuzz sk-dummy
2 2
3.include <bsd.subdir.mk> 3.include <bsd.subdir.mk>
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 85179ac4e..64fbdbab1 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -3,31 +3,36 @@ CXX=clang++-6.0
3FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc 3FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc
4FUZZ_LIBS=-lFuzzer 4FUZZ_LIBS=-lFuzzer
5 5
6CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) 6CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS)
7LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) 7LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
8LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) 8LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
9COMMON_OBJS=ssh-sk-null.o
9 10
10TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz 11TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
12 sshsigopt_fuzz privkey_fuzz
11 13
12all: $(TARGETS) 14all: $(TARGETS)
13 15
14.cc.o: 16.cc.o:
15 $(CXX) $(CXXFLAGS) -c $< -o $@ 17 $(CXX) $(CXXFLAGS) -c $< -o $@
16 18
17pubkey_fuzz: pubkey_fuzz.o 19pubkey_fuzz: pubkey_fuzz.o $(COMMON_OBJS)
18 $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS) 20 $(CXX) -o $@ pubkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
19 21
20sig_fuzz: sig_fuzz.o 22sig_fuzz: sig_fuzz.o $(COMMON_OBJS)
21 $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS) 23 $(CXX) -o $@ sig_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
22 24
23authopt_fuzz: authopt_fuzz.o 25authopt_fuzz: authopt_fuzz.o $(COMMON_OBJS)
24 $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS) 26 $(CXX) -o $@ authopt_fuzz.o $(COMMON_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
25 27
26sshsig_fuzz: sshsig_fuzz.o 28sshsig_fuzz: sshsig_fuzz.o $(COMMON_OBJS)
27 $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) 29 $(CXX) -o $@ sshsig_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
28 30
29sshsigopt_fuzz: sshsigopt_fuzz.o 31sshsigopt_fuzz: sshsigopt_fuzz.o $(COMMON_OBJS)
30 $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) 32 $(CXX) -o $@ sshsigopt_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
33
34privkey_fuzz: privkey_fuzz.o $(COMMON_OBJS)
35 $(CXX) -o $@ privkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
31 36
32clean: 37clean:
33 -rm -f *.o $(TARGETS) 38 -rm -f *.o $(TARGETS)
diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc
new file mode 100644
index 000000000..ff0b0f776
--- /dev/null
+++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
1#include <stddef.h>
2#include <stdio.h>
3#include <stdint.h>
4
5extern "C" {
6
7#include "sshkey.h"
8#include "sshbuf.h"
9
10int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
11{
12 struct sshkey *k = NULL;
13 struct sshbuf *b = sshbuf_from(data, size);
14 int r = sshkey_private_deserialize(b, &k);
15 if (r == 0) sshkey_free(k);
16 sshbuf_free(b);
17 return 0;
18}
19
20} // extern
21
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
index dd1fda091..b32502ba0 100644
--- a/regress/misc/fuzz-harness/sig_fuzz.cc
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -31,19 +31,31 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
31 static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); 31 static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
32 static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); 32 static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
33#endif 33#endif
34 struct sshkey_sig_details *details = NULL;
34 static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); 35 static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
35 static const char *data = "If everyone started announcing his nose had " 36 static const char *data = "If everyone started announcing his nose had "
36 "run away, I don’t know how it would all end"; 37 "run away, I don’t know how it would all end";
37 static const size_t dlen = strlen(data); 38 static const size_t dlen = strlen(data);
38 39
39#ifdef WITH_OPENSSL 40#ifdef WITH_OPENSSL
40 sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0); 41 sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
41 sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0); 42 sshkey_sig_details_free(details);
42 sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0); 43 details = NULL;
43 sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0); 44 sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
44 sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0); 45 sshkey_sig_details_free(details);
46 details = NULL;
47 sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
48 sshkey_sig_details_free(details);
49 details = NULL;
50 sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
51 sshkey_sig_details_free(details);
52 details = NULL;
53 sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
54 sshkey_sig_details_free(details);
55 details = NULL;
45#endif 56#endif
46 sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0); 57 sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
58 sshkey_sig_details_free(details);
47 return 0; 59 return 0;
48} 60}
49 61
diff --git a/regress/misc/fuzz-harness/ssh-sk-null.cc b/regress/misc/fuzz-harness/ssh-sk-null.cc
new file mode 100644
index 000000000..199af1121
--- /dev/null
+++ b/regress/misc/fuzz-harness/ssh-sk-null.cc
@@ -0,0 +1,51 @@
1/* $OpenBSD$ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18extern "C" {
19
20#include "includes.h"
21
22#include <sys/types.h>
23
24#include "ssherr.h"
25#include "ssh-sk.h"
26
27int
28sshsk_enroll(int type, const char *provider_path, const char *device,
29 const char *application, const char *userid, uint8_t flags,
30 const char *pin, struct sshbuf *challenge_buf,
31 struct sshkey **keyp, struct sshbuf *attest)
32{
33 return SSH_ERR_FEATURE_UNSUPPORTED;
34}
35
36int
37sshsk_sign(const char *provider_path, struct sshkey *key,
38 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
39 u_int compat, const char *pin)
40{
41 return SSH_ERR_FEATURE_UNSUPPORTED;
42}
43
44int
45sshsk_load_resident(const char *provider_path, const char *device,
46 const char *pin, struct sshkey ***keysp, size_t *nkeysp)
47{
48 return SSH_ERR_FEATURE_UNSUPPORTED;
49}
50
51};
diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc
index fe09ccb87..02211a096 100644
--- a/regress/misc/fuzz-harness/sshsig_fuzz.cc
+++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc
@@ -22,10 +22,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
22 struct sshbuf *signature = sshbuf_from(sig, slen); 22 struct sshbuf *signature = sshbuf_from(sig, slen);
23 struct sshbuf *message = sshbuf_from(data, strlen(data)); 23 struct sshbuf *message = sshbuf_from(data, strlen(data));
24 struct sshkey *k = NULL; 24 struct sshkey *k = NULL;
25 struct sshkey_sig_details *details = NULL;
25 extern char *__progname; 26 extern char *__progname;
26 27
27 log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1); 28 log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
28 sshsig_verifyb(signature, message, "castle", &k); 29 sshsig_verifyb(signature, message, "castle", &k, &details);
30 sshkey_sig_details_free(details);
29 sshkey_free(k); 31 sshkey_free(k);
30 sshbuf_free(signature); 32 sshbuf_free(signature);
31 sshbuf_free(message); 33 sshbuf_free(message);
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
index 20802cb87..9eb86931c 100644
--- a/regress/misc/kexfuzz/Makefile
+++ b/regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.4 2019/01/21 12:50:12 djm Exp $ 1# $OpenBSD: Makefile,v 1.7 2020/01/26 00:09:50 djm Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.include <bsd.obj.mk> 4.include <bsd.obj.mk>
@@ -20,6 +20,7 @@ SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
20SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c 20SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
21SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c 21SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
22SRCS+=cipher-chachapoly.c chacha.c poly1305.c 22SRCS+=cipher-chachapoly.c chacha.c poly1305.c
23SRCS+=sshbuf-io.c ssh-ecdsa-sk.c ssh-ed25519-sk.c msg.c ssh-sk-client.c
23 24
24SRCS+= kex.c 25SRCS+= kex.c
25SRCS+= dh.c 26SRCS+= dh.c
@@ -50,6 +51,9 @@ SSH1= no
50CFLAGS+= -DWITH_SSH1 51CFLAGS+= -DWITH_SSH1
51.endif 52.endif
52 53
54LDADD+= -lfido2 -lcbor -lusbhid
55DPADD+= ${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID}
56
53# enable warnings 57# enable warnings
54WARNINGS=Yes 58WARNINGS=Yes
55 59
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 7051e87b1..56697c918 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexfuzz.c,v 1.5 2019/01/21 12:50:12 djm Exp $ */ 1/* $OpenBSD: kexfuzz.c,v 1.6 2020/01/26 00:09:50 djm Exp $ */
2/* 2/*
3 * Fuzz harness for KEX code 3 * Fuzz harness for KEX code
4 * 4 *
@@ -424,12 +424,8 @@ main(int argc, char **argv)
424 if (packet_index == -1 || direction == -1 || data_path == NULL) 424 if (packet_index == -1 || direction == -1 || data_path == NULL)
425 badusage("Replace (-r) mode must specify direction " 425 badusage("Replace (-r) mode must specify direction "
426 "(-D) packet index (-i) and data path (-f)"); 426 "(-D) packet index (-i) and data path (-f)");
427 if ((fd = open(data_path, O_RDONLY)) == -1) 427 if ((r = sshbuf_load_file(data_path, &replace_data)) != 0)
428 err(1, "open %s", data_path);
429 replace_data = sshbuf_new();
430 if ((r = sshkey_load_file(fd, replace_data)) != 0)
431 errx(1, "read %s: %s", data_path, ssh_err(r)); 428 errx(1, "read %s: %s", data_path, ssh_err(r));
432 close(fd);
433 } 429 }
434 430
435 /* Dump mode */ 431 /* Dump mode */
diff --git a/regress/misc/sk-dummy/Makefile b/regress/misc/sk-dummy/Makefile
new file mode 100644
index 000000000..29e313c82
--- /dev/null
+++ b/regress/misc/sk-dummy/Makefile
@@ -0,0 +1,66 @@
1# $OpenBSD: Makefile,v 1.2 2019/11/29 00:13:29 djm Exp $
2
3.include <bsd.own.mk>
4.include <bsd.obj.mk>
5
6PROG= sk-dummy.so
7NOMAN=
8
9SSHREL=../../../../../usr.bin/ssh
10.PATH: ${.CURDIR}/${SSHREL}
11
12SRCS=sk-dummy.c
13# From usr.bin/ssh
14SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
15OPENSSL?= yes
16
17CFLAGS+= -fPIC
18
19.if (${OPENSSL:L} == "yes")
20CFLAGS+= -DWITH_OPENSSL
21.endif
22
23# enable warnings
24WARNINGS=Yes
25
26DEBUG=-g
27CFLAGS+= -fstack-protector-all
28CDIAGFLAGS= -Wall
29CDIAGFLAGS+= -Wextra
30CDIAGFLAGS+= -Werror
31CDIAGFLAGS+= -Wchar-subscripts
32CDIAGFLAGS+= -Wcomment
33CDIAGFLAGS+= -Wformat
34CDIAGFLAGS+= -Wformat-security
35CDIAGFLAGS+= -Wimplicit
36CDIAGFLAGS+= -Winline
37CDIAGFLAGS+= -Wmissing-declarations
38CDIAGFLAGS+= -Wmissing-prototypes
39CDIAGFLAGS+= -Wparentheses
40CDIAGFLAGS+= -Wpointer-arith
41CDIAGFLAGS+= -Wreturn-type
42CDIAGFLAGS+= -Wshadow
43CDIAGFLAGS+= -Wsign-compare
44CDIAGFLAGS+= -Wstrict-aliasing
45CDIAGFLAGS+= -Wstrict-prototypes
46CDIAGFLAGS+= -Wswitch
47CDIAGFLAGS+= -Wtrigraphs
48CDIAGFLAGS+= -Wuninitialized
49CDIAGFLAGS+= -Wunused
50CDIAGFLAGS+= -Wno-unused-parameter
51.if ${COMPILER_VERSION:L} != "gcc3"
52CDIAGFLAGS+= -Wold-style-definition
53.endif
54
55CFLAGS+=-I${.CURDIR}/${SSHREL}
56
57.if (${OPENSSL:L} == "yes")
58LDADD+= -lcrypto
59DPADD+= ${LIBCRYPTO}
60.endif
61
62$(PROG): $(OBJS)
63 $(CC) $(LDFLAGS) -shared -o $@ $(OBJS) $(LDADD)
64
65.include <bsd.prog.mk>
66
diff --git a/regress/misc/sk-dummy/fatal.c b/regress/misc/sk-dummy/fatal.c
new file mode 100644
index 000000000..7cdc74b97
--- /dev/null
+++ b/regress/misc/sk-dummy/fatal.c
@@ -0,0 +1,20 @@
1/* public domain */
2
3#include <stdlib.h>
4#include <stdio.h>
5#include <stdarg.h>
6#include <unistd.h>
7
8void fatal(char *fmt, ...);
9
10void
11fatal(char *fmt, ...)
12{
13 va_list ap;
14
15 va_start(ap, fmt);
16 vfprintf(stderr, fmt, ap);
17 va_end(ap);
18 fputc('\n', stderr);
19 _exit(1);
20}
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
new file mode 100644
index 000000000..dca158ded
--- /dev/null
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -0,0 +1,526 @@
1/*
2 * Copyright (c) 2019 Markus Friedl
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#ifdef HAVE_STDINT_H
20#include <stdint.h>
21#endif
22#include <stdlib.h>
23#include <string.h>
24#include <stdio.h>
25#include <stddef.h>
26#include <stdarg.h>
27
28#include "crypto_api.h"
29#include "sk-api.h"
30
31#include <openssl/opensslv.h>
32#include <openssl/crypto.h>
33#include <openssl/evp.h>
34#include <openssl/bn.h>
35#include <openssl/ec.h>
36#include <openssl/ecdsa.h>
37#include <openssl/pem.h>
38
39/* #define SK_DEBUG 1 */
40
41/* Compatibility with OpenSSH 1.0.x */
42#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
43#define ECDSA_SIG_get0(sig, pr, ps) \
44 do { \
45 (*pr) = sig->r; \
46 (*ps) = sig->s; \
47 } while (0)
48#endif
49
50#if SSH_SK_VERSION_MAJOR != 0x00040000
51# error SK API has changed, sk-dummy.c needs an update
52#endif
53
54static void skdebug(const char *func, const char *fmt, ...)
55 __attribute__((__format__ (printf, 2, 3)));
56
57static void
58skdebug(const char *func, const char *fmt, ...)
59{
60#if defined(SK_DEBUG)
61 va_list ap;
62
63 va_start(ap, fmt);
64 fprintf(stderr, "sk-dummy %s: ", func);
65 vfprintf(stderr, fmt, ap);
66 fputc('\n', stderr);
67 va_end(ap);
68#else
69 (void)func; /* XXX */
70 (void)fmt; /* XXX */
71#endif
72}
73
74uint32_t
75sk_api_version(void)
76{
77 return SSH_SK_VERSION_MAJOR;
78}
79
80static int
81pack_key_ecdsa(struct sk_enroll_response *response)
82{
83#ifdef OPENSSL_HAS_ECC
84 EC_KEY *key = NULL;
85 const EC_GROUP *g;
86 const EC_POINT *q;
87 int ret = -1;
88 long privlen;
89 BIO *bio = NULL;
90 char *privptr;
91
92 response->public_key = NULL;
93 response->public_key_len = 0;
94 response->key_handle = NULL;
95 response->key_handle_len = 0;
96
97 if ((key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) {
98 skdebug(__func__, "EC_KEY_new_by_curve_name");
99 goto out;
100 }
101 if (EC_KEY_generate_key(key) != 1) {
102 skdebug(__func__, "EC_KEY_generate_key");
103 goto out;
104 }
105 EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
106 if ((bio = BIO_new(BIO_s_mem())) == NULL ||
107 (g = EC_KEY_get0_group(key)) == NULL ||
108 (q = EC_KEY_get0_public_key(key)) == NULL) {
109 skdebug(__func__, "couldn't get key parameters");
110 goto out;
111 }
112 response->public_key_len = EC_POINT_point2oct(g, q,
113 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
114 if (response->public_key_len == 0 || response->public_key_len > 2048) {
115 skdebug(__func__, "bad pubkey length %zu",
116 response->public_key_len);
117 goto out;
118 }
119 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
120 skdebug(__func__, "malloc pubkey failed");
121 goto out;
122 }
123 if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
124 response->public_key, response->public_key_len, NULL) == 0) {
125 skdebug(__func__, "EC_POINT_point2oct failed");
126 goto out;
127 }
128 /* Key handle contains PEM encoded private key */
129 if (!PEM_write_bio_ECPrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) {
130 skdebug(__func__, "PEM_write_bio_ECPrivateKey failed");
131 goto out;
132 }
133 if ((privlen = BIO_get_mem_data(bio, &privptr)) <= 0) {
134 skdebug(__func__, "BIO_get_mem_data failed");
135 goto out;
136 }
137 if ((response->key_handle = malloc(privlen)) == NULL) {
138 skdebug(__func__, "malloc key_handle failed");
139 goto out;
140 }
141 response->key_handle_len = (size_t)privlen;
142 memcpy(response->key_handle, privptr, response->key_handle_len);
143 /* success */
144 ret = 0;
145 out:
146 if (ret != 0) {
147 if (response->public_key != NULL) {
148 memset(response->public_key, 0,
149 response->public_key_len);
150 free(response->public_key);
151 response->public_key = NULL;
152 }
153 if (response->key_handle != NULL) {
154 memset(response->key_handle, 0,
155 response->key_handle_len);
156 free(response->key_handle);
157 response->key_handle = NULL;
158 }
159 }
160 BIO_free(bio);
161 EC_KEY_free(key);
162 return ret;
163#else
164 return -1;
165#endif
166}
167
168static int
169pack_key_ed25519(struct sk_enroll_response *response)
170{
171 int ret = -1;
172 u_char pk[crypto_sign_ed25519_PUBLICKEYBYTES];
173 u_char sk[crypto_sign_ed25519_SECRETKEYBYTES];
174
175 response->public_key = NULL;
176 response->public_key_len = 0;
177 response->key_handle = NULL;
178 response->key_handle_len = 0;
179
180 memset(pk, 0, sizeof(pk));
181 memset(sk, 0, sizeof(sk));
182 crypto_sign_ed25519_keypair(pk, sk);
183
184 response->public_key_len = sizeof(pk);
185 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
186 skdebug(__func__, "malloc pubkey failed");
187 goto out;
188 }
189 memcpy(response->public_key, pk, sizeof(pk));
190 /* Key handle contains sk */
191 response->key_handle_len = sizeof(sk);
192 if ((response->key_handle = malloc(response->key_handle_len)) == NULL) {
193 skdebug(__func__, "malloc key_handle failed");
194 goto out;
195 }
196 memcpy(response->key_handle, sk, sizeof(sk));
197 /* success */
198 ret = 0;
199 out:
200 if (ret != 0)
201 free(response->public_key);
202 return ret;
203}
204
205static int
206check_options(struct sk_option **options)
207{
208 size_t i;
209
210 if (options == NULL)
211 return 0;
212 for (i = 0; options[i] != NULL; i++) {
213 skdebug(__func__, "requested unsupported option %s",
214 options[i]->name);
215 if (options[i]->required) {
216 skdebug(__func__, "unknown required option");
217 return -1;
218 }
219 }
220 return 0;
221}
222
223int
224sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
225 const char *application, uint8_t flags, const char *pin,
226 struct sk_option **options, struct sk_enroll_response **enroll_response)
227{
228 struct sk_enroll_response *response = NULL;
229 int ret = SSH_SK_ERR_GENERAL;
230
231 (void)flags; /* XXX; unused */
232
233 if (enroll_response == NULL) {
234 skdebug(__func__, "enroll_response == NULL");
235 goto out;
236 }
237 *enroll_response = NULL;
238 if (check_options(options) != 0)
239 goto out; /* error already logged */
240 if ((response = calloc(1, sizeof(*response))) == NULL) {
241 skdebug(__func__, "calloc response failed");
242 goto out;
243 }
244 switch(alg) {
245 case SSH_SK_ECDSA:
246 if (pack_key_ecdsa(response) != 0)
247 goto out;
248 break;
249 case SSH_SK_ED25519:
250 if (pack_key_ed25519(response) != 0)
251 goto out;
252 break;
253 default:
254 skdebug(__func__, "unsupported key type %d", alg);
255 return -1;
256 }
257 /* Have to return something here */
258 if ((response->signature = calloc(1, 1)) == NULL) {
259 skdebug(__func__, "calloc signature failed");
260 goto out;
261 }
262 response->signature_len = 0;
263
264 *enroll_response = response;
265 response = NULL;
266 ret = 0;
267 out:
268 if (response != NULL) {
269 free(response->public_key);
270 free(response->key_handle);
271 free(response->signature);
272 free(response->attestation_cert);
273 free(response);
274 }
275 return ret;
276}
277
278static void
279dump(const char *preamble, const void *sv, size_t l)
280{
281#ifdef SK_DEBUG
282 const u_char *s = (const u_char *)sv;
283 size_t i;
284
285 fprintf(stderr, "%s (len %zu):\n", preamble, l);
286 for (i = 0; i < l; i++) {
287 if (i % 16 == 0)
288 fprintf(stderr, "%04zu: ", i);
289 fprintf(stderr, "%02x", s[i]);
290 if (i % 16 == 15 || i == l - 1)
291 fprintf(stderr, "\n");
292 }
293#endif
294}
295
296static int
297sig_ecdsa(const uint8_t *message, size_t message_len,
298 const char *application, uint32_t counter, uint8_t flags,
299 const uint8_t *key_handle, size_t key_handle_len,
300 struct sk_sign_response *response)
301{
302#ifdef OPENSSL_HAS_ECC
303 ECDSA_SIG *sig = NULL;
304 const BIGNUM *sig_r, *sig_s;
305 int ret = -1;
306 BIO *bio = NULL;
307 EVP_PKEY *pk = NULL;
308 EC_KEY *ec = NULL;
309 SHA256_CTX ctx;
310 uint8_t apphash[SHA256_DIGEST_LENGTH];
311 uint8_t sighash[SHA256_DIGEST_LENGTH];
312 uint8_t countbuf[4];
313
314 /* Decode EC_KEY from key handle */
315 if ((bio = BIO_new(BIO_s_mem())) == NULL ||
316 BIO_write(bio, key_handle, key_handle_len) != (int)key_handle_len) {
317 skdebug(__func__, "BIO setup failed");
318 goto out;
319 }
320 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, "")) == NULL) {
321 skdebug(__func__, "PEM_read_bio_PrivateKey failed");
322 goto out;
323 }
324 if (EVP_PKEY_base_id(pk) != EVP_PKEY_EC) {
325 skdebug(__func__, "Not an EC key: %d", EVP_PKEY_base_id(pk));
326 goto out;
327 }
328 if ((ec = EVP_PKEY_get1_EC_KEY(pk)) == NULL) {
329 skdebug(__func__, "EVP_PKEY_get1_EC_KEY failed");
330 goto out;
331 }
332 /* Expect message to be pre-hashed */
333 if (message_len != SHA256_DIGEST_LENGTH) {
334 skdebug(__func__, "bad message len %zu", message_len);
335 goto out;
336 }
337 /* Prepare data to be signed */
338 dump("message", message, message_len);
339 SHA256_Init(&ctx);
340 SHA256_Update(&ctx, application, strlen(application));
341 SHA256_Final(apphash, &ctx);
342 dump("apphash", apphash, sizeof(apphash));
343 countbuf[0] = (counter >> 24) & 0xff;
344 countbuf[1] = (counter >> 16) & 0xff;
345 countbuf[2] = (counter >> 8) & 0xff;
346 countbuf[3] = counter & 0xff;
347 dump("countbuf", countbuf, sizeof(countbuf));
348 dump("flags", &flags, sizeof(flags));
349 SHA256_Init(&ctx);
350 SHA256_Update(&ctx, apphash, sizeof(apphash));
351 SHA256_Update(&ctx, &flags, sizeof(flags));
352 SHA256_Update(&ctx, countbuf, sizeof(countbuf));
353 SHA256_Update(&ctx, message, message_len);
354 SHA256_Final(sighash, &ctx);
355 dump("sighash", sighash, sizeof(sighash));
356 /* create and encode signature */
357 if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) {
358 skdebug(__func__, "ECDSA_do_sign failed");
359 goto out;
360 }
361 ECDSA_SIG_get0(sig, &sig_r, &sig_s);
362 response->sig_r_len = BN_num_bytes(sig_r);
363 response->sig_s_len = BN_num_bytes(sig_s);
364 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
365 (response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
366 skdebug(__func__, "calloc signature failed");
367 goto out;
368 }
369 BN_bn2bin(sig_r, response->sig_r);
370 BN_bn2bin(sig_s, response->sig_s);
371 ret = 0;
372 out:
373 explicit_bzero(&ctx, sizeof(ctx));
374 explicit_bzero(&apphash, sizeof(apphash));
375 explicit_bzero(&sighash, sizeof(sighash));
376 ECDSA_SIG_free(sig);
377 if (ret != 0) {
378 free(response->sig_r);
379 free(response->sig_s);
380 response->sig_r = NULL;
381 response->sig_s = NULL;
382 }
383 BIO_free(bio);
384 EC_KEY_free(ec);
385 EVP_PKEY_free(pk);
386 return ret;
387#else
388 return -1;
389#endif
390}
391
392static int
393sig_ed25519(const uint8_t *message, size_t message_len,
394 const char *application, uint32_t counter, uint8_t flags,
395 const uint8_t *key_handle, size_t key_handle_len,
396 struct sk_sign_response *response)
397{
398 size_t o;
399 int ret = -1;
400 SHA256_CTX ctx;
401 uint8_t apphash[SHA256_DIGEST_LENGTH];
402 uint8_t signbuf[sizeof(apphash) + sizeof(flags) +
403 sizeof(counter) + SHA256_DIGEST_LENGTH];
404 uint8_t sig[crypto_sign_ed25519_BYTES + sizeof(signbuf)];
405 unsigned long long smlen;
406
407 if (key_handle_len != crypto_sign_ed25519_SECRETKEYBYTES) {
408 skdebug(__func__, "bad key handle length %zu", key_handle_len);
409 goto out;
410 }
411 /* Expect message to be pre-hashed */
412 if (message_len != SHA256_DIGEST_LENGTH) {
413 skdebug(__func__, "bad message len %zu", message_len);
414 goto out;
415 }
416 /* Prepare data to be signed */
417 dump("message", message, message_len);
418 SHA256_Init(&ctx);
419 SHA256_Update(&ctx, application, strlen(application));
420 SHA256_Final(apphash, &ctx);
421 dump("apphash", apphash, sizeof(apphash));
422
423 memcpy(signbuf, apphash, sizeof(apphash));
424 o = sizeof(apphash);
425 signbuf[o++] = flags;
426 signbuf[o++] = (counter >> 24) & 0xff;
427 signbuf[o++] = (counter >> 16) & 0xff;
428 signbuf[o++] = (counter >> 8) & 0xff;
429 signbuf[o++] = counter & 0xff;
430 memcpy(signbuf + o, message, message_len);
431 o += message_len;
432 if (o != sizeof(signbuf)) {
433 skdebug(__func__, "bad sign buf len %zu, expected %zu",
434 o, sizeof(signbuf));
435 goto out;
436 }
437 dump("signbuf", signbuf, sizeof(signbuf));
438 /* create and encode signature */
439 smlen = sizeof(signbuf);
440 if (crypto_sign_ed25519(sig, &smlen, signbuf, sizeof(signbuf),
441 key_handle) != 0) {
442 skdebug(__func__, "crypto_sign_ed25519 failed");
443 goto out;
444 }
445 if (smlen <= sizeof(signbuf)) {
446 skdebug(__func__, "bad sign smlen %llu, expected min %zu",
447 smlen, sizeof(signbuf) + 1);
448 goto out;
449 }
450 response->sig_r_len = (size_t)(smlen - sizeof(signbuf));
451 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
452 skdebug(__func__, "calloc signature failed");
453 goto out;
454 }
455 memcpy(response->sig_r, sig, response->sig_r_len);
456 dump("sig_r", response->sig_r, response->sig_r_len);
457 ret = 0;
458 out:
459 explicit_bzero(&ctx, sizeof(ctx));
460 explicit_bzero(&apphash, sizeof(apphash));
461 explicit_bzero(&signbuf, sizeof(signbuf));
462 explicit_bzero(&sig, sizeof(sig));
463 if (ret != 0) {
464 free(response->sig_r);
465 response->sig_r = NULL;
466 }
467 return ret;
468}
469
470int
471sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
472 const char *application, const uint8_t *key_handle, size_t key_handle_len,
473 uint8_t flags, const char *pin, struct sk_option **options,
474 struct sk_sign_response **sign_response)
475{
476 struct sk_sign_response *response = NULL;
477 int ret = SSH_SK_ERR_GENERAL;
478
479 if (sign_response == NULL) {
480 skdebug(__func__, "sign_response == NULL");
481 goto out;
482 }
483 *sign_response = NULL;
484 if (check_options(options) != 0)
485 goto out; /* error already logged */
486 if ((response = calloc(1, sizeof(*response))) == NULL) {
487 skdebug(__func__, "calloc response failed");
488 goto out;
489 }
490 response->flags = flags;
491 response->counter = 0x12345678;
492 switch(alg) {
493 case SSH_SK_ECDSA:
494 if (sig_ecdsa(message, message_len, application,
495 response->counter, flags, key_handle, key_handle_len,
496 response) != 0)
497 goto out;
498 break;
499 case SSH_SK_ED25519:
500 if (sig_ed25519(message, message_len, application,
501 response->counter, flags, key_handle, key_handle_len,
502 response) != 0)
503 goto out;
504 break;
505 default:
506 skdebug(__func__, "unsupported key type %d", alg);
507 return -1;
508 }
509 *sign_response = response;
510 response = NULL;
511 ret = 0;
512 out:
513 if (response != NULL) {
514 free(response->sig_r);
515 free(response->sig_s);
516 free(response);
517 }
518 return ret;
519}
520
521int
522sk_load_resident_keys(const char *pin, struct sk_option **options,
523 struct sk_resident_key ***rks, size_t *nrks)
524{
525 return SSH_SK_ERR_UNSUPPORTED;
526}
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index b5e604dba..817ddbfa8 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: multiplex.sh,v 1.30 2019/07/05 04:03:13 dtucker Exp $ 1# $OpenBSD: multiplex.sh,v 1.32 2020/01/25 02:57:53 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4make_tmpdir 4make_tmpdir
@@ -6,8 +6,6 @@ CTL=${SSH_REGRESS_TMP}/ctl-sock
6 6
7tid="connection multiplexing" 7tid="connection multiplexing"
8 8
9NC=$OBJ/netcat
10
11trace "will use ProxyCommand $proxycmd" 9trace "will use ProxyCommand $proxycmd"
12if config_defined DISABLE_FD_PASSING ; then 10if config_defined DISABLE_FD_PASSING ; then
13 echo "skipped (not supported on this platform)" 11 echo "skipped (not supported on this platform)"
@@ -18,7 +16,7 @@ P=3301 # test port
18 16
19wait_for_mux_master_ready() 17wait_for_mux_master_ready()
20{ 18{
21 for i in 1 2 3 4 5; do 19 for i in 1 2 3 4 5 6 7 8 9; do
22 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost \ 20 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost \
23 >/dev/null 2>&1 && return 0 21 >/dev/null 2>&1 && return 0
24 sleep $i 22 sleep $i
diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh
index 4d443ec45..9b2273353 100644
--- a/regress/multipubkey.sh
+++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $ 1# $OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="multiple pubkey" 4tid="multiple pubkey"
@@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
31opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes" 31opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
32opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2" 32opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
33 33
34for privsep in yes sandbox ; do 34for privsep in yes ; do
35 ( 35 (
36 grep -v "Protocol" $OBJ/sshd_proxy.orig 36 grep -v "Protocol" $OBJ/sshd_proxy.orig
37 echo "Protocol 2" 37 echo "Protocol 2"
diff --git a/regress/netcat.c b/regress/netcat.c
index 56bd09de5..2d86818e2 100644
--- a/regress/netcat.c
+++ b/regress/netcat.c
@@ -1181,11 +1181,13 @@ set_common_sockopts(int s)
1181 &x, sizeof(x)) == -1) 1181 &x, sizeof(x)) == -1)
1182 err(1, "setsockopt"); 1182 err(1, "setsockopt");
1183 } 1183 }
1184#ifdef IP_TOS
1184 if (Tflag != -1) { 1185 if (Tflag != -1) {
1185 if (setsockopt(s, IPPROTO_IP, IP_TOS, 1186 if (setsockopt(s, IPPROTO_IP, IP_TOS,
1186 &Tflag, sizeof(Tflag)) == -1) 1187 &Tflag, sizeof(Tflag)) == -1)
1187 err(1, "set IP ToS"); 1188 err(1, "set IP ToS");
1188 } 1189 }
1190#endif
1189 if (Iflag) { 1191 if (Iflag) {
1190 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, 1192 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
1191 &Iflag, sizeof(Iflag)) == -1) 1193 &Iflag, sizeof(Iflag)) == -1)
@@ -1201,6 +1203,7 @@ set_common_sockopts(int s)
1201int 1203int
1202map_tos(char *s, int *val) 1204map_tos(char *s, int *val)
1203{ 1205{
1206#ifdef IP_TOS
1204 /* DiffServ Codepoints and other TOS mappings */ 1207 /* DiffServ Codepoints and other TOS mappings */
1205 const struct toskeywords { 1208 const struct toskeywords {
1206 const char *keyword; 1209 const char *keyword;
@@ -1242,6 +1245,7 @@ map_tos(char *s, int *val)
1242 return (1); 1245 return (1);
1243 } 1246 }
1244 } 1247 }
1248#endif
1245 1249
1246 return (0); 1250 return (0);
1247} 1251}
diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index 7d380325b..5e535c133 100644
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $ 1# $OpenBSD: principals-command.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="authorized principals command" 4tid="authorized principals command"
@@ -12,7 +12,7 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then
12 exit 0 12 exit 0
13fi 13fi
14 14
15case "`${SSH} -Q key-plain`" in 15case "$SSH_KEYTYPES" in
16 *ssh-rsa*) userkeytype=rsa ;; 16 *ssh-rsa*) userkeytype=rsa ;;
17 *) userkeytype=ed25519 ;; 17 *) userkeytype=ed25519 ;;
18esac 18esac
@@ -63,7 +63,7 @@ fi
63 63
64if [ -x $PRINCIPALS_COMMAND ]; then 64if [ -x $PRINCIPALS_COMMAND ]; then
65 # Test explicitly-specified principals 65 # Test explicitly-specified principals
66 for privsep in yes sandbox ; do 66 for privsep in yes ; do
67 _prefix="privsep $privsep" 67 _prefix="privsep $privsep"
68 68
69 # Setup for AuthorizedPrincipalsCommand 69 # Setup for AuthorizedPrincipalsCommand
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh
index 39bbd3c96..8847fe0c6 100644
--- a/regress/proxy-connect.sh
+++ b/regress/proxy-connect.sh
@@ -1,9 +1,15 @@
1# $OpenBSD: proxy-connect.sh,v 1.11 2017/09/26 22:39:25 dtucker Exp $ 1# $OpenBSD: proxy-connect.sh,v 1.12 2020/01/23 11:19:12 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="proxy connect" 4tid="proxy connect"
5 5
6for c in no yes; do 6if [ "`${SSH} -Q compression`" = "none" ]; then
7 comp="no"
8else
9 comp="no yes"
10fi
11
12for c in $comp; do
7 verbose "plain username comp=$c" 13 verbose "plain username comp=$c"
8 opts="-oCompression=$c -F $OBJ/ssh_proxy" 14 opts="-oCompression=$c -F $OBJ/ssh_proxy"
9 SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` 15 SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'`
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 191a2bda8..708c288d7 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-ciphers.sh,v 1.6 2017/05/08 01:52:49 djm Exp $ 1# $OpenBSD: putty-ciphers.sh,v 1.7 2020/01/23 03:35:07 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty ciphers" 4tid="putty ciphers"
@@ -8,7 +8,7 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
8 exit 0 8 exit 0
9fi 9fi
10 10
11for c in aes 3des aes128-ctr aes192-ctr aes256-ctr ; do 11for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
12 verbose "$tid: cipher $c" 12 verbose "$tid: cipher $c"
13 cp ${OBJ}/.putty/sessions/localhost_proxy \ 13 cp ${OBJ}/.putty/sessions/localhost_proxy \
14 ${OBJ}/.putty/sessions/cipher_$c 14 ${OBJ}/.putty/sessions/cipher_$c
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
index 71c09701b..686d0e1af 100644
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-kex.sh,v 1.4 2016/11/25 03:02:01 dtucker Exp $ 1# $OpenBSD: putty-kex.sh,v 1.5 2020/01/23 03:24:38 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty KEX" 4tid="putty KEX"
@@ -8,7 +8,7 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
8 exit 0 8 exit 0
9fi 9fi
10 10
11for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do 11for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
12 verbose "$tid: kex $k" 12 verbose "$tid: kex $k"
13 cp ${OBJ}/.putty/sessions/localhost_proxy \ 13 cp ${OBJ}/.putty/sessions/localhost_proxy \
14 ${OBJ}/.putty/sessions/kex_$k 14 ${OBJ}/.putty/sessions/kex_$k
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
index 4928d4533..14b41022f 100644
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-transfer.sh,v 1.6 2018/02/23 03:03:00 djm Exp $ 1# $OpenBSD: putty-transfer.sh,v 1.7 2020/01/23 11:19:12 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty transfer data" 4tid="putty transfer data"
@@ -8,7 +8,13 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
8 exit 0 8 exit 0
9fi 9fi
10 10
11for c in 0 1 ; do 11if [ "`${SSH} -Q compression`" = "none" ]; then
12 comp="0"
13else
14 comp="0 1"
15fi
16
17for c in $comp; do
12 verbose "$tid: compression $c" 18 verbose "$tid: compression $c"
13 rm -f ${COPY} 19 rm -f ${COPY}
14 cp ${OBJ}/.putty/sessions/localhost_proxy \ 20 cp ${OBJ}/.putty/sessions/localhost_proxy \
diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
new file mode 100644
index 000000000..b25c8faa8
--- /dev/null
+++ b/regress/servcfginclude.sh
@@ -0,0 +1,154 @@
1# Placed in the Public Domain.
2
3tid="server config include"
4
5cat > $OBJ/sshd_config.i << _EOF
6HostKey $OBJ/host.ssh-ed25519
7Match host a
8 Banner /aa
9
10Match host b
11 Banner /bb
12 Include $OBJ/sshd_config.i.*
13
14Match host c
15 Include $OBJ/sshd_config.i.*
16 Banner /cc
17
18Match host m
19 Include $OBJ/sshd_config.i.*
20
21Match Host d
22 Banner /dd
23
24Match Host e
25 Banner /ee
26 Include $OBJ/sshd_config.i.*
27
28Match Host f
29 Include $OBJ/sshd_config.i.*
30 Banner /ff
31
32Match Host n
33 Include $OBJ/sshd_config.i.*
34_EOF
35
36cat > $OBJ/sshd_config.i.0 << _EOF
37Match host xxxxxx
38_EOF
39
40cat > $OBJ/sshd_config.i.1 << _EOF
41Match host a
42 Banner /aaa
43
44Match host b
45 Banner /bbb
46
47Match host c
48 Banner /ccc
49
50Match Host d
51 Banner /ddd
52
53Match Host e
54 Banner /eee
55
56Match Host f
57 Banner /fff
58_EOF
59
60cat > $OBJ/sshd_config.i.2 << _EOF
61Match host a
62 Banner /aaaa
63
64Match host b
65 Banner /bbbb
66
67Match host c
68 Banner /cccc
69
70Match Host d
71 Banner /dddd
72
73Match Host e
74 Banner /eeee
75
76Match Host f
77 Banner /ffff
78
79Match all
80 Banner /xxxx
81_EOF
82
83trial() {
84 _host="$1"
85 _exp="$2"
86 _desc="$3"
87 test -z "$_desc" && _desc="test match"
88 trace "$_desc host=$_host expect=$_exp"
89 ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
90 -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
91 fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
92 _got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
93 if test "x$_exp" != "x$_got" ; then
94 fail "$desc_ host $_host include fail: expected $_exp got $_got"
95 fi
96}
97
98trial a /aa
99trial b /bb
100trial c /ccc
101trial d /dd
102trial e /ee
103trial f /fff
104trial m /xxxx
105trial n /xxxx
106trial x none
107
108# Prepare an included config with an error.
109
110cat > $OBJ/sshd_config.i.3 << _EOF
111Banner xxxx
112 Junk
113_EOF
114
115trace "disallow invalid config host=a"
116${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
117 -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
118 fail "sshd include allowed invalid config"
119
120trace "disallow invalid config host=x"
121${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
122 -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
123 fail "sshd include allowed invalid config"
124
125rm -f $OBJ/sshd_config.i.*
126
127# Ensure that a missing include is not fatal.
128cat > $OBJ/sshd_config.i << _EOF
129HostKey $OBJ/host.ssh-ed25519
130Include $OBJ/sshd_config.i.*
131Banner /aa
132_EOF
133
134trial a /aa "missing include non-fatal"
135
136# Ensure that Match/Host in an included config does not affect parent.
137cat > $OBJ/sshd_config.i.x << _EOF
138Match host x
139_EOF
140
141trial a /aa "included file does not affect match state"
142
143# Ensure the empty include directive is not accepted
144cat > $OBJ/sshd_config.i.x << _EOF
145Include
146_EOF
147
148trace "disallow invalid with no argument"
149${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
150 -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
151 fail "sshd allowed Include with no argument"
152
153# cleanup
154rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh
index bcf83afe9..dcb975d95 100755
--- a/regress/ssh2putty.sh
+++ b/regress/ssh2putty.sh
@@ -1,5 +1,5 @@
1#!/bin/sh 1#!/bin/sh
2# $OpenBSD: ssh2putty.sh,v 1.3 2015/05/08 07:26:13 djm Exp $ 2# $OpenBSD: ssh2putty.sh,v 1.5 2019/11/21 05:18:47 tb Exp $
3 3
4if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then 4if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
5 echo "Usage: ssh2putty hostname port ssh-private-key" 5 echo "Usage: ssh2putty hostname port ssh-private-key"
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
index 2c00b64ef..fc72a0a71 100644
--- a/regress/sshcfgparse.sh
+++ b/regress/sshcfgparse.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $ 1# $OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh config parse" 4tid="ssh config parse"
@@ -94,5 +94,15 @@ if [ "$dsa" = "1" ]; then
94 expect_result_absent "$f" "ssh-dss-cert-v01.*" 94 expect_result_absent "$f" "ssh-dss-cert-v01.*"
95fi 95fi
96 96
97verbose "agentforwarding"
98f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
99expect_result_present "$f" "no"
100f=`${SSH} -GF none -oforwardagent=no host | awk '/^forwardagent /{print$2}'`
101expect_result_present "$f" "no"
102f=`${SSH} -GF none -oforwardagent=yes host | awk '/^forwardagent /{print$2}'`
103expect_result_present "$f" "yes"
104f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'`
105expect_result_present "$f" "SSH_AUTH_SOCK.forward"
106
97# cleanup 107# cleanup
98rm -f $OBJ/ssh_config.[012] 108rm -f $OBJ/ssh_config.[012]
diff --git a/regress/sshsig.sh b/regress/sshsig.sh
index eb99486ae..da362c179 100644
--- a/regress/sshsig.sh
+++ b/regress/sshsig.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: sshsig.sh,v 1.2 2019/10/04 03:39:19 djm Exp $ 1# $OpenBSD: sshsig.sh,v 1.3 2019/11/26 23:43:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="sshsig" 4tid="sshsig"
@@ -23,7 +23,7 @@ CA_PRIV=$OBJ/sigca-key
23CA_PUB=$OBJ/sigca-key.pub 23CA_PUB=$OBJ/sigca-key.pub
24 24
25trace "start agent" 25trace "start agent"
26eval `${SSHAGENT} -s` > /dev/null 26eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
27r=$? 27r=$?
28if [ $r -ne 0 ]; then 28if [ $r -ne 0 ]; then
29 fatal "could not start ssh-agent: exit code $r" 29 fatal "could not start ssh-agent: exit code $r"
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 5e48bfbe3..a3a40719f 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.66 2019/07/05 04:12:46 dtucker Exp $ 1# $OpenBSD: test-exec.sh,v 1.75 2020/01/31 23:25:08 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -80,6 +80,9 @@ PLINK=plink
80PUTTYGEN=puttygen 80PUTTYGEN=puttygen
81CONCH=conch 81CONCH=conch
82 82
83# Tools used by multiple tests
84NC=$OBJ/netcat
85
83if [ "x$TEST_SSH_SSH" != "x" ]; then 86if [ "x$TEST_SSH_SSH" != "x" ]; then
84 SSH="${TEST_SSH_SSH}" 87 SSH="${TEST_SSH_SSH}"
85fi 88fi
@@ -128,6 +131,12 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then
128 *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; 131 *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
129 esac 132 esac
130fi 133fi
134if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then
135 SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}"
136fi
137if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then
138 SSH_SK_HELPER="${TEST_SSH_SK_HELPER}"
139fi
131 140
132# Path to sshd must be absolute for rexec 141# Path to sshd must be absolute for rexec
133case "$SSHD" in 142case "$SSHD" in
@@ -230,6 +239,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
230 239
231chmod a+rx $OBJ/ssh-log-wrapper.sh 240chmod a+rx $OBJ/ssh-log-wrapper.sh
232REAL_SSH="$SSH" 241REAL_SSH="$SSH"
242REAL_SSHD="$SSHD"
233SSH="$SSHLOGWRAP" 243SSH="$SSHLOGWRAP"
234 244
235# Some test data. We make a copy because some tests will overwrite it. 245# Some test data. We make a copy because some tests will overwrite it.
@@ -252,6 +262,7 @@ increase_datafile_size()
252 262
253# these should be used in tests 263# these should be used in tests
254export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP 264export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
265export SSH_PKCS11_HELPER SSH_SK_HELPER
255#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP 266#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
256 267
257# Portable specific functions 268# Portable specific functions
@@ -437,6 +448,31 @@ EOF
437# be abused to locally escalate privileges. 448# be abused to locally escalate privileges.
438if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then 449if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
439 echo "StrictModes no" >> $OBJ/sshd_config 450 echo "StrictModes no" >> $OBJ/sshd_config
451else
452 # check and warn if excessive permissions are likely to cause failures.
453 unsafe=""
454 dir="${OBJ}"
455 while test ${dir} != "/"; do
456 if test -d "${dir}" && ! test -h "${dir}"; then
457 perms=`ls -ld ${dir}`
458 case "${perms}" in
459 ?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
460 esac
461 fi
462 dir=`dirname ${dir}`
463 done
464 if ! test -z "${unsafe}"; then
465 cat <<EOD
466
467WARNING: Unsafe (group or world writable) directory permissions found:
468${unsafe}
469
470These could be abused to locally escalate privileges. If you are
471sure that this is not a risk (eg there are no other users), you can
472bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
473
474EOD
475 fi
440fi 476fi
441 477
442if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then 478if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
@@ -475,8 +511,33 @@ fi
475 511
476rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER 512rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
477 513
478SSH_KEYTYPES=`$SSH -Q key-plain` 514SSH_SK_PROVIDER=
515if [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
516 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
517elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
518 SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
519fi
520export SSH_SK_PROVIDER
521
522if ! test -z "$SSH_SK_PROVIDER"; then
523 EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
524 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config
525 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config
526 echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy
527fi
528export EXTRA_AGENT_ARGS
529
530maybe_filter_sk() {
531 if test -z "$SSH_SK_PROVIDER" ; then
532 grep -v ^sk
533 else
534 cat
535 fi
536}
479 537
538SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
539SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
540
480for t in ${SSH_KEYTYPES}; do 541for t in ${SSH_KEYTYPES}; do
481 # generate user key 542 # generate user key
482 trace "generating key type $t" 543 trace "generating key type $t"
@@ -486,16 +547,18 @@ for t in ${SSH_KEYTYPES}; do
486 fail "ssh-keygen for $t failed" 547 fail "ssh-keygen for $t failed"
487 fi 548 fi
488 549
550 # setup authorized keys
551 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
552 echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
553done
554
555for t in ${SSH_HOSTKEY_TYPES}; do
489 # known hosts file for client 556 # known hosts file for client
490 ( 557 (
491 printf 'localhost-with-alias,127.0.0.1,::1 ' 558 printf 'localhost-with-alias,127.0.0.1,::1 '
492 cat $OBJ/$t.pub 559 cat $OBJ/$t.pub
493 ) >> $OBJ/known_hosts 560 ) >> $OBJ/known_hosts
494 561
495 # setup authorized keys
496 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
497 echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
498
499 # use key as host key, too 562 # use key as host key, too
500 $SUDO cp $OBJ/$t $OBJ/host.$t 563 $SUDO cp $OBJ/$t $OBJ/host.$t
501 echo HostKey $OBJ/host.$t >> $OBJ/sshd_config 564 echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
@@ -576,7 +639,7 @@ fi
576# create a proxy version of the client config 639# create a proxy version of the client config
577( 640(
578 cat $OBJ/ssh_config 641 cat $OBJ/ssh_config
579 echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy 642 echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy
580) > $OBJ/ssh_proxy 643) > $OBJ/ssh_proxy
581 644
582# check proxy config 645# check proxy config
@@ -586,7 +649,8 @@ start_sshd ()
586{ 649{
587 # start sshd 650 # start sshd
588 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" 651 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
589 $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE 652 $SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \
653 ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
590 654
591 trace "wait for sshd" 655 trace "wait for sshd"
592 i=0; 656 i=0;
diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc
index 428ef6836..370224aa5 100644
--- a/regress/unittests/Makefile.inc
+++ b/regress/unittests/Makefile.inc
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile.inc,v 1.13 2018/10/17 23:28:05 djm Exp $ 1# $OpenBSD: Makefile.inc,v 1.14 2019/11/25 10:32:35 djm Exp $
2 2
3REGRESS_FAIL_EARLY?= yes 3REGRESS_FAIL_EARLY?= yes
4 4
@@ -74,6 +74,9 @@ LDADD+= -lcrypto
74DPADD+= ${LIBCRYPTO} 74DPADD+= ${LIBCRYPTO}
75.endif 75.endif
76 76
77LDADD+= -lfido2 -lcbor -lusbhid
78DPADD+= ${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID}
79
77UNITTEST_ARGS?= 80UNITTEST_ARGS?=
78 81
79.if (${UNITTEST_VERBOSE:L} != "no") 82.if (${UNITTEST_VERBOSE:L} != "no")
diff --git a/regress/unittests/authopt/Makefile b/regress/unittests/authopt/Makefile
new file mode 100644
index 000000000..492092fc6
--- /dev/null
+++ b/regress/unittests/authopt/Makefile
@@ -0,0 +1,26 @@
1# $OpenBSD: Makefile,v 1.4 2020/01/26 00:09:50 djm Exp $
2
3PROG=test_authopt
4SRCS=tests.c
5
6SRCS+=auth-options.c
7
8# From usr.bin/ssh
9SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
10SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
11SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
12SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
13SRCS+=addrmatch.c bitmap.c
14SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
15SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
16SRCS+=ssh-ed25519-sk.c sk-usbhid.c
17
18SRCS+=digest-openssl.c
19#SRCS+=digest-libc.c
20
21REGRESS_TARGETS=run-regress-${PROG}
22
23run-regress-${PROG}: ${PROG}
24 env ${TEST_ENV} ./${PROG} -d ${.CURDIR}/testdata
25
26.include <bsd.regress.mk>
diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile
index 336885122..c0a893135 100644
--- a/regress/unittests/hostkeys/Makefile
+++ b/regress/unittests/hostkeys/Makefile
@@ -1,16 +1,17 @@
1# $OpenBSD: Makefile,v 1.4 2017/12/21 00:41:22 djm Exp $ 1# $OpenBSD: Makefile,v 1.7 2020/01/26 00:09:50 djm Exp $
2 2
3PROG=test_hostkeys 3PROG=test_hostkeys
4SRCS=tests.c test_iterate.c 4SRCS=tests.c test_iterate.c
5 5
6# From usr.bin/ssh 6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c 7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c 8SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c 9SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c 10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c hostfile.c 11SRCS+=addrmatch.c bitmap.c hostfile.c
12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c 12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
13SRCS+=cipher-chachapoly.c chacha.c poly1305.c 13SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
14SRCS+=ssh-ed25519-sk.c sk-usbhid.c
14 15
15SRCS+=digest-openssl.c 16SRCS+=digest-openssl.c
16#SRCS+=digest-libc.c 17#SRCS+=digest-libc.c
diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile
index 7b4c644e5..648006c78 100644
--- a/regress/unittests/kex/Makefile
+++ b/regress/unittests/kex/Makefile
@@ -1,16 +1,17 @@
1# $OpenBSD: Makefile,v 1.6 2019/01/21 12:35:20 djm Exp $ 1# $OpenBSD: Makefile,v 1.9 2020/01/26 00:09:50 djm Exp $
2 2
3PROG=test_kex 3PROG=test_kex
4SRCS=tests.c test_kex.c 4SRCS=tests.c test_kex.c
5 5
6# From usr.bin/ssh 6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c 7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c 8SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c 9SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c 10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c 11SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
12SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c 12SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
13SRCS+=cipher-chachapoly.c chacha.c poly1305.c 13SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
14SRCS+=ssh-ed25519-sk.c sk-usbhid.c
14 15
15SRCS+= kex.c 16SRCS+= kex.c
16SRCS+= dh.c 17SRCS+= dh.c
diff --git a/regress/unittests/misc/Makefile b/regress/unittests/misc/Makefile
new file mode 100644
index 000000000..06e954cb8
--- /dev/null
+++ b/regress/unittests/misc/Makefile
@@ -0,0 +1,16 @@
1# $OpenBSD: Makefile,v 1.1 2019/04/28 22:53:26 dtucker Exp $
2
3PROG=test_misc
4SRCS=tests.c
5
6# From usr.bin/ssh/Makefile.inc
7SRCS+=sshbuf.c sshbuf-getput-basic.c ssherr.c log.c xmalloc.c misc.c
8# From usr/bin/ssh/sshd/Makefile
9SRCS+=atomicio.c cleanup.c fatal.c
10
11REGRESS_TARGETS=run-regress-${PROG}
12
13run-regress-${PROG}: ${PROG}
14 env ${TEST_ENV} ./${PROG}
15
16.include <bsd.regress.mk>
diff --git a/regress/unittests/misc/tests.c b/regress/unittests/misc/tests.c
new file mode 100644
index 000000000..ed775ebbd
--- /dev/null
+++ b/regress/unittests/misc/tests.c
@@ -0,0 +1,79 @@
1/* $OpenBSD: tests.c,v 1.1 2019/04/28 22:53:26 dtucker Exp $ */
2/*
3 * Regress test for misc helper functions.
4 *
5 * Placed in the public domain.
6 */
7
8#include <sys/types.h>
9#include <sys/param.h>
10#include <stdio.h>
11#include <stdint.h>
12#include <stdlib.h>
13#include <string.h>
14
15#include "test_helper.h"
16
17#include "misc.h"
18
19void
20tests(void)
21{
22 int port;
23 char *user, *host, *path;
24
25 TEST_START("misc_parse_user_host_path");
26 ASSERT_INT_EQ(parse_user_host_path("someuser@some.host:some/path",
27 &user, &host, &path), 0);
28 ASSERT_STRING_EQ(user, "someuser");
29 ASSERT_STRING_EQ(host, "some.host");
30 ASSERT_STRING_EQ(path, "some/path");
31 free(user); free(host); free(path);
32 TEST_DONE();
33
34 TEST_START("misc_parse_user_ipv4_path");
35 ASSERT_INT_EQ(parse_user_host_path("someuser@1.22.33.144:some/path",
36 &user, &host, &path), 0);
37 ASSERT_STRING_EQ(user, "someuser");
38 ASSERT_STRING_EQ(host, "1.22.33.144");
39 ASSERT_STRING_EQ(path, "some/path");
40 free(user); free(host); free(path);
41 TEST_DONE();
42
43 TEST_START("misc_parse_user_[ipv4]_path");
44 ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:some/path",
45 &user, &host, &path), 0);
46 ASSERT_STRING_EQ(user, "someuser");
47 ASSERT_STRING_EQ(host, "1.22.33.144");
48 ASSERT_STRING_EQ(path, "some/path");
49 free(user); free(host); free(path);
50 TEST_DONE();
51
52 TEST_START("misc_parse_user_[ipv4]_nopath");
53 ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:",
54 &user, &host, &path), 0);
55 ASSERT_STRING_EQ(user, "someuser");
56 ASSERT_STRING_EQ(host, "1.22.33.144");
57 ASSERT_STRING_EQ(path, ".");
58 free(user); free(host); free(path);
59 TEST_DONE();
60
61 TEST_START("misc_parse_user_ipv6_path");
62 ASSERT_INT_EQ(parse_user_host_path("someuser@[::1]:some/path",
63 &user, &host, &path), 0);
64 ASSERT_STRING_EQ(user, "someuser");
65 ASSERT_STRING_EQ(host, "::1");
66 ASSERT_STRING_EQ(path, "some/path");
67 free(user); free(host); free(path);
68 TEST_DONE();
69
70 TEST_START("misc_parse_uri");
71 ASSERT_INT_EQ(parse_uri("ssh", "ssh://someuser@some.host:22/some/path",
72 &user, &host, &port, &path), 0);
73 ASSERT_STRING_EQ(user, "someuser");
74 ASSERT_STRING_EQ(host, "some.host");
75 ASSERT_INT_EQ(port, 22);
76 ASSERT_STRING_EQ(path, "some/path");
77 free(user); free(host); free(path);
78 TEST_DONE();
79}
diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile
index 0e8e9fd10..5f6c4426a 100644
--- a/regress/unittests/sshbuf/Makefile
+++ b/regress/unittests/sshbuf/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.7 2018/10/17 23:28:05 djm Exp $ 1# $OpenBSD: Makefile,v 1.8 2020/01/26 00:09:50 djm Exp $
2 2
3.include <bsd.regress.mk> 3# $OpenBSD: Makefile,v 1.8 2020/01/26 00:09:50 djm Exp $
4 4
5PROG=test_sshbuf 5PROG=test_sshbuf
6SRCS=tests.c 6SRCS=tests.c
@@ -14,7 +14,7 @@ SRCS+=test_sshbuf_fixed.c
14 14
15# From usr.bin/ssh 15# From usr.bin/ssh
16SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c 16SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
17SRCS+=atomicio.c 17SRCS+=sshbuf-io.c atomicio.c misc.c xmalloc.c log.c fatal.c ssherr.c cleanup.c
18 18
19run-regress-${PROG}: ${PROG} 19run-regress-${PROG}: ${PROG}
20 env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS} 20 env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS}
diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile
index aa731df1c..78b2cf0ce 100644
--- a/regress/unittests/sshkey/Makefile
+++ b/regress/unittests/sshkey/Makefile
@@ -1,16 +1,17 @@
1# $OpenBSD: Makefile,v 1.6 2018/10/17 23:28:05 djm Exp $ 1# $OpenBSD: Makefile,v 1.9 2020/01/26 00:09:50 djm Exp $
2 2
3PROG=test_sshkey 3PROG=test_sshkey
4SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c 4SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
5 5
6# From usr.bin/ssh 6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c 7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c 8SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c 9SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c 10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c 11SRCS+=addrmatch.c bitmap.c
12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c 12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
13SRCS+=cipher-chachapoly.c chacha.c poly1305.c 13SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
14SRCS+=ssh-ed25519-sk.c sk-usbhid.c
14 15
15SRCS+=digest-openssl.c 16SRCS+=digest-openssl.c
16#SRCS+=digest-libc.c 17#SRCS+=digest-libc.c
diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
index e21638093..effea578c 100644
--- a/regress/unittests/sshkey/common.c
+++ b/regress/unittests/sshkey/common.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: common.c,v 1.3 2018/09/13 09:03:20 djm Exp $ */ 1/* $OpenBSD: common.c,v 1.4 2020/01/26 00:09:50 djm Exp $ */
2/* 2/*
3 * Helpers for key API tests 3 * Helpers for key API tests
4 * 4 *
@@ -43,13 +43,10 @@
43struct sshbuf * 43struct sshbuf *
44load_file(const char *name) 44load_file(const char *name)
45{ 45{
46 int fd; 46 struct sshbuf *ret = NULL;
47 struct sshbuf *ret;
48 47
49 ASSERT_PTR_NE(ret = sshbuf_new(), NULL); 48 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
50 ASSERT_INT_NE(fd = open(test_data_file(name), O_RDONLY), -1); 49 ASSERT_PTR_NE(ret, NULL);
51 ASSERT_INT_EQ(sshkey_load_file(fd, ret), 0);
52 close(fd);
53 return ret; 50 return ret;
54} 51}
55 52
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 1323f8997..359811893 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_fuzz.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */ 1/* $OpenBSD: test_fuzz.c,v 1.11 2019/11/25 10:32:35 djm Exp $ */
2/* 2/*
3 * Fuzz tests for key parsing 3 * Fuzz tests for key parsing
4 * 4 *
@@ -87,10 +87,11 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
87 if (test_is_slow()) 87 if (test_is_slow())
88 fuzzers |= FUZZ_2_BIT_FLIP; 88 fuzzers |= FUZZ_2_BIT_FLIP;
89 89
90 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); 90 ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c),
91 sig_alg, NULL, 0), 0);
91 ASSERT_SIZE_T_GT(l, 0); 92 ASSERT_SIZE_T_GT(l, 0);
92 fuzz = fuzz_begin(fuzzers, sig, l); 93 fuzz = fuzz_begin(fuzzers, sig, l);
93 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0); 94 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0, NULL), 0);
94 free(sig); 95 free(sig);
95 TEST_ONERROR(onerror, fuzz); 96 TEST_ONERROR(onerror, fuzz);
96 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 97 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
@@ -98,7 +99,7 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
98 if (fuzz_matches_original(fuzz)) 99 if (fuzz_matches_original(fuzz))
99 continue; 100 continue;
100 ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz), 101 ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
101 c, sizeof(c), NULL, 0), 0); 102 c, sizeof(c), NULL, 0, NULL), 0);
102 } 103 }
103 fuzz_cleanup(fuzz); 104 fuzz_cleanup(fuzz);
104} 105}
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 42395b8db..025bb9815 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_sshkey.c,v 1.18 2019/06/21 04:21:45 djm Exp $ */ 1/* $OpenBSD: test_sshkey.c,v 1.20 2019/11/25 10:32:35 djm Exp $ */
2/* 2/*
3 * Regress test for sshkey.h key management API 3 * Regress test for sshkey.h key management API
4 * 4 *
@@ -101,7 +101,7 @@ build_cert(struct sshbuf *b, struct sshkey *k, const char *type,
101 ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ 101 ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
102 ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ 102 ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
103 ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, 103 ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
104 sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0); 104 sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, 0), 0);
105 ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ 105 ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
106 106
107 free(sigblob); 107 free(sigblob);
@@ -120,14 +120,14 @@ signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
120 size_t len; 120 size_t len;
121 u_char *sig; 121 u_char *sig;
122 122
123 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); 123 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, NULL, 0), 0);
124 ASSERT_SIZE_T_GT(len, 8); 124 ASSERT_SIZE_T_GT(len, 8);
125 ASSERT_PTR_NE(sig, NULL); 125 ASSERT_PTR_NE(sig, NULL);
126 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0), 0); 126 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
127 ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0), 0); 127 ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0);
128 /* Fuzz test is more comprehensive, this is just a smoke test */ 128 /* Fuzz test is more comprehensive, this is just a smoke test */
129 sig[len - 5] ^= 0x10; 129 sig[len - 5] ^= 0x10;
130 ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0), 0); 130 ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
131 free(sig); 131 free(sig);
132} 132}
133 133
@@ -437,7 +437,7 @@ sshkey_tests(void)
437 put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL); 437 put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
438 put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL); 438 put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
439 ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0); 439 ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
440 ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL), 0); 440 ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL, NULL), 0);
441 b = sshbuf_new(); 441 b = sshbuf_new();
442 ASSERT_PTR_NE(b, NULL); 442 ASSERT_PTR_NE(b, NULL);
443 ASSERT_INT_EQ(sshkey_putb(k1, b), 0); 443 ASSERT_INT_EQ(sshkey_putb(k1, b), 0);
diff --git a/sandbox-darwin.c b/sandbox-darwin.c
index a61de7495..59b4d286e 100644
--- a/sandbox-darwin.c
+++ b/sandbox-darwin.c
@@ -30,7 +30,7 @@
30#include <unistd.h> 30#include <unistd.h>
31 31
32#include "log.h" 32#include "log.h"
33#include "sandbox.h" 33#include "ssh-sandbox.h"
34#include "monitor.h" 34#include "monitor.h"
35#include "xmalloc.h" 35#include "xmalloc.h"
36 36
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 0914e48ba..f80981faf 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -188,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
188#ifdef __NR_clock_gettime 188#ifdef __NR_clock_gettime
189 SC_ALLOW(__NR_clock_gettime), 189 SC_ALLOW(__NR_clock_gettime),
190#endif 190#endif
191#ifdef __NR_clock_gettime64
192 SC_ALLOW(__NR_clock_gettime64),
193#endif
191#ifdef __NR_close 194#ifdef __NR_close
192 SC_ALLOW(__NR_close), 195 SC_ALLOW(__NR_close),
193#endif 196#endif
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 93e63b8e0..e61d581ae 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -105,7 +105,7 @@ ssh_sandbox_init(struct monitor *monitor)
105 box = xcalloc(1, sizeof(*box)); 105 box = xcalloc(1, sizeof(*box));
106 box->systrace_fd = -1; 106 box->systrace_fd = -1;
107 box->child_pid = 0; 107 box->child_pid = 0;
108 box->osigchld = signal(SIGCHLD, SIG_IGN); 108 box->osigchld = ssh_signal(SIGCHLD, SIG_IGN);
109 109
110 return box; 110 return box;
111} 111}
@@ -114,7 +114,7 @@ void
114ssh_sandbox_child(struct ssh_sandbox *box) 114ssh_sandbox_child(struct ssh_sandbox *box)
115{ 115{
116 debug3("%s: ready", __func__); 116 debug3("%s: ready", __func__);
117 signal(SIGCHLD, box->osigchld); 117 ssh_signal(SIGCHLD, box->osigchld);
118 if (kill(getpid(), SIGSTOP) != 0) 118 if (kill(getpid(), SIGSTOP) != 0)
119 fatal("%s: kill(%d, SIGSTOP)", __func__, getpid()); 119 fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
120 debug3("%s: started", __func__); 120 debug3("%s: started", __func__);
@@ -133,7 +133,7 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
133 do { 133 do {
134 pid = waitpid(child_pid, &status, WUNTRACED); 134 pid = waitpid(child_pid, &status, WUNTRACED);
135 } while (pid == -1 && errno == EINTR); 135 } while (pid == -1 && errno == EINTR);
136 signal(SIGCHLD, box->osigchld); 136 ssh_signal(SIGCHLD, box->osigchld);
137 if (!WIFSTOPPED(status)) { 137 if (!WIFSTOPPED(status)) {
138 if (WIFSIGNALED(status)) 138 if (WIFSIGNALED(status))
139 fatal("%s: child terminated with signal %d", 139 fatal("%s: child terminated with signal %d",
diff --git a/scp.0 b/scp.0
index ce4b88b01..7775eb1e5 100644
--- a/scp.0
+++ b/scp.0
@@ -1,7 +1,7 @@
1SCP(1) General Commands Manual SCP(1) 1SCP(1) General Commands Manual SCP(1)
2 2
3NAME 3NAME
4 scp M-bM-^@M-^S secure copy (remote file copy program) 4 scp M-bM-^@M-^S OpenSSH secure file copy
5 5
6SYNOPSIS 6SYNOPSIS
7 scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file] 7 scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
@@ -179,4 +179,4 @@ AUTHORS
179 Timo Rinne <tri@iki.fi> 179 Timo Rinne <tri@iki.fi>
180 Tatu Ylonen <ylo@cs.hut.fi> 180 Tatu Ylonen <ylo@cs.hut.fi>
181 181
182OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 182OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/scp.1 b/scp.1
index dee7fcead..9c3a85366 100644
--- a/scp.1
+++ b/scp.1
@@ -8,14 +8,14 @@
8.\" 8.\"
9.\" Created: Sun May 7 00:14:37 1995 ylo 9.\" Created: Sun May 7 00:14:37 1995 ylo
10.\" 10.\"
11.\" $OpenBSD: scp.1,v 1.86 2019/06/12 11:31:50 jmc Exp $ 11.\" $OpenBSD: scp.1,v 1.87 2019/11/30 07:07:59 jmc Exp $
12.\" 12.\"
13.Dd $Mdocdate: June 12 2019 $ 13.Dd $Mdocdate: November 30 2019 $
14.Dt SCP 1 14.Dt SCP 1
15.Os 15.Os
16.Sh NAME 16.Sh NAME
17.Nm scp 17.Nm scp
18.Nd secure copy (remote file copy program) 18.Nd OpenSSH secure file copy
19.Sh SYNOPSIS 19.Sh SYNOPSIS
20.Nm scp 20.Nm scp
21.Op Fl 346BCpqrTv 21.Op Fl 346BCpqrTv
diff --git a/scp.c b/scp.c
index 5a7a92a7e..9b64aa5f4 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */ 1/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -94,7 +94,9 @@
94#include <dirent.h> 94#include <dirent.h>
95#include <errno.h> 95#include <errno.h>
96#include <fcntl.h> 96#include <fcntl.h>
97#ifdef HAVE_FNMATCH_H
97#include <fnmatch.h> 98#include <fnmatch.h>
99#endif
98#include <limits.h> 100#include <limits.h>
99#include <locale.h> 101#include <locale.h>
100#include <pwd.h> 102#include <pwd.h>
@@ -221,9 +223,9 @@ do_local_cmd(arglist *a)
221 } 223 }
222 224
223 do_cmd_pid = pid; 225 do_cmd_pid = pid;
224 signal(SIGTERM, killchild); 226 ssh_signal(SIGTERM, killchild);
225 signal(SIGINT, killchild); 227 ssh_signal(SIGINT, killchild);
226 signal(SIGHUP, killchild); 228 ssh_signal(SIGHUP, killchild);
227 229
228 while (waitpid(pid, &status, 0) == -1) 230 while (waitpid(pid, &status, 0) == -1)
229 if (errno != EINTR) 231 if (errno != EINTR)
@@ -274,9 +276,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
274 close(reserved[0]); 276 close(reserved[0]);
275 close(reserved[1]); 277 close(reserved[1]);
276 278
277 signal(SIGTSTP, suspchild); 279 ssh_signal(SIGTSTP, suspchild);
278 signal(SIGTTIN, suspchild); 280 ssh_signal(SIGTTIN, suspchild);
279 signal(SIGTTOU, suspchild); 281 ssh_signal(SIGTTOU, suspchild);
280 282
281 /* Fork a child to execute the command on the remote host using ssh. */ 283 /* Fork a child to execute the command on the remote host using ssh. */
282 do_cmd_pid = fork(); 284 do_cmd_pid = fork();
@@ -313,9 +315,9 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
313 *fdout = pin[1]; 315 *fdout = pin[1];
314 close(pout[1]); 316 close(pout[1]);
315 *fdin = pout[0]; 317 *fdin = pout[0];
316 signal(SIGTERM, killchild); 318 ssh_signal(SIGTERM, killchild);
317 signal(SIGINT, killchild); 319 ssh_signal(SIGINT, killchild);
318 signal(SIGHUP, killchild); 320 ssh_signal(SIGHUP, killchild);
319 return 0; 321 return 0;
320} 322}
321 323
@@ -567,7 +569,7 @@ main(int argc, char **argv)
567 iamrecursive ? " -r" : "", pflag ? " -p" : "", 569 iamrecursive ? " -r" : "", pflag ? " -p" : "",
568 targetshouldbedirectory ? " -d" : ""); 570 targetshouldbedirectory ? " -d" : "");
569 571
570 (void) signal(SIGPIPE, lostconn); 572 (void) ssh_signal(SIGPIPE, lostconn);
571 573
572 if (colon(argv[argc - 1])) /* Dest is remote host. */ 574 if (colon(argv[argc - 1])) /* Dest is remote host. */
573 toremote(argc, argv); 575 toremote(argc, argv);
diff --git a/servconf.c b/servconf.c
index 4464d51a5..470ad3619 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */ 2/* $OpenBSD: servconf.c,v 1.360 2020/01/31 22:42:45 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -40,6 +40,11 @@
40#ifdef HAVE_UTIL_H 40#ifdef HAVE_UTIL_H
41#include <util.h> 41#include <util.h>
42#endif 42#endif
43#ifdef USE_SYSTEM_GLOB
44# include <glob.h>
45#else
46# include "openbsd-compat/glob.h"
47#endif
43 48
44#include "openbsd-compat/sys-queue.h" 49#include "openbsd-compat/sys-queue.h"
45#include "xmalloc.h" 50#include "xmalloc.h"
@@ -70,6 +75,9 @@ static void add_listen_addr(ServerOptions *, const char *,
70 const char *, int); 75 const char *, int);
71static void add_one_listen_addr(ServerOptions *, const char *, 76static void add_one_listen_addr(ServerOptions *, const char *,
72 const char *, int); 77 const char *, int);
78void parse_server_config_depth(ServerOptions *options, const char *filename,
79 struct sshbuf *conf, struct include_list *includes,
80 struct connection_info *connectinfo, int flags, int *activep, int depth);
73 81
74/* Use of privilege separation or not */ 82/* Use of privilege separation or not */
75extern int use_privsep; 83extern int use_privsep;
@@ -119,6 +127,7 @@ initialize_server_options(ServerOptions *options)
119 options->hostbased_key_types = NULL; 127 options->hostbased_key_types = NULL;
120 options->hostkeyalgorithms = NULL; 128 options->hostkeyalgorithms = NULL;
121 options->pubkey_authentication = -1; 129 options->pubkey_authentication = -1;
130 options->pubkey_auth_options = -1;
122 options->pubkey_key_types = NULL; 131 options->pubkey_key_types = NULL;
123 options->kerberos_authentication = -1; 132 options->kerberos_authentication = -1;
124 options->kerberos_or_local_passwd = -1; 133 options->kerberos_or_local_passwd = -1;
@@ -174,6 +183,7 @@ initialize_server_options(ServerOptions *options)
174 options->authorized_keys_command = NULL; 183 options->authorized_keys_command = NULL;
175 options->authorized_keys_command_user = NULL; 184 options->authorized_keys_command_user = NULL;
176 options->revoked_keys_file = NULL; 185 options->revoked_keys_file = NULL;
186 options->sk_provider = NULL;
177 options->trusted_user_ca_keys = NULL; 187 options->trusted_user_ca_keys = NULL;
178 options->authorized_principals_file = NULL; 188 options->authorized_principals_file = NULL;
179 options->authorized_principals_command = NULL; 189 options->authorized_principals_command = NULL;
@@ -198,6 +208,7 @@ static void
198assemble_algorithms(ServerOptions *o) 208assemble_algorithms(ServerOptions *o)
199{ 209{
200 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 210 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
211 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
201 int r; 212 int r;
202 213
203 all_cipher = cipher_alg_list(',', 0); 214 all_cipher = cipher_alg_list(',', 0);
@@ -205,24 +216,35 @@ assemble_algorithms(ServerOptions *o)
205 all_kex = kex_alg_list(','); 216 all_kex = kex_alg_list(',');
206 all_key = sshkey_alg_list(0, 0, 1, ','); 217 all_key = sshkey_alg_list(0, 0, 1, ',');
207 all_sig = sshkey_alg_list(0, 1, 1, ','); 218 all_sig = sshkey_alg_list(0, 1, 1, ',');
219 /* remove unsupported algos from default lists */
220 def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher);
221 def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac);
222 def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex);
223 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
224 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
208#define ASSEMBLE(what, defaults, all) \ 225#define ASSEMBLE(what, defaults, all) \
209 do { \ 226 do { \
210 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 227 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
211 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 228 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
212 } while (0) 229 } while (0)
213 ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher); 230 ASSEMBLE(ciphers, def_cipher, all_cipher);
214 ASSEMBLE(macs, KEX_SERVER_MAC, all_mac); 231 ASSEMBLE(macs, def_mac, all_mac);
215 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); 232 ASSEMBLE(kex_algorithms, def_kex, all_kex);
216 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); 233 ASSEMBLE(hostkeyalgorithms, def_key, all_key);
217 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); 234 ASSEMBLE(hostbased_key_types, def_key, all_key);
218 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); 235 ASSEMBLE(pubkey_key_types, def_key, all_key);
219 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); 236 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
220#undef ASSEMBLE 237#undef ASSEMBLE
221 free(all_cipher); 238 free(all_cipher);
222 free(all_mac); 239 free(all_mac);
223 free(all_kex); 240 free(all_kex);
224 free(all_key); 241 free(all_key);
225 free(all_sig); 242 free(all_sig);
243 free(def_cipher);
244 free(def_mac);
245 free(def_kex);
246 free(def_key);
247 free(def_sig);
226} 248}
227 249
228static void 250static void
@@ -346,6 +368,8 @@ fill_default_server_options(ServerOptions *options)
346 options->hostbased_uses_name_from_packet_only = 0; 368 options->hostbased_uses_name_from_packet_only = 0;
347 if (options->pubkey_authentication == -1) 369 if (options->pubkey_authentication == -1)
348 options->pubkey_authentication = 1; 370 options->pubkey_authentication = 1;
371 if (options->pubkey_auth_options == -1)
372 options->pubkey_auth_options = 0;
349 if (options->kerberos_authentication == -1) 373 if (options->kerberos_authentication == -1)
350 options->kerberos_authentication = 0; 374 options->kerberos_authentication = 0;
351 if (options->kerberos_or_local_passwd == -1) 375 if (options->kerberos_or_local_passwd == -1)
@@ -381,7 +405,12 @@ fill_default_server_options(ServerOptions *options)
381 options->permit_user_env_whitelist = NULL; 405 options->permit_user_env_whitelist = NULL;
382 } 406 }
383 if (options->compression == -1) 407 if (options->compression == -1)
408#ifdef WITH_ZLIB
384 options->compression = COMP_DELAYED; 409 options->compression = COMP_DELAYED;
410#else
411 options->compression = COMP_NONE;
412#endif
413
385 if (options->rekey_limit == -1) 414 if (options->rekey_limit == -1)
386 options->rekey_limit = 0; 415 options->rekey_limit = 0;
387 if (options->rekey_interval == -1) 416 if (options->rekey_interval == -1)
@@ -438,6 +467,8 @@ fill_default_server_options(ServerOptions *options)
438 options->disable_forwarding = 0; 467 options->disable_forwarding = 0;
439 if (options->expose_userauth_info == -1) 468 if (options->expose_userauth_info == -1)
440 options->expose_userauth_info = 0; 469 options->expose_userauth_info = 0;
470 if (options->sk_provider == NULL)
471 options->sk_provider = xstrdup("internal");
441 if (options->debian_banner == -1) 472 if (options->debian_banner == -1)
442 options->debian_banner = 1; 473 options->debian_banner = 1;
443 474
@@ -459,10 +490,12 @@ fill_default_server_options(ServerOptions *options)
459 CLEAR_ON_NONE(options->banner); 490 CLEAR_ON_NONE(options->banner);
460 CLEAR_ON_NONE(options->trusted_user_ca_keys); 491 CLEAR_ON_NONE(options->trusted_user_ca_keys);
461 CLEAR_ON_NONE(options->revoked_keys_file); 492 CLEAR_ON_NONE(options->revoked_keys_file);
493 CLEAR_ON_NONE(options->sk_provider);
462 CLEAR_ON_NONE(options->authorized_principals_file); 494 CLEAR_ON_NONE(options->authorized_principals_file);
463 CLEAR_ON_NONE(options->adm_forced_command); 495 CLEAR_ON_NONE(options->adm_forced_command);
464 CLEAR_ON_NONE(options->chroot_directory); 496 CLEAR_ON_NONE(options->chroot_directory);
465 CLEAR_ON_NONE(options->routing_domain); 497 CLEAR_ON_NONE(options->routing_domain);
498 CLEAR_ON_NONE(options->host_key_agent);
466 for (i = 0; i < options->num_host_key_files; i++) 499 for (i = 0; i < options->num_host_key_files; i++)
467 CLEAR_ON_NONE(options->host_key_files[i]); 500 CLEAR_ON_NONE(options->host_key_files[i]);
468 for (i = 0; i < options->num_host_cert_files; i++) 501 for (i = 0; i < options->num_host_cert_files; i++)
@@ -517,7 +550,7 @@ typedef enum {
517 sAcceptEnv, sSetEnv, sPermitTunnel, 550 sAcceptEnv, sSetEnv, sPermitTunnel,
518 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 551 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
519 sUsePrivilegeSeparation, sAllowAgentForwarding, 552 sUsePrivilegeSeparation, sAllowAgentForwarding,
520 sHostCertificate, 553 sHostCertificate, sInclude,
521 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 554 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
522 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 555 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
523 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 556 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
@@ -525,14 +558,15 @@ typedef enum {
525 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 558 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
526 sStreamLocalBindMask, sStreamLocalBindUnlink, 559 sStreamLocalBindMask, sStreamLocalBindUnlink,
527 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 560 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
528 sExposeAuthInfo, sRDomain, 561 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
529 sDebianBanner, 562 sDebianBanner,
530 sDeprecated, sIgnore, sUnsupported 563 sDeprecated, sIgnore, sUnsupported
531} ServerOpCodes; 564} ServerOpCodes;
532 565
533#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 566#define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */
534#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 567#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
535#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 568#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
569#define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */
536 570
537/* Textual representation of the tokens. */ 571/* Textual representation of the tokens. */
538static struct { 572static struct {
@@ -568,6 +602,7 @@ static struct {
568 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 602 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
569 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 603 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
570 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 604 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
605 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL },
571 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 606 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
572#ifdef KRB5 607#ifdef KRB5
573 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 608 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
@@ -671,6 +706,7 @@ static struct {
671 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 706 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
672 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 707 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
673 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 708 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
709 { "include", sInclude, SSHCFG_ALL },
674 { "ipqos", sIPQoS, SSHCFG_ALL }, 710 { "ipqos", sIPQoS, SSHCFG_ALL },
675 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 711 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
676 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 712 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
@@ -686,6 +722,7 @@ static struct {
686 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 722 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
687 { "rdomain", sRDomain, SSHCFG_ALL }, 723 { "rdomain", sRDomain, SSHCFG_ALL },
688 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 724 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
725 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
689 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, 726 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
690 { NULL, sBadOption, 0 } 727 { NULL, sBadOption, 0 }
691}; 728};
@@ -1220,8 +1257,10 @@ static const struct multistate multistate_permitrootlogin[] = {
1220 { NULL, -1 } 1257 { NULL, -1 }
1221}; 1258};
1222static const struct multistate multistate_compression[] = { 1259static const struct multistate multistate_compression[] = {
1260#ifdef WITH_ZLIB
1223 { "yes", COMP_DELAYED }, 1261 { "yes", COMP_DELAYED },
1224 { "delayed", COMP_DELAYED }, 1262 { "delayed", COMP_DELAYED },
1263#endif
1225 { "no", COMP_NONE }, 1264 { "no", COMP_NONE },
1226 { NULL, -1 } 1265 { NULL, -1 }
1227}; 1266};
@@ -1240,13 +1279,14 @@ static const struct multistate multistate_tcpfwd[] = {
1240 { NULL, -1 } 1279 { NULL, -1 }
1241}; 1280};
1242 1281
1243int 1282static int
1244process_server_config_line(ServerOptions *options, char *line, 1283process_server_config_line_depth(ServerOptions *options, char *line,
1245 const char *filename, int linenum, int *activep, 1284 const char *filename, int linenum, int *activep,
1246 struct connection_info *connectinfo) 1285 struct connection_info *connectinfo, int inc_flags, int depth,
1286 struct include_list *includes)
1247{ 1287{
1248 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1288 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
1249 int cmdline = 0, *intptr, value, value2, n, port; 1289 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
1250 SyslogFacility *log_facility_ptr; 1290 SyslogFacility *log_facility_ptr;
1251 LogLevel *log_level_ptr; 1291 LogLevel *log_level_ptr;
1252 ServerOpCodes opcode; 1292 ServerOpCodes opcode;
@@ -1255,6 +1295,8 @@ process_server_config_line(ServerOptions *options, char *line,
1255 long long val64; 1295 long long val64;
1256 const struct multistate *multistate_ptr; 1296 const struct multistate *multistate_ptr;
1257 const char *errstr; 1297 const char *errstr;
1298 struct include_item *item;
1299 glob_t gbuf;
1258 1300
1259 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1301 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1260 if ((len = strlen(line)) == 0) 1302 if ((len = strlen(line)) == 0)
@@ -1281,7 +1323,7 @@ process_server_config_line(ServerOptions *options, char *line,
1281 cmdline = 1; 1323 cmdline = 1;
1282 activep = &cmdline; 1324 activep = &cmdline;
1283 } 1325 }
1284 if (*activep && opcode != sMatch) 1326 if (*activep && opcode != sMatch && opcode != sInclude)
1285 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1327 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
1286 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1328 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1287 if (connectinfo == NULL) { 1329 if (connectinfo == NULL) {
@@ -1497,6 +1539,24 @@ process_server_config_line(ServerOptions *options, char *line,
1497 charptr = &options->pubkey_key_types; 1539 charptr = &options->pubkey_key_types;
1498 goto parse_keytypes; 1540 goto parse_keytypes;
1499 1541
1542 case sPubkeyAuthOptions:
1543 intptr = &options->pubkey_auth_options;
1544 value = 0;
1545 while ((arg = strdelim(&cp)) && *arg != '\0') {
1546 if (strcasecmp(arg, "none") == 0)
1547 continue;
1548 if (strcasecmp(arg, "touch-required") == 0)
1549 value |= PUBKEYAUTH_TOUCH_REQUIRED;
1550 else {
1551 fatal("%s line %d: unsupported "
1552 "PubkeyAuthOptions option %s",
1553 filename, linenum, arg);
1554 }
1555 }
1556 if (*activep && *intptr == -1)
1557 *intptr = value;
1558 break;
1559
1500 case sKerberosAuthentication: 1560 case sKerberosAuthentication:
1501 intptr = &options->kerberos_authentication; 1561 intptr = &options->kerberos_authentication;
1502 goto parse_flag; 1562 goto parse_flag;
@@ -1956,6 +2016,96 @@ process_server_config_line(ServerOptions *options, char *line,
1956 *intptr = value; 2016 *intptr = value;
1957 break; 2017 break;
1958 2018
2019 case sInclude:
2020 if (cmdline) {
2021 fatal("Include directive not supported as a "
2022 "command-line option");
2023 }
2024 value = 0;
2025 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') {
2026 value++;
2027 found = 0;
2028 if (*arg2 != '/' && *arg2 != '~') {
2029 xasprintf(&arg, "%s/%s", SSHDIR, arg);
2030 } else
2031 arg = xstrdup(arg2);
2032
2033 /*
2034 * Don't let included files clobber the containing
2035 * file's Match state.
2036 */
2037 oactive = *activep;
2038
2039 /* consult cache of include files */
2040 TAILQ_FOREACH(item, includes, entry) {
2041 if (strcmp(item->selector, arg) != 0)
2042 continue;
2043 if (item->filename != NULL) {
2044 parse_server_config_depth(options,
2045 item->filename, item->contents,
2046 includes, connectinfo,
2047 (oactive ? 0 : SSHCFG_NEVERMATCH),
2048 activep, depth + 1);
2049 }
2050 found = 1;
2051 *activep = oactive;
2052 }
2053 if (found != 0) {
2054 free(arg);
2055 continue;
2056 }
2057
2058 /* requested glob was not in cache */
2059 debug2("%s line %d: new include %s",
2060 filename, linenum, arg);
2061 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
2062 if (r != GLOB_NOMATCH) {
2063 fatal("%s line %d: include \"%s\" "
2064 "glob failed", filename,
2065 linenum, arg);
2066 }
2067 /*
2068 * If no entry matched then record a
2069 * placeholder to skip later glob calls.
2070 */
2071 debug2("%s line %d: no match for %s",
2072 filename, linenum, arg);
2073 item = xcalloc(1, sizeof(*item));
2074 item->selector = strdup(arg);
2075 TAILQ_INSERT_TAIL(includes,
2076 item, entry);
2077 }
2078 if (gbuf.gl_pathc > INT_MAX)
2079 fatal("%s: too many glob results", __func__);
2080 for (n = 0; n < (int)gbuf.gl_pathc; n++) {
2081 debug2("%s line %d: including %s",
2082 filename, linenum, gbuf.gl_pathv[n]);
2083 item = xcalloc(1, sizeof(*item));
2084 item->selector = strdup(arg);
2085 item->filename = strdup(gbuf.gl_pathv[n]);
2086 if ((item->contents = sshbuf_new()) == NULL) {
2087 fatal("%s: sshbuf_new failed",
2088 __func__);
2089 }
2090 load_server_config(item->filename,
2091 item->contents);
2092 parse_server_config_depth(options,
2093 item->filename, item->contents,
2094 includes, connectinfo,
2095 (oactive ? 0 : SSHCFG_NEVERMATCH),
2096 activep, depth + 1);
2097 *activep = oactive;
2098 TAILQ_INSERT_TAIL(includes, item, entry);
2099 }
2100 globfree(&gbuf);
2101 free(arg);
2102 }
2103 if (value == 0) {
2104 fatal("%s line %d: Include missing filename argument",
2105 filename, linenum);
2106 }
2107 break;
2108
1959 case sMatch: 2109 case sMatch:
1960 if (cmdline) 2110 if (cmdline)
1961 fatal("Match directive not supported as a command-line " 2111 fatal("Match directive not supported as a command-line "
@@ -1964,7 +2114,7 @@ process_server_config_line(ServerOptions *options, char *line,
1964 if (value < 0) 2114 if (value < 0)
1965 fatal("%s line %d: Bad Match condition", filename, 2115 fatal("%s line %d: Bad Match condition", filename,
1966 linenum); 2116 linenum);
1967 *activep = value; 2117 *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
1968 break; 2118 break;
1969 2119
1970 case sPermitListen: 2120 case sPermitListen:
@@ -2052,6 +2202,21 @@ process_server_config_line(ServerOptions *options, char *line,
2052 charptr = &options->revoked_keys_file; 2202 charptr = &options->revoked_keys_file;
2053 goto parse_filename; 2203 goto parse_filename;
2054 2204
2205 case sSecurityKeyProvider:
2206 charptr = &options->sk_provider;
2207 arg = strdelim(&cp);
2208 if (!arg || *arg == '\0')
2209 fatal("%s line %d: missing file name.",
2210 filename, linenum);
2211 if (*activep && *charptr == NULL) {
2212 *charptr = strcasecmp(arg, "internal") == 0 ?
2213 xstrdup(arg) : derelativise_path(arg);
2214 /* increase optional counter */
2215 if (intptr != NULL)
2216 *intptr = *intptr + 1;
2217 }
2218 break;
2219
2055 case sIPQoS: 2220 case sIPQoS:
2056 arg = strdelim(&cp); 2221 arg = strdelim(&cp);
2057 if ((value = parse_ipqos(arg)) == -1) 2222 if ((value = parse_ipqos(arg)) == -1)
@@ -2247,6 +2412,16 @@ process_server_config_line(ServerOptions *options, char *line,
2247 return 0; 2412 return 0;
2248} 2413}
2249 2414
2415int
2416process_server_config_line(ServerOptions *options, char *line,
2417 const char *filename, int linenum, int *activep,
2418 struct connection_info *connectinfo, struct include_list *includes)
2419{
2420 return process_server_config_line_depth(options, line, filename,
2421 linenum, activep, connectinfo, 0, 0, includes);
2422}
2423
2424
2250/* Reads the server configuration file. */ 2425/* Reads the server configuration file. */
2251 2426
2252void 2427void
@@ -2285,12 +2460,13 @@ load_server_config(const char *filename, struct sshbuf *conf)
2285 2460
2286void 2461void
2287parse_server_match_config(ServerOptions *options, 2462parse_server_match_config(ServerOptions *options,
2288 struct connection_info *connectinfo) 2463 struct include_list *includes, struct connection_info *connectinfo)
2289{ 2464{
2290 ServerOptions mo; 2465 ServerOptions mo;
2291 2466
2292 initialize_server_options(&mo); 2467 initialize_server_options(&mo);
2293 parse_server_config(&mo, "reprocess config", cfg, connectinfo); 2468 parse_server_config(&mo, "reprocess config", cfg, includes,
2469 connectinfo);
2294 copy_set_server_options(options, &mo, 0); 2470 copy_set_server_options(options, &mo, 0);
2295} 2471}
2296 2472
@@ -2343,6 +2519,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2343 M_CP_INTOPT(password_authentication); 2519 M_CP_INTOPT(password_authentication);
2344 M_CP_INTOPT(gss_authentication); 2520 M_CP_INTOPT(gss_authentication);
2345 M_CP_INTOPT(pubkey_authentication); 2521 M_CP_INTOPT(pubkey_authentication);
2522 M_CP_INTOPT(pubkey_auth_options);
2346 M_CP_INTOPT(kerberos_authentication); 2523 M_CP_INTOPT(kerberos_authentication);
2347 M_CP_INTOPT(hostbased_authentication); 2524 M_CP_INTOPT(hostbased_authentication);
2348 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2525 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
@@ -2433,22 +2610,27 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2433#undef M_CP_STROPT 2610#undef M_CP_STROPT
2434#undef M_CP_STRARRAYOPT 2611#undef M_CP_STRARRAYOPT
2435 2612
2613#define SERVCONF_MAX_DEPTH 16
2436void 2614void
2437parse_server_config(ServerOptions *options, const char *filename, 2615parse_server_config_depth(ServerOptions *options, const char *filename,
2438 struct sshbuf *conf, struct connection_info *connectinfo) 2616 struct sshbuf *conf, struct include_list *includes,
2617 struct connection_info *connectinfo, int flags, int *activep, int depth)
2439{ 2618{
2440 int active, linenum, bad_options = 0; 2619 int linenum, bad_options = 0;
2441 char *cp, *obuf, *cbuf; 2620 char *cp, *obuf, *cbuf;
2442 2621
2622 if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
2623 fatal("Too many recursive configuration includes");
2624
2443 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); 2625 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
2444 2626
2445 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2627 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2446 fatal("%s: sshbuf_dup_string failed", __func__); 2628 fatal("%s: sshbuf_dup_string failed", __func__);
2447 active = connectinfo ? 0 : 1;
2448 linenum = 1; 2629 linenum = 1;
2449 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2630 while ((cp = strsep(&cbuf, "\n")) != NULL) {
2450 if (process_server_config_line(options, cp, filename, 2631 if (process_server_config_line_depth(options, cp,
2451 linenum++, &active, connectinfo) != 0) 2632 filename, linenum++, activep, connectinfo, flags,
2633 depth, includes) != 0)
2452 bad_options++; 2634 bad_options++;
2453 } 2635 }
2454 free(obuf); 2636 free(obuf);
@@ -2458,6 +2640,16 @@ parse_server_config(ServerOptions *options, const char *filename,
2458 process_queued_listen_addrs(options); 2640 process_queued_listen_addrs(options);
2459} 2641}
2460 2642
2643void
2644parse_server_config(ServerOptions *options, const char *filename,
2645 struct sshbuf *conf, struct include_list *includes,
2646 struct connection_info *connectinfo)
2647{
2648 int active = connectinfo ? 0 : 1;
2649 parse_server_config_depth(options, filename, conf, includes,
2650 connectinfo, 0, &active, 0);
2651}
2652
2461static const char * 2653static const char *
2462fmt_multistate_int(int val, const struct multistate *m) 2654fmt_multistate_int(int val, const struct multistate *m)
2463{ 2655{
@@ -2673,13 +2865,14 @@ dump_config(ServerOptions *o)
2673 /* string arguments */ 2865 /* string arguments */
2674 dump_cfg_string(sPidFile, o->pid_file); 2866 dump_cfg_string(sPidFile, o->pid_file);
2675 dump_cfg_string(sXAuthLocation, o->xauth_location); 2867 dump_cfg_string(sXAuthLocation, o->xauth_location);
2676 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2868 dump_cfg_string(sCiphers, o->ciphers);
2677 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2869 dump_cfg_string(sMacs, o->macs);
2678 dump_cfg_string(sBanner, o->banner); 2870 dump_cfg_string(sBanner, o->banner);
2679 dump_cfg_string(sForceCommand, o->adm_forced_command); 2871 dump_cfg_string(sForceCommand, o->adm_forced_command);
2680 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2872 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2681 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2873 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2682 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2874 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2875 dump_cfg_string(sSecurityKeyProvider, o->sk_provider);
2683 dump_cfg_string(sAuthorizedPrincipalsFile, 2876 dump_cfg_string(sAuthorizedPrincipalsFile,
2684 o->authorized_principals_file); 2877 o->authorized_principals_file);
2685 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2878 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
@@ -2689,16 +2882,11 @@ dump_config(ServerOptions *o)
2689 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2882 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2690 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2883 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2691 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2884 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2692 dump_cfg_string(sKexAlgorithms, 2885 dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
2693 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2886 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
2694 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? 2887 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types);
2695 o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); 2888 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
2696 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2889 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2697 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2698 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2699 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2700 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2701 o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2702 dump_cfg_string(sRDomain, o->routing_domain); 2890 dump_cfg_string(sRDomain, o->routing_domain);
2703 2891
2704 /* string arguments requiring a lookup */ 2892 /* string arguments requiring a lookup */
@@ -2768,4 +2956,10 @@ dump_config(ServerOptions *o)
2768 o->permit_user_env_whitelist); 2956 o->permit_user_env_whitelist);
2769 } 2957 }
2770 2958
2959 printf("pubkeyauthoptions");
2960 if (o->pubkey_auth_options == 0)
2961 printf(" none");
2962 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED)
2963 printf(" touch-required");
2964 printf("\n");
2771} 2965}
diff --git a/servconf.h b/servconf.h
index d5ad19065..3fa05fcac 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.140 2019/04/18 18:56:16 dtucker Exp $ */ 1/* $OpenBSD: servconf.h,v 1.143 2020/01/31 22:42:45 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,6 +16,8 @@
16#ifndef SERVCONF_H 16#ifndef SERVCONF_H
17#define SERVCONF_H 17#define SERVCONF_H
18 18
19#include <openbsd-compat/sys-queue.h>
20
19#define MAX_PORTS 256 /* Max # ports. */ 21#define MAX_PORTS 256 /* Max # ports. */
20 22
21#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 23#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
@@ -42,6 +44,9 @@
42/* Magic name for internal sftp-server */ 44/* Magic name for internal sftp-server */
43#define INTERNAL_SFTP_NAME "internal-sftp" 45#define INTERNAL_SFTP_NAME "internal-sftp"
44 46
47/* PubkeyAuthOptions flags */
48#define PUBKEYAUTH_TOUCH_REQUIRED 1
49
45struct ssh; 50struct ssh;
46struct fwd_perm_list; 51struct fwd_perm_list;
47 52
@@ -114,6 +119,7 @@ typedef struct {
114 char *ca_sign_algorithms; /* Allowed CA signature algorithms */ 119 char *ca_sign_algorithms; /* Allowed CA signature algorithms */
115 int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 120 int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
116 char *pubkey_key_types; /* Key types allowed for public key */ 121 char *pubkey_key_types; /* Key types allowed for public key */
122 int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */
117 int kerberos_authentication; /* If true, permit Kerberos 123 int kerberos_authentication; /* If true, permit Kerberos
118 * authentication. */ 124 * authentication. */
119 int kerberos_or_local_passwd; /* If true, permit kerberos 125 int kerberos_or_local_passwd; /* If true, permit kerberos
@@ -214,6 +220,7 @@ typedef struct {
214 int fingerprint_hash; 220 int fingerprint_hash;
215 int expose_userauth_info; 221 int expose_userauth_info;
216 u_int64_t timing_secret; 222 u_int64_t timing_secret;
223 char *sk_provider;
217 224
218 int debian_banner; 225 int debian_banner;
219} ServerOptions; 226} ServerOptions;
@@ -230,6 +237,15 @@ struct connection_info {
230 * unspecified */ 237 * unspecified */
231}; 238};
232 239
240/* List of included files for re-exec from the parsed configuration */
241struct include_item {
242 char *selector;
243 char *filename;
244 struct sshbuf *contents;
245 TAILQ_ENTRY(include_item) entry;
246};
247TAILQ_HEAD(include_list, include_item);
248
233 249
234/* 250/*
235 * These are string config options that must be copied between the 251 * These are string config options that must be copied between the
@@ -269,12 +285,13 @@ struct connection_info *get_connection_info(struct ssh *, int, int);
269void initialize_server_options(ServerOptions *); 285void initialize_server_options(ServerOptions *);
270void fill_default_server_options(ServerOptions *); 286void fill_default_server_options(ServerOptions *);
271int process_server_config_line(ServerOptions *, char *, const char *, int, 287int process_server_config_line(ServerOptions *, char *, const char *, int,
272 int *, struct connection_info *); 288 int *, struct connection_info *, struct include_list *includes);
273void process_permitopen(struct ssh *ssh, ServerOptions *options); 289void process_permitopen(struct ssh *ssh, ServerOptions *options);
274void load_server_config(const char *, struct sshbuf *); 290void load_server_config(const char *, struct sshbuf *);
275void parse_server_config(ServerOptions *, const char *, struct sshbuf *, 291void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
276 struct connection_info *); 292 struct include_list *includes, struct connection_info *);
277void parse_server_match_config(ServerOptions *, struct connection_info *); 293void parse_server_match_config(ServerOptions *,
294 struct include_list *includes, struct connection_info *);
278int parse_server_match_testspec(struct connection_info *, char *); 295int parse_server_match_testspec(struct connection_info *, char *);
279int server_match_spec_complete(struct connection_info *); 296int server_match_spec_complete(struct connection_info *);
280void copy_set_server_options(ServerOptions *, ServerOptions *, int); 297void copy_set_server_options(ServerOptions *, ServerOptions *, int);
diff --git a/serverloop.c b/serverloop.c
index ea468c954..340b19a5a 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.222 2020/01/30 07:21:38 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -184,7 +184,8 @@ client_alive_check(struct ssh *ssh)
184 int r, channel_id; 184 int r, channel_id;
185 185
186 /* timeout, check to see how many we have had */ 186 /* timeout, check to see how many we have had */
187 if (ssh_packet_inc_alive_timeouts(ssh) > 187 if (options.client_alive_count_max > 0 &&
188 ssh_packet_inc_alive_timeouts(ssh) >
188 options.client_alive_count_max) { 189 options.client_alive_count_max) {
189 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); 190 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
190 logit("Timeout, client not responding from %s", remote_id); 191 logit("Timeout, client not responding from %s", remote_id);
@@ -358,9 +359,10 @@ process_output(struct ssh *ssh, fd_set *writeset, int connection_out)
358 359
359 /* Send any buffered packet data to the client. */ 360 /* Send any buffered packet data to the client. */
360 if (FD_ISSET(connection_out, writeset)) { 361 if (FD_ISSET(connection_out, writeset)) {
361 if ((r = ssh_packet_write_poll(ssh)) != 0) 362 if ((r = ssh_packet_write_poll(ssh)) != 0) {
362 fatal("%s: ssh_packet_write_poll: %s", 363 sshpkt_fatal(ssh, r, "%s: ssh_packet_write_poll",
363 __func__, ssh_err(r)); 364 __func__);
365 }
364 } 366 }
365} 367}
366 368
@@ -402,15 +404,15 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt)
402 404
403 debug("Entering interactive session for SSH2."); 405 debug("Entering interactive session for SSH2.");
404 406
405 signal(SIGCHLD, sigchld_handler); 407 ssh_signal(SIGCHLD, sigchld_handler);
406 child_terminated = 0; 408 child_terminated = 0;
407 connection_in = ssh_packet_get_connection_in(ssh); 409 connection_in = ssh_packet_get_connection_in(ssh);
408 connection_out = ssh_packet_get_connection_out(ssh); 410 connection_out = ssh_packet_get_connection_out(ssh);
409 411
410 if (!use_privsep) { 412 if (!use_privsep) {
411 signal(SIGTERM, sigterm_handler); 413 ssh_signal(SIGTERM, sigterm_handler);
412 signal(SIGINT, sigterm_handler); 414 ssh_signal(SIGINT, sigterm_handler);
413 signal(SIGQUIT, sigterm_handler); 415 ssh_signal(SIGQUIT, sigterm_handler);
414 } 416 }
415 417
416 notify_setup(); 418 notify_setup();
@@ -685,9 +687,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
685 debug("%s: ctype %s rchan %u win %u max %u", __func__, 687 debug("%s: ctype %s rchan %u win %u max %u", __func__,
686 ctype, rchan, rwindow, rmaxpack); 688 ctype, rchan, rwindow, rmaxpack);
687 689
688 if (rchan > INT_MAX) { 690 if (strcmp(ctype, "session") == 0) {
689 error("%s: invalid remote channel ID", __func__);
690 } else if (strcmp(ctype, "session") == 0) {
691 c = server_request_session(ssh); 691 c = server_request_session(ssh);
692 } else if (strcmp(ctype, "direct-tcpip") == 0) { 692 } else if (strcmp(ctype, "direct-tcpip") == 0) {
693 c = server_request_direct_tcpip(ssh, &reason, &errmsg); 693 c = server_request_direct_tcpip(ssh, &reason, &errmsg);
@@ -698,7 +698,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
698 } 698 }
699 if (c != NULL) { 699 if (c != NULL) {
700 debug("%s: confirm %s", __func__, ctype); 700 debug("%s: confirm %s", __func__, ctype);
701 c->remote_id = (int)rchan; 701 c->remote_id = rchan;
702 c->have_remote_id = 1; 702 c->have_remote_id = 1;
703 c->remote_window = rwindow; 703 c->remote_window = rwindow;
704 c->remote_maxpacket = rmaxpack; 704 c->remote_maxpacket = rmaxpack;
diff --git a/session.c b/session.c
index df7d7cf55..871799590 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: session.c,v 1.318 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -56,10 +56,10 @@
56#endif 56#endif
57#include <pwd.h> 57#include <pwd.h>
58#include <signal.h> 58#include <signal.h>
59#include <stdarg.h>
60#include <stdio.h> 59#include <stdio.h>
61#include <stdlib.h> 60#include <stdlib.h>
62#include <string.h> 61#include <string.h>
62#include <stdarg.h>
63#include <unistd.h> 63#include <unistd.h>
64#include <limits.h> 64#include <limits.h>
65 65
@@ -946,6 +946,7 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
946} 946}
947#endif /* HAVE_ETC_DEFAULT_LOGIN */ 947#endif /* HAVE_ETC_DEFAULT_LOGIN */
948 948
949#if defined(USE_PAM) || defined(HAVE_CYGWIN)
949static void 950static void
950copy_environment_blacklist(char **source, char ***env, u_int *envsize, 951copy_environment_blacklist(char **source, char ***env, u_int *envsize,
951 const char *blacklist) 952 const char *blacklist)
@@ -973,12 +974,15 @@ copy_environment_blacklist(char **source, char ***env, u_int *envsize,
973 free(var_name); 974 free(var_name);
974 } 975 }
975} 976}
977#endif /* defined(USE_PAM) || defined(HAVE_CYGWIN) */
976 978
977void 979#ifdef HAVE_CYGWIN
980static void
978copy_environment(char **source, char ***env, u_int *envsize) 981copy_environment(char **source, char ***env, u_int *envsize)
979{ 982{
980 copy_environment_blacklist(source, env, envsize, NULL); 983 copy_environment_blacklist(source, env, envsize, NULL);
981} 984}
985#endif
982 986
983static char ** 987static char **
984do_setup_env(struct ssh *ssh, Session *s, const char *shell) 988do_setup_env(struct ssh *ssh, Session *s, const char *shell)
@@ -1638,7 +1642,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
1638 do_rc_files(ssh, s, shell); 1642 do_rc_files(ssh, s, shell);
1639 1643
1640 /* restore SIGPIPE for child */ 1644 /* restore SIGPIPE for child */
1641 signal(SIGPIPE, SIG_DFL); 1645 ssh_signal(SIGPIPE, SIG_DFL);
1642 1646
1643 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { 1647 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
1644 error("Connection from %s: refusing non-sftp session", 1648 error("Connection from %s: refusing non-sftp session",
diff --git a/sftp-glob.c b/sftp-glob.c
index c196c51e5..f573f98f0 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-glob.c,v 1.28 2019/10/02 00:42:30 djm Exp $ */ 1/* $OpenBSD: sftp-glob.c,v 1.29 2019/11/13 04:47:52 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -25,6 +25,7 @@
25#include <dirent.h> 25#include <dirent.h>
26#include <stdlib.h> 26#include <stdlib.h>
27#include <string.h> 27#include <string.h>
28#include <stdarg.h>
28 29
29#include "xmalloc.h" 30#include "xmalloc.h"
30#include "sftp.h" 31#include "sftp.h"
diff --git a/sftp-server.0 b/sftp-server.0
index e070f6a37..ef485773d 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -1,7 +1,7 @@
1SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) 1SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8)
2 2
3NAME 3NAME
4 sftp-server M-bM-^@M-^S SFTP server subsystem 4 sftp-server M-bM-^@M-^S OpenSSH SFTP server subsystem
5 5
6SYNOPSIS 6SYNOPSIS
7 sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] 7 sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
@@ -93,4 +93,4 @@ HISTORY
93AUTHORS 93AUTHORS
94 Markus Friedl <markus@openbsd.org> 94 Markus Friedl <markus@openbsd.org>
95 95
96OpenBSD 6.6 December 11, 2014 OpenBSD 6.6 96OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/sftp-server.8 b/sftp-server.8
index c117398e8..4a55dab26 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ 1.\" $OpenBSD: sftp-server.8,v 1.28 2019/11/30 07:07:59 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -22,12 +22,12 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: December 11 2014 $ 25.Dd $Mdocdate: November 30 2019 $
26.Dt SFTP-SERVER 8 26.Dt SFTP-SERVER 8
27.Os 27.Os
28.Sh NAME 28.Sh NAME
29.Nm sftp-server 29.Nm sftp-server
30.Nd SFTP server subsystem 30.Nd OpenSSH SFTP server subsystem
31.Sh SYNOPSIS 31.Sh SYNOPSIS
32.Nm sftp-server 32.Nm sftp-server
33.Bk -words 33.Bk -words
diff --git a/sftp.0 b/sftp.0
index 05db3541c..6d0405758 100644
--- a/sftp.0
+++ b/sftp.0
@@ -1,7 +1,7 @@
1SFTP(1) General Commands Manual SFTP(1) 1SFTP(1) General Commands Manual SFTP(1)
2 2
3NAME 3NAME
4 sftp M-bM-^@M-^S secure file transfer program 4 sftp M-bM-^@M-^S OpenSSH secure file transfer
5 5
6SYNOPSIS 6SYNOPSIS
7 sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] 7 sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
@@ -393,4 +393,4 @@ SEE ALSO
393 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 393 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
394 filexfer-00.txt, January 2001, work in progress material. 394 filexfer-00.txt, January 2001, work in progress material.
395 395
396OpenBSD 6.6 June 19, 2019 OpenBSD 6.6 396OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/sftp.1 b/sftp.1
index a52c1cff3..6d69472e1 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.127 2019/06/19 20:12:44 jmc Exp $ 1.\" $OpenBSD: sftp.1,v 1.128 2019/11/30 07:07:59 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -22,12 +22,12 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: June 19 2019 $ 25.Dd $Mdocdate: November 30 2019 $
26.Dt SFTP 1 26.Dt SFTP 1
27.Os 27.Os
28.Sh NAME 28.Sh NAME
29.Nm sftp 29.Nm sftp
30.Nd secure file transfer program 30.Nd OpenSSH secure file transfer
31.Sh SYNOPSIS 31.Sh SYNOPSIS
32.Nm sftp 32.Nm sftp
33.Op Fl 46aCfpqrv 33.Op Fl 46aCfpqrv
diff --git a/sftp.c b/sftp.c
index b66037f16..ff14d3c29 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.195 2019/10/02 00:42:30 djm Exp $ */ 1/* $OpenBSD: sftp.c,v 1.197 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -220,9 +220,12 @@ static const struct CMD cmds[] = {
220static void 220static void
221killchild(int signo) 221killchild(int signo)
222{ 222{
223 if (sshpid > 1) { 223 pid_t pid;
224 kill(sshpid, SIGTERM); 224
225 waitpid(sshpid, NULL, 0); 225 pid = sshpid;
226 if (pid > 1) {
227 kill(pid, SIGTERM);
228 waitpid(pid, NULL, 0);
226 } 229 }
227 230
228 _exit(1); 231 _exit(1);
@@ -2240,7 +2243,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
2240 interactive = !batchmode && isatty(STDIN_FILENO); 2243 interactive = !batchmode && isatty(STDIN_FILENO);
2241 err = 0; 2244 err = 0;
2242 for (;;) { 2245 for (;;) {
2243 signal(SIGINT, SIG_IGN); 2246 ssh_signal(SIGINT, SIG_IGN);
2244 2247
2245 if (el == NULL) { 2248 if (el == NULL) {
2246 if (interactive) 2249 if (interactive)
@@ -2272,14 +2275,14 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
2272 2275
2273 /* Handle user interrupts gracefully during commands */ 2276 /* Handle user interrupts gracefully during commands */
2274 interrupted = 0; 2277 interrupted = 0;
2275 signal(SIGINT, cmd_interrupt); 2278 ssh_signal(SIGINT, cmd_interrupt);
2276 2279
2277 err = parse_dispatch_command(conn, cmd, &remote_path, 2280 err = parse_dispatch_command(conn, cmd, &remote_path,
2278 startdir, batchmode, !interactive && el == NULL); 2281 startdir, batchmode, !interactive && el == NULL);
2279 if (err != 0) 2282 if (err != 0)
2280 break; 2283 break;
2281 } 2284 }
2282 signal(SIGCHLD, SIG_DFL); 2285 ssh_signal(SIGCHLD, SIG_DFL);
2283 free(remote_path); 2286 free(remote_path);
2284 free(startdir); 2287 free(startdir);
2285 free(conn); 2288 free(conn);
@@ -2336,20 +2339,20 @@ connect_to_server(char *path, char **args, int *in, int *out)
2336 * kill it too. Contrawise, since sftp sends SIGTERMs to the 2339 * kill it too. Contrawise, since sftp sends SIGTERMs to the
2337 * underlying ssh, it must *not* ignore that signal. 2340 * underlying ssh, it must *not* ignore that signal.
2338 */ 2341 */
2339 signal(SIGINT, SIG_IGN); 2342 ssh_signal(SIGINT, SIG_IGN);
2340 signal(SIGTERM, SIG_DFL); 2343 ssh_signal(SIGTERM, SIG_DFL);
2341 execvp(path, args); 2344 execvp(path, args);
2342 fprintf(stderr, "exec: %s: %s\n", path, strerror(errno)); 2345 fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
2343 _exit(1); 2346 _exit(1);
2344 } 2347 }
2345 2348
2346 signal(SIGTERM, killchild); 2349 ssh_signal(SIGTERM, killchild);
2347 signal(SIGINT, killchild); 2350 ssh_signal(SIGINT, killchild);
2348 signal(SIGHUP, killchild); 2351 ssh_signal(SIGHUP, killchild);
2349 signal(SIGTSTP, suspchild); 2352 ssh_signal(SIGTSTP, suspchild);
2350 signal(SIGTTIN, suspchild); 2353 ssh_signal(SIGTTIN, suspchild);
2351 signal(SIGTTOU, suspchild); 2354 ssh_signal(SIGTTOU, suspchild);
2352 signal(SIGCHLD, sigchld_handler); 2355 ssh_signal(SIGCHLD, sigchld_handler);
2353 close(c_in); 2356 close(c_in);
2354 close(c_out); 2357 close(c_out);
2355} 2358}
diff --git a/sk-api.h b/sk-api.h
new file mode 100644
index 000000000..170fd4470
--- /dev/null
+++ b/sk-api.h
@@ -0,0 +1,95 @@
1/* $OpenBSD: sk-api.h,v 1.8 2020/01/25 23:13:09 djm Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef _SK_API_H
19#define _SK_API_H 1
20
21#include <stddef.h>
22#ifdef HAVE_STDINT_H
23#include <stdint.h>
24#endif
25
26/* Flags */
27#define SSH_SK_USER_PRESENCE_REQD 0x01
28#define SSH_SK_USER_VERIFICATION_REQD 0x04
29#define SSH_SK_RESIDENT_KEY 0x20
30
31/* Algs */
32#define SSH_SK_ECDSA 0x00
33#define SSH_SK_ED25519 0x01
34
35/* Error codes */
36#define SSH_SK_ERR_GENERAL -1
37#define SSH_SK_ERR_UNSUPPORTED -2
38#define SSH_SK_ERR_PIN_REQUIRED -3
39#define SSH_SK_ERR_DEVICE_NOT_FOUND -4
40
41struct sk_enroll_response {
42 uint8_t *public_key;
43 size_t public_key_len;
44 uint8_t *key_handle;
45 size_t key_handle_len;
46 uint8_t *signature;
47 size_t signature_len;
48 uint8_t *attestation_cert;
49 size_t attestation_cert_len;
50};
51
52struct sk_sign_response {
53 uint8_t flags;
54 uint32_t counter;
55 uint8_t *sig_r;
56 size_t sig_r_len;
57 uint8_t *sig_s;
58 size_t sig_s_len;
59};
60
61struct sk_resident_key {
62 uint32_t alg;
63 size_t slot;
64 char *application;
65 struct sk_enroll_response key;
66};
67
68struct sk_option {
69 char *name;
70 char *value;
71 uint8_t required;
72};
73
74#define SSH_SK_VERSION_MAJOR 0x00040000 /* current API version */
75#define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
76
77/* Return the version of the middleware API */
78uint32_t sk_api_version(void);
79
80/* Enroll a U2F key (private key generation) */
81int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
82 const char *application, uint8_t flags, const char *pin,
83 struct sk_option **options, struct sk_enroll_response **enroll_response);
84
85/* Sign a challenge */
86int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
87 const char *application, const uint8_t *key_handle, size_t key_handle_len,
88 uint8_t flags, const char *pin, struct sk_option **options,
89 struct sk_sign_response **sign_response);
90
91/* Enumerate all resident keys */
92int sk_load_resident_keys(const char *pin, struct sk_option **options,
93 struct sk_resident_key ***rks, size_t *nrks);
94
95#endif /* _SK_API_H */
diff --git a/sk-usbhid.c b/sk-usbhid.c
new file mode 100644
index 000000000..ad83054ad
--- /dev/null
+++ b/sk-usbhid.c
@@ -0,0 +1,1024 @@
1/*
2 * Copyright (c) 2019 Markus Friedl
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#ifdef ENABLE_SK_INTERNAL
20
21#include <stdint.h>
22#include <stdlib.h>
23#include <string.h>
24#include <stdio.h>
25#include <stddef.h>
26#include <stdarg.h>
27
28#ifdef WITH_OPENSSL
29#include <openssl/opensslv.h>
30#include <openssl/crypto.h>
31#include <openssl/bn.h>
32#include <openssl/ec.h>
33#include <openssl/ecdsa.h>
34#endif /* WITH_OPENSSL */
35
36#include <fido.h>
37#include <fido/credman.h>
38
39#ifndef SK_STANDALONE
40# include "log.h"
41# include "xmalloc.h"
42/*
43 * If building as part of OpenSSH, then rename exported functions.
44 * This must be done before including sk-api.h.
45 */
46# define sk_api_version ssh_sk_api_version
47# define sk_enroll ssh_sk_enroll
48# define sk_sign ssh_sk_sign
49# define sk_load_resident_keys ssh_sk_load_resident_keys
50#endif /* !SK_STANDALONE */
51
52#include "sk-api.h"
53
54/* #define SK_DEBUG 1 */
55
56#define MAX_FIDO_DEVICES 256
57
58/* Compatibility with OpenSSH 1.0.x */
59#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
60#define ECDSA_SIG_get0(sig, pr, ps) \
61 do { \
62 (*pr) = sig->r; \
63 (*ps) = sig->s; \
64 } while (0)
65#endif
66
67/* Return the version of the middleware API */
68uint32_t sk_api_version(void);
69
70/* Enroll a U2F key (private key generation) */
71int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
72 const char *application, uint8_t flags, const char *pin,
73 struct sk_option **options, struct sk_enroll_response **enroll_response);
74
75/* Sign a challenge */
76int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
77 const char *application, const uint8_t *key_handle, size_t key_handle_len,
78 uint8_t flags, const char *pin, struct sk_option **options,
79 struct sk_sign_response **sign_response);
80
81/* Load resident keys */
82int sk_load_resident_keys(const char *pin, struct sk_option **options,
83 struct sk_resident_key ***rks, size_t *nrks);
84
85static void skdebug(const char *func, const char *fmt, ...)
86 __attribute__((__format__ (printf, 2, 3)));
87
88static void
89skdebug(const char *func, const char *fmt, ...)
90{
91#if !defined(SK_STANDALONE)
92 char *msg;
93 va_list ap;
94
95 va_start(ap, fmt);
96 xvasprintf(&msg, fmt, ap);
97 va_end(ap);
98 debug("%s: %s", func, msg);
99 free(msg);
100#elif defined(SK_DEBUG)
101 va_list ap;
102
103 va_start(ap, fmt);
104 fprintf(stderr, "%s: ", func);
105 vfprintf(stderr, fmt, ap);
106 fputc('\n', stderr);
107 va_end(ap);
108#else
109 (void)func; /* XXX */
110 (void)fmt; /* XXX */
111#endif
112}
113
114uint32_t
115sk_api_version(void)
116{
117 return SSH_SK_VERSION_MAJOR;
118}
119
120/* Select the first identified FIDO device attached to the system */
121static char *
122pick_first_device(void)
123{
124 char *ret = NULL;
125 fido_dev_info_t *devlist = NULL;
126 size_t olen = 0;
127 int r;
128 const fido_dev_info_t *di;
129
130 if ((devlist = fido_dev_info_new(1)) == NULL) {
131 skdebug(__func__, "fido_dev_info_new failed");
132 goto out;
133 }
134 if ((r = fido_dev_info_manifest(devlist, 1, &olen)) != FIDO_OK) {
135 skdebug(__func__, "fido_dev_info_manifest failed: %s",
136 fido_strerr(r));
137 goto out;
138 }
139 if (olen != 1) {
140 skdebug(__func__, "fido_dev_info_manifest bad len %zu", olen);
141 goto out;
142 }
143 di = fido_dev_info_ptr(devlist, 0);
144 if ((ret = strdup(fido_dev_info_path(di))) == NULL) {
145 skdebug(__func__, "fido_dev_info_path failed");
146 goto out;
147 }
148 out:
149 fido_dev_info_free(&devlist, 1);
150 return ret;
151}
152
153/* Check if the specified key handle exists on a given device. */
154static int
155try_device(fido_dev_t *dev, const uint8_t *message, size_t message_len,
156 const char *application, const uint8_t *key_handle, size_t key_handle_len)
157{
158 fido_assert_t *assert = NULL;
159 int r = FIDO_ERR_INTERNAL;
160
161 if ((assert = fido_assert_new()) == NULL) {
162 skdebug(__func__, "fido_assert_new failed");
163 goto out;
164 }
165 if ((r = fido_assert_set_clientdata_hash(assert, message,
166 message_len)) != FIDO_OK) {
167 skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
168 fido_strerr(r));
169 goto out;
170 }
171 if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
172 skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
173 goto out;
174 }
175 if ((r = fido_assert_allow_cred(assert, key_handle,
176 key_handle_len)) != FIDO_OK) {
177 skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
178 goto out;
179 }
180 if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
181 skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
182 goto out;
183 }
184 r = fido_dev_get_assert(dev, assert, NULL);
185 skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
186 if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
187 /* U2F tokens may return this */
188 r = FIDO_OK;
189 }
190 out:
191 fido_assert_free(&assert);
192
193 return r != FIDO_OK ? -1 : 0;
194}
195
196/* Iterate over configured devices looking for a specific key handle */
197static fido_dev_t *
198find_device(const char *path, const uint8_t *message, size_t message_len,
199 const char *application, const uint8_t *key_handle, size_t key_handle_len)
200{
201 fido_dev_info_t *devlist = NULL;
202 fido_dev_t *dev = NULL;
203 size_t devlist_len = 0, i;
204 int r;
205
206 if (path != NULL) {
207 if ((dev = fido_dev_new()) == NULL) {
208 skdebug(__func__, "fido_dev_new failed");
209 return NULL;
210 }
211 if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
212 skdebug(__func__, "fido_dev_open failed");
213 fido_dev_free(&dev);
214 return NULL;
215 }
216 return dev;
217 }
218
219 if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
220 skdebug(__func__, "fido_dev_info_new failed");
221 goto out;
222 }
223 if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
224 &devlist_len)) != FIDO_OK) {
225 skdebug(__func__, "fido_dev_info_manifest: %s", fido_strerr(r));
226 goto out;
227 }
228
229 skdebug(__func__, "found %zu device(s)", devlist_len);
230
231 for (i = 0; i < devlist_len; i++) {
232 const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
233
234 if (di == NULL) {
235 skdebug(__func__, "fido_dev_info_ptr %zu failed", i);
236 continue;
237 }
238 if ((path = fido_dev_info_path(di)) == NULL) {
239 skdebug(__func__, "fido_dev_info_path %zu failed", i);
240 continue;
241 }
242 skdebug(__func__, "trying device %zu: %s", i, path);
243 if ((dev = fido_dev_new()) == NULL) {
244 skdebug(__func__, "fido_dev_new failed");
245 continue;
246 }
247 if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
248 skdebug(__func__, "fido_dev_open failed");
249 fido_dev_free(&dev);
250 continue;
251 }
252 if (try_device(dev, message, message_len, application,
253 key_handle, key_handle_len) == 0) {
254 skdebug(__func__, "found key");
255 break;
256 }
257 fido_dev_close(dev);
258 fido_dev_free(&dev);
259 }
260
261 out:
262 if (devlist != NULL)
263 fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
264
265 return dev;
266}
267
268#ifdef WITH_OPENSSL
269/*
270 * The key returned via fido_cred_pubkey_ptr() is in affine coordinates,
271 * but the API expects a SEC1 octet string.
272 */
273static int
274pack_public_key_ecdsa(const fido_cred_t *cred,
275 struct sk_enroll_response *response)
276{
277 const uint8_t *ptr;
278 BIGNUM *x = NULL, *y = NULL;
279 EC_POINT *q = NULL;
280 EC_GROUP *g = NULL;
281 int ret = -1;
282
283 response->public_key = NULL;
284 response->public_key_len = 0;
285
286 if ((x = BN_new()) == NULL ||
287 (y = BN_new()) == NULL ||
288 (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
289 (q = EC_POINT_new(g)) == NULL) {
290 skdebug(__func__, "libcrypto setup failed");
291 goto out;
292 }
293 if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
294 skdebug(__func__, "fido_cred_pubkey_ptr failed");
295 goto out;
296 }
297 if (fido_cred_pubkey_len(cred) != 64) {
298 skdebug(__func__, "bad fido_cred_pubkey_len %zu",
299 fido_cred_pubkey_len(cred));
300 goto out;
301 }
302
303 if (BN_bin2bn(ptr, 32, x) == NULL ||
304 BN_bin2bn(ptr + 32, 32, y) == NULL) {
305 skdebug(__func__, "BN_bin2bn failed");
306 goto out;
307 }
308 if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
309 skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
310 goto out;
311 }
312 response->public_key_len = EC_POINT_point2oct(g, q,
313 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
314 if (response->public_key_len == 0 || response->public_key_len > 2048) {
315 skdebug(__func__, "bad pubkey length %zu",
316 response->public_key_len);
317 goto out;
318 }
319 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
320 skdebug(__func__, "malloc pubkey failed");
321 goto out;
322 }
323 if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
324 response->public_key, response->public_key_len, NULL) == 0) {
325 skdebug(__func__, "EC_POINT_point2oct failed");
326 goto out;
327 }
328 /* success */
329 ret = 0;
330 out:
331 if (ret != 0 && response->public_key != NULL) {
332 memset(response->public_key, 0, response->public_key_len);
333 free(response->public_key);
334 response->public_key = NULL;
335 }
336 EC_POINT_free(q);
337 EC_GROUP_free(g);
338 BN_clear_free(x);
339 BN_clear_free(y);
340 return ret;
341}
342#endif /* WITH_OPENSSL */
343
344static int
345pack_public_key_ed25519(const fido_cred_t *cred,
346 struct sk_enroll_response *response)
347{
348 const uint8_t *ptr;
349 size_t len;
350 int ret = -1;
351
352 response->public_key = NULL;
353 response->public_key_len = 0;
354
355 if ((len = fido_cred_pubkey_len(cred)) != 32) {
356 skdebug(__func__, "bad fido_cred_pubkey_len len %zu", len);
357 goto out;
358 }
359 if ((ptr = fido_cred_pubkey_ptr(cred)) == NULL) {
360 skdebug(__func__, "fido_cred_pubkey_ptr failed");
361 goto out;
362 }
363 response->public_key_len = len;
364 if ((response->public_key = malloc(response->public_key_len)) == NULL) {
365 skdebug(__func__, "malloc pubkey failed");
366 goto out;
367 }
368 memcpy(response->public_key, ptr, len);
369 ret = 0;
370 out:
371 if (ret != 0)
372 free(response->public_key);
373 return ret;
374}
375
376static int
377pack_public_key(uint32_t alg, const fido_cred_t *cred,
378 struct sk_enroll_response *response)
379{
380 switch(alg) {
381#ifdef WITH_OPENSSL
382 case SSH_SK_ECDSA:
383 return pack_public_key_ecdsa(cred, response);
384#endif /* WITH_OPENSSL */
385 case SSH_SK_ED25519:
386 return pack_public_key_ed25519(cred, response);
387 default:
388 return -1;
389 }
390}
391
392static int
393fidoerr_to_skerr(int fidoerr)
394{
395 switch (fidoerr) {
396 case FIDO_ERR_UNSUPPORTED_OPTION:
397 case FIDO_ERR_UNSUPPORTED_ALGORITHM:
398 return SSH_SK_ERR_UNSUPPORTED;
399 case FIDO_ERR_PIN_REQUIRED:
400 case FIDO_ERR_PIN_INVALID:
401 return SSH_SK_ERR_PIN_REQUIRED;
402 default:
403 return -1;
404 }
405}
406
407static int
408check_enroll_options(struct sk_option **options, char **devicep,
409 uint8_t *user_id, size_t user_id_len)
410{
411 size_t i;
412
413 if (options == NULL)
414 return 0;
415 for (i = 0; options[i] != NULL; i++) {
416 if (strcmp(options[i]->name, "device") == 0) {
417 if ((*devicep = strdup(options[i]->value)) == NULL) {
418 skdebug(__func__, "strdup device failed");
419 return -1;
420 }
421 skdebug(__func__, "requested device %s", *devicep);
422 } else if (strcmp(options[i]->name, "user") == 0) {
423 if (strlcpy(user_id, options[i]->value, user_id_len) >=
424 user_id_len) {
425 skdebug(__func__, "user too long");
426 return -1;
427 }
428 skdebug(__func__, "requested user %s",
429 (char *)user_id);
430 } else {
431 skdebug(__func__, "requested unsupported option %s",
432 options[i]->name);
433 if (options[i]->required) {
434 skdebug(__func__, "unknown required option");
435 return -1;
436 }
437 }
438 }
439 return 0;
440}
441
442int
443sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
444 const char *application, uint8_t flags, const char *pin,
445 struct sk_option **options, struct sk_enroll_response **enroll_response)
446{
447 fido_cred_t *cred = NULL;
448 fido_dev_t *dev = NULL;
449 const uint8_t *ptr;
450 uint8_t user_id[32];
451 struct sk_enroll_response *response = NULL;
452 size_t len;
453 int cose_alg;
454 int ret = SSH_SK_ERR_GENERAL;
455 int r;
456 char *device = NULL;
457
458#ifdef SK_DEBUG
459 fido_init(FIDO_DEBUG);
460#endif
461 if (enroll_response == NULL) {
462 skdebug(__func__, "enroll_response == NULL");
463 goto out;
464 }
465 memset(user_id, 0, sizeof(user_id));
466 if (check_enroll_options(options, &device,
467 user_id, sizeof(user_id)) != 0)
468 goto out; /* error already logged */
469
470 *enroll_response = NULL;
471 switch(alg) {
472#ifdef WITH_OPENSSL
473 case SSH_SK_ECDSA:
474 cose_alg = COSE_ES256;
475 break;
476#endif /* WITH_OPENSSL */
477 case SSH_SK_ED25519:
478 cose_alg = COSE_EDDSA;
479 break;
480 default:
481 skdebug(__func__, "unsupported key type %d", alg);
482 goto out;
483 }
484 if (device == NULL && (device = pick_first_device()) == NULL) {
485 ret = SSH_SK_ERR_DEVICE_NOT_FOUND;
486 skdebug(__func__, "pick_first_device failed");
487 goto out;
488 }
489 skdebug(__func__, "using device %s", device);
490 if ((cred = fido_cred_new()) == NULL) {
491 skdebug(__func__, "fido_cred_new failed");
492 goto out;
493 }
494 if ((r = fido_cred_set_type(cred, cose_alg)) != FIDO_OK) {
495 skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
496 goto out;
497 }
498 if ((r = fido_cred_set_clientdata_hash(cred, challenge,
499 challenge_len)) != FIDO_OK) {
500 skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
501 fido_strerr(r));
502 goto out;
503 }
504 if ((r = fido_cred_set_rk(cred, (flags & SSH_SK_RESIDENT_KEY) != 0 ?
505 FIDO_OPT_TRUE : FIDO_OPT_OMIT)) != FIDO_OK) {
506 skdebug(__func__, "fido_cred_set_rk: %s", fido_strerr(r));
507 goto out;
508 }
509 if ((r = fido_cred_set_user(cred, user_id, sizeof(user_id),
510 "openssh", "openssh", NULL)) != FIDO_OK) {
511 skdebug(__func__, "fido_cred_set_user: %s", fido_strerr(r));
512 goto out;
513 }
514 if ((r = fido_cred_set_rp(cred, application, NULL)) != FIDO_OK) {
515 skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
516 goto out;
517 }
518 if ((dev = fido_dev_new()) == NULL) {
519 skdebug(__func__, "fido_dev_new failed");
520 goto out;
521 }
522 if ((r = fido_dev_open(dev, device)) != FIDO_OK) {
523 skdebug(__func__, "fido_dev_open: %s", fido_strerr(r));
524 goto out;
525 }
526 if ((r = fido_dev_make_cred(dev, cred, pin)) != FIDO_OK) {
527 skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
528 ret = fidoerr_to_skerr(r);
529 goto out;
530 }
531 if (fido_cred_x5c_ptr(cred) != NULL) {
532 if ((r = fido_cred_verify(cred)) != FIDO_OK) {
533 skdebug(__func__, "fido_cred_verify: %s",
534 fido_strerr(r));
535 goto out;
536 }
537 } else {
538 skdebug(__func__, "self-attested credential");
539 if ((r = fido_cred_verify_self(cred)) != FIDO_OK) {
540 skdebug(__func__, "fido_cred_verify_self: %s",
541 fido_strerr(r));
542 goto out;
543 }
544 }
545 if ((response = calloc(1, sizeof(*response))) == NULL) {
546 skdebug(__func__, "calloc response failed");
547 goto out;
548 }
549 if (pack_public_key(alg, cred, response) != 0) {
550 skdebug(__func__, "pack_public_key failed");
551 goto out;
552 }
553 if ((ptr = fido_cred_id_ptr(cred)) != NULL) {
554 len = fido_cred_id_len(cred);
555 if ((response->key_handle = calloc(1, len)) == NULL) {
556 skdebug(__func__, "calloc key handle failed");
557 goto out;
558 }
559 memcpy(response->key_handle, ptr, len);
560 response->key_handle_len = len;
561 }
562 if ((ptr = fido_cred_sig_ptr(cred)) != NULL) {
563 len = fido_cred_sig_len(cred);
564 if ((response->signature = calloc(1, len)) == NULL) {
565 skdebug(__func__, "calloc signature failed");
566 goto out;
567 }
568 memcpy(response->signature, ptr, len);
569 response->signature_len = len;
570 }
571 if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
572 len = fido_cred_x5c_len(cred);
573 debug3("%s: attestation cert len=%zu", __func__, len);
574 if ((response->attestation_cert = calloc(1, len)) == NULL) {
575 skdebug(__func__, "calloc attestation cert failed");
576 goto out;
577 }
578 memcpy(response->attestation_cert, ptr, len);
579 response->attestation_cert_len = len;
580 }
581 *enroll_response = response;
582 response = NULL;
583 ret = 0;
584 out:
585 free(device);
586 if (response != NULL) {
587 free(response->public_key);
588 free(response->key_handle);
589 free(response->signature);
590 free(response->attestation_cert);
591 free(response);
592 }
593 if (dev != NULL) {
594 fido_dev_close(dev);
595 fido_dev_free(&dev);
596 }
597 if (cred != NULL) {
598 fido_cred_free(&cred);
599 }
600 return ret;
601}
602
603#ifdef WITH_OPENSSL
604static int
605pack_sig_ecdsa(fido_assert_t *assert, struct sk_sign_response *response)
606{
607 ECDSA_SIG *sig = NULL;
608 const BIGNUM *sig_r, *sig_s;
609 const unsigned char *cp;
610 size_t sig_len;
611 int ret = -1;
612
613 cp = fido_assert_sig_ptr(assert, 0);
614 sig_len = fido_assert_sig_len(assert, 0);
615 if ((sig = d2i_ECDSA_SIG(NULL, &cp, sig_len)) == NULL) {
616 skdebug(__func__, "d2i_ECDSA_SIG failed");
617 goto out;
618 }
619 ECDSA_SIG_get0(sig, &sig_r, &sig_s);
620 response->sig_r_len = BN_num_bytes(sig_r);
621 response->sig_s_len = BN_num_bytes(sig_s);
622 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL ||
623 (response->sig_s = calloc(1, response->sig_s_len)) == NULL) {
624 skdebug(__func__, "calloc signature failed");
625 goto out;
626 }
627 BN_bn2bin(sig_r, response->sig_r);
628 BN_bn2bin(sig_s, response->sig_s);
629 ret = 0;
630 out:
631 ECDSA_SIG_free(sig);
632 if (ret != 0) {
633 free(response->sig_r);
634 free(response->sig_s);
635 response->sig_r = NULL;
636 response->sig_s = NULL;
637 }
638 return ret;
639}
640#endif /* WITH_OPENSSL */
641
642static int
643pack_sig_ed25519(fido_assert_t *assert, struct sk_sign_response *response)
644{
645 const unsigned char *ptr;
646 size_t len;
647 int ret = -1;
648
649 ptr = fido_assert_sig_ptr(assert, 0);
650 len = fido_assert_sig_len(assert, 0);
651 if (len != 64) {
652 skdebug(__func__, "bad length %zu", len);
653 goto out;
654 }
655 response->sig_r_len = len;
656 if ((response->sig_r = calloc(1, response->sig_r_len)) == NULL) {
657 skdebug(__func__, "calloc signature failed");
658 goto out;
659 }
660 memcpy(response->sig_r, ptr, len);
661 ret = 0;
662 out:
663 if (ret != 0) {
664 free(response->sig_r);
665 response->sig_r = NULL;
666 }
667 return ret;
668}
669
670static int
671pack_sig(uint32_t alg, fido_assert_t *assert,
672 struct sk_sign_response *response)
673{
674 switch(alg) {
675#ifdef WITH_OPENSSL
676 case SSH_SK_ECDSA:
677 return pack_sig_ecdsa(assert, response);
678#endif /* WITH_OPENSSL */
679 case SSH_SK_ED25519:
680 return pack_sig_ed25519(assert, response);
681 default:
682 return -1;
683 }
684}
685
686/* Checks sk_options for sk_sign() and sk_load_resident_keys() */
687static int
688check_sign_load_resident_options(struct sk_option **options, char **devicep)
689{
690 size_t i;
691
692 if (options == NULL)
693 return 0;
694 for (i = 0; options[i] != NULL; i++) {
695 if (strcmp(options[i]->name, "device") == 0) {
696 if ((*devicep = strdup(options[i]->value)) == NULL) {
697 skdebug(__func__, "strdup device failed");
698 return -1;
699 }
700 skdebug(__func__, "requested device %s", *devicep);
701 } else {
702 skdebug(__func__, "requested unsupported option %s",
703 options[i]->name);
704 if (options[i]->required) {
705 skdebug(__func__, "unknown required option");
706 return -1;
707 }
708 }
709 }
710 return 0;
711}
712
713int
714sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
715 const char *application,
716 const uint8_t *key_handle, size_t key_handle_len,
717 uint8_t flags, const char *pin, struct sk_option **options,
718 struct sk_sign_response **sign_response)
719{
720 fido_assert_t *assert = NULL;
721 char *device = NULL;
722 fido_dev_t *dev = NULL;
723 struct sk_sign_response *response = NULL;
724 int ret = SSH_SK_ERR_GENERAL;
725 int r;
726
727#ifdef SK_DEBUG
728 fido_init(FIDO_DEBUG);
729#endif
730
731 if (sign_response == NULL) {
732 skdebug(__func__, "sign_response == NULL");
733 goto out;
734 }
735 *sign_response = NULL;
736 if (check_sign_load_resident_options(options, &device) != 0)
737 goto out; /* error already logged */
738 if ((dev = find_device(device, message, message_len,
739 application, key_handle, key_handle_len)) == NULL) {
740 skdebug(__func__, "couldn't find device for key handle");
741 goto out;
742 }
743 if ((assert = fido_assert_new()) == NULL) {
744 skdebug(__func__, "fido_assert_new failed");
745 goto out;
746 }
747 if ((r = fido_assert_set_clientdata_hash(assert, message,
748 message_len)) != FIDO_OK) {
749 skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
750 fido_strerr(r));
751 goto out;
752 }
753 if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) {
754 skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r));
755 goto out;
756 }
757 if ((r = fido_assert_allow_cred(assert, key_handle,
758 key_handle_len)) != FIDO_OK) {
759 skdebug(__func__, "fido_assert_allow_cred: %s", fido_strerr(r));
760 goto out;
761 }
762 if ((r = fido_assert_set_up(assert,
763 (flags & SSH_SK_USER_PRESENCE_REQD) ?
764 FIDO_OPT_TRUE : FIDO_OPT_FALSE)) != FIDO_OK) {
765 skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
766 goto out;
767 }
768 if ((r = fido_dev_get_assert(dev, assert, NULL)) != FIDO_OK) {
769 skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
770 goto out;
771 }
772 if ((response = calloc(1, sizeof(*response))) == NULL) {
773 skdebug(__func__, "calloc response failed");
774 goto out;
775 }
776 response->flags = fido_assert_flags(assert, 0);
777 response->counter = fido_assert_sigcount(assert, 0);
778 if (pack_sig(alg, assert, response) != 0) {
779 skdebug(__func__, "pack_sig failed");
780 goto out;
781 }
782 *sign_response = response;
783 response = NULL;
784 ret = 0;
785 out:
786 free(device);
787 if (response != NULL) {
788 free(response->sig_r);
789 free(response->sig_s);
790 free(response);
791 }
792 if (dev != NULL) {
793 fido_dev_close(dev);
794 fido_dev_free(&dev);
795 }
796 if (assert != NULL) {
797 fido_assert_free(&assert);
798 }
799 return ret;
800}
801
802static int
803read_rks(const char *devpath, const char *pin,
804 struct sk_resident_key ***rksp, size_t *nrksp)
805{
806 int ret = SSH_SK_ERR_GENERAL, r = -1;
807 fido_dev_t *dev = NULL;
808 fido_credman_metadata_t *metadata = NULL;
809 fido_credman_rp_t *rp = NULL;
810 fido_credman_rk_t *rk = NULL;
811 size_t i, j, nrp, nrk;
812 const fido_cred_t *cred;
813 struct sk_resident_key *srk = NULL, **tmp;
814
815 if ((dev = fido_dev_new()) == NULL) {
816 skdebug(__func__, "fido_dev_new failed");
817 return ret;
818 }
819 if ((r = fido_dev_open(dev, devpath)) != FIDO_OK) {
820 skdebug(__func__, "fido_dev_open %s failed: %s",
821 devpath, fido_strerr(r));
822 fido_dev_free(&dev);
823 return ret;
824 }
825 if ((metadata = fido_credman_metadata_new()) == NULL) {
826 skdebug(__func__, "alloc failed");
827 goto out;
828 }
829
830 if ((r = fido_credman_get_dev_metadata(dev, metadata, pin)) != 0) {
831 if (r == FIDO_ERR_INVALID_COMMAND) {
832 skdebug(__func__, "device %s does not support "
833 "resident keys", devpath);
834 ret = 0;
835 goto out;
836 }
837 skdebug(__func__, "get metadata for %s failed: %s",
838 devpath, fido_strerr(r));
839 ret = fidoerr_to_skerr(r);
840 goto out;
841 }
842 skdebug(__func__, "existing %llu, remaining %llu",
843 (unsigned long long)fido_credman_rk_existing(metadata),
844 (unsigned long long)fido_credman_rk_remaining(metadata));
845 if ((rp = fido_credman_rp_new()) == NULL) {
846 skdebug(__func__, "alloc rp failed");
847 goto out;
848 }
849 if ((r = fido_credman_get_dev_rp(dev, rp, pin)) != 0) {
850 skdebug(__func__, "get RPs for %s failed: %s",
851 devpath, fido_strerr(r));
852 goto out;
853 }
854 nrp = fido_credman_rp_count(rp);
855 skdebug(__func__, "Device %s has resident keys for %zu RPs",
856 devpath, nrp);
857
858 /* Iterate over RP IDs that have resident keys */
859 for (i = 0; i < nrp; i++) {
860 skdebug(__func__, "rp %zu: name=\"%s\" id=\"%s\" hashlen=%zu",
861 i, fido_credman_rp_name(rp, i), fido_credman_rp_id(rp, i),
862 fido_credman_rp_id_hash_len(rp, i));
863
864 /* Skip non-SSH RP IDs */
865 if (strncasecmp(fido_credman_rp_id(rp, i), "ssh:", 4) != 0)
866 continue;
867
868 fido_credman_rk_free(&rk);
869 if ((rk = fido_credman_rk_new()) == NULL) {
870 skdebug(__func__, "alloc rk failed");
871 goto out;
872 }
873 if ((r = fido_credman_get_dev_rk(dev, fido_credman_rp_id(rp, i),
874 rk, pin)) != 0) {
875 skdebug(__func__, "get RKs for %s slot %zu failed: %s",
876 devpath, i, fido_strerr(r));
877 goto out;
878 }
879 nrk = fido_credman_rk_count(rk);
880 skdebug(__func__, "RP \"%s\" has %zu resident keys",
881 fido_credman_rp_id(rp, i), nrk);
882
883 /* Iterate over resident keys for this RP ID */
884 for (j = 0; j < nrk; j++) {
885 if ((cred = fido_credman_rk(rk, j)) == NULL) {
886 skdebug(__func__, "no RK in slot %zu", j);
887 continue;
888 }
889 skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
890 "type %d", devpath, fido_credman_rp_id(rp, i), j,
891 fido_cred_type(cred));
892
893 /* build response entry */
894 if ((srk = calloc(1, sizeof(*srk))) == NULL ||
895 (srk->key.key_handle = calloc(1,
896 fido_cred_id_len(cred))) == NULL ||
897 (srk->application = strdup(fido_credman_rp_id(rp,
898 i))) == NULL) {
899 skdebug(__func__, "alloc sk_resident_key");
900 goto out;
901 }
902
903 srk->key.key_handle_len = fido_cred_id_len(cred);
904 memcpy(srk->key.key_handle,
905 fido_cred_id_ptr(cred),
906 srk->key.key_handle_len);
907
908 switch (fido_cred_type(cred)) {
909 case COSE_ES256:
910 srk->alg = SSH_SK_ECDSA;
911 break;
912 case COSE_EDDSA:
913 srk->alg = SSH_SK_ED25519;
914 break;
915 default:
916 skdebug(__func__, "unsupported key type %d",
917 fido_cred_type(cred));
918 goto out; /* XXX free rk and continue */
919 }
920
921 if ((r = pack_public_key(srk->alg, cred,
922 &srk->key)) != 0) {
923 skdebug(__func__, "pack public key failed");
924 goto out;
925 }
926 /* append */
927 if ((tmp = recallocarray(*rksp, *nrksp, (*nrksp) + 1,
928 sizeof(**rksp))) == NULL) {
929 skdebug(__func__, "alloc rksp");
930 goto out;
931 }
932 *rksp = tmp;
933 (*rksp)[(*nrksp)++] = srk;
934 srk = NULL;
935 }
936 }
937 /* Success */
938 ret = 0;
939 out:
940 if (srk != NULL) {
941 free(srk->application);
942 freezero(srk->key.public_key, srk->key.public_key_len);
943 freezero(srk->key.key_handle, srk->key.key_handle_len);
944 freezero(srk, sizeof(*srk));
945 }
946 fido_credman_rp_free(&rp);
947 fido_credman_rk_free(&rk);
948 fido_dev_close(dev);
949 fido_dev_free(&dev);
950 fido_credman_metadata_free(&metadata);
951 return ret;
952}
953
954int
955sk_load_resident_keys(const char *pin, struct sk_option **options,
956 struct sk_resident_key ***rksp, size_t *nrksp)
957{
958 int ret = SSH_SK_ERR_GENERAL, r = -1;
959 fido_dev_info_t *devlist = NULL;
960 size_t i, ndev = 0, nrks = 0;
961 const fido_dev_info_t *di;
962 struct sk_resident_key **rks = NULL;
963 char *device = NULL;
964 *rksp = NULL;
965 *nrksp = 0;
966
967 if (check_sign_load_resident_options(options, &device) != 0)
968 goto out; /* error already logged */
969 if (device != NULL) {
970 skdebug(__func__, "trying %s", device);
971 if ((r = read_rks(device, pin, &rks, &nrks)) != 0) {
972 skdebug(__func__, "read_rks failed for %s", device);
973 ret = r;
974 goto out;
975 }
976 } else {
977 /* Try all devices */
978 if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
979 skdebug(__func__, "fido_dev_info_new failed");
980 goto out;
981 }
982 if ((r = fido_dev_info_manifest(devlist,
983 MAX_FIDO_DEVICES, &ndev)) != FIDO_OK) {
984 skdebug(__func__, "fido_dev_info_manifest failed: %s",
985 fido_strerr(r));
986 goto out;
987 }
988 for (i = 0; i < ndev; i++) {
989 if ((di = fido_dev_info_ptr(devlist, i)) == NULL) {
990 skdebug(__func__, "no dev info at %zu", i);
991 continue;
992 }
993 skdebug(__func__, "trying %s", fido_dev_info_path(di));
994 if ((r = read_rks(fido_dev_info_path(di), pin,
995 &rks, &nrks)) != 0) {
996 skdebug(__func__, "read_rks failed for %s",
997 fido_dev_info_path(di));
998 /* remember last error */
999 ret = r;
1000 continue;
1001 }
1002 }
1003 }
1004 /* success, unless we have no keys but a specific error */
1005 if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
1006 ret = 0;
1007 *rksp = rks;
1008 *nrksp = nrks;
1009 rks = NULL;
1010 nrks = 0;
1011 out:
1012 free(device);
1013 for (i = 0; i < nrks; i++) {
1014 free(rks[i]->application);
1015 freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
1016 freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
1017 freezero(rks[i], sizeof(*rks[i]));
1018 }
1019 free(rks);
1020 fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
1021 return ret;
1022}
1023
1024#endif /* ENABLE_SK_INTERNAL */
diff --git a/ssh-add.0 b/ssh-add.0
index 0c4358253..36a7ac6ab 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -1,10 +1,11 @@
1SSH-ADD(1) General Commands Manual SSH-ADD(1) 1SSH-ADD(1) General Commands Manual SSH-ADD(1)
2 2
3NAME 3NAME
4 ssh-add M-bM-^@M-^S adds private key identities to the authentication agent 4 ssh-add M-bM-^@M-^S adds private key identities to the OpenSSH authentication agent
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-add [-cDdkLlqvXx] [-E fingerprint_hash] [-t life] [file ...] 7 ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]
8 [file ...]
8 ssh-add -s pkcs11 9 ssh-add -s pkcs11
9 ssh-add -e pkcs11 10 ssh-add -e pkcs11
10 ssh-add -T pubkey ... 11 ssh-add -T pubkey ...
@@ -12,11 +13,11 @@ SYNOPSIS
12DESCRIPTION 13DESCRIPTION
13 ssh-add adds private key identities to the authentication agent, 14 ssh-add adds private key identities to the authentication agent,
14 ssh-agent(1). When run without arguments, it adds the files 15 ssh-agent(1). When run without arguments, it adds the files
15 ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519. 16 ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk,
16 After loading a private key, ssh-add will try to load corresponding 17 ~/.ssh/id_ed25519, and ~/.ssh/id_ed25519_sk. After loading a private
17 certificate information from the filename obtained by appending -cert.pub 18 key, ssh-add will try to load corresponding certificate information from
18 to the name of the private key file. Alternative file names can be given 19 the filename obtained by appending -cert.pub to the name of the private
19 on the command line. 20 key file. Alternative file names can be given on the command line.
20 21
21 If any file requires a passphrase, ssh-add asks for the passphrase from 22 If any file requires a passphrase, ssh-add asks for the passphrase from
22 the user. The passphrase is read from the user's tty. ssh-add retries 23 the user. The passphrase is read from the user's tty. ssh-add retries
@@ -52,6 +53,8 @@ DESCRIPTION
52 -e pkcs11 53 -e pkcs11
53 Remove keys provided by the PKCS#11 shared library pkcs11. 54 Remove keys provided by the PKCS#11 shared library pkcs11.
54 55
56 -K Load resident keys from a FIDO authenticator.
57
55 -k When loading keys into or deleting keys from the agent, process 58 -k When loading keys into or deleting keys from the agent, process
56 plain private keys only and skip certificates. 59 plain private keys only and skip certificates.
57 60
@@ -63,6 +66,11 @@ DESCRIPTION
63 66
64 -q Be quiet after a successful operation. 67 -q Be quiet after a successful operation.
65 68
69 -S provider
70 Specifies a path to a library that will be used when adding FIDO
71 authenticator-hosted keys, overriding the default of using the
72 internal USB HID support.
73
66 -s pkcs11 74 -s pkcs11
67 Add keys provided by the PKCS#11 shared library pkcs11. 75 Add keys provided by the PKCS#11 shared library pkcs11.
68 76
@@ -100,18 +108,21 @@ ENVIRONMENT
100 Identifies the path of a UNIX-domain socket used to communicate 108 Identifies the path of a UNIX-domain socket used to communicate
101 with the agent. 109 with the agent.
102 110
111 SSH_SK_PROVIDER
112 Specifies a path to a library that will be used when loading any
113 FIDO authenticator-hosted keys, overriding the default of using
114 the built-in USB HID support.
115
103FILES 116FILES
104 ~/.ssh/id_dsa 117 ~/.ssh/id_dsa
105 Contains the DSA authentication identity of the user.
106
107 ~/.ssh/id_ecdsa 118 ~/.ssh/id_ecdsa
108 Contains the ECDSA authentication identity of the user. 119 ~/.ssh/id_ecdsa_sk
109
110 ~/.ssh/id_ed25519 120 ~/.ssh/id_ed25519
111 Contains the Ed25519 authentication identity of the user. 121 ~/.ssh/id_ed25519_sk
112
113 ~/.ssh/id_rsa 122 ~/.ssh/id_rsa
114 Contains the RSA authentication identity of the user. 123 Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
124 authenticator-hosted Ed25519 or RSA authentication identity of
125 the user.
115 126
116 Identity files should not be readable by anyone but the user. Note that 127 Identity files should not be readable by anyone but the user. Note that
117 ssh-add ignores identity files if they are accessible by others. 128 ssh-add ignores identity files if they are accessible by others.
@@ -130,4 +141,4 @@ AUTHORS
130 created OpenSSH. Markus Friedl contributed the support for SSH protocol 141 created OpenSSH. Markus Friedl contributed the support for SSH protocol
131 versions 1.5 and 2.0. 142 versions 1.5 and 2.0.
132 143
133OpenBSD 6.6 January 21, 2019 OpenBSD 6.6 144OpenBSD 6.6 February 7, 2020 OpenBSD 6.6
diff --git a/ssh-add.1 b/ssh-add.1
index d4e1c603b..58d42138e 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,16 +35,17 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: January 21 2019 $ 38.Dd $Mdocdate: February 7 2020 $
39.Dt SSH-ADD 1 39.Dt SSH-ADD 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
42.Nm ssh-add 42.Nm ssh-add
43.Nd adds private key identities to the authentication agent 43.Nd adds private key identities to the OpenSSH authentication agent
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh-add 45.Nm ssh-add
46.Op Fl cDdkLlqvXx 46.Op Fl cDdKkLlqvXx
47.Op Fl E Ar fingerprint_hash 47.Op Fl E Ar fingerprint_hash
48.Op Fl S Ar provider
48.Op Fl t Ar life 49.Op Fl t Ar life
49.Op Ar 50.Op Ar
50.Nm ssh-add 51.Nm ssh-add
@@ -62,8 +63,10 @@ When run without arguments, it adds the files
62.Pa ~/.ssh/id_rsa , 63.Pa ~/.ssh/id_rsa ,
63.Pa ~/.ssh/id_dsa , 64.Pa ~/.ssh/id_dsa ,
64.Pa ~/.ssh/id_ecdsa , 65.Pa ~/.ssh/id_ecdsa ,
66.Pa ~/.ssh/id_ecdsa_sk ,
67.Pa ~/.ssh/id_ed25519 ,
65and 68and
66.Pa ~/.ssh/id_ed25519 . 69.Pa ~/.ssh/id_ed25519_sk .
67After loading a private key, 70After loading a private key,
68.Nm 71.Nm
69will try to load corresponding certificate information from the 72will try to load corresponding certificate information from the
@@ -121,6 +124,8 @@ The default is
121.It Fl e Ar pkcs11 124.It Fl e Ar pkcs11
122Remove keys provided by the PKCS#11 shared library 125Remove keys provided by the PKCS#11 shared library
123.Ar pkcs11 . 126.Ar pkcs11 .
127.It Fl K
128Load resident keys from a FIDO authenticator.
124.It Fl k 129.It Fl k
125When loading keys into or deleting keys from the agent, process plain private 130When loading keys into or deleting keys from the agent, process plain private
126keys only and skip certificates. 131keys only and skip certificates.
@@ -131,6 +136,10 @@ by the agent.
131Lists fingerprints of all identities currently represented by the agent. 136Lists fingerprints of all identities currently represented by the agent.
132.It Fl q 137.It Fl q
133Be quiet after a successful operation. 138Be quiet after a successful operation.
139.It Fl S Ar provider
140Specifies a path to a library that will be used when adding
141FIDO authenticator-hosted keys, overriding the default of using the
142internal USB HID support.
134.It Fl s Ar pkcs11 143.It Fl s Ar pkcs11
135Add keys provided by the PKCS#11 shared library 144Add keys provided by the PKCS#11 shared library
136.Ar pkcs11 . 145.Ar pkcs11 .
@@ -189,17 +198,21 @@ to make this work.)
189Identifies the path of a 198Identifies the path of a
190.Ux Ns -domain 199.Ux Ns -domain
191socket used to communicate with the agent. 200socket used to communicate with the agent.
201.It Ev SSH_SK_PROVIDER
202Specifies a path to a library that will be used when loading any
203FIDO authenticator-hosted keys, overriding the default of using
204the built-in USB HID support.
192.El 205.El
193.Sh FILES 206.Sh FILES
194.Bl -tag -width Ds 207.Bl -tag -width Ds -compact
195.It Pa ~/.ssh/id_dsa 208.It Pa ~/.ssh/id_dsa
196Contains the DSA authentication identity of the user.
197.It Pa ~/.ssh/id_ecdsa 209.It Pa ~/.ssh/id_ecdsa
198Contains the ECDSA authentication identity of the user. 210.It Pa ~/.ssh/id_ecdsa_sk
199.It Pa ~/.ssh/id_ed25519 211.It Pa ~/.ssh/id_ed25519
200Contains the Ed25519 authentication identity of the user. 212.It Pa ~/.ssh/id_ed25519_sk
201.It Pa ~/.ssh/id_rsa 213.It Pa ~/.ssh/id_rsa
202Contains the RSA authentication identity of the user. 214Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
215authenticator-hosted Ed25519 or RSA authentication identity of the user.
203.El 216.El
204.Pp 217.Pp
205Identity files should not be readable by anyone but the user. 218Identity files should not be readable by anyone but the user.
diff --git a/ssh-add.c b/ssh-add.c
index ebfb8a32b..8057eb1fe 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.141 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -66,6 +66,7 @@
66#include "misc.h" 66#include "misc.h"
67#include "ssherr.h" 67#include "ssherr.h"
68#include "digest.h" 68#include "digest.h"
69#include "ssh-sk.h"
69 70
70/* argv0 */ 71/* argv0 */
71extern char *__progname; 72extern char *__progname;
@@ -77,9 +78,11 @@ static char *default_files[] = {
77 _PATH_SSH_CLIENT_ID_DSA, 78 _PATH_SSH_CLIENT_ID_DSA,
78#ifdef OPENSSL_HAS_ECC 79#ifdef OPENSSL_HAS_ECC
79 _PATH_SSH_CLIENT_ID_ECDSA, 80 _PATH_SSH_CLIENT_ID_ECDSA,
81 _PATH_SSH_CLIENT_ID_ECDSA_SK,
80#endif 82#endif
81#endif /* WITH_OPENSSL */ 83#endif /* WITH_OPENSSL */
82 _PATH_SSH_CLIENT_ID_ED25519, 84 _PATH_SSH_CLIENT_ID_ED25519,
85 _PATH_SSH_CLIENT_ID_ED25519_SK,
83 _PATH_SSH_CLIENT_ID_XMSS, 86 _PATH_SSH_CLIENT_ID_XMSS,
84 NULL 87 NULL
85}; 88};
@@ -191,7 +194,8 @@ delete_all(int agent_fd, int qflag)
191} 194}
192 195
193static int 196static int
194add_file(int agent_fd, const char *filename, int key_only, int qflag) 197add_file(int agent_fd, const char *filename, int key_only, int qflag,
198 const char *skprovider)
195{ 199{
196 struct sshkey *private, *cert; 200 struct sshkey *private, *cert;
197 char *comment = NULL; 201 char *comment = NULL;
@@ -220,9 +224,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag)
220 return -1; 224 return -1;
221 } 225 }
222 } 226 }
223 if ((keyblob = sshbuf_new()) == NULL) 227 if ((r = sshbuf_load_fd(fd, &keyblob)) != 0) {
224 fatal("%s: sshbuf_new failed", __func__);
225 if ((r = sshkey_load_file(fd, keyblob)) != 0) {
226 fprintf(stderr, "Error loading key \"%s\": %s\n", 228 fprintf(stderr, "Error loading key \"%s\": %s\n",
227 filename, ssh_err(r)); 229 filename, ssh_err(r));
228 sshbuf_free(keyblob); 230 sshbuf_free(keyblob);
@@ -310,8 +312,16 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag)
310 ssh_free_identitylist(idlist); 312 ssh_free_identitylist(idlist);
311 } 313 }
312 314
315 if (!sshkey_is_sk(private))
316 skprovider = NULL; /* Don't send constraint for other keys */
317 else if (skprovider == NULL) {
318 fprintf(stderr, "Cannot load authenticator-hosted key %s "
319 "without provider\n", filename);
320 goto out;
321 }
322
313 if ((r = ssh_add_identity_constrained(agent_fd, private, comment, 323 if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
314 lifetime, confirm, maxsign)) == 0) { 324 lifetime, confirm, maxsign, skprovider)) == 0) {
315 ret = 0; 325 ret = 0;
316 if (!qflag) { 326 if (!qflag) {
317 fprintf(stderr, "Identity added: %s (%s)\n", 327 fprintf(stderr, "Identity added: %s (%s)\n",
@@ -364,7 +374,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag)
364 sshkey_free(cert); 374 sshkey_free(cert);
365 375
366 if ((r = ssh_add_identity_constrained(agent_fd, private, comment, 376 if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
367 lifetime, confirm, maxsign)) != 0) { 377 lifetime, confirm, maxsign, skprovider)) != 0) {
368 error("Certificate %s (%s) add failed: %s", certpath, 378 error("Certificate %s (%s) add failed: %s", certpath,
369 private->cert->key_id, ssh_err(r)); 379 private->cert->key_id, ssh_err(r));
370 goto out; 380 goto out;
@@ -440,7 +450,7 @@ test_key(int agent_fd, const char *filename)
440 goto done; 450 goto done;
441 } 451 }
442 if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), 452 if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
443 NULL, 0)) != 0) { 453 NULL, 0, NULL)) != 0) {
444 error("Signature verification failed for %s: %s", 454 error("Signature verification failed for %s: %s",
445 filename, ssh_err(r)); 455 filename, ssh_err(r));
446 goto done; 456 goto done;
@@ -529,13 +539,63 @@ lock_agent(int agent_fd, int lock)
529} 539}
530 540
531static int 541static int
532do_file(int agent_fd, int deleting, int key_only, char *file, int qflag) 542load_resident_keys(int agent_fd, const char *skprovider, int qflag)
543{
544 struct sshkey **keys;
545 size_t nkeys, i;
546 int r, ok = 0;
547 char *fp;
548
549 pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
550 if ((r = sshsk_load_resident(skprovider, NULL, pass,
551 &keys, &nkeys)) != 0) {
552 error("Unable to load resident keys: %s", ssh_err(r));
553 return r;
554 }
555 for (i = 0; i < nkeys; i++) {
556 if ((fp = sshkey_fingerprint(keys[i],
557 fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
558 fatal("%s: sshkey_fingerprint failed", __func__);
559 if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "",
560 lifetime, confirm, maxsign, skprovider)) != 0) {
561 error("Unable to add key %s %s",
562 sshkey_type(keys[i]), fp);
563 free(fp);
564 ok = r;
565 continue;
566 }
567 if (ok == 0)
568 ok = 1;
569 if (!qflag) {
570 fprintf(stderr, "Resident identity added: %s %s\n",
571 sshkey_type(keys[i]), fp);
572 if (lifetime != 0) {
573 fprintf(stderr,
574 "Lifetime set to %d seconds\n", lifetime);
575 }
576 if (confirm != 0) {
577 fprintf(stderr, "The user must confirm "
578 "each use of the key\n");
579 }
580 }
581 free(fp);
582 sshkey_free(keys[i]);
583 }
584 free(keys);
585 if (nkeys == 0)
586 return SSH_ERR_KEY_NOT_FOUND;
587 return ok == 1 ? 0 : ok;
588}
589
590static int
591do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
592 const char *skprovider)
533{ 593{
534 if (deleting) { 594 if (deleting) {
535 if (delete_file(agent_fd, file, key_only, qflag) == -1) 595 if (delete_file(agent_fd, file, key_only, qflag) == -1)
536 return -1; 596 return -1;
537 } else { 597 } else {
538 if (add_file(agent_fd, file, key_only, qflag) == -1) 598 if (add_file(agent_fd, file, key_only, qflag, skprovider) == -1)
539 return -1; 599 return -1;
540 } 600 }
541 return 0; 601 return 0;
@@ -544,25 +604,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag)
544static void 604static void
545usage(void) 605usage(void)
546{ 606{
547 fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); 607 fprintf(stderr,
548 fprintf(stderr, "Options:\n"); 608"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
549 fprintf(stderr, " -l List fingerprints of all identities.\n"); 609#ifdef WITH_XMSS
550 fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); 610" [-M maxsign] [-m minleft]\n"
551 fprintf(stderr, " -L List public key parameters of all identities.\n"); 611#endif
552 fprintf(stderr, " -k Load only keys and not certificates.\n"); 612" [file ...]\n"
553 fprintf(stderr, " -c Require confirmation to sign using identities\n"); 613" ssh-add -s pkcs11\n"
554 fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); 614" ssh-add -e pkcs11\n"
555 fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); 615" ssh-add -T pubkey ...\n"
556 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); 616 );
557 fprintf(stderr, " -d Delete identity.\n");
558 fprintf(stderr, " -D Delete all identities.\n");
559 fprintf(stderr, " -x Lock agent.\n");
560 fprintf(stderr, " -X Unlock agent.\n");
561 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
562 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
563 fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
564 fprintf(stderr, " -q Be quiet after a successful operation.\n");
565 fprintf(stderr, " -v Be more verbose.\n");
566} 617}
567 618
568int 619int
@@ -571,8 +622,8 @@ main(int argc, char **argv)
571 extern char *optarg; 622 extern char *optarg;
572 extern int optind; 623 extern int optind;
573 int agent_fd; 624 int agent_fd;
574 char *pkcs11provider = NULL; 625 char *pkcs11provider = NULL, *skprovider = NULL;
575 int r, i, ch, deleting = 0, ret = 0, key_only = 0; 626 int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;
576 int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; 627 int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
577 SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; 628 SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
578 LogLevel log_level = SYSLOG_LEVEL_INFO; 629 LogLevel log_level = SYSLOG_LEVEL_INFO;
@@ -600,7 +651,9 @@ main(int argc, char **argv)
600 exit(2); 651 exit(2);
601 } 652 }
602 653
603 while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) { 654 skprovider = getenv("SSH_SK_PROVIDER");
655
656 while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
604 switch (ch) { 657 switch (ch) {
605 case 'v': 658 case 'v':
606 if (log_level == SYSLOG_LEVEL_INFO) 659 if (log_level == SYSLOG_LEVEL_INFO)
@@ -616,6 +669,9 @@ main(int argc, char **argv)
616 case 'k': 669 case 'k':
617 key_only = 1; 670 key_only = 1;
618 break; 671 break;
672 case 'K':
673 do_download = 1;
674 break;
619 case 'l': 675 case 'l':
620 case 'L': 676 case 'L':
621 if (lflag != 0) 677 if (lflag != 0)
@@ -656,6 +712,9 @@ main(int argc, char **argv)
656 case 's': 712 case 's':
657 pkcs11provider = optarg; 713 pkcs11provider = optarg;
658 break; 714 break;
715 case 'S':
716 skprovider = optarg;
717 break;
659 case 'e': 718 case 'e':
660 deleting = 1; 719 deleting = 1;
661 pkcs11provider = optarg; 720 pkcs11provider = optarg;
@@ -697,6 +756,11 @@ main(int argc, char **argv)
697 goto done; 756 goto done;
698 } 757 }
699 758
759#ifdef ENABLE_SK_INTERNAL
760 if (skprovider == NULL)
761 skprovider = "internal";
762#endif
763
700 argc -= optind; 764 argc -= optind;
701 argv += optind; 765 argv += optind;
702 if (Tflag) { 766 if (Tflag) {
@@ -713,6 +777,13 @@ main(int argc, char **argv)
713 ret = 1; 777 ret = 1;
714 goto done; 778 goto done;
715 } 779 }
780 if (do_download) {
781 if (skprovider == NULL)
782 fatal("Cannot download keys without provider");
783 if (load_resident_keys(agent_fd, skprovider, qflag) != 0)
784 ret = 1;
785 goto done;
786 }
716 if (argc == 0) { 787 if (argc == 0) {
717 char buf[PATH_MAX]; 788 char buf[PATH_MAX];
718 struct passwd *pw; 789 struct passwd *pw;
@@ -732,7 +803,7 @@ main(int argc, char **argv)
732 if (stat(buf, &st) == -1) 803 if (stat(buf, &st) == -1)
733 continue; 804 continue;
734 if (do_file(agent_fd, deleting, key_only, buf, 805 if (do_file(agent_fd, deleting, key_only, buf,
735 qflag) == -1) 806 qflag, skprovider) == -1)
736 ret = 1; 807 ret = 1;
737 else 808 else
738 count++; 809 count++;
@@ -742,13 +813,12 @@ main(int argc, char **argv)
742 } else { 813 } else {
743 for (i = 0; i < argc; i++) { 814 for (i = 0; i < argc; i++) {
744 if (do_file(agent_fd, deleting, key_only, 815 if (do_file(agent_fd, deleting, key_only,
745 argv[i], qflag) == -1) 816 argv[i], qflag, skprovider) == -1)
746 ret = 1; 817 ret = 1;
747 } 818 }
748 } 819 }
749 clear_pass();
750
751done: 820done:
821 clear_pass();
752 ssh_close_authentication_socket(agent_fd); 822 ssh_close_authentication_socket(agent_fd);
753 return ret; 823 return ret;
754} 824}
diff --git a/ssh-agent.0 b/ssh-agent.0
index 1ef2702f6..c5fe8b153 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -1,27 +1,18 @@
1SSH-AGENT(1) General Commands Manual SSH-AGENT(1) 1SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
2 2
3NAME 3NAME
4 ssh-agent M-bM-^@M-^S authentication agent 4 ssh-agent M-bM-^@M-^S OpenSSH authentication agent
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash] 7 ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
8 [-P pkcs11_whitelist] [-t life] [command [arg ...]] 8 [-P provider_whitelist] [-t life] [command [arg ...]]
9 ssh-agent [-c | -s] -k 9 ssh-agent [-c | -s] -k
10 10
11DESCRIPTION 11DESCRIPTION
12 ssh-agent is a program to hold private keys used for public key 12 ssh-agent is a program to hold private keys used for public key
13 authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started 13 authentication. Through use of environment variables the agent can be
14 in the beginning of an X-session or a login session, and all other 14 located and automatically used for authentication when logging in to
15 windows or programs are started as clients to the ssh-agent program. 15 other machines using ssh(1).
16 Through use of environment variables the agent can be located and
17 automatically used for authentication when logging in to other machines
18 using ssh(1).
19
20 The agent initially does not have any private keys. Keys are added using
21 ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1).
22 Multiple identities may be stored in ssh-agent concurrently and ssh(1)
23 will automatically use them if present. ssh-add(1) is also used to
24 remove keys from ssh-agent and to query the keys that are held in one.
25 16
26 The options are as follows: 17 The options are as follows:
27 18
@@ -46,13 +37,13 @@ DESCRIPTION
46 -k Kill the current agent (given by the SSH_AGENT_PID environment 37 -k Kill the current agent (given by the SSH_AGENT_PID environment
47 variable). 38 variable).
48 39
49 -P pkcs11_whitelist 40 -P provider_whitelist
50 Specify a pattern-list of acceptable paths for PKCS#11 shared 41 Specify a pattern-list of acceptable paths for PKCS#11 and FIDO
51 libraries that may be added using the -s option to ssh-add(1). 42 authenticator shared libraries that may be used with the -S or -s
52 The default is to allow loading PKCS#11 libraries from 43 options to ssh-add(1). Libraries that do not match the whitelist
53 M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not 44 will be refused. See PATTERNS in ssh_config(5) for a description
54 match the whitelist will be refused. See PATTERNS in 45 of pattern-list syntax. The default whitelist is
55 ssh_config(5) for a description of pattern-list syntax. 46 M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^].
56 47
57 -s Generate Bourne shell commands on stdout. This is the default if 48 -s Generate Bourne shell commands on stdout. This is the default if
58 SHELL does not look like it's a csh style of shell. 49 SHELL does not look like it's a csh style of shell.
@@ -64,41 +55,47 @@ DESCRIPTION
64 for an identity with ssh-add(1) overrides this value. Without 55 for an identity with ssh-add(1) overrides this value. Without
65 this option the default maximum lifetime is forever. 56 this option the default maximum lifetime is forever.
66 57
67 If a command line is given, this is executed as a subprocess of the 58 command [arg ...]
68 agent. When the command dies, so does the agent. 59 If a command (and optional arguments) is given, this is executed
60 as a subprocess of the agent. The agent exits automatically when
61 the command given on the command line terminates.
69 62
70 The idea is that the agent is run in the user's local PC, laptop, or 63 There are two main ways to get an agent set up. The first is at the
71 terminal. Authentication data need not be stored on any other machine, 64 start of an X session, where all other windows or programs are started as
72 and authentication passphrases never go over the network. However, the 65 children of the ssh-agent program. The agent starts a command under
73 connection to the agent is forwarded over SSH remote logins, and the user 66 which its environment variables are exported, for example ssh-agent xterm
74 can thus use the privileges given by the identities anywhere in the 67 &. When the command terminates, so does the agent.
75 network in a secure way.
76 68
77 There are two main ways to get an agent set up: The first is that the 69 The second method is used for a login session. When ssh-agent is
78 agent starts a new subcommand into which some environment variables are 70 started, it prints the shell commands required to set its environment
79 exported, eg ssh-agent xterm &. The second is that the agent prints the 71 variables, which in turn can be evaluated in the calling shell, for
80 needed shell commands (either sh(1) or csh(1) syntax can be generated) 72 example eval `ssh-agent -s`.
81 which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
82 Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
83 csh(1) and derivatives.
84 73
85 Later ssh(1) looks at these variables and uses them to establish a 74 In both cases, ssh(1) looks at these environment variables and uses them
86 connection to the agent. 75 to establish a connection to the agent.
87 76
88 The agent will never send a private key over its request channel. 77 The agent initially does not have any private keys. Keys are added using
89 Instead, operations that require a private key will be performed by the 78 ssh-add(1) or by ssh(1) when AddKeysToAgent is set in ssh_config(5).
90 agent, and the result will be returned to the requester. This way, 79 Multiple identities may be stored in ssh-agent concurrently and ssh(1)
91 private keys are not exposed to clients using the agent. 80 will automatically use them if present. ssh-add(1) is also used to
81 remove keys from ssh-agent and to query the keys that are held in one.
92 82
93 A UNIX-domain socket is created and the name of this socket is stored in 83 Connections to ssh-agent may be forwarded from further remote hosts using
94 the SSH_AUTH_SOCK environment variable. The socket is made accessible 84 the -A option to ssh(1) (but see the caveats documented therein),
95 only to the current user. This method is easily abused by root or 85 avoiding the need for authentication data to be stored on other machines.
96 another instance of the same user. 86 Authentication passphrases and private keys never go over the network:
87 the connection to the agent is forwarded over SSH remote connections and
88 the result is returned to the requester, allowing the user access to
89 their identities anywhere in the network in a secure fashion.
97 90
98 The SSH_AGENT_PID environment variable holds the agent's process ID. 91ENVIRONMENT
92 SSH_AGENT_PID When ssh-agent starts, it stores the name of the agent's
93 process ID (PID) in this variable.
99 94
100 The agent exits automatically when the command given on the command line 95 SSH_AUTH_SOCK When ssh-agent starts, it creates a UNIX-domain socket and
101 terminates. 96 stores its pathname in this variable. It is accessible
97 only to the current user, but is easily abused by root or
98 another instance of the same user.
102 99
103FILES 100FILES
104 $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> 101 $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
@@ -108,7 +105,7 @@ FILES
108 agent exits. 105 agent exits.
109 106
110SEE ALSO 107SEE ALSO
111 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 108 ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sshd(8)
112 109
113AUTHORS 110AUTHORS
114 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 111 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
@@ -117,4 +114,4 @@ AUTHORS
117 created OpenSSH. Markus Friedl contributed the support for SSH protocol 114 created OpenSSH. Markus Friedl contributed the support for SSH protocol
118 versions 1.5 and 2.0. 115 versions 1.5 and 2.0.
119 116
120OpenBSD 6.6 November 30, 2016 OpenBSD 6.6 117OpenBSD 6.6 December 21, 2019 OpenBSD 6.6
diff --git a/ssh-agent.1 b/ssh-agent.1
index 7230704a3..99e4f6d2e 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,19 +34,19 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.Dd $Mdocdate: November 30 2016 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSH-AGENT 1 38.Dt SSH-AGENT 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm ssh-agent 41.Nm ssh-agent
42.Nd authentication agent 42.Nd OpenSSH authentication agent
43.Sh SYNOPSIS 43.Sh SYNOPSIS
44.Nm ssh-agent 44.Nm ssh-agent
45.Op Fl c | s 45.Op Fl c | s
46.Op Fl \&Dd 46.Op Fl \&Dd
47.Op Fl a Ar bind_address 47.Op Fl a Ar bind_address
48.Op Fl E Ar fingerprint_hash 48.Op Fl E Ar fingerprint_hash
49.Op Fl P Ar pkcs11_whitelist 49.Op Fl P Ar provider_whitelist
50.Op Fl t Ar life 50.Op Fl t Ar life
51.Op Ar command Op Ar arg ... 51.Op Ar command Op Ar arg ...
52.Nm ssh-agent 52.Nm ssh-agent
@@ -54,37 +54,12 @@
54.Fl k 54.Fl k
55.Sh DESCRIPTION 55.Sh DESCRIPTION
56.Nm 56.Nm
57is a program to hold private keys used for public key authentication 57is a program to hold private keys used for public key authentication.
58(RSA, DSA, ECDSA, Ed25519).
59.Nm
60is usually started in the beginning of an X-session or a login session, and
61all other windows or programs are started as clients to the ssh-agent
62program.
63Through use of environment variables the agent can be located 58Through use of environment variables the agent can be located
64and automatically used for authentication when logging in to other 59and automatically used for authentication when logging in to other
65machines using 60machines using
66.Xr ssh 1 . 61.Xr ssh 1 .
67.Pp 62.Pp
68The agent initially does not have any private keys.
69Keys are added using
70.Xr ssh 1
71(see
72.Cm AddKeysToAgent
73in
74.Xr ssh_config 5
75for details)
76or
77.Xr ssh-add 1 .
78Multiple identities may be stored in
79.Nm
80concurrently and
81.Xr ssh 1
82will automatically use them if present.
83.Xr ssh-add 1
84is also used to remove keys from
85.Nm
86and to query the keys that are held in one.
87.Pp
88The options are as follows: 63The options are as follows:
89.Bl -tag -width Ds 64.Bl -tag -width Ds
90.It Fl a Ar bind_address 65.It Fl a Ar bind_address
@@ -122,18 +97,20 @@ The default is
122Kill the current agent (given by the 97Kill the current agent (given by the
123.Ev SSH_AGENT_PID 98.Ev SSH_AGENT_PID
124environment variable). 99environment variable).
125.It Fl P Ar pkcs11_whitelist 100.It Fl P Ar provider_whitelist
126Specify a pattern-list of acceptable paths for PKCS#11 shared libraries 101Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
127that may be added using the 102shared libraries that may be used with the
103.Fl S
104or
128.Fl s 105.Fl s
129option to 106options to
130.Xr ssh-add 1 . 107.Xr ssh-add 1 .
131The default is to allow loading PKCS#11 libraries from 108Libraries that do not match the whitelist will be refused.
132.Dq /usr/lib/*,/usr/local/lib/* .
133PKCS#11 libraries that do not match the whitelist will be refused.
134See PATTERNS in 109See PATTERNS in
135.Xr ssh_config 5 110.Xr ssh_config 5
136for a description of pattern-list syntax. 111for a description of pattern-list syntax.
112The default whitelist is
113.Dq /usr/lib/*,/usr/local/lib/* .
137.It Fl s 114.It Fl s
138Generate Bourne shell commands on 115Generate Bourne shell commands on
139.Dv stdout . 116.Dv stdout .
@@ -148,64 +125,82 @@ A lifetime specified for an identity with
148.Xr ssh-add 1 125.Xr ssh-add 1
149overrides this value. 126overrides this value.
150Without this option the default maximum lifetime is forever. 127Without this option the default maximum lifetime is forever.
128.It Ar command Op Ar arg ...
129If a command (and optional arguments) is given,
130this is executed as a subprocess of the agent.
131The agent exits automatically when the command given on the command
132line terminates.
151.El 133.El
152.Pp 134.Pp
153If a command line is given, this is executed as a subprocess of the agent. 135There are two main ways to get an agent set up.
154When the command dies, so does the agent. 136The first is at the start of an X session,
155.Pp 137where all other windows or programs are started as children of the
156The idea is that the agent is run in the user's local PC, laptop, or 138.Nm
157terminal. 139program.
158Authentication data need not be stored on any other 140The agent starts a command under which its environment
159machine, and authentication passphrases never go over the network. 141variables are exported, for example
160However, the connection to the agent is forwarded over SSH
161remote logins, and the user can thus use the privileges given by the
162identities anywhere in the network in a secure way.
163.Pp
164There are two main ways to get an agent set up:
165The first is that the agent starts a new subcommand into which some environment
166variables are exported, eg
167.Cm ssh-agent xterm & . 142.Cm ssh-agent xterm & .
168The second is that the agent prints the needed shell commands (either 143When the command terminates, so does the agent.
169.Xr sh 1 144.Pp
170or 145The second method is used for a login session.
171.Xr csh 1 146When
172syntax can be generated) which can be evaluated in the calling shell, eg 147.Nm
173.Cm eval `ssh-agent -s` 148is started,
174for Bourne-type shells such as 149it prints the shell commands required to set its environment variables,
175.Xr sh 1 150which in turn can be evaluated in the calling shell, for example
176or 151.Cm eval `ssh-agent -s` .
177.Xr ksh 1
178and
179.Cm eval `ssh-agent -c`
180for
181.Xr csh 1
182and derivatives.
183.Pp 152.Pp
184Later 153In both cases,
185.Xr ssh 1 154.Xr ssh 1
186looks at these variables and uses them to establish a connection to the agent. 155looks at these environment variables and uses them to establish a connection to the agent.
187.Pp 156.Pp
188The agent will never send a private key over its request channel. 157The agent initially does not have any private keys.
189Instead, operations that require a private key will be performed 158Keys are added using
190by the agent, and the result will be returned to the requester. 159.Xr ssh-add 1
191This way, private keys are not exposed to clients using the agent. 160or by
161.Xr ssh 1
162when
163.Cm AddKeysToAgent
164is set in
165.Xr ssh_config 5 .
166Multiple identities may be stored in
167.Nm
168concurrently and
169.Xr ssh 1
170will automatically use them if present.
171.Xr ssh-add 1
172is also used to remove keys from
173.Nm
174and to query the keys that are held in one.
192.Pp 175.Pp
193A 176Connections to
177.Nm
178may be forwarded from further remote hosts using the
179.Fl A
180option to
181.Xr ssh 1
182(but see the caveats documented therein),
183avoiding the need for authentication data to be stored on other machines.
184Authentication passphrases and private keys never go over the network:
185the connection to the agent is forwarded over SSH remote connections
186and the result is returned to the requester,
187allowing the user access to their identities anywhere in the network
188in a secure fashion.
189.Sh ENVIRONMENT
190.Bl -tag -width "SSH_AGENT_PID"
191.It Ev SSH_AGENT_PID
192When
193.Nm
194starts, it stores the name of the agent's process ID (PID) in this variable.
195.It Ev SSH_AUTH_SOCK
196When
197.Nm
198starts, it creates a
194.Ux Ns -domain 199.Ux Ns -domain
195socket is created and the name of this socket is stored in the 200socket and stores its pathname in this variable.
196.Ev SSH_AUTH_SOCK 201It is accessible only to the current user,
197environment 202but is easily abused by root or another instance of the same user.
198variable. 203.El
199The socket is made accessible only to the current user.
200This method is easily abused by root or another instance of the same
201user.
202.Pp
203The
204.Ev SSH_AGENT_PID
205environment variable holds the agent's process ID.
206.Pp
207The agent exits automatically when the command given on the command
208line terminates.
209.Pp 204.Pp
210In Debian, 205In Debian,
211.Nm 206.Nm
@@ -233,6 +228,7 @@ The sockets should get automatically removed when the agent exits.
233.Xr ssh 1 , 228.Xr ssh 1 ,
234.Xr ssh-add 1 , 229.Xr ssh-add 1 ,
235.Xr ssh-keygen 1 , 230.Xr ssh-keygen 1 ,
231.Xr ssh_config 5 ,
236.Xr sshd 8 232.Xr sshd 8
237.Sh AUTHORS 233.Sh AUTHORS
238.An -nosplit 234.An -nosplit
diff --git a/ssh-agent.c b/ssh-agent.c
index 9c6680a25..7eb6f0dc5 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,6 +41,7 @@
41#include <sys/resource.h> 41#include <sys/resource.h>
42#include <sys/stat.h> 42#include <sys/stat.h>
43#include <sys/socket.h> 43#include <sys/socket.h>
44#include <sys/wait.h>
44#ifdef HAVE_SYS_TIME_H 45#ifdef HAVE_SYS_TIME_H
45# include <sys/time.h> 46# include <sys/time.h>
46#endif 47#endif
@@ -85,13 +86,14 @@
85#include "digest.h" 86#include "digest.h"
86#include "ssherr.h" 87#include "ssherr.h"
87#include "match.h" 88#include "match.h"
88 89#include "msg.h"
89#ifdef ENABLE_PKCS11 90#include "ssherr.h"
91#include "pathnames.h"
90#include "ssh-pkcs11.h" 92#include "ssh-pkcs11.h"
91#endif 93#include "sk-api.h"
92 94
93#ifndef DEFAULT_PKCS11_WHITELIST 95#ifndef DEFAULT_PROVIDER_WHITELIST
94# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" 96# define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
95#endif 97#endif
96 98
97/* Maximum accepted message length */ 99/* Maximum accepted message length */
@@ -123,6 +125,7 @@ typedef struct identity {
123 char *provider; 125 char *provider;
124 time_t death; 126 time_t death;
125 u_int confirm; 127 u_int confirm;
128 char *sk_provider;
126} Identity; 129} Identity;
127 130
128struct idtable { 131struct idtable {
@@ -146,8 +149,8 @@ pid_t cleanup_pid = 0;
146char socket_name[PATH_MAX]; 149char socket_name[PATH_MAX];
147char socket_dir[PATH_MAX]; 150char socket_dir[PATH_MAX];
148 151
149/* PKCS#11 path whitelist */ 152/* PKCS#11/Security key path whitelist */
150static char *pkcs11_whitelist; 153static char *provider_whitelist;
151 154
152/* locking */ 155/* locking */
153#define LOCK_SIZE 32 156#define LOCK_SIZE 32
@@ -189,6 +192,7 @@ free_identity(Identity *id)
189 sshkey_free(id->key); 192 sshkey_free(id->key);
190 free(id->provider); 193 free(id->provider);
191 free(id->comment); 194 free(id->comment);
195 free(id->sk_provider);
192 free(id); 196 free(id);
193} 197}
194 198
@@ -287,9 +291,11 @@ process_sign_request2(SocketEntry *e)
287 size_t dlen, slen = 0; 291 size_t dlen, slen = 0;
288 u_int compat = 0, flags; 292 u_int compat = 0, flags;
289 int r, ok = -1; 293 int r, ok = -1;
294 char *fp = NULL;
290 struct sshbuf *msg; 295 struct sshbuf *msg;
291 struct sshkey *key = NULL; 296 struct sshkey *key = NULL;
292 struct identity *id; 297 struct identity *id;
298 struct notifier_ctx *notifier = NULL;
293 299
294 if ((msg = sshbuf_new()) == NULL) 300 if ((msg = sshbuf_new()) == NULL)
295 fatal("%s: sshbuf_new failed", __func__); 301 fatal("%s: sshbuf_new failed", __func__);
@@ -308,15 +314,27 @@ process_sign_request2(SocketEntry *e)
308 verbose("%s: user refused key", __func__); 314 verbose("%s: user refused key", __func__);
309 goto send; 315 goto send;
310 } 316 }
317 if (sshkey_is_sk(id->key) &&
318 (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
319 if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
320 SSH_FP_DEFAULT)) == NULL)
321 fatal("%s: fingerprint failed", __func__);
322 notifier = notify_start(0,
323 "Confirm user presence for key %s %s",
324 sshkey_type(id->key), fp);
325 }
311 if ((r = sshkey_sign(id->key, &signature, &slen, 326 if ((r = sshkey_sign(id->key, &signature, &slen,
312 data, dlen, agent_decode_alg(key, flags), compat)) != 0) { 327 data, dlen, agent_decode_alg(key, flags),
328 id->sk_provider, compat)) != 0) {
313 error("%s: sshkey_sign: %s", __func__, ssh_err(r)); 329 error("%s: sshkey_sign: %s", __func__, ssh_err(r));
314 goto send; 330 goto send;
315 } 331 }
316 /* Success */ 332 /* Success */
317 ok = 0; 333 ok = 0;
318 send: 334 send:
335 notify_complete(notifier);
319 sshkey_free(key); 336 sshkey_free(key);
337 free(fp);
320 if (ok == 0) { 338 if (ok == 0) {
321 if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || 339 if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
322 (r = sshbuf_put_string(msg, signature, slen)) != 0) 340 (r = sshbuf_put_string(msg, signature, slen)) != 0)
@@ -411,7 +429,8 @@ process_add_identity(SocketEntry *e)
411 Identity *id; 429 Identity *id;
412 int success = 0, confirm = 0; 430 int success = 0, confirm = 0;
413 u_int seconds, maxsign; 431 u_int seconds, maxsign;
414 char *comment = NULL; 432 char *fp, *comment = NULL, *ext_name = NULL, *sk_provider = NULL;
433 char canonical_provider[PATH_MAX];
415 time_t death = 0; 434 time_t death = 0;
416 struct sshkey *k = NULL; 435 struct sshkey *k = NULL;
417 u_char ctype; 436 u_char ctype;
@@ -423,10 +442,6 @@ process_add_identity(SocketEntry *e)
423 error("%s: decode private key: %s", __func__, ssh_err(r)); 442 error("%s: decode private key: %s", __func__, ssh_err(r));
424 goto err; 443 goto err;
425 } 444 }
426 if ((r = sshkey_shield_private(k)) != 0) {
427 error("%s: shield private key: %s", __func__, ssh_err(r));
428 goto err;
429 }
430 while (sshbuf_len(e->request)) { 445 while (sshbuf_len(e->request)) {
431 if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { 446 if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
432 error("%s: buffer error: %s", __func__, ssh_err(r)); 447 error("%s: buffer error: %s", __func__, ssh_err(r));
@@ -456,15 +471,75 @@ process_add_identity(SocketEntry *e)
456 goto err; 471 goto err;
457 } 472 }
458 break; 473 break;
474 case SSH_AGENT_CONSTRAIN_EXTENSION:
475 if ((r = sshbuf_get_cstring(e->request,
476 &ext_name, NULL)) != 0) {
477 error("%s: cannot parse extension: %s",
478 __func__, ssh_err(r));
479 goto err;
480 }
481 debug("%s: constraint ext %s", __func__, ext_name);
482 if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
483 if (sk_provider != NULL) {
484 error("%s already set", ext_name);
485 goto err;
486 }
487 if ((r = sshbuf_get_cstring(e->request,
488 &sk_provider, NULL)) != 0) {
489 error("%s: cannot parse %s: %s",
490 __func__, ext_name, ssh_err(r));
491 goto err;
492 }
493 } else {
494 error("%s: unsupported constraint \"%s\"",
495 __func__, ext_name);
496 goto err;
497 }
498 free(ext_name);
499 break;
459 default: 500 default:
460 error("%s: Unknown constraint %d", __func__, ctype); 501 error("%s: Unknown constraint %d", __func__, ctype);
461 err: 502 err:
503 free(sk_provider);
504 free(ext_name);
462 sshbuf_reset(e->request); 505 sshbuf_reset(e->request);
463 free(comment); 506 free(comment);
464 sshkey_free(k); 507 sshkey_free(k);
465 goto send; 508 goto send;
466 } 509 }
467 } 510 }
511 if (sk_provider != NULL) {
512 if (!sshkey_is_sk(k)) {
513 error("Cannot add provider: %s is not an "
514 "authenticator-hosted key", sshkey_type(k));
515 free(sk_provider);
516 goto send;
517 }
518 if (strcasecmp(sk_provider, "internal") == 0) {
519 debug("%s: internal provider", __func__);
520 } else {
521 if (realpath(sk_provider, canonical_provider) == NULL) {
522 verbose("failed provider \"%.100s\": "
523 "realpath: %s", sk_provider,
524 strerror(errno));
525 free(sk_provider);
526 goto send;
527 }
528 free(sk_provider);
529 sk_provider = xstrdup(canonical_provider);
530 if (match_pattern_list(sk_provider,
531 provider_whitelist, 0) != 1) {
532 error("Refusing add key: "
533 "provider %s not whitelisted", sk_provider);
534 free(sk_provider);
535 goto send;
536 }
537 }
538 }
539 if ((r = sshkey_shield_private(k)) != 0) {
540 error("%s: shield private key: %s", __func__, ssh_err(r));
541 goto err;
542 }
468 543
469 success = 1; 544 success = 1;
470 if (lifetime && !death) 545 if (lifetime && !death)
@@ -478,11 +553,21 @@ process_add_identity(SocketEntry *e)
478 /* key state might have been updated */ 553 /* key state might have been updated */
479 sshkey_free(id->key); 554 sshkey_free(id->key);
480 free(id->comment); 555 free(id->comment);
556 free(id->sk_provider);
481 } 557 }
482 id->key = k; 558 id->key = k;
483 id->comment = comment; 559 id->comment = comment;
484 id->death = death; 560 id->death = death;
485 id->confirm = confirm; 561 id->confirm = confirm;
562 id->sk_provider = sk_provider;
563
564 if ((fp = sshkey_fingerprint(k, SSH_FP_HASH_DEFAULT,
565 SSH_FP_DEFAULT)) == NULL)
566 fatal("%s: sshkey_fingerprint failed", __func__);
567 debug("%s: add %s %s \"%.100s\" (life: %u) (confirm: %u) "
568 "(provider: %s)", __func__, sshkey_ssh_name(k), fp, comment,
569 seconds, confirm, sk_provider == NULL ? "none" : sk_provider);
570 free(fp);
486send: 571send:
487 send_status(e, success); 572 send_status(e, success);
488} 573}
@@ -560,6 +645,7 @@ static void
560process_add_smartcard_key(SocketEntry *e) 645process_add_smartcard_key(SocketEntry *e)
561{ 646{
562 char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; 647 char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
648 char **comments = NULL;
563 int r, i, count = 0, success = 0, confirm = 0; 649 int r, i, count = 0, success = 0, confirm = 0;
564 u_int seconds; 650 u_int seconds;
565 time_t death = 0; 651 time_t death = 0;
@@ -600,7 +686,7 @@ process_add_smartcard_key(SocketEntry *e)
600 provider, strerror(errno)); 686 provider, strerror(errno));
601 goto send; 687 goto send;
602 } 688 }
603 if (match_pattern_list(canonical_provider, pkcs11_whitelist, 0) != 1) { 689 if (match_pattern_list(canonical_provider, provider_whitelist, 0) != 1) {
604 verbose("refusing PKCS#11 add of \"%.100s\": " 690 verbose("refusing PKCS#11 add of \"%.100s\": "
605 "provider not whitelisted", canonical_provider); 691 "provider not whitelisted", canonical_provider);
606 goto send; 692 goto send;
@@ -609,28 +695,34 @@ process_add_smartcard_key(SocketEntry *e)
609 if (lifetime && !death) 695 if (lifetime && !death)
610 death = monotime() + lifetime; 696 death = monotime() + lifetime;
611 697
612 count = pkcs11_add_provider(canonical_provider, pin, &keys); 698 count = pkcs11_add_provider(canonical_provider, pin, &keys, &comments);
613 for (i = 0; i < count; i++) { 699 for (i = 0; i < count; i++) {
614 k = keys[i]; 700 k = keys[i];
615 if (lookup_identity(k) == NULL) { 701 if (lookup_identity(k) == NULL) {
616 id = xcalloc(1, sizeof(Identity)); 702 id = xcalloc(1, sizeof(Identity));
617 id->key = k; 703 id->key = k;
704 keys[i] = NULL; /* transferred */
618 id->provider = xstrdup(canonical_provider); 705 id->provider = xstrdup(canonical_provider);
619 id->comment = xstrdup(canonical_provider); /* XXX */ 706 if (*comments[i] != '\0') {
707 id->comment = comments[i];
708 comments[i] = NULL; /* transferred */
709 } else {
710 id->comment = xstrdup(canonical_provider);
711 }
620 id->death = death; 712 id->death = death;
621 id->confirm = confirm; 713 id->confirm = confirm;
622 TAILQ_INSERT_TAIL(&idtab->idlist, id, next); 714 TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
623 idtab->nentries++; 715 idtab->nentries++;
624 success = 1; 716 success = 1;
625 } else {
626 sshkey_free(k);
627 } 717 }
628 keys[i] = NULL; 718 sshkey_free(keys[i]);
719 free(comments[i]);
629 } 720 }
630send: 721send:
631 free(pin); 722 free(pin);
632 free(provider); 723 free(provider);
633 free(keys); 724 free(keys);
725 free(comments);
634 send_status(e, success); 726 send_status(e, success);
635} 727}
636 728
@@ -1079,7 +1171,7 @@ usage(void)
1079{ 1171{
1080 fprintf(stderr, 1172 fprintf(stderr,
1081 "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" 1173 "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
1082 " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" 1174 " [-P provider_whitelist] [-t life] [command [arg ...]]\n"
1083 " ssh-agent [-c | -s] -k\n"); 1175 " ssh-agent [-c | -s] -k\n");
1084 exit(1); 1176 exit(1);
1085} 1177}
@@ -1113,8 +1205,10 @@ main(int ac, char **av)
1113 1205
1114 platform_disable_tracing(0); /* strict=no */ 1206 platform_disable_tracing(0); /* strict=no */
1115 1207
1208#ifdef RLIMIT_NOFILE
1116 if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) 1209 if (getrlimit(RLIMIT_NOFILE, &rlim) == -1)
1117 fatal("%s: getrlimit: %s", __progname, strerror(errno)); 1210 fatal("%s: getrlimit: %s", __progname, strerror(errno));
1211#endif
1118 1212
1119 __progname = ssh_get_progname(av[0]); 1213 __progname = ssh_get_progname(av[0]);
1120 seed_rng(); 1214 seed_rng();
@@ -1135,9 +1229,9 @@ main(int ac, char **av)
1135 k_flag++; 1229 k_flag++;
1136 break; 1230 break;
1137 case 'P': 1231 case 'P':
1138 if (pkcs11_whitelist != NULL) 1232 if (provider_whitelist != NULL)
1139 fatal("-P option already specified"); 1233 fatal("-P option already specified");
1140 pkcs11_whitelist = xstrdup(optarg); 1234 provider_whitelist = xstrdup(optarg);
1141 break; 1235 break;
1142 case 's': 1236 case 's':
1143 if (c_flag) 1237 if (c_flag)
@@ -1173,8 +1267,8 @@ main(int ac, char **av)
1173 if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) 1267 if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag))
1174 usage(); 1268 usage();
1175 1269
1176 if (pkcs11_whitelist == NULL) 1270 if (provider_whitelist == NULL)
1177 pkcs11_whitelist = xstrdup(DEFAULT_PKCS11_WHITELIST); 1271 provider_whitelist = xstrdup(DEFAULT_PROVIDER_WHITELIST);
1178 1272
1179 if (ac == 0 && !c_flag && !s_flag) { 1273 if (ac == 0 && !c_flag && !s_flag) {
1180 shell = getenv("SHELL"); 1274 shell = getenv("SHELL");
@@ -1329,10 +1423,10 @@ skip:
1329 if (ac > 0) 1423 if (ac > 0)
1330 parent_alive_interval = 10; 1424 parent_alive_interval = 10;
1331 idtab_init(); 1425 idtab_init();
1332 signal(SIGPIPE, SIG_IGN); 1426 ssh_signal(SIGPIPE, SIG_IGN);
1333 signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); 1427 ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
1334 signal(SIGHUP, cleanup_handler); 1428 ssh_signal(SIGHUP, cleanup_handler);
1335 signal(SIGTERM, cleanup_handler); 1429 ssh_signal(SIGTERM, cleanup_handler);
1336 1430
1337 if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) 1431 if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
1338 fatal("%s: pledge: %s", __progname, strerror(errno)); 1432 fatal("%s: pledge: %s", __progname, strerror(errno));
diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c
new file mode 100644
index 000000000..981d60d74
--- /dev/null
+++ b/ssh-ecdsa-sk.c
@@ -0,0 +1,209 @@
1/* $OpenBSD: ssh-ecdsa-sk.c,v 1.5 2019/11/26 03:04:27 djm Exp $ */
2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved.
5 * Copyright (c) 2019 Google Inc. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28/* #define DEBUG_SK 1 */
29
30#include "includes.h"
31
32#include <sys/types.h>
33
34#ifdef WITH_OPENSSL
35#include <openssl/bn.h>
36#include <openssl/ec.h>
37#include <openssl/ecdsa.h>
38#include <openssl/evp.h>
39#endif
40
41#include <string.h>
42#include <stdio.h> /* needed for DEBUG_SK only */
43
44#include "openbsd-compat/openssl-compat.h"
45
46#include "sshbuf.h"
47#include "ssherr.h"
48#include "digest.h"
49#define SSHKEY_INTERNAL
50#include "sshkey.h"
51
52/* ARGSUSED */
53int
54ssh_ecdsa_sk_verify(const struct sshkey *key,
55 const u_char *signature, size_t signaturelen,
56 const u_char *data, size_t datalen, u_int compat,
57 struct sshkey_sig_details **detailsp)
58{
59#ifdef OPENSSL_HAS_ECC
60 ECDSA_SIG *sig = NULL;
61 BIGNUM *sig_r = NULL, *sig_s = NULL;
62 u_char sig_flags;
63 u_char msghash[32], apphash[32], sighash[32];
64 u_int sig_counter;
65 int ret = SSH_ERR_INTERNAL_ERROR;
66 struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL;
67 char *ktype = NULL;
68 struct sshkey_sig_details *details = NULL;
69#ifdef DEBUG_SK
70 char *tmp = NULL;
71#endif
72
73 if (detailsp != NULL)
74 *detailsp = NULL;
75 if (key == NULL || key->ecdsa == NULL ||
76 sshkey_type_plain(key->type) != KEY_ECDSA_SK ||
77 signature == NULL || signaturelen == 0)
78 return SSH_ERR_INVALID_ARGUMENT;
79
80 if (key->ecdsa_nid != NID_X9_62_prime256v1)
81 return SSH_ERR_INTERNAL_ERROR;
82
83 /* fetch signature */
84 if ((b = sshbuf_from(signature, signaturelen)) == NULL)
85 return SSH_ERR_ALLOC_FAIL;
86 if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
87 sshbuf_froms(b, &sigbuf) != 0 ||
88 sshbuf_get_u8(b, &sig_flags) != 0 ||
89 sshbuf_get_u32(b, &sig_counter) != 0) {
90 ret = SSH_ERR_INVALID_FORMAT;
91 goto out;
92 }
93 if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) {
94 ret = SSH_ERR_KEY_TYPE_MISMATCH;
95 goto out;
96 }
97 if (sshbuf_len(b) != 0) {
98 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
99 goto out;
100 }
101
102 /* parse signature */
103 if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
104 sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
105 ret = SSH_ERR_INVALID_FORMAT;
106 goto out;
107 }
108 if ((sig = ECDSA_SIG_new()) == NULL) {
109 ret = SSH_ERR_ALLOC_FAIL;
110 goto out;
111 }
112 if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
113 ret = SSH_ERR_LIBCRYPTO_ERROR;
114 goto out;
115 }
116#ifdef DEBUG_SK
117 fprintf(stderr, "%s: data: (len %zu)\n", __func__, datalen);
118 /* sshbuf_dump_data(data, datalen, stderr); */
119 fprintf(stderr, "%s: sig_r: %s\n", __func__, (tmp = BN_bn2hex(sig_r)));
120 free(tmp);
121 fprintf(stderr, "%s: sig_s: %s\n", __func__, (tmp = BN_bn2hex(sig_s)));
122 free(tmp);
123 fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
124 __func__, sig_flags, sig_counter);
125#endif
126 sig_r = sig_s = NULL; /* transferred */
127
128 if (sshbuf_len(sigbuf) != 0) {
129 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
130 goto out;
131 }
132
133 /* Reconstruct data that was supposedly signed */
134 if ((original_signed = sshbuf_new()) == NULL) {
135 ret = SSH_ERR_ALLOC_FAIL;
136 goto out;
137 }
138 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
139 msghash, sizeof(msghash))) != 0)
140 goto out;
141 /* Application value is hashed before signature */
142 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application,
143 strlen(key->sk_application), apphash, sizeof(apphash))) != 0)
144 goto out;
145#ifdef DEBUG_SK
146 fprintf(stderr, "%s: hashed application:\n", __func__);
147 sshbuf_dump_data(apphash, sizeof(apphash), stderr);
148 fprintf(stderr, "%s: hashed message:\n", __func__);
149 sshbuf_dump_data(msghash, sizeof(msghash), stderr);
150#endif
151 if ((ret = sshbuf_put(original_signed,
152 apphash, sizeof(apphash))) != 0 ||
153 (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
154 (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
155 (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
156 goto out;
157 /* Signature is over H(original_signed) */
158 if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed,
159 sighash, sizeof(sighash))) != 0)
160 goto out;
161 if ((details = calloc(1, sizeof(*details))) == NULL) {
162 ret = SSH_ERR_ALLOC_FAIL;
163 goto out;
164 }
165 details->sk_counter = sig_counter;
166 details->sk_flags = sig_flags;
167#ifdef DEBUG_SK
168 fprintf(stderr, "%s: signed buf:\n", __func__);
169 sshbuf_dump(original_signed, stderr);
170 fprintf(stderr, "%s: signed hash:\n", __func__);
171 sshbuf_dump_data(sighash, sizeof(sighash), stderr);
172#endif
173
174 /* Verify it */
175 switch (ECDSA_do_verify(sighash, sizeof(sighash), sig, key->ecdsa)) {
176 case 1:
177 ret = 0;
178 break;
179 case 0:
180 ret = SSH_ERR_SIGNATURE_INVALID;
181 goto out;
182 default:
183 ret = SSH_ERR_LIBCRYPTO_ERROR;
184 goto out;
185 }
186 /* success */
187 if (detailsp != NULL) {
188 *detailsp = details;
189 details = NULL;
190 }
191 out:
192 explicit_bzero(&sig_flags, sizeof(sig_flags));
193 explicit_bzero(&sig_counter, sizeof(sig_counter));
194 explicit_bzero(msghash, sizeof(msghash));
195 explicit_bzero(sighash, sizeof(msghash));
196 explicit_bzero(apphash, sizeof(apphash));
197 sshkey_sig_details_free(details);
198 sshbuf_free(original_signed);
199 sshbuf_free(sigbuf);
200 sshbuf_free(b);
201 ECDSA_SIG_free(sig);
202 BN_clear_free(sig_r);
203 BN_clear_free(sig_s);
204 free(ktype);
205 return ret;
206#else
207 return SSH_ERR_INTERNAL_ERROR;
208#endif
209}
diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c
new file mode 100644
index 000000000..b6f28c09a
--- /dev/null
+++ b/ssh-ed25519-sk.c
@@ -0,0 +1,166 @@
1/* $OpenBSD: ssh-ed25519-sk.c,v 1.4 2019/11/26 03:04:27 djm Exp $ */
2/*
3 * Copyright (c) 2019 Markus Friedl. All rights reserved.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* #define DEBUG_SK 1 */
19
20#include "includes.h"
21
22#define SSHKEY_INTERNAL
23#include <sys/types.h>
24#include <limits.h>
25
26#include "crypto_api.h"
27
28#include <string.h>
29#include <stdarg.h>
30
31#include "log.h"
32#include "sshbuf.h"
33#include "sshkey.h"
34#include "ssherr.h"
35#include "ssh.h"
36#include "digest.h"
37
38int
39ssh_ed25519_sk_verify(const struct sshkey *key,
40 const u_char *signature, size_t signaturelen,
41 const u_char *data, size_t datalen, u_int compat,
42 struct sshkey_sig_details **detailsp)
43{
44 struct sshbuf *b = NULL;
45 struct sshbuf *encoded = NULL;
46 char *ktype = NULL;
47 const u_char *sigblob;
48 const u_char *sm;
49 u_char *m = NULL;
50 u_char apphash[32];
51 u_char msghash[32];
52 u_char sig_flags;
53 u_int sig_counter;
54 size_t len;
55 unsigned long long smlen = 0, mlen = 0;
56 int r = SSH_ERR_INTERNAL_ERROR;
57 int ret;
58 struct sshkey_sig_details *details = NULL;
59
60 if (detailsp != NULL)
61 *detailsp = NULL;
62
63 if (key == NULL ||
64 sshkey_type_plain(key->type) != KEY_ED25519_SK ||
65 key->ed25519_pk == NULL ||
66 signature == NULL || signaturelen == 0)
67 return SSH_ERR_INVALID_ARGUMENT;
68
69 if ((b = sshbuf_from(signature, signaturelen)) == NULL)
70 return SSH_ERR_ALLOC_FAIL;
71 if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
72 sshbuf_get_string_direct(b, &sigblob, &len) != 0 ||
73 sshbuf_get_u8(b, &sig_flags) != 0 ||
74 sshbuf_get_u32(b, &sig_counter) != 0) {
75 r = SSH_ERR_INVALID_FORMAT;
76 goto out;
77 }
78#ifdef DEBUG_SK
79 fprintf(stderr, "%s: data:\n", __func__);
80 /* sshbuf_dump_data(data, datalen, stderr); */
81 fprintf(stderr, "%s: sigblob:\n", __func__);
82 sshbuf_dump_data(sigblob, len, stderr);
83 fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
84 __func__, sig_flags, sig_counter);
85#endif
86 if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) {
87 r = SSH_ERR_KEY_TYPE_MISMATCH;
88 goto out;
89 }
90 if (sshbuf_len(b) != 0) {
91 r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
92 goto out;
93 }
94 if (len > crypto_sign_ed25519_BYTES) {
95 r = SSH_ERR_INVALID_FORMAT;
96 goto out;
97 }
98 if (ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application,
99 strlen(key->sk_application), apphash, sizeof(apphash)) != 0 ||
100 ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
101 msghash, sizeof(msghash)) != 0) {
102 r = SSH_ERR_INVALID_ARGUMENT;
103 goto out;
104 }
105#ifdef DEBUG_SK
106 fprintf(stderr, "%s: hashed application:\n", __func__);
107 sshbuf_dump_data(apphash, sizeof(apphash), stderr);
108 fprintf(stderr, "%s: hashed message:\n", __func__);
109 sshbuf_dump_data(msghash, sizeof(msghash), stderr);
110#endif
111 if ((details = calloc(1, sizeof(*details))) == NULL) {
112 r = SSH_ERR_ALLOC_FAIL;
113 goto out;
114 }
115 details->sk_counter = sig_counter;
116 details->sk_flags = sig_flags;
117 if ((encoded = sshbuf_new()) == NULL) {
118 r = SSH_ERR_ALLOC_FAIL;
119 goto out;
120 }
121 if (sshbuf_put(encoded, sigblob, len) != 0 ||
122 sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
123 sshbuf_put_u8(encoded, sig_flags) != 0 ||
124 sshbuf_put_u32(encoded, sig_counter) != 0 ||
125 sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
126 r = SSH_ERR_ALLOC_FAIL;
127 goto out;
128 }
129#ifdef DEBUG_SK
130 fprintf(stderr, "%s: signed buf:\n", __func__);
131 sshbuf_dump(encoded, stderr);
132#endif
133 sm = sshbuf_ptr(encoded);
134 smlen = sshbuf_len(encoded);
135 mlen = smlen;
136 if ((m = malloc(smlen)) == NULL) {
137 r = SSH_ERR_ALLOC_FAIL;
138 goto out;
139 }
140 if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
141 key->ed25519_pk)) != 0) {
142 debug2("%s: crypto_sign_ed25519_open failed: %d",
143 __func__, ret);
144 }
145 if (ret != 0 || mlen != smlen - len) {
146 r = SSH_ERR_SIGNATURE_INVALID;
147 goto out;
148 }
149 /* XXX compare 'm' and 'sm + len' ? */
150 /* success */
151 r = 0;
152 if (detailsp != NULL) {
153 *detailsp = details;
154 details = NULL;
155 }
156 out:
157 if (m != NULL) {
158 explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
159 free(m);
160 }
161 sshkey_sig_details_free(details);
162 sshbuf_free(b);
163 sshbuf_free(encoded);
164 free(ktype);
165 return r;
166}
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index b68736c11..703739004 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -1,11 +1,12 @@
1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) 1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
2 2
3NAME 3NAME
4 ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion 4 ssh-keygen M-bM-^@M-^S OpenSSH authentication key utility
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format] 7 ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]
8 [-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa] 8 [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
9 [-N new_passphrase] [-O option] [-w provider]
9 ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase] 10 ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
10 [-P old_passphrase] 11 [-P old_passphrase]
11 ssh-keygen -i [-f input_keyfile] [-m key_format] 12 ssh-keygen -i [-f input_keyfile] [-m key_format]
@@ -17,11 +18,11 @@ SYNOPSIS
17 ssh-keygen -D pkcs11 18 ssh-keygen -D pkcs11
18 ssh-keygen -F hostname [-lv] [-f known_hosts_file] 19 ssh-keygen -F hostname [-lv] [-f known_hosts_file]
19 ssh-keygen -H [-f known_hosts_file] 20 ssh-keygen -H [-f known_hosts_file]
21 ssh-keygen -K [-w provider]
20 ssh-keygen -R hostname [-f known_hosts_file] 22 ssh-keygen -R hostname [-f known_hosts_file]
21 ssh-keygen -r hostname [-g] [-f input_keyfile] 23 ssh-keygen -r hostname [-g] [-f input_keyfile]
22 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] 24 ssh-keygen -M generate [-O option] output_file
23 ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines] 25 ssh-keygen -M screen [-f input_file] [-O option] output_file
24 [-j start_line] [-K checkpt] [-W generator]
25 ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider] 26 ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
26 [-n principals] [-O option] [-V validity_interval] 27 [-n principals] [-O option] [-V validity_interval]
27 [-z serial_number] file ... 28 [-z serial_number] file ...
@@ -30,6 +31,7 @@ SYNOPSIS
30 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] 31 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
31 file ... 32 file ...
32 ssh-keygen -Q -f krl_file file ... 33 ssh-keygen -Q -f krl_file file ...
34 ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file
33 ssh-keygen -Y check-novalidate -n namespace -s signature_file 35 ssh-keygen -Y check-novalidate -n namespace -s signature_file
34 ssh-keygen -Y sign -f key_file -n namespace file ... 36 ssh-keygen -Y sign -f key_file -n namespace file ...
35 ssh-keygen -Y verify -f allowed_signers_file -I signer_identity 37 ssh-keygen -Y verify -f allowed_signers_file -I signer_identity
@@ -51,9 +53,9 @@ DESCRIPTION
51 53
52 Normally each user wishing to use SSH with public key authentication runs 54 Normally each user wishing to use SSH with public key authentication runs
53 this once to create the authentication key in ~/.ssh/id_dsa, 55 this once to create the authentication key in ~/.ssh/id_dsa,
54 ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. Additionally, the 56 ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
55 system administrator may use this to generate host keys, as seen in 57 ~/.ssh/id_ed25519_sk or ~/.ssh/id_rsa. Additionally, the system
56 /etc/rc. 58 administrator may use this to generate host keys, as seen in /etc/rc.
57 59
58 Normally this program generates the key and asks for a file in which to 60 Normally this program generates the key and asks for a file in which to
59 store the private key. The public key is stored in a file with the same 61 store the private key. The public key is stored in a file with the same
@@ -104,9 +106,6 @@ DESCRIPTION
104 in slower passphrase verification and increased resistance to 106 in slower passphrase verification and increased resistance to
105 brute-force password cracking (should the keys be stolen). 107 brute-force password cracking (should the keys be stolen).
106 108
107 When screening DH-GEX candidates (using the -T command), this
108 option specifies the number of primality tests to perform.
109
110 -B Show the bubblebabble digest of specified private or public key 109 -B Show the bubblebabble digest of specified private or public key
111 file. 110 file.
112 111
@@ -118,8 +117,8 @@ DESCRIPTION
118 the -b flag determines the key length by selecting from one of 117 the -b flag determines the key length by selecting from one of
119 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to 118 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
120 use bit lengths other than these three values for ECDSA keys will 119 use bit lengths other than these three values for ECDSA keys will
121 fail. Ed25519 keys have a fixed length and the -b flag will be 120 fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length
122 ignored. 121 and the -b flag will be ignored.
123 122
124 -C comment 123 -C comment
125 Provides a new comment. 124 Provides a new comment.
@@ -156,10 +155,6 @@ DESCRIPTION
156 -f filename 155 -f filename
157 Specifies the filename of the key file. 156 Specifies the filename of the key file.
158 157
159 -G output_file
160 Generate candidate primes for DH-GEX. These primes must be
161 screened for safety (using the -T option) before use.
162
163 -g Use generic DNS format when printing fingerprint resource records 158 -g Use generic DNS format when printing fingerprint resource records
164 using the -r command. 159 using the -r command.
165 160
@@ -185,19 +180,9 @@ DESCRIPTION
185 importing keys from other software, including several commercial 180 importing keys from other software, including several commercial
186 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. 181 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
187 182
188 -J num_lines 183 -K Download resident keys from a FIDO authenticator. Public and
189 Exit after screening the specified number of lines while 184 private key files will be written to the current directory for
190 performing DH candidate screening using the -T option. 185 each downloaded key.
191
192 -j start_line
193 Start screening at the specified line number while performing DH
194 candidate screening using the -T option.
195
196 -K checkpt
197 Write the last line processed to the file checkpt while
198 performing DH candidate screening using the -T option. This will
199 be used to skip lines in the input file that have already been
200 processed if the job is restarted.
201 186
202 -k Generate a KRL file. In this mode, ssh-keygen will generate a 187 -k Generate a KRL file. In this mode, ssh-keygen will generate a
203 KRL file at the location specified via the -f flag that revokes 188 KRL file at the location specified via the -f flag that revokes
@@ -213,9 +198,21 @@ DESCRIPTION
213 prints its fingerprint. If combined with -v, a visual ASCII art 198 prints its fingerprint. If combined with -v, a visual ASCII art
214 representation of the key is supplied with the fingerprint. 199 representation of the key is supplied with the fingerprint.
215 200
216 -M memory 201 -M generate
217 Specify the amount of memory to use (in megabytes) when 202 Generate candidate Diffie-Hellman Group Exchange (DH-GEX)
218 generating candidate moduli for DH-GEX. 203 parameters for eventual use by the
204 M-bM-^@M-^Xdiffie-hellman-group-exchange-*M-bM-^@M-^Y key exchange methods. The
205 numbers generated by this operation must be further screened
206 before use. See the MODULI GENERATION section for more
207 information.
208
209 -M screen
210 Screen candidate parameters for Diffie-Hellman Group Exchange.
211 This will accept a list of candidate numbers and test that they
212 are safe (Sophie Germain) primes with acceptable group
213 generators. The results of this operation may be added to the
214 /etc/moduli file. See the MODULI GENERATION section for more
215 information.
219 216
220 -m key_format 217 -m key_format
221 Specify a key format for key generation, the -i (import), -e 218 Specify a key format for key generation, the -i (import), -e
@@ -240,70 +237,61 @@ DESCRIPTION
240 CERTIFICATES section for details. 237 CERTIFICATES section for details.
241 238
242 -O option 239 -O option
243 Specify a certificate option when signing a key. This option may 240 Specify a key/value option. These are specific to the operation
244 be specified multiple times. See also the CERTIFICATES section 241 that ssh-keygen has been requested to perform.
245 for further details. 242
246 243 When signing certificates, one of the options listed in the
247 At present, no standard options are valid for host keys. The 244 CERTIFICATES section may be specified here.
248 options that are valid for user certificates are: 245
249 246 When performing moduli generation or screening, one of the
250 clear Clear all enabled permissions. This is useful for 247 options listed in the MODULI GENERATION section may be specified.
251 clearing the default set of permissions so permissions 248
252 may be added individually. 249 When generating a key that will be hosted on a FIDO
253 250 authenticator, this flag may be used to specify key-specific
254 critical:name[=contents] 251 options. Those supported at present are:
255 extension:name[=contents] 252
256 Includes an arbitrary certificate critical option or 253 application
257 extension. The specified name should include a domain 254 Override the default FIDO application/origin string of
258 suffix, e.g. M-bM-^@M-^\name@example.comM-bM-^@M-^]. If contents is 255 M-bM-^@M-^\ssh:M-bM-^@M-^]. This may be useful when generating host or
259 specified then it is included as the contents of the 256 domain-specific resident keys. The specified application
260 extension/option encoded as a string, otherwise the 257 string must begin with M-bM-^@M-^\ssh:M-bM-^@M-^].
261 extension/option is created with no contents (usually 258
262 indicating a flag). Extensions may be ignored by a 259 challenge=path
263 client or server that does not recognise them, whereas 260 Specifies a path to a challenge string that will be
264 unknown critical options will cause the certificate to be 261 passed to the FIDO token during key generation. The
265 refused. 262 challenge string may be used as part of an out-of-band
266 263 protocol for key enrollment (a random challenge is used
267 force-command=command 264 by default).
268 Forces the execution of command instead of any shell or 265
269 command specified by the user when the certificate is 266 device Explicitly specify a fido(4) device to use, rather than
270 used for authentication. 267 letting the token middleware select one.
271 268
272 no-agent-forwarding 269 no-touch-required
273 Disable ssh-agent(1) forwarding (permitted by default). 270 Indicate that the generated private key should not
274 271 require touch events (user presence) when making
275 no-port-forwarding 272 signatures. Note that sshd(8) will refuse such
276 Disable port forwarding (permitted by default). 273 signatures by default, unless overridden via an
277 274 authorized_keys option.
278 no-pty Disable PTY allocation (permitted by default). 275
279 276 resident
280 no-user-rc 277 Indicate that the key should be stored on the FIDO
281 Disable execution of ~/.ssh/rc by sshd(8) (permitted by 278 authenticator itself. Resident keys may be supported on
282 default). 279 FIDO2 tokens and typically require that a PIN be set on
283 280 the token prior to generation. Resident keys may be
284 no-x11-forwarding 281 loaded off the token using ssh-add(1).
285 Disable X11 forwarding (permitted by default). 282
286 283 user A username to be associated with a resident key,
287 permit-agent-forwarding 284 overriding the empty default username. Specifying a
288 Allows ssh-agent(1) forwarding. 285 username may be useful when generating multiple resident
289 286 keys for the same application name.
290 permit-port-forwarding 287
291 Allows port forwarding. 288 write-attestation=path
292 289 May be used at key generation time to record the
293 permit-pty 290 attestation certificate returned from FIDO tokens during
294 Allows PTY allocation. 291 key generation. By default this information is
295 292 discarded.
296 permit-user-rc 293
297 Allows execution of ~/.ssh/rc by sshd(8). 294 The -O option may be specified multiple times.
298
299 permit-X11-forwarding
300 Allows X11 forwarding.
301
302 source-address=address_list
303 Restrict the source addresses from which the certificate
304 is considered valid. The address_list is a comma-
305 separated list of one or more address/netmask pairs in
306 CIDR format.
307 295
308 -P passphrase 296 -P passphrase
309 Provides the (old) passphrase. 297 Provides the (old) passphrase.
@@ -326,10 +314,6 @@ DESCRIPTION
326 Print the SSHFP fingerprint resource record named hostname for 314 Print the SSHFP fingerprint resource record named hostname for
327 the specified public key file. 315 the specified public key file.
328 316
329 -S start
330 Specify start point (in hex) when generating candidate moduli for
331 DH-GEX.
332
333 -s ca_key 317 -s ca_key
334 Certify (sign) a public key using the specified CA key. Please 318 Certify (sign) a public key using the specified CA key. Please
335 see the CERTIFICATES section for details. 319 see the CERTIFICATES section for details.
@@ -338,13 +322,9 @@ DESCRIPTION
338 file used to revoke certificates directly by key ID or serial 322 file used to revoke certificates directly by key ID or serial
339 number. See the KEY REVOCATION LISTS section for details. 323 number. See the KEY REVOCATION LISTS section for details.
340 324
341 -T output_file 325 -t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
342 Test DH group exchange candidate primes (generated using the -G
343 option) for safety.
344
345 -t dsa | ecdsa | ed25519 | rsa
346 Specifies the type of key to create. The possible values are 326 Specifies the type of key to create. The possible values are
347 M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. 327 M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ecdsa-skM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], M-bM-^@M-^\ed25519-skM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^].
348 328
349 This flag may also be used to specify the desired signature type 329 This flag may also be used to specify the desired signature type
350 when signing certificates using an RSA CA key. The available RSA 330 when signing certificates using an RSA CA key. The available RSA
@@ -390,12 +370,28 @@ DESCRIPTION
390 generation. Multiple -v options increase the verbosity. The 370 generation. Multiple -v options increase the verbosity. The
391 maximum is 3. 371 maximum is 3.
392 372
393 -W generator 373 -w provider
394 Specify desired generator when testing candidate moduli for DH- 374 Specifies a path to a library that will be used when creating
395 GEX. 375 FIDO authenticator-hosted keys, overriding the default of using
376 the internal USB HID support.
396 377
397 -y This option will read a private OpenSSH format file and print an 378 -Y find-principals
398 OpenSSH public key to stdout. 379 Find the principal(s) associated with the public key of a
380 signature, provided using the -s flag in an authorized signers
381 file provided using the -f flag. The format of the allowed
382 signers file is documented in the ALLOWED SIGNERS section below.
383 If one or more matching principals are found, they are returned
384 on standard output.
385
386 -Y check-novalidate
387 Checks that a signature generated using ssh-keygen -Y sign has a
388 valid structure. This does not validate if a signature comes
389 from an authorized signer. When testing a signature, ssh-keygen
390 accepts a message on standard input and a signature namespace
391 using -n. A file containing the corresponding signature must
392 also be supplied using the -s flag. Successful testing of the
393 signature is signalled by ssh-keygen returning a zero exit
394 status.
399 395
400 -Y sign 396 -Y sign
401 Cryptographically sign a file or some data using a SSH key. When 397 Cryptographically sign a file or some data using a SSH key. When
@@ -427,16 +423,10 @@ DESCRIPTION
427 keys can be passed using the -r flag. The revocation file may be 423 keys can be passed using the -r flag. The revocation file may be
428 a KRL or a one-per-line list of public keys. Successful 424 a KRL or a one-per-line list of public keys. Successful
429 verification by an authorized signer is signalled by ssh-keygen 425 verification by an authorized signer is signalled by ssh-keygen
426 returning a zero exit status.
430 427
431 -Y check-novalidate 428 -y This option will read a private OpenSSH format file and print an
432 Checks that a signature generated using ssh-keygen -Y sign has a 429 OpenSSH public key to stdout.
433 valid structure. This does not validate if a signature comes
434 from an authorized signer. When testing a signature, ssh-keygen
435 accepts a message on standard input and a signature namespace
436 using -n. A file containing the corresponding signature must
437 also be supplied using the -s flag. Successful testing of the
438 signature is signalled by ssh-keygen returning a zero exit
439 status.
440 430
441 -z serial_number 431 -z serial_number
442 Specifies a serial number to be embedded in the certificate to 432 Specifies a serial number to be embedded in the certificate to
@@ -455,32 +445,62 @@ MODULI GENERATION
455 intensive process. These candidate primes are then tested for 445 intensive process. These candidate primes are then tested for
456 suitability (a CPU-intensive process). 446 suitability (a CPU-intensive process).
457 447
458 Generation of primes is performed using the -G option. The desired 448 Generation of primes is performed using the -M generate option. The
459 length of the primes may be specified by the -b option. For example: 449 desired length of the primes may be specified by the -O bits option. For
450 example:
460 451
461 # ssh-keygen -G moduli-2048.candidates -b 2048 452 # ssh-keygen -M generate -O bits=2048 moduli-2048.candidates
462 453
463 By default, the search for primes begins at a random point in the desired 454 By default, the search for primes begins at a random point in the desired
464 length range. This may be overridden using the -S option, which 455 length range. This may be overridden using the -O start option, which
465 specifies a different start point (in hex). 456 specifies a different start point (in hex).
466 457
467 Once a set of candidates have been generated, they must be screened for 458 Once a set of candidates have been generated, they must be screened for
468 suitability. This may be performed using the -T option. In this mode 459 suitability. This may be performed using the -M screen option. In this
469 ssh-keygen will read candidates from standard input (or a file specified 460 mode ssh-keygen will read candidates from standard input (or a file
470 using the -f option). For example: 461 specified using the -f option). For example:
471 462
472 # ssh-keygen -T moduli-2048 -f moduli-2048.candidates 463 # ssh-keygen -M screen -f moduli-2048.candidates moduli-2048
473 464
474 By default, each candidate will be subjected to 100 primality tests. 465 By default, each candidate will be subjected to 100 primality tests.
475 This may be overridden using the -a option. The DH generator value will 466 This may be overridden using the -O prime-tests option. The DH generator
476 be chosen automatically for the prime under consideration. If a specific 467 value will be chosen automatically for the prime under consideration. If
477 generator is desired, it may be requested using the -W option. Valid 468 a specific generator is desired, it may be requested using the -O
478 generator values are 2, 3, and 5. 469 generator option. Valid generator values are 2, 3, and 5.
479 470
480 Screened DH groups may be installed in /etc/moduli. It is important that 471 Screened DH groups may be installed in /etc/moduli. It is important that
481 this file contains moduli of a range of bit lengths and that both ends of 472 this file contains moduli of a range of bit lengths and that both ends of
482 a connection share common moduli. 473 a connection share common moduli.
483 474
475 A number of options are available for moduli generation and screening via
476 the -O flag:
477
478 lines=number
479 Exit after screening the specified number of lines while
480 performing DH candidate screening.
481
482 start-line=line-number
483 Start screening at the specified line number while performing DH
484 candidate screening.
485
486 checkpoint=filename
487 Write the last line processed to the specified file while
488 performing DH candidate screening. This will be used to skip
489 lines in the input file that have already been processed if the
490 job is restarted.
491
492 memory=mbytes
493 Specify the amount of memory to use (in megabytes) when
494 generating candidate moduli for DH-GEX.
495
496 start=hex-value
497 Specify start point (in hex) when generating candidate moduli for
498 DH-GEX.
499
500 generator=value
501 Specify desired generator (in decimal) when testing candidate
502 moduli for DH-GEX.
503
484CERTIFICATES 504CERTIFICATES
485 ssh-keygen supports signing of keys to produce certificates that may be 505 ssh-keygen supports signing of keys to produce certificates that may be
486 used for user or host authentication. Certificates consist of a public 506 used for user or host authentication. Certificates consist of a public
@@ -531,8 +551,71 @@ CERTIFICATES
531 be specified through certificate options. A certificate option may 551 be specified through certificate options. A certificate option may
532 disable features of the SSH session, may be valid only when presented 552 disable features of the SSH session, may be valid only when presented
533 from particular source addresses or may force the use of a specific 553 from particular source addresses or may force the use of a specific
534 command. For a list of valid certificate options, see the documentation 554 command.
535 for the -O option above. 555
556 The options that are valid for user certificates are:
557
558 clear Clear all enabled permissions. This is useful for clearing the
559 default set of permissions so permissions may be added
560 individually.
561
562 critical:name[=contents]
563 extension:name[=contents]
564 Includes an arbitrary certificate critical option or extension.
565 The specified name should include a domain suffix, e.g.
566 M-bM-^@M-^\name@example.comM-bM-^@M-^]. If contents is specified then it is included
567 as the contents of the extension/option encoded as a string,
568 otherwise the extension/option is created with no contents
569 (usually indicating a flag). Extensions may be ignored by a
570 client or server that does not recognise them, whereas unknown
571 critical options will cause the certificate to be refused.
572
573 force-command=command
574 Forces the execution of command instead of any shell or command
575 specified by the user when the certificate is used for
576 authentication.
577
578 no-agent-forwarding
579 Disable ssh-agent(1) forwarding (permitted by default).
580
581 no-port-forwarding
582 Disable port forwarding (permitted by default).
583
584 no-pty Disable PTY allocation (permitted by default).
585
586 no-user-rc
587 Disable execution of ~/.ssh/rc by sshd(8) (permitted by default).
588
589 no-x11-forwarding
590 Disable X11 forwarding (permitted by default).
591
592 permit-agent-forwarding
593 Allows ssh-agent(1) forwarding.
594
595 permit-port-forwarding
596 Allows port forwarding.
597
598 permit-pty
599 Allows PTY allocation.
600
601 permit-user-rc
602 Allows execution of ~/.ssh/rc by sshd(8).
603
604 permit-X11-forwarding
605 Allows X11 forwarding.
606
607 no-touch-required
608 Do not require signatures made using this key require
609 demonstration of user presence (e.g. by having the user touch the
610 authenticator). This option only makes sense for the FIDO
611 authenticator algorithms ecdsa-sk and ed25519-sk.
612
613 source-address=address_list
614 Restrict the source addresses from which the certificate is
615 considered valid. The address_list is a comma-separated list of
616 one or more address/netmask pairs in CIDR format.
617
618 At present, no standard options are valid for host keys.
536 619
537 Finally, certificates may be defined with a validity lifetime. The -V 620 Finally, certificates may be defined with a validity lifetime. The -V
538 option allows specification of certificate start and end times. A 621 option allows specification of certificate start and end times. A
@@ -618,7 +701,7 @@ ALLOWED SIGNERS
618 The principals field is a pattern-list (See PATTERNS in ssh_config(5)) 701 The principals field is a pattern-list (See PATTERNS in ssh_config(5))
619 consisting of one or more comma-separated USER@DOMAIN identity patterns 702 consisting of one or more comma-separated USER@DOMAIN identity patterns
620 that are accepted for signing. When verifying, the identity presented 703 that are accepted for signing. When verifying, the identity presented
621 via the -I -option must match a principals pattern in order for the 704 via the -I option must match a principals pattern in order for the
622 corresponding key to be considered acceptable for verification. 705 corresponding key to be considered acceptable for verification.
623 706
624 The options (if present) consist of comma-separated option 707 The options (if present) consist of comma-separated option
@@ -651,13 +734,22 @@ ALLOWED SIGNERS
651 # A key that is accepted only for file signing. 734 # A key that is accepted only for file signing.
652 user2@example.com namespaces="file" ssh-ed25519 AAA41... 735 user2@example.com namespaces="file" ssh-ed25519 AAA41...
653 736
737ENVIRONMENT
738 SSH_SK_PROVIDER
739 Specifies a path to a library that will be used when loading any
740 FIDO authenticator-hosted keys, overriding the default of using
741 the built-in USB HID support.
742
654FILES 743FILES
655 ~/.ssh/id_dsa 744 ~/.ssh/id_dsa
656 ~/.ssh/id_ecdsa 745 ~/.ssh/id_ecdsa
746 ~/.ssh/id_ecdsa_sk
657 ~/.ssh/id_ed25519 747 ~/.ssh/id_ed25519
748 ~/.ssh/id_ed25519_sk
658 ~/.ssh/id_rsa 749 ~/.ssh/id_rsa
659 Contains the DSA, ECDSA, Ed25519 or RSA authentication identity 750 Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
660 of the user. This file should not be readable by anyone but the 751 authenticator-hosted Ed25519 or RSA authentication identity of
752 the user. This file should not be readable by anyone but the
661 user. It is possible to specify a passphrase when generating the 753 user. It is possible to specify a passphrase when generating the
662 key; that passphrase will be used to encrypt the private part of 754 key; that passphrase will be used to encrypt the private part of
663 this file using 128-bit AES. This file is not automatically 755 this file using 128-bit AES. This file is not automatically
@@ -667,9 +759,12 @@ FILES
667 759
668 ~/.ssh/id_dsa.pub 760 ~/.ssh/id_dsa.pub
669 ~/.ssh/id_ecdsa.pub 761 ~/.ssh/id_ecdsa.pub
762 ~/.ssh/id_ecdsa_sk.pub
670 ~/.ssh/id_ed25519.pub 763 ~/.ssh/id_ed25519.pub
764 ~/.ssh/id_ed25519_sk.pub
671 ~/.ssh/id_rsa.pub 765 ~/.ssh/id_rsa.pub
672 Contains the DSA, ECDSA, Ed25519 or RSA public key for 766 Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
767 authenticator-hosted Ed25519 or RSA public key for
673 authentication. The contents of this file should be added to 768 authentication. The contents of this file should be added to
674 ~/.ssh/authorized_keys on all machines where the user wishes to 769 ~/.ssh/authorized_keys on all machines where the user wishes to
675 log in using public key authentication. There is no need to keep 770 log in using public key authentication. There is no need to keep
@@ -691,4 +786,4 @@ AUTHORS
691 created OpenSSH. Markus Friedl contributed the support for SSH protocol 786 created OpenSSH. Markus Friedl contributed the support for SSH protocol
692 versions 1.5 and 2.0. 787 versions 1.5 and 2.0.
693 788
694OpenBSD 6.6 October 3, 2019 OpenBSD 6.6 789OpenBSD 6.6 February 7, 2020 OpenBSD 6.6
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 143a2349f..d6a7870e0 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.171 2019/10/03 17:07:50 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.201 2020/02/07 03:57:31 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,12 +35,12 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: October 3 2019 $ 38.Dd $Mdocdate: February 7 2020 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
42.Nm ssh-keygen 42.Nm ssh-keygen
43.Nd authentication key generation, management and conversion 43.Nd OpenSSH authentication key utility
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh-keygen 45.Nm ssh-keygen
46.Op Fl q 46.Op Fl q
@@ -48,8 +48,10 @@
48.Op Fl C Ar comment 48.Op Fl C Ar comment
49.Op Fl f Ar output_keyfile 49.Op Fl f Ar output_keyfile
50.Op Fl m Ar format 50.Op Fl m Ar format
51.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
51.Op Fl N Ar new_passphrase 52.Op Fl N Ar new_passphrase
52.Op Fl t Cm dsa | ecdsa | ed25519 | rsa 53.Op Fl O Ar option
54.Op Fl w Ar provider
53.Nm ssh-keygen 55.Nm ssh-keygen
54.Fl p 56.Fl p
55.Op Fl f Ar keyfile 57.Op Fl f Ar keyfile
@@ -90,6 +92,9 @@
90.Fl H 92.Fl H
91.Op Fl f Ar known_hosts_file 93.Op Fl f Ar known_hosts_file
92.Nm ssh-keygen 94.Nm ssh-keygen
95.Fl K
96.Op Fl w Ar provider
97.Nm ssh-keygen
93.Fl R Ar hostname 98.Fl R Ar hostname
94.Op Fl f Ar known_hosts_file 99.Op Fl f Ar known_hosts_file
95.Nm ssh-keygen 100.Nm ssh-keygen
@@ -97,20 +102,14 @@
97.Op Fl g 102.Op Fl g
98.Op Fl f Ar input_keyfile 103.Op Fl f Ar input_keyfile
99.Nm ssh-keygen 104.Nm ssh-keygen
100.Fl G Ar output_file 105.Fl M Cm generate
101.Op Fl v 106.Op Fl O Ar option
102.Op Fl b Ar bits 107.Ar output_file
103.Op Fl M Ar memory
104.Op Fl S Ar start_point
105.Nm ssh-keygen 108.Nm ssh-keygen
106.Fl f Ar input_file 109.Fl M Cm screen
107.Fl T Ar output_file 110.Op Fl f Ar input_file
108.Op Fl v 111.Op Fl O Ar option
109.Op Fl a Ar rounds 112.Ar output_file
110.Op Fl J Ar num_lines
111.Op Fl j Ar start_line
112.Op Fl K Ar checkpt
113.Op Fl W Ar generator
114.Nm ssh-keygen 113.Nm ssh-keygen
115.Fl I Ar certificate_identity 114.Fl I Ar certificate_identity
116.Fl s Ar ca_key 115.Fl s Ar ca_key
@@ -139,6 +138,10 @@
139.Fl f Ar krl_file 138.Fl f Ar krl_file
140.Ar 139.Ar
141.Nm ssh-keygen 140.Nm ssh-keygen
141.Fl Y Cm find-principals
142.Fl s Ar signature_file
143.Fl f Ar allowed_signers_file
144.Nm ssh-keygen
142.Fl Y Cm check-novalidate 145.Fl Y Cm check-novalidate
143.Fl n Ar namespace 146.Fl n Ar namespace
144.Fl s Ar signature_file 147.Fl s Ar signature_file
@@ -188,7 +191,9 @@ with public key authentication runs this once to create the authentication
188key in 191key in
189.Pa ~/.ssh/id_dsa , 192.Pa ~/.ssh/id_dsa ,
190.Pa ~/.ssh/id_ecdsa , 193.Pa ~/.ssh/id_ecdsa ,
191.Pa ~/.ssh/id_ed25519 194.Pa ~/.ssh/id_ecdsa_sk ,
195.Pa ~/.ssh/id_ed25519 ,
196.Pa ~/.ssh/id_ed25519_sk
192or 197or
193.Pa ~/.ssh/id_rsa . 198.Pa ~/.ssh/id_rsa .
194Additionally, the system administrator may use this to generate host keys. 199Additionally, the system administrator may use this to generate host keys.
@@ -260,11 +265,6 @@ When saving a private key, this option specifies the number of KDF
260(key derivation function) rounds used. 265(key derivation function) rounds used.
261Higher numbers result in slower passphrase verification and increased 266Higher numbers result in slower passphrase verification and increased
262resistance to brute-force password cracking (should the keys be stolen). 267resistance to brute-force password cracking (should the keys be stolen).
263.Pp
264When screening DH-GEX candidates (using the
265.Fl T
266command),
267this option specifies the number of primality tests to perform.
268.It Fl B 268.It Fl B
269Show the bubblebabble digest of specified private or public key file. 269Show the bubblebabble digest of specified private or public key file.
270.It Fl b Ar bits 270.It Fl b Ar bits
@@ -278,7 +278,7 @@ flag determines the key length by selecting from one of three elliptic
278curve sizes: 256, 384 or 521 bits. 278curve sizes: 256, 384 or 521 bits.
279Attempting to use bit lengths other than these three values for ECDSA keys 279Attempting to use bit lengths other than these three values for ECDSA keys
280will fail. 280will fail.
281Ed25519 keys have a fixed length and the 281ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the
282.Fl b 282.Fl b
283flag will be ignored. 283flag will be ignored.
284.It Fl C Ar comment 284.It Fl C Ar comment
@@ -325,12 +325,6 @@ used in conjunction with the
325option to print found keys in a hashed format. 325option to print found keys in a hashed format.
326.It Fl f Ar filename 326.It Fl f Ar filename
327Specifies the filename of the key file. 327Specifies the filename of the key file.
328.It Fl G Ar output_file
329Generate candidate primes for DH-GEX.
330These primes must be screened for
331safety (using the
332.Fl T
333option) before use.
334.It Fl g 328.It Fl g
335Use generic DNS format when printing fingerprint resource records using the 329Use generic DNS format when printing fingerprint resource records using the
336.Fl r 330.Fl r
@@ -371,24 +365,10 @@ This option allows importing keys from other software, including several
371commercial SSH implementations. 365commercial SSH implementations.
372The default import format is 366The default import format is
373.Dq RFC4716 . 367.Dq RFC4716 .
374.It Fl J Ar num_lines 368.It Fl K
375Exit after screening the specified number of lines 369Download resident keys from a FIDO authenticator.
376while performing DH candidate screening using the 370Public and private key files will be written to the current directory for
377.Fl T 371each downloaded key.
378option.
379.It Fl j Ar start_line
380Start screening at the specified line number
381while performing DH candidate screening using the
382.Fl T
383option.
384.It Fl K Ar checkpt
385Write the last line processed to the file
386.Ar checkpt
387while performing DH candidate screening using the
388.Fl T
389option.
390This will be used to skip lines in the input file that have already been
391processed if the job is restarted.
392.It Fl k 372.It Fl k
393Generate a KRL file. 373Generate a KRL file.
394In this mode, 374In this mode,
@@ -411,9 +391,26 @@ If combined with
411.Fl v , 391.Fl v ,
412a visual ASCII art representation of the key is supplied with the 392a visual ASCII art representation of the key is supplied with the
413fingerprint. 393fingerprint.
414.It Fl M Ar memory 394.It Fl M Cm generate
415Specify the amount of memory to use (in megabytes) when generating 395Generate candidate Diffie-Hellman Group Exchange (DH-GEX) parameters for
416candidate moduli for DH-GEX. 396eventual use by the
397.Sq diffie-hellman-group-exchange-*
398key exchange methods.
399The numbers generated by this operation must be further screened before
400use.
401See the
402.Sx MODULI GENERATION
403section for more information.
404.It Fl M Cm screen
405Screen candidate parameters for Diffie-Hellman Group Exchange.
406This will accept a list of candidate numbers and test that they are
407safe (Sophie Germain) primes with acceptable group generators.
408The results of this operation may be added to the
409.Pa /etc/moduli
410file.
411See the
412.Sx MODULI GENERATION
413section for more information.
417.It Fl m Ar key_format 414.It Fl m Ar key_format
418Specify a key format for key generation, the 415Specify a key format for key generation, the
419.Fl i 416.Fl i
@@ -449,90 +446,67 @@ Please see the
449.Sx CERTIFICATES 446.Sx CERTIFICATES
450section for details. 447section for details.
451.It Fl O Ar option 448.It Fl O Ar option
452Specify a certificate option when signing a key. 449Specify a key/value option.
453This option may be specified multiple times. 450These are specific to the operation that
454See also the 451.Nm
455.Sx CERTIFICATES 452has been requested to perform.
456section for further details.
457.Pp
458At present, no standard options are valid for host keys.
459The options that are valid for user certificates are:
460.Pp
461.Bl -tag -width Ds -compact
462.It Ic clear
463Clear all enabled permissions.
464This is useful for clearing the default set of permissions so permissions may
465be added individually.
466.Pp
467.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
468.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
469Includes an arbitrary certificate critical option or extension.
470The specified
471.Ar name
472should include a domain suffix, e.g.\&
473.Dq name@example.com .
474If
475.Ar contents
476is specified then it is included as the contents of the extension/option
477encoded as a string, otherwise the extension/option is created with no
478contents (usually indicating a flag).
479Extensions may be ignored by a client or server that does not recognise them,
480whereas unknown critical options will cause the certificate to be refused.
481.Pp
482.It Ic force-command Ns = Ns Ar command
483Forces the execution of
484.Ar command
485instead of any shell or command specified by the user when
486the certificate is used for authentication.
487.Pp
488.It Ic no-agent-forwarding
489Disable
490.Xr ssh-agent 1
491forwarding (permitted by default).
492.Pp 453.Pp
493.It Ic no-port-forwarding 454When signing certificates, one of the options listed in the
494Disable port forwarding (permitted by default). 455.Sx CERTIFICATES
456section may be specified here.
495.Pp 457.Pp
496.It Ic no-pty 458When performing moduli generation or screening, one of the options
497Disable PTY allocation (permitted by default). 459listed in the
460.Sx MODULI GENERATION
461section may be specified.
498.Pp 462.Pp
499.It Ic no-user-rc 463When generating a key that will be hosted on a FIDO authenticator,
500Disable execution of 464this flag may be used to specify key-specific options.
501.Pa ~/.ssh/rc 465Those supported at present are:
502by 466.Bl -tag -width Ds
467.It Cm application
468Override the default FIDO application/origin string of
469.Dq ssh: .
470This may be useful when generating host or domain-specific resident keys.
471The specified application string must begin with
472.Dq ssh: .
473.It Cm challenge Ns = Ns Ar path
474Specifies a path to a challenge string that will be passed to the
475FIDO token during key generation.
476The challenge string may be used as part of an out-of-band
477protocol for key enrollment
478(a random challenge is used by default).
479.It Cm device
480Explicitly specify a
481.Xr fido 4
482device to use, rather than letting the token middleware select one.
483.It Cm no-touch-required
484Indicate that the generated private key should not require touch
485events (user presence) when making signatures.
486Note that
503.Xr sshd 8 487.Xr sshd 8
504(permitted by default). 488will refuse such signatures by default, unless overridden via
505.Pp 489an authorized_keys option.
506.It Ic no-x11-forwarding 490.It Cm resident
507Disable X11 forwarding (permitted by default). 491Indicate that the key should be stored on the FIDO authenticator itself.
508.Pp 492Resident keys may be supported on FIDO2 tokens and typically require that
509.It Ic permit-agent-forwarding 493a PIN be set on the token prior to generation.
510Allows 494Resident keys may be loaded off the token using
511.Xr ssh-agent 1 495.Xr ssh-add 1 .
512forwarding. 496.It Cm user
513.Pp 497A username to be associated with a resident key,
514.It Ic permit-port-forwarding 498overriding the empty default username.
515Allows port forwarding. 499Specifying a username may be useful when generating multiple resident keys
516.Pp 500for the same application name.
517.It Ic permit-pty 501.It Cm write-attestation Ns = Ns Ar path
518Allows PTY allocation. 502May be used at key generation time to record the attestation certificate
519.Pp 503returned from FIDO tokens during key generation.
520.It Ic permit-user-rc 504By default this information is discarded.
521Allows execution of 505.El
522.Pa ~/.ssh/rc
523by
524.Xr sshd 8 .
525.Pp
526.It Ic permit-X11-forwarding
527Allows X11 forwarding.
528.Pp 506.Pp
529.It Ic source-address Ns = Ns Ar address_list
530Restrict the source addresses from which the certificate is considered valid.
531The 507The
532.Ar address_list 508.Fl O
533is a comma-separated list of one or more address/netmask pairs in CIDR 509option may be specified multiple times.
534format.
535.El
536.It Fl P Ar passphrase 510.It Fl P Ar passphrase
537Provides the (old) passphrase. 511Provides the (old) passphrase.
538.It Fl p 512.It Fl p
@@ -560,8 +534,6 @@ option above).
560Print the SSHFP fingerprint resource record named 534Print the SSHFP fingerprint resource record named
561.Ar hostname 535.Ar hostname
562for the specified public key file. 536for the specified public key file.
563.It Fl S Ar start
564Specify start point (in hex) when generating candidate moduli for DH-GEX.
565.It Fl s Ar ca_key 537.It Fl s Ar ca_key
566Certify (sign) a public key using the specified CA key. 538Certify (sign) a public key using the specified CA key.
567Please see the 539Please see the
@@ -575,16 +547,14 @@ by key ID or serial number.
575See the 547See the
576.Sx KEY REVOCATION LISTS 548.Sx KEY REVOCATION LISTS
577section for details. 549section for details.
578.It Fl T Ar output_file 550.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
579Test DH group exchange candidate primes (generated using the
580.Fl G
581option) for safety.
582.It Fl t Cm dsa | ecdsa | ed25519 | rsa
583Specifies the type of key to create. 551Specifies the type of key to create.
584The possible values are 552The possible values are
585.Dq dsa , 553.Dq dsa ,
586.Dq ecdsa , 554.Dq ecdsa ,
555.Dq ecdsa-sk ,
587.Dq ed25519 , 556.Dq ed25519 ,
557.Dq ed25519-sk ,
588or 558or
589.Dq rsa . 559.Dq rsa .
590.Pp 560.Pp
@@ -652,11 +622,38 @@ Multiple
652.Fl v 622.Fl v
653options increase the verbosity. 623options increase the verbosity.
654The maximum is 3. 624The maximum is 3.
655.It Fl W Ar generator 625.It Fl w Ar provider
656Specify desired generator when testing candidate moduli for DH-GEX. 626Specifies a path to a library that will be used when creating
657.It Fl y 627FIDO authenticator-hosted keys, overriding the default of using
658This option will read a private 628the internal USB HID support.
659OpenSSH format file and print an OpenSSH public key to stdout. 629.It Fl Y Cm find-principals
630Find the principal(s) associated with the public key of a signature,
631provided using the
632.Fl s
633flag in an authorized signers file provided using the
634.Fl f
635flag.
636The format of the allowed signers file is documented in the
637.Sx ALLOWED SIGNERS
638section below.
639If one or more matching principals are found, they are returned on
640standard output.
641.It Fl Y Cm check-novalidate
642Checks that a signature generated using
643.Nm
644.Fl Y Cm sign
645has a valid structure.
646This does not validate if a signature comes from an authorized signer.
647When testing a signature,
648.Nm
649accepts a message on standard input and a signature namespace using
650.Fl n .
651A file containing the corresponding signature must also be supplied using the
652.Fl s
653flag.
654Successful testing of the signature is signalled by
655.Nm
656returning a zero exit status.
660.It Fl Y Cm sign 657.It Fl Y Cm sign
661Cryptographically sign a file or some data using a SSH key. 658Cryptographically sign a file or some data using a SSH key.
662When signing, 659When signing,
@@ -712,22 +709,10 @@ flag.
712The revocation file may be a KRL or a one-per-line list of public keys. 709The revocation file may be a KRL or a one-per-line list of public keys.
713Successful verification by an authorized signer is signalled by 710Successful verification by an authorized signer is signalled by
714.Nm 711.Nm
715.It Fl Y Cm check-novalidate
716Checks that a signature generated using
717.Nm
718.Fl Y Cm sign
719has a valid structure.
720This does not validate if a signature comes from an authorized signer.
721When testing a signature,
722.Nm
723accepts a message on standard input and a signature namespace using
724.Fl n .
725A file containing the corresponding signature must also be supplied using the
726.Fl s
727flag.
728Successful testing of the signature is signalled by
729.Nm
730returning a zero exit status. 712returning a zero exit status.
713.It Fl y
714This option will read a private
715OpenSSH format file and print an OpenSSH public key to stdout.
731.It Fl z Ar serial_number 716.It Fl z Ar serial_number
732Specifies a serial number to be embedded in the certificate to distinguish 717Specifies a serial number to be embedded in the certificate to distinguish
733this certificate from others from the same CA. 718this certificate from others from the same CA.
@@ -753,25 +738,25 @@ These candidate primes are then tested for suitability (a CPU-intensive
753process). 738process).
754.Pp 739.Pp
755Generation of primes is performed using the 740Generation of primes is performed using the
756.Fl G 741.Fl M Cm generate
757option. 742option.
758The desired length of the primes may be specified by the 743The desired length of the primes may be specified by the
759.Fl b 744.Fl O Cm bits
760option. 745option.
761For example: 746For example:
762.Pp 747.Pp
763.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 748.Dl # ssh-keygen -M generate -O bits=2048 moduli-2048.candidates
764.Pp 749.Pp
765By default, the search for primes begins at a random point in the 750By default, the search for primes begins at a random point in the
766desired length range. 751desired length range.
767This may be overridden using the 752This may be overridden using the
768.Fl S 753.Fl O Cm start
769option, which specifies a different start point (in hex). 754option, which specifies a different start point (in hex).
770.Pp 755.Pp
771Once a set of candidates have been generated, they must be screened for 756Once a set of candidates have been generated, they must be screened for
772suitability. 757suitability.
773This may be performed using the 758This may be performed using the
774.Fl T 759.Fl M Cm screen
775option. 760option.
776In this mode 761In this mode
777.Nm 762.Nm
@@ -780,16 +765,16 @@ will read candidates from standard input (or a file specified using the
780option). 765option).
781For example: 766For example:
782.Pp 767.Pp
783.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates 768.Dl # ssh-keygen -M screen -f moduli-2048.candidates moduli-2048
784.Pp 769.Pp
785By default, each candidate will be subjected to 100 primality tests. 770By default, each candidate will be subjected to 100 primality tests.
786This may be overridden using the 771This may be overridden using the
787.Fl a 772.Fl O Cm prime-tests
788option. 773option.
789The DH generator value will be chosen automatically for the 774The DH generator value will be chosen automatically for the
790prime under consideration. 775prime under consideration.
791If a specific generator is desired, it may be requested using the 776If a specific generator is desired, it may be requested using the
792.Fl W 777.Fl O Cm generator
793option. 778option.
794Valid generator values are 2, 3, and 5. 779Valid generator values are 2, 3, and 5.
795.Pp 780.Pp
@@ -797,6 +782,30 @@ Screened DH groups may be installed in
797.Pa /etc/ssh/moduli . 782.Pa /etc/ssh/moduli .
798It is important that this file contains moduli of a range of bit lengths and 783It is important that this file contains moduli of a range of bit lengths and
799that both ends of a connection share common moduli. 784that both ends of a connection share common moduli.
785.Pp
786A number of options are available for moduli generation and screening via the
787.Fl O
788flag:
789.Bl -tag -width Ds
790.It Ic lines Ns = Ns Ar number
791Exit after screening the specified number of lines while performing DH
792candidate screening.
793.It Ic start-line Ns = Ns Ar line-number
794Start screening at the specified line number while performing DH candidate
795screening.
796.It Ic checkpoint Ns = Ns Ar filename
797Write the last line processed to the specified file while performing DH
798candidate screening.
799This will be used to skip lines in the input file that have already been
800processed if the job is restarted.
801.It Ic memory Ns = Ns Ar mbytes
802Specify the amount of memory to use (in megabytes) when generating
803candidate moduli for DH-GEX.
804.It Ic start Ns = Ns Ar hex-value
805Specify start point (in hex) when generating candidate moduli for DH-GEX.
806.It Ic generator Ns = Ns Ar value
807Specify desired generator (in decimal) when testing candidate moduli for DH-GEX.
808.El
800.Sh CERTIFICATES 809.Sh CERTIFICATES
801.Nm 810.Nm
802supports signing of keys to produce certificates that may be used for 811supports signing of keys to produce certificates that may be used for
@@ -864,9 +873,94 @@ be specified through certificate options.
864A certificate option may disable features of the SSH session, may be 873A certificate option may disable features of the SSH session, may be
865valid only when presented from particular source addresses or may 874valid only when presented from particular source addresses or may
866force the use of a specific command. 875force the use of a specific command.
867For a list of valid certificate options, see the documentation for the 876.Pp
868.Fl O 877The options that are valid for user certificates are:
869option above. 878.Pp
879.Bl -tag -width Ds -compact
880.It Ic clear
881Clear all enabled permissions.
882This is useful for clearing the default set of permissions so permissions may
883be added individually.
884.Pp
885.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
886.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
887Includes an arbitrary certificate critical option or extension.
888The specified
889.Ar name
890should include a domain suffix, e.g.\&
891.Dq name@example.com .
892If
893.Ar contents
894is specified then it is included as the contents of the extension/option
895encoded as a string, otherwise the extension/option is created with no
896contents (usually indicating a flag).
897Extensions may be ignored by a client or server that does not recognise them,
898whereas unknown critical options will cause the certificate to be refused.
899.Pp
900.It Ic force-command Ns = Ns Ar command
901Forces the execution of
902.Ar command
903instead of any shell or command specified by the user when
904the certificate is used for authentication.
905.Pp
906.It Ic no-agent-forwarding
907Disable
908.Xr ssh-agent 1
909forwarding (permitted by default).
910.Pp
911.It Ic no-port-forwarding
912Disable port forwarding (permitted by default).
913.Pp
914.It Ic no-pty
915Disable PTY allocation (permitted by default).
916.Pp
917.It Ic no-user-rc
918Disable execution of
919.Pa ~/.ssh/rc
920by
921.Xr sshd 8
922(permitted by default).
923.Pp
924.It Ic no-x11-forwarding
925Disable X11 forwarding (permitted by default).
926.Pp
927.It Ic permit-agent-forwarding
928Allows
929.Xr ssh-agent 1
930forwarding.
931.Pp
932.It Ic permit-port-forwarding
933Allows port forwarding.
934.Pp
935.It Ic permit-pty
936Allows PTY allocation.
937.Pp
938.It Ic permit-user-rc
939Allows execution of
940.Pa ~/.ssh/rc
941by
942.Xr sshd 8 .
943.Pp
944.It Ic permit-X11-forwarding
945Allows X11 forwarding.
946.Pp
947.It Ic no-touch-required
948Do not require signatures made using this key require demonstration
949of user presence (e.g. by having the user touch the authenticator).
950This option only makes sense for the FIDO authenticator algorithms
951.Cm ecdsa-sk
952and
953.Cm ed25519-sk .
954.Pp
955.It Ic source-address Ns = Ns Ar address_list
956Restrict the source addresses from which the certificate is considered valid.
957The
958.Ar address_list
959is a comma-separated list of one or more address/netmask pairs in CIDR
960format.
961.El
962.Pp
963At present, no standard options are valid for host keys.
870.Pp 964.Pp
871Finally, certificates may be defined with a validity lifetime. 965Finally, certificates may be defined with a validity lifetime.
872The 966The
@@ -983,8 +1077,8 @@ The principals field is a pattern-list (See PATTERNS in
983consisting of one or more comma-separated USER@DOMAIN identity patterns 1077consisting of one or more comma-separated USER@DOMAIN identity patterns
984that are accepted for signing. 1078that are accepted for signing.
985When verifying, the identity presented via the 1079When verifying, the identity presented via the
986.Fl I option 1080.Fl I
987must match a principals pattern in order for the corresponding key to be 1081option must match a principals pattern in order for the corresponding key to be
988considered acceptable for verification. 1082considered acceptable for verification.
989.Pp 1083.Pp
990The options (if present) consist of comma-separated option specifications. 1084The options (if present) consist of comma-separated option specifications.
@@ -1015,14 +1109,23 @@ user1@example.com,user2@example.com ssh-rsa AAAAX1...
1015# A key that is accepted only for file signing. 1109# A key that is accepted only for file signing.
1016user2@example.com namespaces="file" ssh-ed25519 AAA41... 1110user2@example.com namespaces="file" ssh-ed25519 AAA41...
1017.Ed 1111.Ed
1112.Sh ENVIRONMENT
1113.Bl -tag -width Ds
1114.It Ev SSH_SK_PROVIDER
1115Specifies a path to a library that will be used when loading any
1116FIDO authenticator-hosted keys, overriding the default of using
1117the built-in USB HID support.
1118.El
1018.Sh FILES 1119.Sh FILES
1019.Bl -tag -width Ds -compact 1120.Bl -tag -width Ds -compact
1020.It Pa ~/.ssh/id_dsa 1121.It Pa ~/.ssh/id_dsa
1021.It Pa ~/.ssh/id_ecdsa 1122.It Pa ~/.ssh/id_ecdsa
1123.It Pa ~/.ssh/id_ecdsa_sk
1022.It Pa ~/.ssh/id_ed25519 1124.It Pa ~/.ssh/id_ed25519
1125.It Pa ~/.ssh/id_ed25519_sk
1023.It Pa ~/.ssh/id_rsa 1126.It Pa ~/.ssh/id_rsa
1024Contains the DSA, ECDSA, Ed25519 or RSA 1127Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1025authentication identity of the user. 1128authenticator-hosted Ed25519 or RSA authentication identity of the user.
1026This file should not be readable by anyone but the user. 1129This file should not be readable by anyone but the user.
1027It is possible to 1130It is possible to
1028specify a passphrase when generating the key; that passphrase will be 1131specify a passphrase when generating the key; that passphrase will be
@@ -1035,10 +1138,12 @@ will read this file when a login attempt is made.
1035.Pp 1138.Pp
1036.It Pa ~/.ssh/id_dsa.pub 1139.It Pa ~/.ssh/id_dsa.pub
1037.It Pa ~/.ssh/id_ecdsa.pub 1140.It Pa ~/.ssh/id_ecdsa.pub
1141.It Pa ~/.ssh/id_ecdsa_sk.pub
1038.It Pa ~/.ssh/id_ed25519.pub 1142.It Pa ~/.ssh/id_ed25519.pub
1143.It Pa ~/.ssh/id_ed25519_sk.pub
1039.It Pa ~/.ssh/id_rsa.pub 1144.It Pa ~/.ssh/id_rsa.pub
1040Contains the DSA, ECDSA, Ed25519 or RSA 1145Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1041public key for authentication. 1146authenticator-hosted Ed25519 or RSA public key for authentication.
1042The contents of this file should be added to 1147The contents of this file should be added to
1043.Pa ~/.ssh/authorized_keys 1148.Pa ~/.ssh/authorized_keys
1044on all machines 1149on all machines
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8c829cad6..0d6ed1fff 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.355 2019/10/03 17:07:50 jmc Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -63,6 +63,8 @@
63#include "utf8.h" 63#include "utf8.h"
64#include "authfd.h" 64#include "authfd.h"
65#include "sshsig.h" 65#include "sshsig.h"
66#include "ssh-sk.h"
67#include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */
66 68
67#ifdef WITH_OPENSSL 69#ifdef WITH_OPENSSL
68# define DEFAULT_KEY_TYPE_NAME "rsa" 70# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -118,11 +120,12 @@ static u_int64_t cert_valid_from = 0;
118static u_int64_t cert_valid_to = ~0ULL; 120static u_int64_t cert_valid_to = ~0ULL;
119 121
120/* Certificate options */ 122/* Certificate options */
121#define CERTOPT_X_FWD (1) 123#define CERTOPT_X_FWD (1)
122#define CERTOPT_AGENT_FWD (1<<1) 124#define CERTOPT_AGENT_FWD (1<<1)
123#define CERTOPT_PORT_FWD (1<<2) 125#define CERTOPT_PORT_FWD (1<<2)
124#define CERTOPT_PTY (1<<3) 126#define CERTOPT_PTY (1<<3)
125#define CERTOPT_USER_RC (1<<4) 127#define CERTOPT_USER_RC (1<<4)
128#define CERTOPT_NO_REQUIRE_USER_PRESENCE (1<<5)
126#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ 129#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
127 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) 130 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
128static u_int32_t certflags_flags = CERTOPT_DEFAULT; 131static u_int32_t certflags_flags = CERTOPT_DEFAULT;
@@ -150,16 +153,16 @@ static char *key_type_name = NULL;
150/* Load key from this PKCS#11 provider */ 153/* Load key from this PKCS#11 provider */
151static char *pkcs11provider = NULL; 154static char *pkcs11provider = NULL;
152 155
156/* FIDO/U2F provider to use */
157static char *sk_provider = NULL;
158
153/* Format for writing private keys */ 159/* Format for writing private keys */
154static int private_key_format = SSHKEY_PRIVATE_OPENSSH; 160static int private_key_format = SSHKEY_PRIVATE_OPENSSH;
155 161
156/* Cipher for new-format private keys */ 162/* Cipher for new-format private keys */
157static char *openssh_format_cipher = NULL; 163static char *openssh_format_cipher = NULL;
158 164
159/* 165/* Number of KDF rounds to derive new format keys. */
160 * Number of KDF rounds to derive new format keys /
161 * number of primality trials when screening moduli.
162 */
163static int rounds = 0; 166static int rounds = 0;
164 167
165/* argv0 */ 168/* argv0 */
@@ -269,6 +272,10 @@ ask_filename(struct passwd *pw, const char *prompt)
269 case KEY_ECDSA: 272 case KEY_ECDSA:
270 name = _PATH_SSH_CLIENT_ID_ECDSA; 273 name = _PATH_SSH_CLIENT_ID_ECDSA;
271 break; 274 break;
275 case KEY_ECDSA_SK_CERT:
276 case KEY_ECDSA_SK:
277 name = _PATH_SSH_CLIENT_ID_ECDSA_SK;
278 break;
272#endif 279#endif
273 case KEY_RSA_CERT: 280 case KEY_RSA_CERT:
274 case KEY_RSA: 281 case KEY_RSA:
@@ -278,6 +285,10 @@ ask_filename(struct passwd *pw, const char *prompt)
278 case KEY_ED25519_CERT: 285 case KEY_ED25519_CERT:
279 name = _PATH_SSH_CLIENT_ID_ED25519; 286 name = _PATH_SSH_CLIENT_ID_ED25519;
280 break; 287 break;
288 case KEY_ED25519_SK:
289 case KEY_ED25519_SK_CERT:
290 name = _PATH_SSH_CLIENT_ID_ED25519_SK;
291 break;
281 case KEY_XMSS: 292 case KEY_XMSS:
282 case KEY_XMSS_CERT: 293 case KEY_XMSS_CERT:
283 name = _PATH_SSH_CLIENT_ID_XMSS; 294 name = _PATH_SSH_CLIENT_ID_XMSS;
@@ -391,6 +402,16 @@ do_convert_to_pem(struct sshkey *k)
391 if (!PEM_write_RSAPublicKey(stdout, k->rsa)) 402 if (!PEM_write_RSAPublicKey(stdout, k->rsa))
392 fatal("PEM_write_RSAPublicKey failed"); 403 fatal("PEM_write_RSAPublicKey failed");
393 break; 404 break;
405 case KEY_DSA:
406 if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
407 fatal("PEM_write_DSA_PUBKEY failed");
408 break;
409#ifdef OPENSSL_HAS_ECC
410 case KEY_ECDSA:
411 if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
412 fatal("PEM_write_EC_PUBKEY failed");
413 break;
414#endif
394 default: 415 default:
395 fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); 416 fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
396 } 417 }
@@ -568,8 +589,10 @@ do_convert_private_ssh2(struct sshbuf *b)
568 error("%s: remaining bytes in key blob %d", __func__, rlen); 589 error("%s: remaining bytes in key blob %d", __func__, rlen);
569 590
570 /* try the key */ 591 /* try the key */
571 if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || 592 if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
572 sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { 593 NULL, NULL, 0) != 0 ||
594 sshkey_verify(key, sig, slen, data, sizeof(data),
595 NULL, 0, NULL) != 0) {
573 sshkey_free(key); 596 sshkey_free(key);
574 free(sig); 597 free(sig);
575 return NULL; 598 return NULL;
@@ -651,6 +674,7 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
651 *k = do_convert_private_ssh2(buf); 674 *k = do_convert_private_ssh2(buf);
652 else if ((r = sshkey_fromb(buf, k)) != 0) 675 else if ((r = sshkey_fromb(buf, k)) != 0)
653 fatal("decode blob failed: %s", ssh_err(r)); 676 fatal("decode blob failed: %s", ssh_err(r));
677 sshbuf_free(buf);
654 fclose(fp); 678 fclose(fp);
655} 679}
656 680
@@ -807,13 +831,13 @@ do_download(struct passwd *pw)
807 int i, nkeys; 831 int i, nkeys;
808 enum sshkey_fp_rep rep; 832 enum sshkey_fp_rep rep;
809 int fptype; 833 int fptype;
810 char *fp, *ra; 834 char *fp, *ra, **comments = NULL;
811 835
812 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; 836 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
813 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; 837 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
814 838
815 pkcs11_init(1); 839 pkcs11_init(1);
816 nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); 840 nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys, &comments);
817 if (nkeys <= 0) 841 if (nkeys <= 0)
818 fatal("cannot read public key from pkcs11"); 842 fatal("cannot read public key from pkcs11");
819 for (i = 0; i < nkeys; i++) { 843 for (i = 0; i < nkeys; i++) {
@@ -831,10 +855,13 @@ do_download(struct passwd *pw)
831 free(fp); 855 free(fp);
832 } else { 856 } else {
833 (void) sshkey_write(keys[i], stdout); /* XXX check */ 857 (void) sshkey_write(keys[i], stdout); /* XXX check */
834 fprintf(stdout, "\n"); 858 fprintf(stdout, "%s%s\n",
859 *(comments[i]) == '\0' ? "" : " ", comments[i]);
835 } 860 }
861 free(comments[i]);
836 sshkey_free(keys[i]); 862 sshkey_free(keys[i]);
837 } 863 }
864 free(comments);
838 free(keys); 865 free(keys);
839 pkcs11_terminate(); 866 pkcs11_terminate();
840 exit(0); 867 exit(0);
@@ -1247,8 +1274,10 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1247 if (fp == NULL || ra == NULL) 1274 if (fp == NULL || ra == NULL)
1248 fatal("%s: sshkey_fingerprint failed", 1275 fatal("%s: sshkey_fingerprint failed",
1249 __func__); 1276 __func__);
1250 mprintf("%s %s %s %s\n", ctx->host, 1277 mprintf("%s %s %s%s%s\n", ctx->host,
1251 sshkey_type(l->key), fp, l->comment); 1278 sshkey_type(l->key), fp,
1279 l->comment[0] ? " " : "",
1280 l->comment);
1252 if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) 1281 if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
1253 printf("%s\n", ra); 1282 printf("%s\n", ra);
1254 free(ra); 1283 free(ra);
@@ -1650,6 +1679,9 @@ prepare_options_buf(struct sshbuf *c, int which)
1650 (certflags_flags & CERTOPT_USER_RC) != 0) 1679 (certflags_flags & CERTOPT_USER_RC) != 0)
1651 add_flag_option(c, "permit-user-rc"); 1680 add_flag_option(c, "permit-user-rc");
1652 if ((which & OPTIONS_CRITICAL) != 0 && 1681 if ((which & OPTIONS_CRITICAL) != 0 &&
1682 (certflags_flags & CERTOPT_NO_REQUIRE_USER_PRESENCE) != 0)
1683 add_flag_option(c, "no-touch-required");
1684 if ((which & OPTIONS_CRITICAL) != 0 &&
1653 certflags_src_addr != NULL) 1685 certflags_src_addr != NULL)
1654 add_string_option(c, "source-address", certflags_src_addr); 1686 add_string_option(c, "source-address", certflags_src_addr);
1655 for (i = 0; i < ncert_userext; i++) { 1687 for (i = 0; i < ncert_userext; i++) {
@@ -1676,7 +1708,8 @@ load_pkcs11_key(char *path)
1676 fatal("Couldn't load CA public key \"%s\": %s", 1708 fatal("Couldn't load CA public key \"%s\": %s",
1677 path, ssh_err(r)); 1709 path, ssh_err(r));
1678 1710
1679 nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); 1711 nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase,
1712 &keys, NULL);
1680 debug3("%s: %d keys", __func__, nkeys); 1713 debug3("%s: %d keys", __func__, nkeys);
1681 if (nkeys <= 0) 1714 if (nkeys <= 0)
1682 fatal("cannot read public key from pkcs11"); 1715 fatal("cannot read public key from pkcs11");
@@ -1699,7 +1732,7 @@ load_pkcs11_key(char *path)
1699static int 1732static int
1700agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, 1733agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp,
1701 const u_char *data, size_t datalen, 1734 const u_char *data, size_t datalen,
1702 const char *alg, u_int compat, void *ctx) 1735 const char *alg, const char *provider, u_int compat, void *ctx)
1703{ 1736{
1704 int *agent_fdp = (int *)ctx; 1737 int *agent_fdp = (int *)ctx;
1705 1738
@@ -1715,10 +1748,12 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1715 int r, i, fd, found, agent_fd = -1; 1748 int r, i, fd, found, agent_fd = -1;
1716 u_int n; 1749 u_int n;
1717 struct sshkey *ca, *public; 1750 struct sshkey *ca, *public;
1718 char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; 1751 char valid[64], *otmp, *tmp, *cp, *out, *comment;
1752 char *ca_fp = NULL, **plist = NULL;
1719 FILE *f; 1753 FILE *f;
1720 struct ssh_identitylist *agent_ids; 1754 struct ssh_identitylist *agent_ids;
1721 size_t j; 1755 size_t j;
1756 struct notifier_ctx *notifier = NULL;
1722 1757
1723#ifdef ENABLE_PKCS11 1758#ifdef ENABLE_PKCS11
1724 pkcs11_init(1); 1759 pkcs11_init(1);
@@ -1759,11 +1794,16 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1759 } 1794 }
1760 free(tmp); 1795 free(tmp);
1761 1796
1762 if (key_type_name != NULL && 1797 if (key_type_name != NULL) {
1763 sshkey_type_from_name(key_type_name) != ca->type) { 1798 if (sshkey_type_from_name(key_type_name) != ca->type) {
1764 fatal("CA key type %s doesn't match specified %s", 1799 fatal("CA key type %s doesn't match specified %s",
1765 sshkey_ssh_name(ca), key_type_name); 1800 sshkey_ssh_name(ca), key_type_name);
1801 }
1802 } else if (ca->type == KEY_RSA) {
1803 /* Default to a good signature algorithm */
1804 key_type_name = "rsa-sha2-512";
1766 } 1805 }
1806 ca_fp = sshkey_fingerprint(ca, fingerprint_hash, SSH_FP_DEFAULT);
1767 1807
1768 for (i = 0; i < argc; i++) { 1808 for (i = 0; i < argc; i++) {
1769 /* Split list of principals */ 1809 /* Split list of principals */
@@ -1785,9 +1825,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1785 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) 1825 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
1786 fatal("%s: unable to open \"%s\": %s", 1826 fatal("%s: unable to open \"%s\": %s",
1787 __func__, tmp, ssh_err(r)); 1827 __func__, tmp, ssh_err(r));
1788 if (public->type != KEY_RSA && public->type != KEY_DSA && 1828 if (sshkey_is_cert(public))
1789 public->type != KEY_ECDSA && public->type != KEY_ED25519 &&
1790 public->type != KEY_XMSS)
1791 fatal("%s: key \"%s\" type %s cannot be certified", 1829 fatal("%s: key \"%s\" type %s cannot be certified",
1792 __func__, tmp, sshkey_type(public)); 1830 __func__, tmp, sshkey_type(public));
1793 1831
@@ -1811,11 +1849,21 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1811 1849
1812 if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { 1850 if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) {
1813 if ((r = sshkey_certify_custom(public, ca, 1851 if ((r = sshkey_certify_custom(public, ca,
1814 key_type_name, agent_signer, &agent_fd)) != 0) 1852 key_type_name, sk_provider, agent_signer,
1853 &agent_fd)) != 0)
1815 fatal("Couldn't certify key %s via agent: %s", 1854 fatal("Couldn't certify key %s via agent: %s",
1816 tmp, ssh_err(r)); 1855 tmp, ssh_err(r));
1817 } else { 1856 } else {
1818 if ((sshkey_certify(public, ca, key_type_name)) != 0) 1857 if (sshkey_is_sk(ca) &&
1858 (ca->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
1859 notifier = notify_start(0,
1860 "Confirm user presence for key %s %s",
1861 sshkey_type(ca), ca_fp);
1862 }
1863 r = sshkey_certify(public, ca, key_type_name,
1864 sk_provider);
1865 notify_complete(notifier);
1866 if (r != 0)
1819 fatal("Couldn't certify key %s: %s", 1867 fatal("Couldn't certify key %s: %s",
1820 tmp, ssh_err(r)); 1868 tmp, ssh_err(r));
1821 } 1869 }
@@ -1853,6 +1901,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1853 if (cert_serial_autoinc) 1901 if (cert_serial_autoinc)
1854 cert_serial++; 1902 cert_serial++;
1855 } 1903 }
1904 free(ca_fp);
1856#ifdef ENABLE_PKCS11 1905#ifdef ENABLE_PKCS11
1857 pkcs11_terminate(); 1906 pkcs11_terminate();
1858#endif 1907#endif
@@ -1951,6 +2000,10 @@ add_cert_option(char *opt)
1951 certflags_flags &= ~CERTOPT_USER_RC; 2000 certflags_flags &= ~CERTOPT_USER_RC;
1952 else if (strcasecmp(opt, "permit-user-rc") == 0) 2001 else if (strcasecmp(opt, "permit-user-rc") == 0)
1953 certflags_flags |= CERTOPT_USER_RC; 2002 certflags_flags |= CERTOPT_USER_RC;
2003 else if (strcasecmp(opt, "touch-required") == 0)
2004 certflags_flags &= ~CERTOPT_NO_REQUIRE_USER_PRESENCE;
2005 else if (strcasecmp(opt, "no-touch-required") == 0)
2006 certflags_flags |= CERTOPT_NO_REQUIRE_USER_PRESENCE;
1954 else if (strncasecmp(opt, "force-command=", 14) == 0) { 2007 else if (strncasecmp(opt, "force-command=", 14) == 0) {
1955 val = opt + 14; 2008 val = opt + 14;
1956 if (*val == '\0') 2009 if (*val == '\0')
@@ -2004,9 +2057,10 @@ show_options(struct sshbuf *optbuf, int in_critical)
2004 strcmp(name, "permit-agent-forwarding") == 0 || 2057 strcmp(name, "permit-agent-forwarding") == 0 ||
2005 strcmp(name, "permit-port-forwarding") == 0 || 2058 strcmp(name, "permit-port-forwarding") == 0 ||
2006 strcmp(name, "permit-pty") == 0 || 2059 strcmp(name, "permit-pty") == 0 ||
2007 strcmp(name, "permit-user-rc") == 0)) 2060 strcmp(name, "permit-user-rc") == 0 ||
2061 strcmp(name, "no-touch-required") == 0)) {
2008 printf("\n"); 2062 printf("\n");
2009 else if (in_critical && 2063 } else if (in_critical &&
2010 (strcmp(name, "force-command") == 0 || 2064 (strcmp(name, "force-command") == 0 ||
2011 strcmp(name, "source-address") == 0)) { 2065 strcmp(name, "source-address") == 0)) {
2012 if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) 2066 if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
@@ -2135,15 +2189,10 @@ static void
2135load_krl(const char *path, struct ssh_krl **krlp) 2189load_krl(const char *path, struct ssh_krl **krlp)
2136{ 2190{
2137 struct sshbuf *krlbuf; 2191 struct sshbuf *krlbuf;
2138 int r, fd; 2192 int r;
2139 2193
2140 if ((krlbuf = sshbuf_new()) == NULL) 2194 if ((r = sshbuf_load_file(path, &krlbuf)) != 0)
2141 fatal("sshbuf_new failed");
2142 if ((fd = open(path, O_RDONLY)) == -1)
2143 fatal("open %s: %s", path, strerror(errno));
2144 if ((r = sshkey_load_file(fd, krlbuf)) != 0)
2145 fatal("Unable to load KRL: %s", ssh_err(r)); 2195 fatal("Unable to load KRL: %s", ssh_err(r));
2146 close(fd);
2147 /* XXX check sigs */ 2196 /* XXX check sigs */
2148 if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || 2197 if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
2149 *krlp == NULL) 2198 *krlp == NULL)
@@ -2345,7 +2394,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
2345 struct ssh_krl *krl; 2394 struct ssh_krl *krl;
2346 struct stat sb; 2395 struct stat sb;
2347 struct sshkey *ca = NULL; 2396 struct sshkey *ca = NULL;
2348 int fd, i, r, wild_ca = 0; 2397 int i, r, wild_ca = 0;
2349 char *tmp; 2398 char *tmp;
2350 struct sshbuf *kbuf; 2399 struct sshbuf *kbuf;
2351 2400
@@ -2387,12 +2436,8 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
2387 fatal("sshbuf_new failed"); 2436 fatal("sshbuf_new failed");
2388 if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0) 2437 if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
2389 fatal("Couldn't generate KRL"); 2438 fatal("Couldn't generate KRL");
2390 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) 2439 if ((r = sshbuf_write_file(identity_file, kbuf)) != 0)
2391 fatal("open %s: %s", identity_file, strerror(errno));
2392 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) !=
2393 sshbuf_len(kbuf))
2394 fatal("write %s: %s", identity_file, strerror(errno)); 2440 fatal("write %s: %s", identity_file, strerror(errno));
2395 close(fd);
2396 sshbuf_free(kbuf); 2441 sshbuf_free(kbuf);
2397 ssh_krl_free(krl); 2442 ssh_krl_free(krl);
2398 sshkey_free(ca); 2443 sshkey_free(ca);
@@ -2488,8 +2533,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd,
2488{ 2533{
2489 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2534 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2490 int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno; 2535 int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno;
2491 char *wfile = NULL; 2536 char *wfile = NULL, *asig = NULL, *fp = NULL;
2492 char *asig = NULL;
2493 2537
2494 if (!quiet) { 2538 if (!quiet) {
2495 if (fd == STDIN_FILENO) 2539 if (fd == STDIN_FILENO)
@@ -2497,7 +2541,16 @@ sign_one(struct sshkey *signkey, const char *filename, int fd,
2497 else 2541 else
2498 fprintf(stderr, "Signing file %s\n", filename); 2542 fprintf(stderr, "Signing file %s\n", filename);
2499 } 2543 }
2500 if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, 2544 if (signer == NULL && sshkey_is_sk(signkey) &&
2545 (signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
2546 if ((fp = sshkey_fingerprint(signkey, fingerprint_hash,
2547 SSH_FP_DEFAULT)) == NULL)
2548 fatal("%s: sshkey_fingerprint failed", __func__);
2549 fprintf(stderr, "Confirm user presence for key %s %s\n",
2550 sshkey_type(signkey), fp);
2551 free(fp);
2552 }
2553 if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace,
2501 &sigbuf, signer, signer_ctx)) != 0) { 2554 &sigbuf, signer, signer_ctx)) != 0) {
2502 error("Signing %s failed: %s", filename, ssh_err(r)); 2555 error("Signing %s failed: %s", filename, ssh_err(r));
2503 goto out; 2556 goto out;
@@ -2555,7 +2608,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd,
2555} 2608}
2556 2609
2557static int 2610static int
2558sign(const char *keypath, const char *sig_namespace, int argc, char **argv) 2611sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv)
2559{ 2612{
2560 int i, fd = -1, r, ret = -1; 2613 int i, fd = -1, r, ret = -1;
2561 int agent_fd = -1; 2614 int agent_fd = -1;
@@ -2626,38 +2679,37 @@ done:
2626} 2679}
2627 2680
2628static int 2681static int
2629verify(const char *signature, const char *sig_namespace, const char *principal, 2682sig_verify(const char *signature, const char *sig_namespace,
2630 const char *allowed_keys, const char *revoked_keys) 2683 const char *principal, const char *allowed_keys, const char *revoked_keys)
2631{ 2684{
2632 int r, ret = -1, sigfd = -1; 2685 int r, ret = -1;
2633 struct sshbuf *sigbuf = NULL, *abuf = NULL; 2686 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2634 struct sshkey *sign_key = NULL; 2687 struct sshkey *sign_key = NULL;
2635 char *fp = NULL; 2688 char *fp = NULL;
2689 struct sshkey_sig_details *sig_details = NULL;
2636 2690
2637 if ((abuf = sshbuf_new()) == NULL) 2691 memset(&sig_details, 0, sizeof(sig_details));
2638 fatal("%s: sshbuf_new() failed", __func__); 2692 if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
2639
2640 if ((sigfd = open(signature, O_RDONLY)) < 0) {
2641 error("Couldn't open signature file %s", signature);
2642 goto done;
2643 }
2644
2645 if ((r = sshkey_load_file(sigfd, abuf)) != 0) {
2646 error("Couldn't read signature file: %s", ssh_err(r)); 2693 error("Couldn't read signature file: %s", ssh_err(r));
2647 goto done; 2694 goto done;
2648 } 2695 }
2696
2649 if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { 2697 if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
2650 error("%s: sshsig_armor: %s", __func__, ssh_err(r)); 2698 error("%s: sshsig_armor: %s", __func__, ssh_err(r));
2651 return r; 2699 goto done;
2652 } 2700 }
2653 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, 2701 if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
2654 &sign_key)) != 0) 2702 &sign_key, &sig_details)) != 0)
2655 goto done; /* sshsig_verify() prints error */ 2703 goto done; /* sshsig_verify() prints error */
2656 2704
2657 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, 2705 if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
2658 SSH_FP_DEFAULT)) == NULL) 2706 SSH_FP_DEFAULT)) == NULL)
2659 fatal("%s: sshkey_fingerprint failed", __func__); 2707 fatal("%s: sshkey_fingerprint failed", __func__);
2660 debug("Valid (unverified) signature from key %s", fp); 2708 debug("Valid (unverified) signature from key %s", fp);
2709 if (sig_details != NULL) {
2710 debug2("%s: signature details: counter = %u, flags = 0x%02x",
2711 __func__, sig_details->sk_counter, sig_details->sk_flags);
2712 }
2661 free(fp); 2713 free(fp);
2662 fp = NULL; 2714 fp = NULL;
2663 2715
@@ -2697,21 +2749,312 @@ done:
2697 printf("Could not verify signature.\n"); 2749 printf("Could not verify signature.\n");
2698 } 2750 }
2699 } 2751 }
2700 if (sigfd != -1)
2701 close(sigfd);
2702 sshbuf_free(sigbuf); 2752 sshbuf_free(sigbuf);
2703 sshbuf_free(abuf); 2753 sshbuf_free(abuf);
2704 sshkey_free(sign_key); 2754 sshkey_free(sign_key);
2755 sshkey_sig_details_free(sig_details);
2705 free(fp); 2756 free(fp);
2706 return ret; 2757 return ret;
2707} 2758}
2708 2759
2760static int
2761sig_find_principals(const char *signature, const char *allowed_keys) {
2762 int r, ret = -1;
2763 struct sshbuf *sigbuf = NULL, *abuf = NULL;
2764 struct sshkey *sign_key = NULL;
2765 char *principals = NULL, *cp, *tmp;
2766
2767 if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
2768 error("Couldn't read signature file: %s", ssh_err(r));
2769 goto done;
2770 }
2771 if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
2772 error("%s: sshsig_armor: %s", __func__, ssh_err(r));
2773 goto done;
2774 }
2775 if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {
2776 error("%s: sshsig_get_pubkey: %s",
2777 __func__, ssh_err(r));
2778 goto done;
2779 }
2780 if ((r = sshsig_find_principals(allowed_keys, sign_key,
2781 &principals)) != 0) {
2782 error("%s: sshsig_get_principal: %s",
2783 __func__, ssh_err(r));
2784 goto done;
2785 }
2786 ret = 0;
2787done:
2788 if (ret == 0 ) {
2789 /* Emit matching principals one per line */
2790 tmp = principals;
2791 while ((cp = strsep(&tmp, ",")) != NULL && *cp != '\0')
2792 puts(cp);
2793 } else {
2794 fprintf(stderr, "No principal matched.\n");
2795 }
2796 sshbuf_free(sigbuf);
2797 sshbuf_free(abuf);
2798 sshkey_free(sign_key);
2799 free(principals);
2800 return ret;
2801}
2802
2803static void
2804do_moduli_gen(const char *out_file, char **opts, size_t nopts)
2805{
2806#ifdef WITH_OPENSSL
2807 /* Moduli generation/screening */
2808 u_int32_t memory = 0;
2809 BIGNUM *start = NULL;
2810 int moduli_bits = 0;
2811 FILE *out;
2812 size_t i;
2813 const char *errstr;
2814
2815 /* Parse options */
2816 for (i = 0; i < nopts; i++) {
2817 if (strncmp(opts[i], "memory=", 7) == 0) {
2818 memory = (u_int32_t)strtonum(opts[i]+7, 1,
2819 UINT_MAX, &errstr);
2820 if (errstr) {
2821 fatal("Memory limit is %s: %s",
2822 errstr, opts[i]+7);
2823 }
2824 } else if (strncmp(opts[i], "start=", 6) == 0) {
2825 /* XXX - also compare length against bits */
2826 if (BN_hex2bn(&start, opts[i]+6) == 0)
2827 fatal("Invalid start point.");
2828 } else if (strncmp(opts[i], "bits=", 5) == 0) {
2829 moduli_bits = (int)strtonum(opts[i]+5, 1,
2830 INT_MAX, &errstr);
2831 if (errstr) {
2832 fatal("Invalid number: %s (%s)",
2833 opts[i]+12, errstr);
2834 }
2835 } else {
2836 fatal("Option \"%s\" is unsupported for moduli "
2837 "generation", opts[i]);
2838 }
2839 }
2840
2841 if ((out = fopen(out_file, "w")) == NULL) {
2842 fatal("Couldn't open modulus candidate file \"%s\": %s",
2843 out_file, strerror(errno));
2844 }
2845 setvbuf(out, NULL, _IOLBF, 0);
2846
2847 if (moduli_bits == 0)
2848 moduli_bits = DEFAULT_BITS;
2849 if (gen_candidates(out, memory, moduli_bits, start) != 0)
2850 fatal("modulus candidate generation failed");
2851#else /* WITH_OPENSSL */
2852 fatal("Moduli generation is not supported");
2853#endif /* WITH_OPENSSL */
2854}
2855
2856static void
2857do_moduli_screen(const char *out_file, char **opts, size_t nopts)
2858{
2859#ifdef WITH_OPENSSL
2860 /* Moduli generation/screening */
2861 char *checkpoint = NULL;
2862 u_int32_t generator_wanted = 0;
2863 unsigned long start_lineno = 0, lines_to_process = 0;
2864 int prime_tests = 0;
2865 FILE *out, *in = stdin;
2866 size_t i;
2867 const char *errstr;
2868
2869 /* Parse options */
2870 for (i = 0; i < nopts; i++) {
2871 if (strncmp(opts[i], "lines=", 6) == 0) {
2872 lines_to_process = strtoul(opts[i]+6, NULL, 10);
2873 } else if (strncmp(opts[i], "start-line=", 11) == 0) {
2874 start_lineno = strtoul(opts[i]+11, NULL, 10);
2875 } else if (strncmp(opts[i], "checkpoint=", 11) == 0) {
2876 checkpoint = xstrdup(opts[i]+11);
2877 } else if (strncmp(opts[i], "generator=", 10) == 0) {
2878 generator_wanted = (u_int32_t)strtonum(
2879 opts[i]+10, 1, UINT_MAX, &errstr);
2880 if (errstr != NULL) {
2881 fatal("Generator invalid: %s (%s)",
2882 opts[i]+10, errstr);
2883 }
2884 } else if (strncmp(opts[i], "prime-tests=", 12) == 0) {
2885 prime_tests = (int)strtonum(opts[i]+12, 1,
2886 INT_MAX, &errstr);
2887 if (errstr) {
2888 fatal("Invalid number: %s (%s)",
2889 opts[i]+12, errstr);
2890 }
2891 } else {
2892 fatal("Option \"%s\" is unsupported for moduli "
2893 "screening", opts[i]);
2894 }
2895 }
2896
2897 if (have_identity && strcmp(identity_file, "-") != 0) {
2898 if ((in = fopen(identity_file, "r")) == NULL) {
2899 fatal("Couldn't open modulus candidate "
2900 "file \"%s\": %s", identity_file,
2901 strerror(errno));
2902 }
2903 }
2904
2905 if ((out = fopen(out_file, "a")) == NULL) {
2906 fatal("Couldn't open moduli file \"%s\": %s",
2907 out_file, strerror(errno));
2908 }
2909 setvbuf(out, NULL, _IOLBF, 0);
2910 if (prime_test(in, out, prime_tests == 0 ? 100 : prime_tests,
2911 generator_wanted, checkpoint,
2912 start_lineno, lines_to_process) != 0)
2913 fatal("modulus screening failed");
2914#else /* WITH_OPENSSL */
2915 fatal("Moduli screening is not supported");
2916#endif /* WITH_OPENSSL */
2917}
2918
2919static char *
2920private_key_passphrase(void)
2921{
2922 char *passphrase1, *passphrase2;
2923
2924 /* Ask for a passphrase (twice). */
2925 if (identity_passphrase)
2926 passphrase1 = xstrdup(identity_passphrase);
2927 else if (identity_new_passphrase)
2928 passphrase1 = xstrdup(identity_new_passphrase);
2929 else {
2930passphrase_again:
2931 passphrase1 =
2932 read_passphrase("Enter passphrase (empty for no "
2933 "passphrase): ", RP_ALLOW_STDIN);
2934 passphrase2 = read_passphrase("Enter same passphrase again: ",
2935 RP_ALLOW_STDIN);
2936 if (strcmp(passphrase1, passphrase2) != 0) {
2937 /*
2938 * The passphrases do not match. Clear them and
2939 * retry.
2940 */
2941 freezero(passphrase1, strlen(passphrase1));
2942 freezero(passphrase2, strlen(passphrase2));
2943 printf("Passphrases do not match. Try again.\n");
2944 goto passphrase_again;
2945 }
2946 /* Clear the other copy of the passphrase. */
2947 freezero(passphrase2, strlen(passphrase2));
2948 }
2949 return passphrase1;
2950}
2951
2952static const char *
2953skip_ssh_url_preamble(const char *s)
2954{
2955 if (strncmp(s, "ssh://", 6) == 0)
2956 return s + 6;
2957 else if (strncmp(s, "ssh:", 4) == 0)
2958 return s + 4;
2959 return s;
2960}
2961
2962static int
2963do_download_sk(const char *skprovider, const char *device)
2964{
2965 struct sshkey **keys;
2966 size_t nkeys, i;
2967 int r, ok = -1;
2968 char *fp, *pin, *pass = NULL, *path, *pubpath;
2969 const char *ext;
2970
2971 if (skprovider == NULL)
2972 fatal("Cannot download keys without provider");
2973
2974 pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
2975 if ((r = sshsk_load_resident(skprovider, device, pin,
2976 &keys, &nkeys)) != 0) {
2977 freezero(pin, strlen(pin));
2978 error("Unable to load resident keys: %s", ssh_err(r));
2979 return -1;
2980 }
2981 if (nkeys == 0)
2982 logit("No keys to download");
2983 freezero(pin, strlen(pin));
2984
2985 for (i = 0; i < nkeys; i++) {
2986 if (keys[i]->type != KEY_ECDSA_SK &&
2987 keys[i]->type != KEY_ED25519_SK) {
2988 error("Unsupported key type %s (%d)",
2989 sshkey_type(keys[i]), keys[i]->type);
2990 continue;
2991 }
2992 if ((fp = sshkey_fingerprint(keys[i],
2993 fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
2994 fatal("%s: sshkey_fingerprint failed", __func__);
2995 debug("%s: key %zu: %s %s %s (flags 0x%02x)", __func__, i,
2996 sshkey_type(keys[i]), fp, keys[i]->sk_application,
2997 keys[i]->sk_flags);
2998 ext = skip_ssh_url_preamble(keys[i]->sk_application);
2999 xasprintf(&path, "id_%s_rk%s%s",
3000 keys[i]->type == KEY_ECDSA_SK ? "ecdsa_sk" : "ed25519_sk",
3001 *ext == '\0' ? "" : "_", ext);
3002
3003 /* If the file already exists, ask the user to confirm. */
3004 if (!confirm_overwrite(path)) {
3005 free(path);
3006 break;
3007 }
3008
3009 /* Save the key with the application string as the comment */
3010 if (pass == NULL)
3011 pass = private_key_passphrase();
3012 if ((r = sshkey_save_private(keys[i], path, pass,
3013 keys[i]->sk_application, private_key_format,
3014 openssh_format_cipher, rounds)) != 0) {
3015 error("Saving key \"%s\" failed: %s",
3016 path, ssh_err(r));
3017 free(path);
3018 break;
3019 }
3020 if (!quiet) {
3021 printf("Saved %s key%s%s to %s\n",
3022 sshkey_type(keys[i]),
3023 *ext != '\0' ? " " : "",
3024 *ext != '\0' ? keys[i]->sk_application : "",
3025 path);
3026 }
3027
3028 /* Save public key too */
3029 xasprintf(&pubpath, "%s.pub", path);
3030 free(path);
3031 if ((r = sshkey_save_public(keys[i], pubpath,
3032 keys[i]->sk_application)) != 0) {
3033 free(pubpath);
3034 error("Saving public key \"%s\" failed: %s",
3035 pubpath, ssh_err(r));
3036 break;
3037 }
3038 free(pubpath);
3039 }
3040
3041 if (i >= nkeys)
3042 ok = 0; /* success */
3043 if (pass != NULL)
3044 freezero(pass, strlen(pass));
3045 for (i = 0; i < nkeys; i++)
3046 sshkey_free(keys[i]);
3047 free(keys);
3048 return ok ? 0 : -1;
3049}
3050
2709static void 3051static void
2710usage(void) 3052usage(void)
2711{ 3053{
2712 fprintf(stderr, 3054 fprintf(stderr,
2713 "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n" 3055 "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n"
2714 " [-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa]\n" 3056 " [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
3057 " [-N new_passphrase] [-O option] [-w provider]\n"
2715 " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n" 3058 " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n"
2716 " [-P old_passphrase]\n" 3059 " [-P old_passphrase]\n"
2717 " ssh-keygen -i [-f input_keyfile] [-m key_format]\n" 3060 " ssh-keygen -i [-f input_keyfile] [-m key_format]\n"
@@ -2727,12 +3070,12 @@ usage(void)
2727 fprintf(stderr, 3070 fprintf(stderr,
2728 " ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n" 3071 " ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n"
2729 " ssh-keygen -H [-f known_hosts_file]\n" 3072 " ssh-keygen -H [-f known_hosts_file]\n"
3073 " ssh-keygen -K [-w provider]\n"
2730 " ssh-keygen -R hostname [-f known_hosts_file]\n" 3074 " ssh-keygen -R hostname [-f known_hosts_file]\n"
2731 " ssh-keygen -r hostname [-g] [-f input_keyfile]\n" 3075 " ssh-keygen -r hostname [-g] [-f input_keyfile]\n"
2732#ifdef WITH_OPENSSL 3076#ifdef WITH_OPENSSL
2733 " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" 3077 " ssh-keygen -M generate [-O option] output_file\n"
2734 " ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines]\n" 3078 " ssh-keygen -M screen [-f input_file] [-O option] output_file\n"
2735 " [-j start_line] [-K checkpt] [-W generator]\n"
2736#endif 3079#endif
2737 " ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]\n" 3080 " ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]\n"
2738 " [-n principals] [-O option] [-V validity_interval]\n" 3081 " [-n principals] [-O option] [-V validity_interval]\n"
@@ -2742,6 +3085,7 @@ usage(void)
2742 " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" 3085 " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
2743 " file ...\n" 3086 " file ...\n"
2744 " ssh-keygen -Q -f krl_file file ...\n" 3087 " ssh-keygen -Q -f krl_file file ...\n"
3088 " ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n"
2745 " ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" 3089 " ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
2746 " ssh-keygen -Y sign -f key_file -n namespace file ...\n" 3090 " ssh-keygen -Y sign -f key_file -n namespace file ...\n"
2747 " ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" 3091 " ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
@@ -2755,32 +3099,29 @@ usage(void)
2755int 3099int
2756main(int argc, char **argv) 3100main(int argc, char **argv)
2757{ 3101{
2758 char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; 3102 char dotsshdir[PATH_MAX], comment[1024], *passphrase;
2759 char *rr_hostname = NULL, *ep, *fp, *ra; 3103 char *rr_hostname = NULL, *ep, *fp, *ra;
2760 struct sshkey *private, *public; 3104 struct sshkey *private, *public;
2761 struct passwd *pw; 3105 struct passwd *pw;
2762 struct stat st; 3106 struct stat st;
2763 int r, opt, type, fd; 3107 int r, opt, type;
2764 int change_passphrase = 0, change_comment = 0, show_cert = 0; 3108 int change_passphrase = 0, change_comment = 0, show_cert = 0;
2765 int find_host = 0, delete_host = 0, hash_hosts = 0; 3109 int find_host = 0, delete_host = 0, hash_hosts = 0;
2766 int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; 3110 int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
2767 int prefer_agent = 0, convert_to = 0, convert_from = 0; 3111 int prefer_agent = 0, convert_to = 0, convert_from = 0;
2768 int print_public = 0, print_generic = 0, cert_serial_autoinc = 0; 3112 int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
3113 int do_gen_candidates = 0, do_screen_candidates = 0, download_sk = 0;
2769 unsigned long long cert_serial = 0; 3114 unsigned long long cert_serial = 0;
2770 char *identity_comment = NULL, *ca_key_path = NULL; 3115 char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL;
3116 char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL;
3117 char *sk_attestaion_path = NULL;
3118 struct sshbuf *challenge = NULL, *attest = NULL;
3119 size_t i, nopts = 0;
2771 u_int32_t bits = 0; 3120 u_int32_t bits = 0;
2772 FILE *f; 3121 uint8_t sk_flags = SSH_SK_USER_PRESENCE_REQD;
2773 const char *errstr; 3122 const char *errstr;
2774 int log_level = SYSLOG_LEVEL_INFO; 3123 int log_level = SYSLOG_LEVEL_INFO;
2775 char *sign_op = NULL; 3124 char *sign_op = NULL;
2776#ifdef WITH_OPENSSL
2777 /* Moduli generation/screening */
2778 char out_file[PATH_MAX], *checkpoint = NULL;
2779 u_int32_t memory = 0, generator_wanted = 0;
2780 int do_gen_candidates = 0, do_screen_candidates = 0;
2781 unsigned long start_lineno = 0, lines_to_process = 0;
2782 BIGNUM *start = NULL;
2783#endif
2784 3125
2785 extern int optind; 3126 extern int optind;
2786 extern char *optarg; 3127 extern char *optarg;
@@ -2803,10 +3144,12 @@ main(int argc, char **argv)
2803 if (gethostname(hostname, sizeof(hostname)) == -1) 3144 if (gethostname(hostname, sizeof(hostname)) == -1)
2804 fatal("gethostname: %s", strerror(errno)); 3145 fatal("gethostname: %s", strerror(errno));
2805 3146
2806 /* Remaining characters: dw */ 3147 sk_provider = getenv("SSH_SK_PROVIDER");
2807 while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" 3148
2808 "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:" 3149 /* Remaining characters: dGjJSTWx */
2809 "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { 3150 while ((opt = getopt(argc, argv, "ABHKLQUXceghiklopquvy"
3151 "C:D:E:F:I:M:N:O:P:R:V:Y:Z:"
3152 "a:b:f:g:m:n:r:s:t:w:z:")) != -1) {
2810 switch (opt) { 3153 switch (opt) {
2811 case 'A': 3154 case 'A':
2812 gen_all_hostkeys = 1; 3155 gen_all_hostkeys = 1;
@@ -2884,6 +3227,9 @@ main(int argc, char **argv)
2884 case 'g': 3227 case 'g':
2885 print_generic = 1; 3228 print_generic = 1;
2886 break; 3229 break;
3230 case 'K':
3231 download_sk = 1;
3232 break;
2887 case 'P': 3233 case 'P':
2888 identity_passphrase = optarg; 3234 identity_passphrase = optarg;
2889 break; 3235 break;
@@ -2894,7 +3240,9 @@ main(int argc, char **argv)
2894 check_krl = 1; 3240 check_krl = 1;
2895 break; 3241 break;
2896 case 'O': 3242 case 'O':
2897 add_cert_option(optarg); 3243 opts = xrecallocarray(opts, nopts, nopts + 1,
3244 sizeof(*opts));
3245 opts[nopts++] = xstrdup(optarg);
2898 break; 3246 break;
2899 case 'Z': 3247 case 'Z':
2900 openssh_format_cipher = optarg; 3248 openssh_format_cipher = optarg;
@@ -2906,7 +3254,6 @@ main(int argc, char **argv)
2906 quiet = 1; 3254 quiet = 1;
2907 break; 3255 break;
2908 case 'e': 3256 case 'e':
2909 case 'x':
2910 /* export key */ 3257 /* export key */
2911 convert_to = 1; 3258 convert_to = 1;
2912 break; 3259 break;
@@ -2964,6 +3311,9 @@ main(int argc, char **argv)
2964 case 'Y': 3311 case 'Y':
2965 sign_op = optarg; 3312 sign_op = optarg;
2966 break; 3313 break;
3314 case 'w':
3315 sk_provider = optarg;
3316 break;
2967 case 'z': 3317 case 'z':
2968 errno = 0; 3318 errno = 0;
2969 if (*optarg == '+') { 3319 if (*optarg == '+') {
@@ -2975,56 +3325,25 @@ main(int argc, char **argv)
2975 (errno == ERANGE && cert_serial == ULLONG_MAX)) 3325 (errno == ERANGE && cert_serial == ULLONG_MAX))
2976 fatal("Invalid serial number \"%s\"", optarg); 3326 fatal("Invalid serial number \"%s\"", optarg);
2977 break; 3327 break;
2978#ifdef WITH_OPENSSL
2979 /* Moduli generation/screening */
2980 case 'G':
2981 do_gen_candidates = 1;
2982 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
2983 sizeof(out_file))
2984 fatal("Output filename too long");
2985 break;
2986 case 'J':
2987 lines_to_process = strtoul(optarg, NULL, 10);
2988 break;
2989 case 'j':
2990 start_lineno = strtoul(optarg, NULL, 10);
2991 break;
2992 case 'K':
2993 if (strlen(optarg) >= PATH_MAX)
2994 fatal("Checkpoint filename too long");
2995 checkpoint = xstrdup(optarg);
2996 break;
2997 case 'M': 3328 case 'M':
2998 memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, 3329 if (strcmp(optarg, "generate") == 0)
2999 &errstr); 3330 do_gen_candidates = 1;
3000 if (errstr) 3331 else if (strcmp(optarg, "screen") == 0)
3001 fatal("Memory limit is %s: %s", errstr, optarg); 3332 do_screen_candidates = 1;
3333 else
3334 fatal("Unsupported moduli option %s", optarg);
3002 break; 3335 break;
3003 case 'S':
3004 /* XXX - also compare length against bits */
3005 if (BN_hex2bn(&start, optarg) == 0)
3006 fatal("Invalid start point.");
3007 break;
3008 case 'T':
3009 do_screen_candidates = 1;
3010 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
3011 sizeof(out_file))
3012 fatal("Output filename too long");
3013 break;
3014 case 'W':
3015 generator_wanted = (u_int32_t)strtonum(optarg, 1,
3016 UINT_MAX, &errstr);
3017 if (errstr != NULL)
3018 fatal("Desired generator invalid: %s (%s)",
3019 optarg, errstr);
3020 break;
3021#endif /* WITH_OPENSSL */
3022 case '?': 3336 case '?':
3023 default: 3337 default:
3024 usage(); 3338 usage();
3025 } 3339 }
3026 } 3340 }
3027 3341
3342#ifdef ENABLE_SK_INTERNAL
3343 if (sk_provider == NULL)
3344 sk_provider = "internal";
3345#endif
3346
3028 /* reinit */ 3347 /* reinit */
3029 log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1); 3348 log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
3030 3349
@@ -3032,27 +3351,47 @@ main(int argc, char **argv)
3032 argc -= optind; 3351 argc -= optind;
3033 3352
3034 if (sign_op != NULL) { 3353 if (sign_op != NULL) {
3035 if (cert_principals == NULL || *cert_principals == '\0') { 3354 if (strncmp(sign_op, "find-principals", 15) == 0) {
3036 error("Too few arguments for sign/verify: " 3355 if (ca_key_path == NULL) {
3037 "missing namespace"); 3356 error("Too few arguments for find-principals:"
3038 exit(1); 3357 "missing signature file");
3039 } 3358 exit(1);
3040 if (strncmp(sign_op, "sign", 4) == 0) { 3359 }
3360 if (!have_identity) {
3361 error("Too few arguments for find-principals:"
3362 "missing allowed keys file");
3363 exit(1);
3364 }
3365 return sig_find_principals(ca_key_path, identity_file);
3366 } else if (strncmp(sign_op, "sign", 4) == 0) {
3367 if (cert_principals == NULL ||
3368 *cert_principals == '\0') {
3369 error("Too few arguments for sign: "
3370 "missing namespace");
3371 exit(1);
3372 }
3041 if (!have_identity) { 3373 if (!have_identity) {
3042 error("Too few arguments for sign: " 3374 error("Too few arguments for sign: "
3043 "missing key"); 3375 "missing key");
3044 exit(1); 3376 exit(1);
3045 } 3377 }
3046 return sign(identity_file, cert_principals, argc, argv); 3378 return sig_sign(identity_file, cert_principals,
3379 argc, argv);
3047 } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { 3380 } else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
3048 if (ca_key_path == NULL) { 3381 if (ca_key_path == NULL) {
3049 error("Too few arguments for check-novalidate: " 3382 error("Too few arguments for check-novalidate: "
3050 "missing signature file"); 3383 "missing signature file");
3051 exit(1); 3384 exit(1);
3052 } 3385 }
3053 return verify(ca_key_path, cert_principals, 3386 return sig_verify(ca_key_path, cert_principals,
3054 NULL, NULL, NULL); 3387 NULL, NULL, NULL);
3055 } else if (strncmp(sign_op, "verify", 6) == 0) { 3388 } else if (strncmp(sign_op, "verify", 6) == 0) {
3389 if (cert_principals == NULL ||
3390 *cert_principals == '\0') {
3391 error("Too few arguments for verify: "
3392 "missing namespace");
3393 exit(1);
3394 }
3056 if (ca_key_path == NULL) { 3395 if (ca_key_path == NULL) {
3057 error("Too few arguments for verify: " 3396 error("Too few arguments for verify: "
3058 "missing signature file"); 3397 "missing signature file");
@@ -3068,9 +3407,10 @@ main(int argc, char **argv)
3068 "missing principal ID"); 3407 "missing principal ID");
3069 exit(1); 3408 exit(1);
3070 } 3409 }
3071 return verify(ca_key_path, cert_principals, 3410 return sig_verify(ca_key_path, cert_principals,
3072 cert_key_id, identity_file, rr_hostname); 3411 cert_key_id, identity_file, rr_hostname);
3073 } 3412 }
3413 error("Unsupported operation for -Y: \"%s\"", sign_op);
3074 usage(); 3414 usage();
3075 /* NOTREACHED */ 3415 /* NOTREACHED */
3076 } 3416 }
@@ -3080,7 +3420,8 @@ main(int argc, char **argv)
3080 error("Too few arguments."); 3420 error("Too few arguments.");
3081 usage(); 3421 usage();
3082 } 3422 }
3083 } else if (argc > 0 && !gen_krl && !check_krl) { 3423 } else if (argc > 0 && !gen_krl && !check_krl &&
3424 !do_gen_candidates && !do_screen_candidates) {
3084 error("Too many arguments."); 3425 error("Too many arguments.");
3085 usage(); 3426 usage();
3086 } 3427 }
@@ -3104,6 +3445,8 @@ main(int argc, char **argv)
3104 if (ca_key_path != NULL) { 3445 if (ca_key_path != NULL) {
3105 if (cert_key_id == NULL) 3446 if (cert_key_id == NULL)
3106 fatal("Must specify key id (-I) when certifying"); 3447 fatal("Must specify key id (-I) when certifying");
3448 for (i = 0; i < nopts; i++)
3449 add_cert_option(opts[i]);
3107 do_ca_sign(pw, ca_key_path, prefer_agent, 3450 do_ca_sign(pw, ca_key_path, prefer_agent,
3108 cert_serial, cert_serial_autoinc, argc, argv); 3451 cert_serial, cert_serial_autoinc, argc, argv);
3109 } 3452 }
@@ -3115,6 +3458,17 @@ main(int argc, char **argv)
3115 } 3458 }
3116 if (pkcs11provider != NULL) 3459 if (pkcs11provider != NULL)
3117 do_download(pw); 3460 do_download(pw);
3461 if (download_sk) {
3462 for (i = 0; i < nopts; i++) {
3463 if (strncasecmp(opts[i], "device=", 7) == 0) {
3464 sk_device = xstrdup(opts[i] + 7);
3465 } else {
3466 fatal("Option \"%s\" is unsupported for "
3467 "FIDO authenticator download", opts[i]);
3468 }
3469 }
3470 return do_download_sk(sk_provider, sk_device);
3471 }
3118 if (print_fingerprint || print_bubblebabble) 3472 if (print_fingerprint || print_bubblebabble)
3119 do_fingerprint(pw); 3473 do_fingerprint(pw);
3120 if (change_passphrase) 3474 if (change_passphrase)
@@ -3164,47 +3518,20 @@ main(int argc, char **argv)
3164 } 3518 }
3165 } 3519 }
3166 3520
3167#ifdef WITH_OPENSSL 3521 if (do_gen_candidates || do_screen_candidates) {
3522 if (argc <= 0)
3523 fatal("No output file specified");
3524 else if (argc > 1)
3525 fatal("Too many output files specified");
3526 }
3168 if (do_gen_candidates) { 3527 if (do_gen_candidates) {
3169 FILE *out = fopen(out_file, "w"); 3528 do_moduli_gen(argv[0], opts, nopts);
3170 3529 return 0;
3171 if (out == NULL) {
3172 error("Couldn't open modulus candidate file \"%s\": %s",
3173 out_file, strerror(errno));
3174 return (1);
3175 }
3176 if (bits == 0)
3177 bits = DEFAULT_BITS;
3178 if (gen_candidates(out, memory, bits, start) != 0)
3179 fatal("modulus candidate generation failed");
3180
3181 return (0);
3182 } 3530 }
3183
3184 if (do_screen_candidates) { 3531 if (do_screen_candidates) {
3185 FILE *in; 3532 do_moduli_screen(argv[0], opts, nopts);
3186 FILE *out = fopen(out_file, "a"); 3533 return 0;
3187
3188 if (have_identity && strcmp(identity_file, "-") != 0) {
3189 if ((in = fopen(identity_file, "r")) == NULL) {
3190 fatal("Couldn't open modulus candidate "
3191 "file \"%s\": %s", identity_file,
3192 strerror(errno));
3193 }
3194 } else
3195 in = stdin;
3196
3197 if (out == NULL) {
3198 fatal("Couldn't open moduli file \"%s\": %s",
3199 out_file, strerror(errno));
3200 }
3201 if (prime_test(in, out, rounds == 0 ? 100 : rounds,
3202 generator_wanted, checkpoint,
3203 start_lineno, lines_to_process) != 0)
3204 fatal("modulus screening failed");
3205 return (0);
3206 } 3534 }
3207#endif
3208 3535
3209 if (gen_all_hostkeys) { 3536 if (gen_all_hostkeys) {
3210 do_gen_all_hostkeys(pw); 3537 do_gen_all_hostkeys(pw);
@@ -3220,8 +3547,78 @@ main(int argc, char **argv)
3220 if (!quiet) 3547 if (!quiet)
3221 printf("Generating public/private %s key pair.\n", 3548 printf("Generating public/private %s key pair.\n",
3222 key_type_name); 3549 key_type_name);
3223 if ((r = sshkey_generate(type, bits, &private)) != 0) 3550 switch (type) {
3224 fatal("sshkey_generate failed"); 3551 case KEY_ECDSA_SK:
3552 case KEY_ED25519_SK:
3553 for (i = 0; i < nopts; i++) {
3554 if (strcasecmp(opts[i], "no-touch-required") == 0) {
3555 sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
3556 } else if (strcasecmp(opts[i], "resident") == 0) {
3557 sk_flags |= SSH_SK_RESIDENT_KEY;
3558 } else if (strncasecmp(opts[i], "device=", 7) == 0) {
3559 sk_device = xstrdup(opts[i] + 7);
3560 } else if (strncasecmp(opts[i], "user=", 5) == 0) {
3561 sk_user = xstrdup(opts[i] + 5);
3562 } else if (strncasecmp(opts[i], "challenge=", 10) == 0) {
3563 if ((r = sshbuf_load_file(opts[i] + 10,
3564 &challenge)) != 0) {
3565 fatal("Unable to load FIDO enrollment "
3566 "challenge \"%s\": %s",
3567 opts[i] + 10, ssh_err(r));
3568 }
3569 } else if (strncasecmp(opts[i],
3570 "write-attestation=", 18) == 0) {
3571 sk_attestaion_path = opts[i] + 18;
3572 } else if (strncasecmp(opts[i],
3573 "application=", 12) == 0) {
3574 sk_application = xstrdup(opts[i] + 12);
3575 if (strncmp(sk_application, "ssh:", 4) != 0) {
3576 fatal("FIDO application string must "
3577 "begin with \"ssh:\"");
3578 }
3579 } else {
3580 fatal("Option \"%s\" is unsupported for "
3581 "FIDO authenticator enrollment", opts[i]);
3582 }
3583 }
3584 if (!quiet) {
3585 printf("You may need to touch your authenticator "
3586 "to authorize key generation.\n");
3587 }
3588 passphrase = NULL;
3589 if ((attest = sshbuf_new()) == NULL)
3590 fatal("sshbuf_new failed");
3591 for (i = 0 ; ; i++) {
3592 fflush(stdout);
3593 r = sshsk_enroll(type, sk_provider, sk_device,
3594 sk_application == NULL ? "ssh:" : sk_application,
3595 sk_user, sk_flags, passphrase, challenge,
3596 &private, attest);
3597 if (r == 0)
3598 break;
3599 if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
3600 fatal("Key enrollment failed: %s", ssh_err(r));
3601 else if (i > 0)
3602 error("PIN incorrect");
3603 if (passphrase != NULL) {
3604 freezero(passphrase, strlen(passphrase));
3605 passphrase = NULL;
3606 }
3607 if (i >= 3)
3608 fatal("Too many incorrect PINs");
3609 passphrase = read_passphrase("Enter PIN for "
3610 "authenticator: ", RP_ALLOW_STDIN);
3611 }
3612 if (passphrase != NULL) {
3613 freezero(passphrase, strlen(passphrase));
3614 passphrase = NULL;
3615 }
3616 break;
3617 default:
3618 if ((r = sshkey_generate(type, bits, &private)) != 0)
3619 fatal("sshkey_generate failed");
3620 break;
3621 }
3225 if ((r = sshkey_from_private(private, &public)) != 0) 3622 if ((r = sshkey_from_private(private, &public)) != 0)
3226 fatal("sshkey_from_private failed: %s\n", ssh_err(r)); 3623 fatal("sshkey_from_private failed: %s\n", ssh_err(r));
3227 3624
@@ -3246,35 +3643,9 @@ main(int argc, char **argv)
3246 /* If the file already exists, ask the user to confirm. */ 3643 /* If the file already exists, ask the user to confirm. */
3247 if (!confirm_overwrite(identity_file)) 3644 if (!confirm_overwrite(identity_file))
3248 exit(1); 3645 exit(1);
3249 /* Ask for a passphrase (twice). */
3250 if (identity_passphrase)
3251 passphrase1 = xstrdup(identity_passphrase);
3252 else if (identity_new_passphrase)
3253 passphrase1 = xstrdup(identity_new_passphrase);
3254 else {
3255passphrase_again:
3256 passphrase1 =
3257 read_passphrase("Enter passphrase (empty for no "
3258 "passphrase): ", RP_ALLOW_STDIN);
3259 passphrase2 = read_passphrase("Enter same passphrase again: ",
3260 RP_ALLOW_STDIN);
3261 if (strcmp(passphrase1, passphrase2) != 0) {
3262 /*
3263 * The passphrases do not match. Clear them and
3264 * retry.
3265 */
3266 explicit_bzero(passphrase1, strlen(passphrase1));
3267 explicit_bzero(passphrase2, strlen(passphrase2));
3268 free(passphrase1);
3269 free(passphrase2);
3270 printf("Passphrases do not match. Try again.\n");
3271 goto passphrase_again;
3272 }
3273 /* Clear the other copy of the passphrase. */
3274 explicit_bzero(passphrase2, strlen(passphrase2));
3275 free(passphrase2);
3276 }
3277 3646
3647 /* Determine the passphrase for the private key */
3648 passphrase = private_key_passphrase();
3278 if (identity_comment) { 3649 if (identity_comment) {
3279 strlcpy(comment, identity_comment, sizeof(comment)); 3650 strlcpy(comment, identity_comment, sizeof(comment));
3280 } else { 3651 } else {
@@ -3283,35 +3654,26 @@ passphrase_again:
3283 } 3654 }
3284 3655
3285 /* Save the key with the given passphrase and comment. */ 3656 /* Save the key with the given passphrase and comment. */
3286 if ((r = sshkey_save_private(private, identity_file, passphrase1, 3657 if ((r = sshkey_save_private(private, identity_file, passphrase,
3287 comment, private_key_format, openssh_format_cipher, rounds)) != 0) { 3658 comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
3288 error("Saving key \"%s\" failed: %s", 3659 error("Saving key \"%s\" failed: %s",
3289 identity_file, ssh_err(r)); 3660 identity_file, ssh_err(r));
3290 explicit_bzero(passphrase1, strlen(passphrase1)); 3661 freezero(passphrase, strlen(passphrase));
3291 free(passphrase1);
3292 exit(1); 3662 exit(1);
3293 } 3663 }
3294 /* Clear the passphrase. */ 3664 freezero(passphrase, strlen(passphrase));
3295 explicit_bzero(passphrase1, strlen(passphrase1));
3296 free(passphrase1);
3297
3298 /* Clear the private key and the random number generator. */
3299 sshkey_free(private); 3665 sshkey_free(private);
3300 3666
3301 if (!quiet) 3667 if (!quiet) {
3302 printf("Your identification has been saved in %s.\n", identity_file); 3668 printf("Your identification has been saved in %s\n",
3669 identity_file);
3670 }
3303 3671
3304 strlcat(identity_file, ".pub", sizeof(identity_file)); 3672 strlcat(identity_file, ".pub", sizeof(identity_file));
3305 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) 3673 if ((r = sshkey_save_public(public, identity_file, comment)) != 0) {
3306 fatal("Unable to save public key to %s: %s", 3674 fatal("Unable to save public key to %s: %s",
3307 identity_file, strerror(errno)); 3675 identity_file, strerror(errno));
3308 if ((f = fdopen(fd, "w")) == NULL) 3676 }
3309 fatal("fdopen %s failed: %s", identity_file, strerror(errno));
3310 if ((r = sshkey_write(public, f)) != 0)
3311 error("write key failed: %s", ssh_err(r));
3312 fprintf(f, " %s\n", comment);
3313 if (ferror(f) || fclose(f) != 0)
3314 fatal("write public failed: %s", strerror(errno));
3315 3677
3316 if (!quiet) { 3678 if (!quiet) {
3317 fp = sshkey_fingerprint(public, fingerprint_hash, 3679 fp = sshkey_fingerprint(public, fingerprint_hash,
@@ -3320,7 +3682,7 @@ passphrase_again:
3320 SSH_FP_RANDOMART); 3682 SSH_FP_RANDOMART);
3321 if (fp == NULL || ra == NULL) 3683 if (fp == NULL || ra == NULL)
3322 fatal("sshkey_fingerprint failed"); 3684 fatal("sshkey_fingerprint failed");
3323 printf("Your public key has been saved in %s.\n", 3685 printf("Your public key has been saved in %s\n",
3324 identity_file); 3686 identity_file);
3325 printf("The key fingerprint is:\n"); 3687 printf("The key fingerprint is:\n");
3326 printf("%s %s\n", fp, comment); 3688 printf("%s %s\n", fp, comment);
@@ -3330,6 +3692,22 @@ passphrase_again:
3330 free(fp); 3692 free(fp);
3331 } 3693 }
3332 3694
3695 if (sk_attestaion_path != NULL) {
3696 if (attest == NULL || sshbuf_len(attest) == 0) {
3697 fatal("Enrollment did not return attestation "
3698 "certificate");
3699 }
3700 if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) {
3701 fatal("Unable to write attestation certificate "
3702 "\"%s\": %s", sk_attestaion_path, ssh_err(r));
3703 }
3704 if (!quiet) {
3705 printf("Your FIDO attestation certificate has been "
3706 "saved in %s\n", sk_attestaion_path);
3707 }
3708 }
3709 sshbuf_free(attest);
3333 sshkey_free(public); 3710 sshkey_free(public);
3711
3334 exit(0); 3712 exit(0);
3335} 3713}
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 02475f9a3..9fc324620 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -1,7 +1,7 @@
1SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) 1SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1)
2 2
3NAME 3NAME
4 ssh-keyscan M-bM-^@M-^S gather SSH public keys 4 ssh-keyscan M-bM-^@M-^S gather SSH public keys from servers
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type] 7 ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]
@@ -93,4 +93,4 @@ AUTHORS
93 Davison <wayned@users.sourceforge.net> added support for protocol version 93 Davison <wayned@users.sourceforge.net> added support for protocol version
94 2. 94 2.
95 95
96OpenBSD 6.6 March 5, 2018 OpenBSD 6.6 96OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index f3d7a4078..f9df75d42 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.44 2018/03/05 07:03:18 jmc Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.45 2019/11/30 07:07:59 jmc Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -6,12 +6,12 @@
6.\" permitted provided that due credit is given to the author and the 6.\" permitted provided that due credit is given to the author and the
7.\" OpenBSD project by leaving this copyright notice intact. 7.\" OpenBSD project by leaving this copyright notice intact.
8.\" 8.\"
9.Dd $Mdocdate: March 5 2018 $ 9.Dd $Mdocdate: November 30 2019 $
10.Dt SSH-KEYSCAN 1 10.Dt SSH-KEYSCAN 1
11.Os 11.Os
12.Sh NAME 12.Sh NAME
13.Nm ssh-keyscan 13.Nm ssh-keyscan
14.Nd gather SSH public keys 14.Nd gather SSH public keys from servers
15.Sh SYNOPSIS 15.Sh SYNOPSIS
16.Nm ssh-keyscan 16.Nm ssh-keyscan
17.Op Fl 46cDHv 17.Op Fl 46cDHv
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5de0508d0..a5e644076 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -61,12 +61,14 @@ int ssh_port = SSH_DEFAULT_PORT;
61#define KT_ECDSA (1<<2) 61#define KT_ECDSA (1<<2)
62#define KT_ED25519 (1<<3) 62#define KT_ED25519 (1<<3)
63#define KT_XMSS (1<<4) 63#define KT_XMSS (1<<4)
64#define KT_ECDSA_SK (1<<5)
65#define KT_ED25519_SK (1<<6)
64 66
65#define KT_MIN KT_DSA 67#define KT_MIN KT_DSA
66#define KT_MAX KT_XMSS 68#define KT_MAX KT_ED25519_SK
67 69
68int get_cert = 0; 70int get_cert = 0;
69int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; 71int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK;
70 72
71int hash_hosts = 0; /* Hash hostname on output */ 73int hash_hosts = 0; /* Hash hostname on output */
72 74
@@ -259,6 +261,16 @@ keygrab_ssh2(con *c)
259 "ecdsa-sha2-nistp384," 261 "ecdsa-sha2-nistp384,"
260 "ecdsa-sha2-nistp521"; 262 "ecdsa-sha2-nistp521";
261 break; 263 break;
264 case KT_ECDSA_SK:
265 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
266 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" :
267 "sk-ecdsa-sha2-nistp256@openssh.com";
268 break;
269 case KT_ED25519_SK:
270 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
271 "sk-ssh-ed25519-cert-v01@openssh.com" :
272 "sk-ssh-ed25519@openssh.com";
273 break;
262 default: 274 default:
263 fatal("unknown key type %d", c->c_keytype); 275 fatal("unknown key type %d", c->c_keytype);
264 break; 276 break;
@@ -735,6 +747,12 @@ main(int argc, char **argv)
735 case KEY_XMSS: 747 case KEY_XMSS:
736 get_keytypes |= KT_XMSS; 748 get_keytypes |= KT_XMSS;
737 break; 749 break;
750 case KEY_ED25519_SK:
751 get_keytypes |= KT_ED25519_SK;
752 break;
753 case KEY_ECDSA_SK:
754 get_keytypes |= KT_ECDSA_SK;
755 break;
738 case KEY_UNSPEC: 756 case KEY_UNSPEC:
739 default: 757 default:
740 fatal("Unknown key type \"%s\"", tname); 758 fatal("Unknown key type \"%s\"", tname);
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index 87c0c30e9..87e7f1a72 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -1,7 +1,7 @@
1SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) 1SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
2 2
3NAME 3NAME
4 ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication 4 ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keysign 7 ssh-keysign
@@ -49,4 +49,4 @@ HISTORY
49AUTHORS 49AUTHORS
50 Markus Friedl <markus@openbsd.org> 50 Markus Friedl <markus@openbsd.org>
51 51
52OpenBSD 6.6 February 17, 2016 OpenBSD 6.6 52OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index 19b0dbc53..73b62397c 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ 1.\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -22,12 +22,12 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: February 17 2016 $ 25.Dd $Mdocdate: November 30 2019 $
26.Dt SSH-KEYSIGN 8 26.Dt SSH-KEYSIGN 8
27.Os 27.Os
28.Sh NAME 28.Sh NAME
29.Nm ssh-keysign 29.Nm ssh-keysign
30.Nd ssh helper program for host-based authentication 30.Nd OpenSSH helper for host-based authentication
31.Sh SYNOPSIS 31.Sh SYNOPSIS
32.Nm 32.Nm
33.Sh DESCRIPTION 33.Sh DESCRIPTION
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 6cfd5b46c..3e3ea3e14 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.61 2019/10/02 00:42:30 djm Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.63 2019/11/18 16:10:05 naddy Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -277,8 +277,8 @@ main(int argc, char **argv)
277 sshkey_type(key), fp ? fp : ""); 277 sshkey_type(key), fp ? fp : "");
278 } 278 }
279 279
280 if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) 280 if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen,
281 != 0) 281 NULL, NULL, 0)) != 0)
282 fatal("sshkey_sign failed: %s", ssh_err(r)); 282 fatal("sshkey_sign failed: %s", ssh_err(r));
283 free(data); 283 free(data);
284 284
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index e7860de89..8a0ffef5d 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * Copyright (c) 2014 Pedro Martelletto. All rights reserved. 4 * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -312,11 +312,13 @@ pkcs11_start_helper(void)
312} 312}
313 313
314int 314int
315pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) 315pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
316 char ***labelsp)
316{ 317{
317 struct sshkey *k; 318 struct sshkey *k;
318 int r, type; 319 int r, type;
319 u_char *blob; 320 u_char *blob;
321 char *label;
320 size_t blen; 322 size_t blen;
321 u_int nkeys, i; 323 u_int nkeys, i;
322 struct sshbuf *msg; 324 struct sshbuf *msg;
@@ -338,16 +340,22 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp)
338 if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) 340 if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
339 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 341 fatal("%s: buffer error: %s", __func__, ssh_err(r));
340 *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); 342 *keysp = xcalloc(nkeys, sizeof(struct sshkey *));
343 if (labelsp)
344 *labelsp = xcalloc(nkeys, sizeof(char *));
341 for (i = 0; i < nkeys; i++) { 345 for (i = 0; i < nkeys; i++) {
342 /* XXX clean up properly instead of fatal() */ 346 /* XXX clean up properly instead of fatal() */
343 if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || 347 if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
344 (r = sshbuf_skip_string(msg)) != 0) 348 (r = sshbuf_get_cstring(msg, &label, NULL)) != 0)
345 fatal("%s: buffer error: %s", 349 fatal("%s: buffer error: %s",
346 __func__, ssh_err(r)); 350 __func__, ssh_err(r));
347 if ((r = sshkey_from_blob(blob, blen, &k)) != 0) 351 if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
348 fatal("%s: bad key: %s", __func__, ssh_err(r)); 352 fatal("%s: bad key: %s", __func__, ssh_err(r));
349 wrap_key(k); 353 wrap_key(k);
350 (*keysp)[i] = k; 354 (*keysp)[i] = k;
355 if (labelsp)
356 (*labelsp)[i] = label;
357 else
358 free(label);
351 free(blob); 359 free(blob);
352 } 360 }
353 } else if (type == SSH2_AGENT_FAILURE) { 361 } else if (type == SSH2_AGENT_FAILURE) {
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
index 88afa8a91..4516bc120 100644
--- a/ssh-pkcs11-helper.0
+++ b/ssh-pkcs11-helper.0
@@ -1,7 +1,7 @@
1SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8) 1SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8)
2 2
3NAME 3NAME
4 ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support 4 ssh-pkcs11-helper M-bM-^@M-^S OpenSSH helper for PKCS#11 support
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-pkcs11-helper [-v] 7 ssh-pkcs11-helper [-v]
@@ -32,4 +32,4 @@ HISTORY
32AUTHORS 32AUTHORS
33 Markus Friedl <markus@openbsd.org> 33 Markus Friedl <markus@openbsd.org>
34 34
35OpenBSD 6.6 January 21, 2019 OpenBSD 6.6 35OpenBSD 6.6 November 30, 2019 OpenBSD 6.6
diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8
index ba5c30fa0..6a592b1f3 100644
--- a/ssh-pkcs11-helper.8
+++ b/ssh-pkcs11-helper.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.5 2019/01/21 12:53:35 djm Exp $ 1.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.6 2019/11/30 07:07:59 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -14,12 +14,12 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: January 21 2019 $ 17.Dd $Mdocdate: November 30 2019 $
18.Dt SSH-PKCS11-HELPER 8 18.Dt SSH-PKCS11-HELPER 8
19.Os 19.Os
20.Sh NAME 20.Sh NAME
21.Nm ssh-pkcs11-helper 21.Nm ssh-pkcs11-helper
22.Nd ssh-agent helper program for PKCS#11 support 22.Nd OpenSSH helper for PKCS#11 support
23.Sh SYNOPSIS 23.Sh SYNOPSIS
24.Nm 24.Nm
25.Op Fl v 25.Op Fl v
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 3bcc2440b..17220d624 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.21 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.22 2020/01/25 00:03:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -26,7 +26,9 @@
26 26
27#include <stdlib.h> 27#include <stdlib.h>
28#include <errno.h> 28#include <errno.h>
29#ifdef HAVE_POLL_H
29#include <poll.h> 30#include <poll.h>
31#endif
30#include <stdarg.h> 32#include <stdarg.h>
31#include <string.h> 33#include <string.h>
32#include <unistd.h> 34#include <unistd.h>
@@ -48,7 +50,7 @@
48 50
49struct pkcs11_keyinfo { 51struct pkcs11_keyinfo {
50 struct sshkey *key; 52 struct sshkey *key;
51 char *providername; 53 char *providername, *label;
52 TAILQ_ENTRY(pkcs11_keyinfo) next; 54 TAILQ_ENTRY(pkcs11_keyinfo) next;
53}; 55};
54 56
@@ -61,13 +63,14 @@ struct sshbuf *iqueue;
61struct sshbuf *oqueue; 63struct sshbuf *oqueue;
62 64
63static void 65static void
64add_key(struct sshkey *k, char *name) 66add_key(struct sshkey *k, char *name, char *label)
65{ 67{
66 struct pkcs11_keyinfo *ki; 68 struct pkcs11_keyinfo *ki;
67 69
68 ki = xcalloc(1, sizeof(*ki)); 70 ki = xcalloc(1, sizeof(*ki));
69 ki->providername = xstrdup(name); 71 ki->providername = xstrdup(name);
70 ki->key = k; 72 ki->key = k;
73 ki->label = xstrdup(label);
71 TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next); 74 TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next);
72} 75}
73 76
@@ -81,6 +84,7 @@ del_keys_by_name(char *name)
81 if (!strcmp(ki->providername, name)) { 84 if (!strcmp(ki->providername, name)) {
82 TAILQ_REMOVE(&pkcs11_keylist, ki, next); 85 TAILQ_REMOVE(&pkcs11_keylist, ki, next);
83 free(ki->providername); 86 free(ki->providername);
87 free(ki->label);
84 sshkey_free(ki->key); 88 sshkey_free(ki->key);
85 free(ki); 89 free(ki);
86 } 90 }
@@ -94,7 +98,7 @@ lookup_key(struct sshkey *k)
94 struct pkcs11_keyinfo *ki; 98 struct pkcs11_keyinfo *ki;
95 99
96 TAILQ_FOREACH(ki, &pkcs11_keylist, next) { 100 TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
97 debug("check %p %s", ki, ki->providername); 101 debug("check %p %s %s", ki, ki->providername, ki->label);
98 if (sshkey_equal(k, ki->key)) 102 if (sshkey_equal(k, ki->key))
99 return (ki->key); 103 return (ki->key);
100 } 104 }
@@ -119,13 +123,14 @@ process_add(void)
119 u_char *blob; 123 u_char *blob;
120 size_t blen; 124 size_t blen;
121 struct sshbuf *msg; 125 struct sshbuf *msg;
126 char **labels = NULL;
122 127
123 if ((msg = sshbuf_new()) == NULL) 128 if ((msg = sshbuf_new()) == NULL)
124 fatal("%s: sshbuf_new failed", __func__); 129 fatal("%s: sshbuf_new failed", __func__);
125 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || 130 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
126 (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) 131 (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
127 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 132 fatal("%s: buffer error: %s", __func__, ssh_err(r));
128 if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { 133 if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) {
129 if ((r = sshbuf_put_u8(msg, 134 if ((r = sshbuf_put_u8(msg,
130 SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || 135 SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
131 (r = sshbuf_put_u32(msg, nkeys)) != 0) 136 (r = sshbuf_put_u32(msg, nkeys)) != 0)
@@ -137,11 +142,12 @@ process_add(void)
137 continue; 142 continue;
138 } 143 }
139 if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || 144 if ((r = sshbuf_put_string(msg, blob, blen)) != 0 ||
140 (r = sshbuf_put_cstring(msg, name)) != 0) 145 (r = sshbuf_put_cstring(msg, labels[i])) != 0)
141 fatal("%s: buffer error: %s", 146 fatal("%s: buffer error: %s",
142 __func__, ssh_err(r)); 147 __func__, ssh_err(r));
143 free(blob); 148 free(blob);
144 add_key(keys[i], name); 149 add_key(keys[i], name, labels[i]);
150 free(labels[i]);
145 } 151 }
146 } else { 152 } else {
147 if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) 153 if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
@@ -149,7 +155,8 @@ process_add(void)
149 if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) 155 if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
150 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 156 fatal("%s: buffer error: %s", __func__, ssh_err(r));
151 } 157 }
152 free(keys); 158 free(labels);
159 free(keys); /* keys themselves are transferred to pkcs11_keylist */
153 free(pin); 160 free(pin);
154 free(name); 161 free(name);
155 send_msg(msg); 162 send_msg(msg);
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 09f1ea347..a302c79c0 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.c,v 1.46 2019/10/01 10:22:53 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11.c,v 1.47 2020/01/25 00:03:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * Copyright (c) 2014 Pedro Martelletto. All rights reserved. 4 * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -893,15 +893,16 @@ fail:
893 return (key); 893 return (key);
894} 894}
895 895
896static struct sshkey * 896static int
897pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, 897pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
898 CK_OBJECT_HANDLE *obj) 898 CK_OBJECT_HANDLE *obj, struct sshkey **keyp, char **labelp)
899{ 899{
900 CK_ATTRIBUTE cert_attr[3]; 900 CK_ATTRIBUTE cert_attr[3];
901 CK_SESSION_HANDLE session; 901 CK_SESSION_HANDLE session;
902 CK_FUNCTION_LIST *f = NULL; 902 CK_FUNCTION_LIST *f = NULL;
903 CK_RV rv; 903 CK_RV rv;
904 X509 *x509 = NULL; 904 X509 *x509 = NULL;
905 X509_NAME *x509_name = NULL;
905 EVP_PKEY *evp; 906 EVP_PKEY *evp;
906 RSA *rsa = NULL; 907 RSA *rsa = NULL;
907#ifdef OPENSSL_HAS_ECC 908#ifdef OPENSSL_HAS_ECC
@@ -912,7 +913,11 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
912#ifdef HAVE_EC_KEY_METHOD_NEW 913#ifdef HAVE_EC_KEY_METHOD_NEW
913 int nid; 914 int nid;
914#endif 915#endif
915 const u_char *cp; 916 const u_char *cp;
917 char *subject = NULL;
918
919 *keyp = NULL;
920 *labelp = NULL;
916 921
917 memset(&cert_attr, 0, sizeof(cert_attr)); 922 memset(&cert_attr, 0, sizeof(cert_attr));
918 cert_attr[0].type = CKA_ID; 923 cert_attr[0].type = CKA_ID;
@@ -926,7 +931,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
926 rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); 931 rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3);
927 if (rv != CKR_OK) { 932 if (rv != CKR_OK) {
928 error("C_GetAttributeValue failed: %lu", rv); 933 error("C_GetAttributeValue failed: %lu", rv);
929 return (NULL); 934 return -1;
930 } 935 }
931 936
932 /* 937 /*
@@ -937,7 +942,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
937 if (cert_attr[1].ulValueLen == 0 || 942 if (cert_attr[1].ulValueLen == 0 ||
938 cert_attr[2].ulValueLen == 0) { 943 cert_attr[2].ulValueLen == 0) {
939 error("invalid attribute length"); 944 error("invalid attribute length");
940 return (NULL); 945 return -1;
941 } 946 }
942 947
943 /* allocate buffers for attributes */ 948 /* allocate buffers for attributes */
@@ -949,44 +954,45 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
949 rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); 954 rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3);
950 if (rv != CKR_OK) { 955 if (rv != CKR_OK) {
951 error("C_GetAttributeValue failed: %lu", rv); 956 error("C_GetAttributeValue failed: %lu", rv);
952 goto fail; 957 goto out;
953 } 958 }
954 959
955 x509 = X509_new(); 960 /* Decode DER-encoded cert subject */
956 if (x509 == NULL) { 961 cp = cert_attr[2].pValue;
957 error("x509_new failed"); 962 if ((x509_name = d2i_X509_NAME(NULL, &cp,
958 goto fail; 963 cert_attr[1].ulValueLen)) == NULL ||
959 } 964 (subject = X509_NAME_oneline(x509_name, NULL, 0)) == NULL)
965 subject = xstrdup("invalid subject");
966 X509_NAME_free(x509_name);
960 967
961 cp = cert_attr[2].pValue; 968 cp = cert_attr[2].pValue;
962 if (d2i_X509(&x509, &cp, cert_attr[2].ulValueLen) == NULL) { 969 if ((x509 = d2i_X509(NULL, &cp, cert_attr[2].ulValueLen)) == NULL) {
963 error("d2i_x509 failed"); 970 error("d2i_x509 failed");
964 goto fail; 971 goto out;
965 } 972 }
966 973
967 evp = X509_get_pubkey(x509); 974 if ((evp = X509_get_pubkey(x509)) == NULL) {
968 if (evp == NULL) {
969 error("X509_get_pubkey failed"); 975 error("X509_get_pubkey failed");
970 goto fail; 976 goto out;
971 } 977 }
972 978
973 if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { 979 if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
974 if (EVP_PKEY_get0_RSA(evp) == NULL) { 980 if (EVP_PKEY_get0_RSA(evp) == NULL) {
975 error("invalid x509; no rsa key"); 981 error("invalid x509; no rsa key");
976 goto fail; 982 goto out;
977 } 983 }
978 if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) { 984 if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) {
979 error("RSAPublicKey_dup failed"); 985 error("RSAPublicKey_dup failed");
980 goto fail; 986 goto out;
981 } 987 }
982 988
983 if (pkcs11_rsa_wrap(p, slotidx, &cert_attr[0], rsa)) 989 if (pkcs11_rsa_wrap(p, slotidx, &cert_attr[0], rsa))
984 goto fail; 990 goto out;
985 991
986 key = sshkey_new(KEY_UNSPEC); 992 key = sshkey_new(KEY_UNSPEC);
987 if (key == NULL) { 993 if (key == NULL) {
988 error("sshkey_new failed"); 994 error("sshkey_new failed");
989 goto fail; 995 goto out;
990 } 996 }
991 997
992 key->rsa = rsa; 998 key->rsa = rsa;
@@ -997,26 +1003,26 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
997 } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { 1003 } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
998 if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { 1004 if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
999 error("invalid x509; no ec key"); 1005 error("invalid x509; no ec key");
1000 goto fail; 1006 goto out;
1001 } 1007 }
1002 if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) { 1008 if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) {
1003 error("EC_KEY_dup failed"); 1009 error("EC_KEY_dup failed");
1004 goto fail; 1010 goto out;
1005 } 1011 }
1006 1012
1007 nid = sshkey_ecdsa_key_to_nid(ec); 1013 nid = sshkey_ecdsa_key_to_nid(ec);
1008 if (nid < 0) { 1014 if (nid < 0) {
1009 error("couldn't get curve nid"); 1015 error("couldn't get curve nid");
1010 goto fail; 1016 goto out;
1011 } 1017 }
1012 1018
1013 if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec)) 1019 if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec))
1014 goto fail; 1020 goto out;
1015 1021
1016 key = sshkey_new(KEY_UNSPEC); 1022 key = sshkey_new(KEY_UNSPEC);
1017 if (key == NULL) { 1023 if (key == NULL) {
1018 error("sshkey_new failed"); 1024 error("sshkey_new failed");
1019 goto fail; 1025 goto out;
1020 } 1026 }
1021 1027
1022 key->ecdsa = ec; 1028 key->ecdsa = ec;
@@ -1025,10 +1031,11 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
1025 key->flags |= SSHKEY_FLAG_EXT; 1031 key->flags |= SSHKEY_FLAG_EXT;
1026 ec = NULL; /* now owned by key */ 1032 ec = NULL; /* now owned by key */
1027#endif /* HAVE_EC_KEY_METHOD_NEW */ 1033#endif /* HAVE_EC_KEY_METHOD_NEW */
1028 } else 1034 } else {
1029 error("unknown certificate key type"); 1035 error("unknown certificate key type");
1030 1036 goto out;
1031fail: 1037 }
1038 out:
1032 for (i = 0; i < 3; i++) 1039 for (i = 0; i < 3; i++)
1033 free(cert_attr[i].pValue); 1040 free(cert_attr[i].pValue);
1034 X509_free(x509); 1041 X509_free(x509);
@@ -1036,8 +1043,14 @@ fail:
1036#ifdef OPENSSL_HAS_ECC 1043#ifdef OPENSSL_HAS_ECC
1037 EC_KEY_free(ec); 1044 EC_KEY_free(ec);
1038#endif 1045#endif
1039 1046 if (key == NULL) {
1040 return (key); 1047 free(subject);
1048 return -1;
1049 }
1050 /* success */
1051 *keyp = key;
1052 *labelp = subject;
1053 return 0;
1041} 1054}
1042 1055
1043#if 0 1056#if 0
@@ -1058,7 +1071,7 @@ have_rsa_key(const RSA *rsa)
1058 */ 1071 */
1059static int 1072static int
1060pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx, 1073pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
1061 struct sshkey ***keysp, int *nkeys) 1074 struct sshkey ***keysp, char ***labelsp, int *nkeys)
1062{ 1075{
1063 struct sshkey *key = NULL; 1076 struct sshkey *key = NULL;
1064 CK_OBJECT_CLASS key_class; 1077 CK_OBJECT_CLASS key_class;
@@ -1069,6 +1082,7 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
1069 CK_OBJECT_HANDLE obj; 1082 CK_OBJECT_HANDLE obj;
1070 CK_ULONG n = 0; 1083 CK_ULONG n = 0;
1071 int ret = -1; 1084 int ret = -1;
1085 char *label;
1072 1086
1073 memset(&key_attr, 0, sizeof(key_attr)); 1087 memset(&key_attr, 0, sizeof(key_attr));
1074 memset(&obj, 0, sizeof(obj)); 1088 memset(&obj, 0, sizeof(obj));
@@ -1110,18 +1124,19 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
1110 goto fail; 1124 goto fail;
1111 } 1125 }
1112 1126
1127 key = NULL;
1128 label = NULL;
1113 switch (ck_cert_type) { 1129 switch (ck_cert_type) {
1114 case CKC_X_509: 1130 case CKC_X_509:
1115 key = pkcs11_fetch_x509_pubkey(p, slotidx, &obj); 1131 if (pkcs11_fetch_x509_pubkey(p, slotidx, &obj,
1132 &key, &label) != 0) {
1133 error("failed to fetch key");
1134 continue;
1135 }
1116 break; 1136 break;
1117 default: 1137 default:
1118 /* XXX print key type? */ 1138 error("skipping unsupported certificate type %lu",
1119 key = NULL; 1139 ck_cert_type);
1120 error("skipping unsupported certificate type");
1121 }
1122
1123 if (key == NULL) {
1124 error("failed to fetch key");
1125 continue; 1140 continue;
1126 } 1141 }
1127 1142
@@ -1132,6 +1147,11 @@ pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
1132 *keysp = xrecallocarray(*keysp, *nkeys, 1147 *keysp = xrecallocarray(*keysp, *nkeys,
1133 *nkeys + 1, sizeof(struct sshkey *)); 1148 *nkeys + 1, sizeof(struct sshkey *));
1134 (*keysp)[*nkeys] = key; 1149 (*keysp)[*nkeys] = key;
1150 if (labelsp != NULL) {
1151 *labelsp = xrecallocarray(*labelsp, *nkeys,
1152 *nkeys + 1, sizeof(char *));
1153 (*labelsp)[*nkeys] = xstrdup((char *)label);
1154 }
1135 *nkeys = *nkeys + 1; 1155 *nkeys = *nkeys + 1;
1136 debug("have %d keys", *nkeys); 1156 debug("have %d keys", *nkeys);
1137 } 1157 }
@@ -1155,11 +1175,11 @@ fail:
1155 */ 1175 */
1156static int 1176static int
1157pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, 1177pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
1158 struct sshkey ***keysp, int *nkeys) 1178 struct sshkey ***keysp, char ***labelsp, int *nkeys)
1159{ 1179{
1160 struct sshkey *key = NULL; 1180 struct sshkey *key = NULL;
1161 CK_OBJECT_CLASS key_class; 1181 CK_OBJECT_CLASS key_class;
1162 CK_ATTRIBUTE key_attr[1]; 1182 CK_ATTRIBUTE key_attr[2];
1163 CK_SESSION_HANDLE session; 1183 CK_SESSION_HANDLE session;
1164 CK_FUNCTION_LIST *f = NULL; 1184 CK_FUNCTION_LIST *f = NULL;
1165 CK_RV rv; 1185 CK_RV rv;
@@ -1186,6 +1206,7 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
1186 1206
1187 while (1) { 1207 while (1) {
1188 CK_KEY_TYPE ck_key_type; 1208 CK_KEY_TYPE ck_key_type;
1209 CK_UTF8CHAR label[256];
1189 1210
1190 rv = f->C_FindObjects(session, &obj, 1, &n); 1211 rv = f->C_FindObjects(session, &obj, 1, &n);
1191 if (rv != CKR_OK) { 1212 if (rv != CKR_OK) {
@@ -1200,13 +1221,18 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
1200 key_attr[0].type = CKA_KEY_TYPE; 1221 key_attr[0].type = CKA_KEY_TYPE;
1201 key_attr[0].pValue = &ck_key_type; 1222 key_attr[0].pValue = &ck_key_type;
1202 key_attr[0].ulValueLen = sizeof(ck_key_type); 1223 key_attr[0].ulValueLen = sizeof(ck_key_type);
1224 key_attr[1].type = CKA_LABEL;
1225 key_attr[1].pValue = &label;
1226 key_attr[1].ulValueLen = sizeof(label) - 1;
1203 1227
1204 rv = f->C_GetAttributeValue(session, obj, key_attr, 1); 1228 rv = f->C_GetAttributeValue(session, obj, key_attr, 2);
1205 if (rv != CKR_OK) { 1229 if (rv != CKR_OK) {
1206 error("C_GetAttributeValue failed: %lu", rv); 1230 error("C_GetAttributeValue failed: %lu", rv);
1207 goto fail; 1231 goto fail;
1208 } 1232 }
1209 1233
1234 label[key_attr[1].ulValueLen] = '\0';
1235
1210 switch (ck_key_type) { 1236 switch (ck_key_type) {
1211 case CKK_RSA: 1237 case CKK_RSA:
1212 key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); 1238 key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
@@ -1234,6 +1260,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
1234 *keysp = xrecallocarray(*keysp, *nkeys, 1260 *keysp = xrecallocarray(*keysp, *nkeys,
1235 *nkeys + 1, sizeof(struct sshkey *)); 1261 *nkeys + 1, sizeof(struct sshkey *));
1236 (*keysp)[*nkeys] = key; 1262 (*keysp)[*nkeys] = key;
1263 if (labelsp != NULL) {
1264 *labelsp = xrecallocarray(*labelsp, *nkeys,
1265 *nkeys + 1, sizeof(char *));
1266 (*labelsp)[*nkeys] = xstrdup((char *)label);
1267 }
1237 *nkeys = *nkeys + 1; 1268 *nkeys = *nkeys + 1;
1238 debug("have %d keys", *nkeys); 1269 debug("have %d keys", *nkeys);
1239 } 1270 }
@@ -1440,7 +1471,8 @@ pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
1440 * keyp is provided, fetch keys. 1471 * keyp is provided, fetch keys.
1441 */ 1472 */
1442static int 1473static int
1443pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp, 1474pkcs11_register_provider(char *provider_id, char *pin,
1475 struct sshkey ***keyp, char ***labelsp,
1444 struct pkcs11_provider **providerp, CK_ULONG user) 1476 struct pkcs11_provider **providerp, CK_ULONG user)
1445{ 1477{
1446 int nkeys, need_finalize = 0; 1478 int nkeys, need_finalize = 0;
@@ -1459,6 +1491,8 @@ pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
1459 1491
1460 if (keyp != NULL) 1492 if (keyp != NULL)
1461 *keyp = NULL; 1493 *keyp = NULL;
1494 if (labelsp != NULL)
1495 *labelsp = NULL;
1462 1496
1463 if (pkcs11_provider_lookup(provider_id) != NULL) { 1497 if (pkcs11_provider_lookup(provider_id) != NULL) {
1464 debug("%s: provider already registered: %s", 1498 debug("%s: provider already registered: %s",
@@ -1556,8 +1590,8 @@ pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
1556 if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || 1590 if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 ||
1557 keyp == NULL) 1591 keyp == NULL)
1558 continue; 1592 continue;
1559 pkcs11_fetch_keys(p, i, keyp, &nkeys); 1593 pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys);
1560 pkcs11_fetch_certs(p, i, keyp, &nkeys); 1594 pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys);
1561 if (nkeys == 0 && !p->slotinfo[i].logged_in && 1595 if (nkeys == 0 && !p->slotinfo[i].logged_in &&
1562 pkcs11_interactive) { 1596 pkcs11_interactive) {
1563 /* 1597 /*
@@ -1569,8 +1603,8 @@ pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
1569 error("login failed"); 1603 error("login failed");
1570 continue; 1604 continue;
1571 } 1605 }
1572 pkcs11_fetch_keys(p, i, keyp, &nkeys); 1606 pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys);
1573 pkcs11_fetch_certs(p, i, keyp, &nkeys); 1607 pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys);
1574 } 1608 }
1575 } 1609 }
1576 1610
@@ -1601,12 +1635,14 @@ fail:
1601 * fails if provider already exists 1635 * fails if provider already exists
1602 */ 1636 */
1603int 1637int
1604pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) 1638pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp,
1639 char ***labelsp)
1605{ 1640{
1606 struct pkcs11_provider *p = NULL; 1641 struct pkcs11_provider *p = NULL;
1607 int nkeys; 1642 int nkeys;
1608 1643
1609 nkeys = pkcs11_register_provider(provider_id, pin, keyp, &p, CKU_USER); 1644 nkeys = pkcs11_register_provider(provider_id, pin, keyp, labelsp,
1645 &p, CKU_USER);
1610 1646
1611 /* no keys found or some other error, de-register provider */ 1647 /* no keys found or some other error, de-register provider */
1612 if (nkeys <= 0 && p != NULL) { 1648 if (nkeys <= 0 && p != NULL) {
@@ -1638,8 +1674,8 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label,
1638 1674
1639 if ((p = pkcs11_provider_lookup(provider_id)) != NULL) 1675 if ((p = pkcs11_provider_lookup(provider_id)) != NULL)
1640 debug("%s: provider \"%s\" available", __func__, provider_id); 1676 debug("%s: provider \"%s\" available", __func__, provider_id);
1641 else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, &p, 1677 else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL,
1642 CKU_SO)) < 0) { 1678 &p, CKU_SO)) < 0) {
1643 debug("%s: could not register provider %s", __func__, 1679 debug("%s: could not register provider %s", __func__,
1644 provider_id); 1680 provider_id);
1645 goto out; 1681 goto out;
@@ -1710,7 +1746,7 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
1710 1746
1711 if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { 1747 if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
1712 debug("%s: using provider \"%s\"", __func__, provider_id); 1748 debug("%s: using provider \"%s\"", __func__, provider_id);
1713 } else if (pkcs11_register_provider(provider_id, pin, NULL, &p, 1749 } else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p,
1714 CKU_SO) < 0) { 1750 CKU_SO) < 0) {
1715 debug("%s: could not register provider %s", __func__, 1751 debug("%s: could not register provider %s", __func__,
1716 provider_id); 1752 provider_id);
diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h
index b9038450d..81f1d7c5d 100644
--- a/ssh-pkcs11.h
+++ b/ssh-pkcs11.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.h,v 1.5 2019/01/20 22:51:37 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11.h,v 1.6 2020/01/25 00:03:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -24,7 +24,7 @@
24 24
25int pkcs11_init(int); 25int pkcs11_init(int);
26void pkcs11_terminate(void); 26void pkcs11_terminate(void);
27int pkcs11_add_provider(char *, char *, struct sshkey ***); 27int pkcs11_add_provider(char *, char *, struct sshkey ***, char ***);
28int pkcs11_del_provider(char *); 28int pkcs11_del_provider(char *);
29#ifdef WITH_PKCS11_KEYGEN 29#ifdef WITH_PKCS11_KEYGEN
30struct sshkey * 30struct sshkey *
diff --git a/ssh-sk-client.c b/ssh-sk-client.c
new file mode 100644
index 000000000..8d7e6c305
--- /dev/null
+++ b/ssh-sk-client.c
@@ -0,0 +1,449 @@
1/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include <sys/types.h>
21#include <sys/socket.h>
22#include <sys/wait.h>
23
24#include <fcntl.h>
25#include <limits.h>
26#include <errno.h>
27#include <signal.h>
28#include <stdarg.h>
29#include <stdio.h>
30#include <stdlib.h>
31#include <string.h>
32#include <unistd.h>
33
34#include "log.h"
35#include "ssherr.h"
36#include "sshbuf.h"
37#include "sshkey.h"
38#include "msg.h"
39#include "digest.h"
40#include "pathnames.h"
41#include "ssh-sk.h"
42#include "misc.h"
43
44/* #define DEBUG_SK 1 */
45
46static int
47start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
48{
49 void (*osigchld)(int);
50 int oerrno, pair[2], r = SSH_ERR_INTERNAL_ERROR;
51 pid_t pid;
52 char *helper, *verbosity = NULL;
53
54 *fdp = -1;
55 *pidp = 0;
56 *osigchldp = SIG_DFL;
57
58 helper = getenv("SSH_SK_HELPER");
59 if (helper == NULL || strlen(helper) == 0)
60 helper = _PATH_SSH_SK_HELPER;
61 if (access(helper, X_OK) != 0) {
62 oerrno = errno;
63 error("%s: helper \"%s\" unusable: %s", __func__, helper,
64 strerror(errno));
65 errno = oerrno;
66 return SSH_ERR_SYSTEM_ERROR;
67 }
68#ifdef DEBUG_SK
69 verbosity = "-vvv";
70#endif
71
72 /* Start helper */
73 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
74 error("socketpair: %s", strerror(errno));
75 return SSH_ERR_SYSTEM_ERROR;
76 }
77 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
78 if ((pid = fork()) == -1) {
79 oerrno = errno;
80 error("fork: %s", strerror(errno));
81 close(pair[0]);
82 close(pair[1]);
83 ssh_signal(SIGCHLD, osigchld);
84 errno = oerrno;
85 return SSH_ERR_SYSTEM_ERROR;
86 }
87 if (pid == 0) {
88 if ((dup2(pair[1], STDIN_FILENO) == -1) ||
89 (dup2(pair[1], STDOUT_FILENO) == -1)) {
90 error("%s: dup2: %s", __func__, ssh_err(r));
91 _exit(1);
92 }
93 close(pair[0]);
94 close(pair[1]);
95 closefrom(STDERR_FILENO + 1);
96 debug("%s: starting %s %s", __func__, helper,
97 verbosity == NULL ? "" : verbosity);
98 execlp(helper, helper, verbosity, (char *)NULL);
99 error("%s: execlp: %s", __func__, strerror(errno));
100 _exit(1);
101 }
102 close(pair[1]);
103
104 /* success */
105 debug3("%s: started pid=%ld", __func__, (long)pid);
106 *fdp = pair[0];
107 *pidp = pid;
108 *osigchldp = osigchld;
109 return 0;
110}
111
112static int
113reap_helper(pid_t pid)
114{
115 int status, oerrno;
116
117 debug3("%s: pid=%ld", __func__, (long)pid);
118
119 errno = 0;
120 while (waitpid(pid, &status, 0) == -1) {
121 if (errno == EINTR) {
122 errno = 0;
123 continue;
124 }
125 oerrno = errno;
126 error("%s: waitpid: %s", __func__, strerror(errno));
127 errno = oerrno;
128 return SSH_ERR_SYSTEM_ERROR;
129 }
130 if (!WIFEXITED(status)) {
131 error("%s: helper exited abnormally", __func__);
132 return SSH_ERR_AGENT_FAILURE;
133 } else if (WEXITSTATUS(status) != 0) {
134 error("%s: helper exited with non-zero exit status", __func__);
135 return SSH_ERR_AGENT_FAILURE;
136 }
137 return 0;
138}
139
140static int
141client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
142{
143 int oerrno, fd, r2, ll, r = SSH_ERR_INTERNAL_ERROR;
144 u_int rtype, rerr;
145 pid_t pid;
146 u_char version;
147 void (*osigchld)(int);
148 struct sshbuf *req = NULL, *resp = NULL;
149 *respp = NULL;
150
151 if ((r = start_helper(&fd, &pid, &osigchld)) != 0)
152 return r;
153
154 if ((req = sshbuf_new()) == NULL || (resp = sshbuf_new()) == NULL) {
155 r = SSH_ERR_ALLOC_FAIL;
156 goto out;
157 }
158 /* Request preamble: type, log_on_stderr, log_level */
159 ll = log_level_get();
160 if ((r = sshbuf_put_u32(req, type)) != 0 ||
161 (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
162 (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
163 (r = sshbuf_putb(req, msg)) != 0) {
164 error("%s: build: %s", __func__, ssh_err(r));
165 goto out;
166 }
167 if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) {
168 error("%s: send: %s", __func__, ssh_err(r));
169 goto out;
170 }
171 if ((r = ssh_msg_recv(fd, resp)) != 0) {
172 error("%s: receive: %s", __func__, ssh_err(r));
173 goto out;
174 }
175 if ((r = sshbuf_get_u8(resp, &version)) != 0) {
176 error("%s: parse version: %s", __func__, ssh_err(r));
177 goto out;
178 }
179 if (version != SSH_SK_HELPER_VERSION) {
180 error("%s: unsupported version: got %u, expected %u",
181 __func__, version, SSH_SK_HELPER_VERSION);
182 r = SSH_ERR_INVALID_FORMAT;
183 goto out;
184 }
185 if ((r = sshbuf_get_u32(resp, &rtype)) != 0) {
186 error("%s: parse message type: %s", __func__, ssh_err(r));
187 goto out;
188 }
189 if (rtype == SSH_SK_HELPER_ERROR) {
190 if ((r = sshbuf_get_u32(resp, &rerr)) != 0) {
191 error("%s: parse error: %s", __func__, ssh_err(r));
192 goto out;
193 }
194 debug("%s: helper returned error -%u", __func__, rerr);
195 /* OpenSSH error values are negative; encoded as -err on wire */
196 if (rerr == 0 || rerr >= INT_MAX)
197 r = SSH_ERR_INTERNAL_ERROR;
198 else
199 r = -(int)rerr;
200 goto out;
201 } else if (rtype != type) {
202 error("%s: helper returned incorrect message type %u, "
203 "expecting %u", __func__, rtype, type);
204 r = SSH_ERR_INTERNAL_ERROR;
205 goto out;
206 }
207 /* success */
208 r = 0;
209 out:
210 oerrno = errno;
211 close(fd);
212 if ((r2 = reap_helper(pid)) != 0) {
213 if (r == 0) {
214 r = r2;
215 oerrno = errno;
216 }
217 }
218 if (r == 0) {
219 *respp = resp;
220 resp = NULL;
221 }
222 sshbuf_free(req);
223 sshbuf_free(resp);
224 ssh_signal(SIGCHLD, osigchld);
225 errno = oerrno;
226 return r;
227
228}
229
230int
231sshsk_sign(const char *provider, struct sshkey *key,
232 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
233 u_int compat, const char *pin)
234{
235 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
236 char *fp = NULL;
237 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
238
239 *sigp = NULL;
240 *lenp = 0;
241
242#ifndef ENABLE_SK
243 return SSH_ERR_KEY_TYPE_UNKNOWN;
244#endif
245
246 if ((kbuf = sshbuf_new()) == NULL ||
247 (req = sshbuf_new()) == NULL) {
248 r = SSH_ERR_ALLOC_FAIL;
249 goto out;
250 }
251
252 if ((r = sshkey_private_serialize(key, kbuf)) != 0) {
253 error("%s: serialize private key: %s", __func__, ssh_err(r));
254 goto out;
255 }
256 if ((r = sshbuf_put_stringb(req, kbuf)) != 0 ||
257 (r = sshbuf_put_cstring(req, provider)) != 0 ||
258 (r = sshbuf_put_string(req, data, datalen)) != 0 ||
259 (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */
260 (r = sshbuf_put_u32(req, compat)) != 0 ||
261 (r = sshbuf_put_cstring(req, pin)) != 0) {
262 error("%s: compose: %s", __func__, ssh_err(r));
263 goto out;
264 }
265
266 if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
267 SSH_FP_DEFAULT)) == NULL) {
268 error("%s: sshkey_fingerprint failed", __func__);
269 r = SSH_ERR_ALLOC_FAIL;
270 goto out;
271 }
272 if ((r = client_converse(req, &resp, SSH_SK_HELPER_SIGN)) != 0)
273 goto out;
274
275 if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) {
276 error("%s: parse signature: %s", __func__, ssh_err(r));
277 r = SSH_ERR_INVALID_FORMAT;
278 goto out;
279 }
280 if (sshbuf_len(resp) != 0) {
281 error("%s: trailing data in response", __func__);
282 r = SSH_ERR_INVALID_FORMAT;
283 goto out;
284 }
285 /* success */
286 r = 0;
287 out:
288 oerrno = errno;
289 if (r != 0) {
290 freezero(*sigp, *lenp);
291 *sigp = NULL;
292 *lenp = 0;
293 }
294 sshbuf_free(kbuf);
295 sshbuf_free(req);
296 sshbuf_free(resp);
297 errno = oerrno;
298 return r;
299}
300
301int
302sshsk_enroll(int type, const char *provider_path, const char *device,
303 const char *application, const char *userid, uint8_t flags,
304 const char *pin, struct sshbuf *challenge_buf,
305 struct sshkey **keyp, struct sshbuf *attest)
306{
307 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
308 struct sshbuf *kbuf = NULL, *abuf = NULL, *req = NULL, *resp = NULL;
309 struct sshkey *key = NULL;
310
311 *keyp = NULL;
312 if (attest != NULL)
313 sshbuf_reset(attest);
314
315#ifndef ENABLE_SK
316 return SSH_ERR_KEY_TYPE_UNKNOWN;
317#endif
318
319 if (type < 0)
320 return SSH_ERR_INVALID_ARGUMENT;
321
322 if ((abuf = sshbuf_new()) == NULL ||
323 (kbuf = sshbuf_new()) == NULL ||
324 (req = sshbuf_new()) == NULL) {
325 r = SSH_ERR_ALLOC_FAIL;
326 goto out;
327 }
328
329 if ((r = sshbuf_put_u32(req, (u_int)type)) != 0 ||
330 (r = sshbuf_put_cstring(req, provider_path)) != 0 ||
331 (r = sshbuf_put_cstring(req, device)) != 0 ||
332 (r = sshbuf_put_cstring(req, application)) != 0 ||
333 (r = sshbuf_put_cstring(req, userid)) != 0 ||
334 (r = sshbuf_put_u8(req, flags)) != 0 ||
335 (r = sshbuf_put_cstring(req, pin)) != 0 ||
336 (r = sshbuf_put_stringb(req, challenge_buf)) != 0) {
337 error("%s: compose: %s", __func__, ssh_err(r));
338 goto out;
339 }
340
341 if ((r = client_converse(req, &resp, SSH_SK_HELPER_ENROLL)) != 0)
342 goto out;
343
344 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
345 (r = sshbuf_get_stringb(resp, abuf)) != 0) {
346 error("%s: parse signature: %s", __func__, ssh_err(r));
347 r = SSH_ERR_INVALID_FORMAT;
348 goto out;
349 }
350 if (sshbuf_len(resp) != 0) {
351 error("%s: trailing data in response", __func__);
352 r = SSH_ERR_INVALID_FORMAT;
353 goto out;
354 }
355 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
356 error("Unable to parse private key: %s", ssh_err(r));
357 goto out;
358 }
359 if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) {
360 error("%s: buffer error: %s", __func__, ssh_err(r));
361 goto out;
362 }
363
364 /* success */
365 r = 0;
366 *keyp = key;
367 key = NULL;
368 out:
369 oerrno = errno;
370 sshkey_free(key);
371 sshbuf_free(kbuf);
372 sshbuf_free(abuf);
373 sshbuf_free(req);
374 sshbuf_free(resp);
375 errno = oerrno;
376 return r;
377}
378
379int
380sshsk_load_resident(const char *provider_path, const char *device,
381 const char *pin, struct sshkey ***keysp, size_t *nkeysp)
382{
383 int oerrno, r = SSH_ERR_INTERNAL_ERROR;
384 struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
385 struct sshkey *key = NULL, **keys = NULL, **tmp;
386 size_t i, nkeys = 0;
387
388 *keysp = NULL;
389 *nkeysp = 0;
390
391 if ((resp = sshbuf_new()) == NULL ||
392 (kbuf = sshbuf_new()) == NULL ||
393 (req = sshbuf_new()) == NULL) {
394 r = SSH_ERR_ALLOC_FAIL;
395 goto out;
396 }
397
398 if ((r = sshbuf_put_cstring(req, provider_path)) != 0 ||
399 (r = sshbuf_put_cstring(req, device)) != 0 ||
400 (r = sshbuf_put_cstring(req, pin)) != 0) {
401 error("%s: compose: %s", __func__, ssh_err(r));
402 goto out;
403 }
404
405 if ((r = client_converse(req, &resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
406 goto out;
407
408 while (sshbuf_len(resp) != 0) {
409 /* key, comment */
410 if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
411 (r = sshbuf_get_cstring(resp, NULL, NULL)) != 0) {
412 error("%s: parse signature: %s", __func__, ssh_err(r));
413 r = SSH_ERR_INVALID_FORMAT;
414 goto out;
415 }
416 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
417 error("Unable to parse private key: %s", ssh_err(r));
418 goto out;
419 }
420 if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
421 sizeof(*keys))) == NULL) {
422 error("%s: recallocarray keys failed", __func__);
423 goto out;
424 }
425 debug("%s: keys[%zu]: %s %s", __func__,
426 nkeys, sshkey_type(key), key->sk_application);
427 keys = tmp;
428 keys[nkeys++] = key;
429 key = NULL;
430 }
431
432 /* success */
433 r = 0;
434 *keysp = keys;
435 *nkeysp = nkeys;
436 keys = NULL;
437 nkeys = 0;
438 out:
439 oerrno = errno;
440 for (i = 0; i < nkeys; i++)
441 sshkey_free(keys[i]);
442 free(keys);
443 sshkey_free(key);
444 sshbuf_free(kbuf);
445 sshbuf_free(req);
446 sshbuf_free(resp);
447 errno = oerrno;
448 return r;
449}
diff --git a/ssh-sk-helper.0 b/ssh-sk-helper.0
new file mode 100644
index 000000000..6257fac7c
--- /dev/null
+++ b/ssh-sk-helper.0
@@ -0,0 +1,34 @@
1SSH-SK-HELPER(8) System Manager's Manual SSH-SK-HELPER(8)
2
3NAME
4 ssh-sk-helper M-bM-^@M-^S OpenSSH helper for FIDO authenticator support
5
6SYNOPSIS
7 ssh-sk-helper [-v]
8
9DESCRIPTION
10 ssh-sk-helper is used by ssh-agent(1) to access keys provided by a FIDO
11 authenticator.
12
13 ssh-sk-helper is not intended to be invoked by the user, but from
14 ssh-agent(1).
15
16 A single option is supported:
17
18 -v Verbose mode. Causes ssh-sk-helper to print debugging messages
19 about its progress. This is helpful in debugging problems.
20 Multiple -v options increase the verbosity. The maximum is 3.
21
22 Note that ssh-agent(1) will automatically pass the -v flag to
23 ssh-sk-helper when it has itself been placed in debug mode.
24
25SEE ALSO
26 ssh(1), ssh-add(1), ssh-agent(1)
27
28HISTORY
29 ssh-sk-helper first appeared in OpenBSD 6.7.
30
31AUTHORS
32 Damien Miller <djm@openbsd.org>
33
34OpenBSD 6.6 December 21, 2019 OpenBSD 6.6
diff --git a/ssh-sk-helper.8 b/ssh-sk-helper.8
new file mode 100644
index 000000000..3c53da1ec
--- /dev/null
+++ b/ssh-sk-helper.8
@@ -0,0 +1,66 @@
1.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $
2.\"
3.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: December 21 2019 $
18.Dt SSH-SK-HELPER 8
19.Os
20.Sh NAME
21.Nm ssh-sk-helper
22.Nd OpenSSH helper for FIDO authenticator support
23.Sh SYNOPSIS
24.Nm
25.Op Fl v
26.Sh DESCRIPTION
27.Nm
28is used by
29.Xr ssh-agent 1
30to access keys provided by a FIDO authenticator.
31.Pp
32.Nm
33is not intended to be invoked by the user, but from
34.Xr ssh-agent 1 .
35.Pp
36A single option is supported:
37.Bl -tag -width Ds
38.It Fl v
39Verbose mode.
40Causes
41.Nm
42to print debugging messages about its progress.
43This is helpful in debugging problems.
44Multiple
45.Fl v
46options increase the verbosity.
47The maximum is 3.
48.Pp
49Note that
50.Xr ssh-agent 1
51will automatically pass the
52.Fl v
53flag to
54.Nm
55when it has itself been placed in debug mode.
56.El
57.Sh SEE ALSO
58.Xr ssh 1 ,
59.Xr ssh-add 1 ,
60.Xr ssh-agent 1
61.Sh HISTORY
62.Nm
63first appeared in
64.Ox 6.7 .
65.Sh AUTHORS
66.An Damien Miller Aq Mt djm@openbsd.org
diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c
new file mode 100644
index 000000000..2f93ad716
--- /dev/null
+++ b/ssh-sk-helper.c
@@ -0,0 +1,360 @@
1/* $OpenBSD: ssh-sk-helper.c,v 1.9 2020/01/25 23:13:09 djm Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * This is a tiny program used to isolate the address space used for
20 * security key middleware signing operations from ssh-agent. It is similar
21 * to ssh-pkcs11-helper.c but considerably simpler as the operations for
22 * security keys are stateless.
23 *
24 * Please crank SSH_SK_HELPER_VERSION in sshkey.h for any incompatible
25 * protocol changes.
26 */
27
28#include "includes.h"
29
30#include <limits.h>
31#include <stdarg.h>
32#include <stdio.h>
33#include <stdlib.h>
34#include <string.h>
35#include <unistd.h>
36#include <errno.h>
37
38#include "xmalloc.h"
39#include "log.h"
40#include "sshkey.h"
41#include "authfd.h"
42#include "misc.h"
43#include "sshbuf.h"
44#include "msg.h"
45#include "uidswap.h"
46#include "sshkey.h"
47#include "ssherr.h"
48#include "ssh-sk.h"
49
50#ifdef ENABLE_SK
51extern char *__progname;
52
53static struct sshbuf *reply_error(int r, char *fmt, ...)
54 __attribute__((__format__ (printf, 2, 3)));
55
56static struct sshbuf *
57reply_error(int r, char *fmt, ...)
58{
59 char *msg;
60 va_list ap;
61 struct sshbuf *resp;
62
63 va_start(ap, fmt);
64 xvasprintf(&msg, fmt, ap);
65 va_end(ap);
66 debug("%s: %s", __progname, msg);
67 free(msg);
68
69 if (r >= 0)
70 fatal("%s: invalid error code %d", __func__, r);
71
72 if ((resp = sshbuf_new()) == NULL)
73 fatal("%s: sshbuf_new failed", __progname);
74 if (sshbuf_put_u32(resp, SSH_SK_HELPER_ERROR) != 0 ||
75 sshbuf_put_u32(resp, (u_int)-r) != 0)
76 fatal("%s: buffer error", __progname);
77 return resp;
78}
79
80/* If the specified string is zero length, then free it and replace with NULL */
81static void
82null_empty(char **s)
83{
84 if (s == NULL || *s == NULL || **s != '\0')
85 return;
86
87 free(*s);
88 *s = NULL;
89}
90
91static struct sshbuf *
92process_sign(struct sshbuf *req)
93{
94 int r = SSH_ERR_INTERNAL_ERROR;
95 struct sshbuf *resp, *kbuf;
96 struct sshkey *key;
97 uint32_t compat;
98 const u_char *message;
99 u_char *sig;
100 size_t msglen, siglen;
101 char *provider, *pin;
102
103 if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
104 (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
105 (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
106 (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
107 (r = sshbuf_get_u32(req, &compat)) != 0 ||
108 (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
109 fatal("%s: buffer error: %s", __progname, ssh_err(r));
110 if (sshbuf_len(req) != 0)
111 fatal("%s: trailing data in request", __progname);
112
113 if ((r = sshkey_private_deserialize(kbuf, &key)) != 0)
114 fatal("Unable to parse private key: %s", ssh_err(r));
115 if (!sshkey_is_sk(key))
116 fatal("Unsupported key type %s", sshkey_ssh_name(key));
117
118 debug("%s: ready to sign with key %s, provider %s: "
119 "msg len %zu, compat 0x%lx", __progname, sshkey_type(key),
120 provider, msglen, (u_long)compat);
121
122 null_empty(&pin);
123
124 if ((r = sshsk_sign(provider, key, &sig, &siglen,
125 message, msglen, compat, pin)) != 0) {
126 resp = reply_error(r, "Signing failed: %s", ssh_err(r));
127 goto out;
128 }
129
130 if ((resp = sshbuf_new()) == NULL)
131 fatal("%s: sshbuf_new failed", __progname);
132
133 if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_SIGN)) != 0 ||
134 (r = sshbuf_put_string(resp, sig, siglen)) != 0)
135 fatal("%s: buffer error: %s", __progname, ssh_err(r));
136 out:
137 sshbuf_free(kbuf);
138 free(provider);
139 if (pin != NULL)
140 freezero(pin, strlen(pin));
141 return resp;
142}
143
144static struct sshbuf *
145process_enroll(struct sshbuf *req)
146{
147 int r;
148 u_int type;
149 char *provider, *application, *pin, *device, *userid;
150 uint8_t flags;
151 struct sshbuf *challenge, *attest, *kbuf, *resp;
152 struct sshkey *key;
153
154 if ((attest = sshbuf_new()) == NULL ||
155 (kbuf = sshbuf_new()) == NULL)
156 fatal("%s: sshbuf_new failed", __progname);
157
158 if ((r = sshbuf_get_u32(req, &type)) != 0 ||
159 (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
160 (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
161 (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
162 (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||
163 (r = sshbuf_get_u8(req, &flags)) != 0 ||
164 (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
165 (r = sshbuf_froms(req, &challenge)) != 0)
166 fatal("%s: buffer error: %s", __progname, ssh_err(r));
167 if (sshbuf_len(req) != 0)
168 fatal("%s: trailing data in request", __progname);
169
170 if (type > INT_MAX)
171 fatal("%s: bad type %u", __progname, type);
172 if (sshbuf_len(challenge) == 0) {
173 sshbuf_free(challenge);
174 challenge = NULL;
175 }
176 null_empty(&device);
177 null_empty(&userid);
178 null_empty(&pin);
179
180 if ((r = sshsk_enroll((int)type, provider, device, application, userid,
181 flags, pin, challenge, &key, attest)) != 0) {
182 resp = reply_error(r, "Enrollment failed: %s", ssh_err(r));
183 goto out;
184 }
185
186 if ((resp = sshbuf_new()) == NULL)
187 fatal("%s: sshbuf_new failed", __progname);
188 if ((r = sshkey_private_serialize(key, kbuf)) != 0)
189 fatal("%s: serialize private key: %s", __progname, ssh_err(r));
190 if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_ENROLL)) != 0 ||
191 (r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
192 (r = sshbuf_put_stringb(resp, attest)) != 0)
193 fatal("%s: buffer error: %s", __progname, ssh_err(r));
194
195 out:
196 sshkey_free(key);
197 sshbuf_free(kbuf);
198 sshbuf_free(attest);
199 sshbuf_free(challenge);
200 free(provider);
201 free(application);
202 if (pin != NULL)
203 freezero(pin, strlen(pin));
204
205 return resp;
206}
207
208static struct sshbuf *
209process_load_resident(struct sshbuf *req)
210{
211 int r;
212 char *provider, *pin, *device;
213 struct sshbuf *kbuf, *resp;
214 struct sshkey **keys = NULL;
215 size_t nkeys = 0, i;
216
217 if ((kbuf = sshbuf_new()) == NULL)
218 fatal("%s: sshbuf_new failed", __progname);
219
220 if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
221 (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
222 (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
223 fatal("%s: buffer error: %s", __progname, ssh_err(r));
224 if (sshbuf_len(req) != 0)
225 fatal("%s: trailing data in request", __progname);
226
227 null_empty(&device);
228 null_empty(&pin);
229
230 if ((r = sshsk_load_resident(provider, device, pin,
231 &keys, &nkeys)) != 0) {
232 resp = reply_error(r, " sshsk_load_resident failed: %s",
233 ssh_err(r));
234 goto out;
235 }
236
237 if ((resp = sshbuf_new()) == NULL)
238 fatal("%s: sshbuf_new failed", __progname);
239
240 if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
241 fatal("%s: buffer error: %s", __progname, ssh_err(r));
242
243 for (i = 0; i < nkeys; i++) {
244 debug("%s: key %zu %s %s", __func__, i,
245 sshkey_type(keys[i]), keys[i]->sk_application);
246 sshbuf_reset(kbuf);
247 if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0)
248 fatal("%s: serialize private key: %s",
249 __progname, ssh_err(r));
250 if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
251 (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */
252 fatal("%s: buffer error: %s", __progname, ssh_err(r));
253 }
254
255 out:
256 for (i = 0; i < nkeys; i++)
257 sshkey_free(keys[i]);
258 free(keys);
259 sshbuf_free(kbuf);
260 free(provider);
261 if (pin != NULL)
262 freezero(pin, strlen(pin));
263 return resp;
264}
265
266int
267main(int argc, char **argv)
268{
269 SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
270 LogLevel log_level = SYSLOG_LEVEL_ERROR;
271 struct sshbuf *req, *resp;
272 int in, out, ch, r, vflag = 0;
273 u_int rtype, ll = 0;
274 uint8_t version, log_stderr = 0;
275
276 sanitise_stdfd();
277 log_init(__progname, log_level, log_facility, log_stderr);
278
279 while ((ch = getopt(argc, argv, "v")) != -1) {
280 switch (ch) {
281 case 'v':
282 vflag = 1;
283 if (log_level == SYSLOG_LEVEL_ERROR)
284 log_level = SYSLOG_LEVEL_DEBUG1;
285 else if (log_level < SYSLOG_LEVEL_DEBUG3)
286 log_level++;
287 break;
288 default:
289 fprintf(stderr, "usage: %s [-v]\n", __progname);
290 exit(1);
291 }
292 }
293 log_init(__progname, log_level, log_facility, vflag);
294
295 /*
296 * Rearrange our file descriptors a little; we don't trust the
297 * providers not to fiddle with stdin/out.
298 */
299 closefrom(STDERR_FILENO + 1);
300 if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
301 fatal("%s: dup: %s", __progname, strerror(errno));
302 close(STDIN_FILENO);
303 close(STDOUT_FILENO);
304 sanitise_stdfd(); /* resets to /dev/null */
305
306 if ((req = sshbuf_new()) == NULL)
307 fatal("%s: sshbuf_new failed", __progname);
308 if (ssh_msg_recv(in, req) < 0)
309 fatal("ssh_msg_recv failed");
310 close(in);
311 debug("%s: received message len %zu", __progname, sshbuf_len(req));
312
313 if ((r = sshbuf_get_u8(req, &version)) != 0)
314 fatal("%s: buffer error: %s", __progname, ssh_err(r));
315 if (version != SSH_SK_HELPER_VERSION) {
316 fatal("unsupported version: received %d, expected %d",
317 version, SSH_SK_HELPER_VERSION);
318 }
319
320 if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
321 (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
322 (r = sshbuf_get_u32(req, &ll)) != 0)
323 fatal("%s: buffer error: %s", __progname, ssh_err(r));
324
325 if (!vflag && log_level_name((LogLevel)ll) != NULL)
326 log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
327
328 switch (rtype) {
329 case SSH_SK_HELPER_SIGN:
330 resp = process_sign(req);
331 break;
332 case SSH_SK_HELPER_ENROLL:
333 resp = process_enroll(req);
334 break;
335 case SSH_SK_HELPER_LOAD_RESIDENT:
336 resp = process_load_resident(req);
337 break;
338 default:
339 fatal("%s: unsupported request type %u", __progname, rtype);
340 }
341 sshbuf_free(req);
342 debug("%s: reply len %zu", __progname, sshbuf_len(resp));
343
344 if (ssh_msg_send(out, SSH_SK_HELPER_VERSION, resp) == -1)
345 fatal("ssh_msg_send failed");
346 sshbuf_free(resp);
347 close(out);
348
349 return (0);
350}
351#else /* ENABLE_SK */
352#include <stdio.h>
353
354int
355main(int argc, char **argv)
356{
357 fprintf(stderr, "ssh-sk-helper: disabled at compile time\n");
358 return -1;
359}
360#endif /* ENABLE_SK */
diff --git a/ssh-sk.c b/ssh-sk.c
new file mode 100644
index 000000000..5ff938193
--- /dev/null
+++ b/ssh-sk.c
@@ -0,0 +1,813 @@
1/* $OpenBSD: ssh-sk.c,v 1.27 2020/02/06 22:30:54 naddy Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* #define DEBUG_SK 1 */
19
20#include "includes.h"
21
22#ifdef ENABLE_SK
23
24#include <dlfcn.h>
25#include <stddef.h>
26#ifdef HAVE_STDINT_H
27# include <stdint.h>
28#endif
29#include <string.h>
30#include <stdio.h>
31
32#ifdef WITH_OPENSSL
33#include <openssl/objects.h>
34#include <openssl/ec.h>
35#endif /* WITH_OPENSSL */
36
37#include "log.h"
38#include "misc.h"
39#include "sshbuf.h"
40#include "sshkey.h"
41#include "ssherr.h"
42#include "digest.h"
43
44#include "ssh-sk.h"
45#include "sk-api.h"
46#include "crypto_api.h"
47
48struct sshsk_provider {
49 char *path;
50 void *dlhandle;
51
52 /* Return the version of the middleware API */
53 uint32_t (*sk_api_version)(void);
54
55 /* Enroll a U2F key (private key generation) */
56 int (*sk_enroll)(int alg, const uint8_t *challenge,
57 size_t challenge_len, const char *application, uint8_t flags,
58 const char *pin, struct sk_option **opts,
59 struct sk_enroll_response **enroll_response);
60
61 /* Sign a challenge */
62 int (*sk_sign)(int alg, const uint8_t *message, size_t message_len,
63 const char *application,
64 const uint8_t *key_handle, size_t key_handle_len,
65 uint8_t flags, const char *pin, struct sk_option **opts,
66 struct sk_sign_response **sign_response);
67
68 /* Enumerate resident keys */
69 int (*sk_load_resident_keys)(const char *pin, struct sk_option **opts,
70 struct sk_resident_key ***rks, size_t *nrks);
71};
72
73/* Built-in version */
74int ssh_sk_enroll(int alg, const uint8_t *challenge,
75 size_t challenge_len, const char *application, uint8_t flags,
76 const char *pin, struct sk_option **opts,
77 struct sk_enroll_response **enroll_response);
78int ssh_sk_sign(int alg, const uint8_t *message, size_t message_len,
79 const char *application,
80 const uint8_t *key_handle, size_t key_handle_len,
81 uint8_t flags, const char *pin, struct sk_option **opts,
82 struct sk_sign_response **sign_response);
83int ssh_sk_load_resident_keys(const char *pin, struct sk_option **opts,
84 struct sk_resident_key ***rks, size_t *nrks);
85
86static void
87sshsk_free(struct sshsk_provider *p)
88{
89 if (p == NULL)
90 return;
91 free(p->path);
92 if (p->dlhandle != NULL)
93 dlclose(p->dlhandle);
94 free(p);
95}
96
97static struct sshsk_provider *
98sshsk_open(const char *path)
99{
100 struct sshsk_provider *ret = NULL;
101 uint32_t version;
102
103 if ((ret = calloc(1, sizeof(*ret))) == NULL) {
104 error("%s: calloc failed", __func__);
105 return NULL;
106 }
107 if ((ret->path = strdup(path)) == NULL) {
108 error("%s: strdup failed", __func__);
109 goto fail;
110 }
111 /* Skip the rest if we're using the linked in middleware */
112 if (strcasecmp(ret->path, "internal") == 0) {
113#ifdef ENABLE_SK_INTERNAL
114 ret->sk_enroll = ssh_sk_enroll;
115 ret->sk_sign = ssh_sk_sign;
116 ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
117#else
118 error("internal security key support not enabled");
119#endif
120 return ret;
121 }
122 if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
123 error("Provider \"%s\" dlopen failed: %s", path, dlerror());
124 goto fail;
125 }
126 if ((ret->sk_api_version = dlsym(ret->dlhandle,
127 "sk_api_version")) == NULL) {
128 error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
129 path, dlerror());
130 goto fail;
131 }
132 version = ret->sk_api_version();
133 debug("%s: provider %s implements version 0x%08lx", __func__,
134 ret->path, (u_long)version);
135 if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
136 error("Provider \"%s\" implements unsupported "
137 "version 0x%08lx (supported: 0x%08lx)",
138 path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR);
139 goto fail;
140 }
141 if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
142 error("Provider %s dlsym(sk_enroll) failed: %s",
143 path, dlerror());
144 goto fail;
145 }
146 if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
147 error("Provider \"%s\" dlsym(sk_sign) failed: %s",
148 path, dlerror());
149 goto fail;
150 }
151 if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
152 "sk_load_resident_keys")) == NULL) {
153 error("Provider \"%s\" dlsym(sk_load_resident_keys) "
154 "failed: %s", path, dlerror());
155 goto fail;
156 }
157 /* success */
158 return ret;
159fail:
160 sshsk_free(ret);
161 return NULL;
162}
163
164static void
165sshsk_free_enroll_response(struct sk_enroll_response *r)
166{
167 if (r == NULL)
168 return;
169 freezero(r->key_handle, r->key_handle_len);
170 freezero(r->public_key, r->public_key_len);
171 freezero(r->signature, r->signature_len);
172 freezero(r->attestation_cert, r->attestation_cert_len);
173 freezero(r, sizeof(*r));
174}
175
176static void
177sshsk_free_sign_response(struct sk_sign_response *r)
178{
179 if (r == NULL)
180 return;
181 freezero(r->sig_r, r->sig_r_len);
182 freezero(r->sig_s, r->sig_s_len);
183 freezero(r, sizeof(*r));
184}
185
186#ifdef WITH_OPENSSL
187/* Assemble key from response */
188static int
189sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
190{
191 struct sshkey *key = NULL;
192 struct sshbuf *b = NULL;
193 EC_POINT *q = NULL;
194 int r;
195
196 *keyp = NULL;
197 if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
198 error("%s: sshkey_new failed", __func__);
199 r = SSH_ERR_ALLOC_FAIL;
200 goto out;
201 }
202 key->ecdsa_nid = NID_X9_62_prime256v1;
203 if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
204 (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
205 (b = sshbuf_new()) == NULL) {
206 error("%s: allocation failed", __func__);
207 r = SSH_ERR_ALLOC_FAIL;
208 goto out;
209 }
210 if ((r = sshbuf_put_string(b,
211 resp->public_key, resp->public_key_len)) != 0) {
212 error("%s: buffer error: %s", __func__, ssh_err(r));
213 goto out;
214 }
215 if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
216 error("%s: parse key: %s", __func__, ssh_err(r));
217 r = SSH_ERR_INVALID_FORMAT;
218 goto out;
219 }
220 if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
221 error("Authenticator returned invalid ECDSA key");
222 r = SSH_ERR_KEY_INVALID_EC_VALUE;
223 goto out;
224 }
225 if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
226 /* XXX assume it is a allocation error */
227 error("%s: allocation failed", __func__);
228 r = SSH_ERR_ALLOC_FAIL;
229 goto out;
230 }
231 /* success */
232 *keyp = key;
233 key = NULL; /* transferred */
234 r = 0;
235 out:
236 EC_POINT_free(q);
237 sshkey_free(key);
238 sshbuf_free(b);
239 return r;
240}
241#endif /* WITH_OPENSSL */
242
243static int
244sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
245{
246 struct sshkey *key = NULL;
247 int r;
248
249 *keyp = NULL;
250 if (resp->public_key_len != ED25519_PK_SZ) {
251 error("%s: invalid size: %zu", __func__, resp->public_key_len);
252 r = SSH_ERR_INVALID_FORMAT;
253 goto out;
254 }
255 if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
256 error("%s: sshkey_new failed", __func__);
257 r = SSH_ERR_ALLOC_FAIL;
258 goto out;
259 }
260 if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
261 error("%s: malloc failed", __func__);
262 r = SSH_ERR_ALLOC_FAIL;
263 goto out;
264 }
265 memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
266 /* success */
267 *keyp = key;
268 key = NULL; /* transferred */
269 r = 0;
270 out:
271 sshkey_free(key);
272 return r;
273}
274
275static int
276sshsk_key_from_response(int alg, const char *application, uint8_t flags,
277 struct sk_enroll_response *resp, struct sshkey **keyp)
278{
279 struct sshkey *key = NULL;
280 int r = SSH_ERR_INTERNAL_ERROR;
281
282 *keyp = NULL;
283
284 /* Check response validity */
285 if (resp->public_key == NULL || resp->key_handle == NULL) {
286 error("%s: sk_enroll response invalid", __func__);
287 r = SSH_ERR_INVALID_FORMAT;
288 goto out;
289 }
290 switch (alg) {
291#ifdef WITH_OPENSSL
292 case SSH_SK_ECDSA:
293 if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
294 goto out;
295 break;
296#endif /* WITH_OPENSSL */
297 case SSH_SK_ED25519:
298 if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
299 goto out;
300 break;
301 default:
302 error("%s: unsupported algorithm %d", __func__, alg);
303 r = SSH_ERR_INVALID_ARGUMENT;
304 goto out;
305 }
306 key->sk_flags = flags;
307 if ((key->sk_key_handle = sshbuf_new()) == NULL ||
308 (key->sk_reserved = sshbuf_new()) == NULL) {
309 error("%s: allocation failed", __func__);
310 r = SSH_ERR_ALLOC_FAIL;
311 goto out;
312 }
313 if ((key->sk_application = strdup(application)) == NULL) {
314 error("%s: strdup application failed", __func__);
315 r = SSH_ERR_ALLOC_FAIL;
316 goto out;
317 }
318 if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
319 resp->key_handle_len)) != 0) {
320 error("%s: buffer error: %s", __func__, ssh_err(r));
321 goto out;
322 }
323 /* success */
324 r = 0;
325 *keyp = key;
326 key = NULL;
327 out:
328 sshkey_free(key);
329 return r;
330}
331
332static int
333skerr_to_ssherr(int skerr)
334{
335 switch (skerr) {
336 case SSH_SK_ERR_UNSUPPORTED:
337 return SSH_ERR_FEATURE_UNSUPPORTED;
338 case SSH_SK_ERR_PIN_REQUIRED:
339 return SSH_ERR_KEY_WRONG_PASSPHRASE;
340 case SSH_SK_ERR_DEVICE_NOT_FOUND:
341 return SSH_ERR_DEVICE_NOT_FOUND;
342 case SSH_SK_ERR_GENERAL:
343 default:
344 return SSH_ERR_INVALID_FORMAT;
345 }
346}
347
348static void
349sshsk_free_options(struct sk_option **opts)
350{
351 size_t i;
352
353 if (opts == NULL)
354 return;
355 for (i = 0; opts[i] != NULL; i++) {
356 free(opts[i]->name);
357 free(opts[i]->value);
358 free(opts[i]);
359 }
360 free(opts);
361}
362
363static int
364sshsk_add_option(struct sk_option ***optsp, size_t *noptsp,
365 const char *name, const char *value, uint8_t required)
366{
367 struct sk_option **opts = *optsp;
368 size_t nopts = *noptsp;
369
370 if ((opts = recallocarray(opts, nopts, nopts + 2, /* extra for NULL */
371 sizeof(*opts))) == NULL) {
372 error("%s: array alloc failed", __func__);
373 return SSH_ERR_ALLOC_FAIL;
374 }
375 *optsp = opts;
376 *noptsp = nopts + 1;
377 if ((opts[nopts] = calloc(1, sizeof(**opts))) == NULL) {
378 error("%s: alloc failed", __func__);
379 return SSH_ERR_ALLOC_FAIL;
380 }
381 if ((opts[nopts]->name = strdup(name)) == NULL ||
382 (opts[nopts]->value = strdup(value)) == NULL) {
383 error("%s: alloc failed", __func__);
384 return SSH_ERR_ALLOC_FAIL;
385 }
386 opts[nopts]->required = required;
387 return 0;
388}
389
390static int
391make_options(const char *device, const char *user_id,
392 struct sk_option ***optsp)
393{
394 struct sk_option **opts = NULL;
395 size_t nopts = 0;
396 int r, ret = SSH_ERR_INTERNAL_ERROR;
397
398 if (device != NULL &&
399 (r = sshsk_add_option(&opts, &nopts, "device", device, 0)) != 0) {
400 ret = r;
401 goto out;
402 }
403 if (user_id != NULL &&
404 (r = sshsk_add_option(&opts, &nopts, "user", user_id, 0)) != 0) {
405 ret = r;
406 goto out;
407 }
408 /* success */
409 *optsp = opts;
410 opts = NULL;
411 nopts = 0;
412 ret = 0;
413 out:
414 sshsk_free_options(opts);
415 return ret;
416}
417
418int
419sshsk_enroll(int type, const char *provider_path, const char *device,
420 const char *application, const char *userid, uint8_t flags,
421 const char *pin, struct sshbuf *challenge_buf,
422 struct sshkey **keyp, struct sshbuf *attest)
423{
424 struct sshsk_provider *skp = NULL;
425 struct sshkey *key = NULL;
426 u_char randchall[32];
427 const u_char *challenge;
428 size_t challenge_len;
429 struct sk_enroll_response *resp = NULL;
430 struct sk_option **opts = NULL;
431 int r = SSH_ERR_INTERNAL_ERROR;
432 int alg;
433
434 debug("%s: provider \"%s\", device \"%s\", application \"%s\", "
435 "userid \"%s\", flags 0x%02x, challenge len %zu%s", __func__,
436 provider_path, device, application, userid, flags,
437 challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf),
438 (pin != NULL && *pin != '\0') ? " with-pin" : "");
439
440 *keyp = NULL;
441 if (attest)
442 sshbuf_reset(attest);
443
444 if ((r = make_options(device, userid, &opts)) != 0)
445 goto out;
446
447 switch (type) {
448#ifdef WITH_OPENSSL
449 case KEY_ECDSA_SK:
450 alg = SSH_SK_ECDSA;
451 break;
452#endif /* WITH_OPENSSL */
453 case KEY_ED25519_SK:
454 alg = SSH_SK_ED25519;
455 break;
456 default:
457 error("%s: unsupported key type", __func__);
458 r = SSH_ERR_INVALID_ARGUMENT;
459 goto out;
460 }
461 if (provider_path == NULL) {
462 error("%s: missing provider", __func__);
463 r = SSH_ERR_INVALID_ARGUMENT;
464 goto out;
465 }
466 if (application == NULL || *application == '\0') {
467 error("%s: missing application", __func__);
468 r = SSH_ERR_INVALID_ARGUMENT;
469 goto out;
470 }
471 if (challenge_buf == NULL) {
472 debug("%s: using random challenge", __func__);
473 arc4random_buf(randchall, sizeof(randchall));
474 challenge = randchall;
475 challenge_len = sizeof(randchall);
476 } else if (sshbuf_len(challenge_buf) == 0) {
477 error("Missing enrollment challenge");
478 r = SSH_ERR_INVALID_ARGUMENT;
479 goto out;
480 } else {
481 challenge = sshbuf_ptr(challenge_buf);
482 challenge_len = sshbuf_len(challenge_buf);
483 debug3("%s: using explicit challenge len=%zd",
484 __func__, challenge_len);
485 }
486 if ((skp = sshsk_open(provider_path)) == NULL) {
487 r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
488 goto out;
489 }
490 /* XXX validate flags? */
491 /* enroll key */
492 if ((r = skp->sk_enroll(alg, challenge, challenge_len, application,
493 flags, pin, opts, &resp)) != 0) {
494 debug("%s: provider \"%s\" returned failure %d", __func__,
495 provider_path, r);
496 r = skerr_to_ssherr(r);
497 goto out;
498 }
499
500 if ((r = sshsk_key_from_response(alg, application, flags,
501 resp, &key)) != 0)
502 goto out;
503
504 /* Optionally fill in the attestation information */
505 if (attest != NULL) {
506 if ((r = sshbuf_put_cstring(attest,
507 "ssh-sk-attest-v00")) != 0 ||
508 (r = sshbuf_put_string(attest,
509 resp->attestation_cert, resp->attestation_cert_len)) != 0 ||
510 (r = sshbuf_put_string(attest,
511 resp->signature, resp->signature_len)) != 0 ||
512 (r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */
513 (r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) {
514 error("%s: buffer error: %s", __func__, ssh_err(r));
515 goto out;
516 }
517 }
518 /* success */
519 *keyp = key;
520 key = NULL; /* transferred */
521 r = 0;
522 out:
523 sshsk_free_options(opts);
524 sshsk_free(skp);
525 sshkey_free(key);
526 sshsk_free_enroll_response(resp);
527 explicit_bzero(randchall, sizeof(randchall));
528 return r;
529}
530
531#ifdef WITH_OPENSSL
532static int
533sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
534{
535 struct sshbuf *inner_sig = NULL;
536 int r = SSH_ERR_INTERNAL_ERROR;
537
538 /* Check response validity */
539 if (resp->sig_r == NULL || resp->sig_s == NULL) {
540 error("%s: sk_sign response invalid", __func__);
541 r = SSH_ERR_INVALID_FORMAT;
542 goto out;
543 }
544 if ((inner_sig = sshbuf_new()) == NULL) {
545 r = SSH_ERR_ALLOC_FAIL;
546 goto out;
547 }
548 /* Prepare and append inner signature object */
549 if ((r = sshbuf_put_bignum2_bytes(inner_sig,
550 resp->sig_r, resp->sig_r_len)) != 0 ||
551 (r = sshbuf_put_bignum2_bytes(inner_sig,
552 resp->sig_s, resp->sig_s_len)) != 0) {
553 debug("%s: buffer error: %s", __func__, ssh_err(r));
554 goto out;
555 }
556 if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
557 (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
558 (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
559 debug("%s: buffer error: %s", __func__, ssh_err(r));
560 goto out;
561 }
562#ifdef DEBUG_SK
563 fprintf(stderr, "%s: sig_r:\n", __func__);
564 sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
565 fprintf(stderr, "%s: sig_s:\n", __func__);
566 sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
567 fprintf(stderr, "%s: inner:\n", __func__);
568 sshbuf_dump(inner_sig, stderr);
569#endif
570 r = 0;
571 out:
572 sshbuf_free(inner_sig);
573 return r;
574}
575#endif /* WITH_OPENSSL */
576
577static int
578sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
579{
580 int r = SSH_ERR_INTERNAL_ERROR;
581
582 /* Check response validity */
583 if (resp->sig_r == NULL) {
584 error("%s: sk_sign response invalid", __func__);
585 r = SSH_ERR_INVALID_FORMAT;
586 goto out;
587 }
588 if ((r = sshbuf_put_string(sig,
589 resp->sig_r, resp->sig_r_len)) != 0 ||
590 (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
591 (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
592 debug("%s: buffer error: %s", __func__, ssh_err(r));
593 goto out;
594 }
595#ifdef DEBUG_SK
596 fprintf(stderr, "%s: sig_r:\n", __func__);
597 sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
598#endif
599 r = 0;
600 out:
601 return 0;
602}
603
604int
605sshsk_sign(const char *provider_path, struct sshkey *key,
606 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
607 u_int compat, const char *pin)
608{
609 struct sshsk_provider *skp = NULL;
610 int r = SSH_ERR_INTERNAL_ERROR;
611 int type, alg;
612 struct sk_sign_response *resp = NULL;
613 struct sshbuf *inner_sig = NULL, *sig = NULL;
614 uint8_t message[32];
615 struct sk_option **opts = NULL;
616
617 debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__,
618 provider_path, sshkey_type(key), key->sk_flags,
619 (pin != NULL && *pin != '\0') ? " with-pin" : "");
620
621 if (sigp != NULL)
622 *sigp = NULL;
623 if (lenp != NULL)
624 *lenp = 0;
625 type = sshkey_type_plain(key->type);
626 switch (type) {
627#ifdef WITH_OPENSSL
628 case KEY_ECDSA_SK:
629 alg = SSH_SK_ECDSA;
630 break;
631#endif /* WITH_OPENSSL */
632 case KEY_ED25519_SK:
633 alg = SSH_SK_ED25519;
634 break;
635 default:
636 return SSH_ERR_INVALID_ARGUMENT;
637 }
638 if (provider_path == NULL ||
639 key->sk_key_handle == NULL ||
640 key->sk_application == NULL || *key->sk_application == '\0') {
641 r = SSH_ERR_INVALID_ARGUMENT;
642 goto out;
643 }
644 if ((skp = sshsk_open(provider_path)) == NULL) {
645 r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
646 goto out;
647 }
648
649 /* hash data to be signed before it goes to the security key */
650 if ((r = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
651 message, sizeof(message))) != 0) {
652 error("%s: hash application failed: %s", __func__, ssh_err(r));
653 r = SSH_ERR_INTERNAL_ERROR;
654 goto out;
655 }
656 if ((r = skp->sk_sign(alg, message, sizeof(message),
657 key->sk_application,
658 sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle),
659 key->sk_flags, pin, opts, &resp)) != 0) {
660 debug("%s: sk_sign failed with code %d", __func__, r);
661 r = skerr_to_ssherr(r);
662 goto out;
663 }
664 /* Assemble signature */
665 if ((sig = sshbuf_new()) == NULL) {
666 r = SSH_ERR_ALLOC_FAIL;
667 goto out;
668 }
669 if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
670 debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
671 goto out;
672 }
673 switch (type) {
674#ifdef WITH_OPENSSL
675 case KEY_ECDSA_SK:
676 if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
677 goto out;
678 break;
679#endif /* WITH_OPENSSL */
680 case KEY_ED25519_SK:
681 if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
682 goto out;
683 break;
684 }
685#ifdef DEBUG_SK
686 fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
687 __func__, resp->flags, resp->counter);
688 fprintf(stderr, "%s: hashed message:\n", __func__);
689 sshbuf_dump_data(message, sizeof(message), stderr);
690 fprintf(stderr, "%s: sigbuf:\n", __func__);
691 sshbuf_dump(sig, stderr);
692#endif
693 if (sigp != NULL) {
694 if ((*sigp = malloc(sshbuf_len(sig))) == NULL) {
695 r = SSH_ERR_ALLOC_FAIL;
696 goto out;
697 }
698 memcpy(*sigp, sshbuf_ptr(sig), sshbuf_len(sig));
699 }
700 if (lenp != NULL)
701 *lenp = sshbuf_len(sig);
702 /* success */
703 r = 0;
704 out:
705 sshsk_free_options(opts);
706 explicit_bzero(message, sizeof(message));
707 sshsk_free(skp);
708 sshsk_free_sign_response(resp);
709 sshbuf_free(sig);
710 sshbuf_free(inner_sig);
711 return r;
712}
713
714static void
715sshsk_free_sk_resident_keys(struct sk_resident_key **rks, size_t nrks)
716{
717 size_t i;
718
719 if (nrks == 0 || rks == NULL)
720 return;
721 for (i = 0; i < nrks; i++) {
722 free(rks[i]->application);
723 freezero(rks[i]->key.key_handle, rks[i]->key.key_handle_len);
724 freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
725 freezero(rks[i]->key.signature, rks[i]->key.signature_len);
726 freezero(rks[i]->key.attestation_cert,
727 rks[i]->key.attestation_cert_len);
728 freezero(rks[i], sizeof(**rks));
729 }
730 free(rks);
731}
732
733int
734sshsk_load_resident(const char *provider_path, const char *device,
735 const char *pin, struct sshkey ***keysp, size_t *nkeysp)
736{
737 struct sshsk_provider *skp = NULL;
738 int r = SSH_ERR_INTERNAL_ERROR;
739 struct sk_resident_key **rks = NULL;
740 size_t i, nrks = 0, nkeys = 0;
741 struct sshkey *key = NULL, **keys = NULL, **tmp;
742 uint8_t flags;
743 struct sk_option **opts = NULL;
744
745 debug("%s: provider \"%s\"%s", __func__, provider_path,
746 (pin != NULL && *pin != '\0') ? ", have-pin": "");
747
748 if (keysp == NULL || nkeysp == NULL)
749 return SSH_ERR_INVALID_ARGUMENT;
750 *keysp = NULL;
751 *nkeysp = 0;
752
753 if ((r = make_options(device, NULL, &opts)) != 0)
754 goto out;
755 if ((skp = sshsk_open(provider_path)) == NULL) {
756 r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
757 goto out;
758 }
759 if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) {
760 error("Provider \"%s\" returned failure %d", provider_path, r);
761 r = skerr_to_ssherr(r);
762 goto out;
763 }
764 for (i = 0; i < nrks; i++) {
765 debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"",
766 __func__, i, rks[i]->slot, rks[i]->alg,
767 rks[i]->application);
768 /* XXX need better filter here */
769 if (strncmp(rks[i]->application, "ssh:", 4) != 0)
770 continue;
771 switch (rks[i]->alg) {
772 case SSH_SK_ECDSA:
773 case SSH_SK_ED25519:
774 break;
775 default:
776 continue;
777 }
778 /* XXX where to get flags? */
779 flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY;
780 if ((r = sshsk_key_from_response(rks[i]->alg,
781 rks[i]->application, flags, &rks[i]->key, &key)) != 0)
782 goto out;
783 if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
784 sizeof(*tmp))) == NULL) {
785 error("%s: recallocarray failed", __func__);
786 r = SSH_ERR_ALLOC_FAIL;
787 goto out;
788 }
789 keys = tmp;
790 keys[nkeys++] = key;
791 key = NULL;
792 /* XXX synthesise comment */
793 }
794 /* success */
795 *keysp = keys;
796 *nkeysp = nkeys;
797 keys = NULL;
798 nkeys = 0;
799 r = 0;
800 out:
801 sshsk_free_options(opts);
802 sshsk_free(skp);
803 sshsk_free_sk_resident_keys(rks, nrks);
804 sshkey_free(key);
805 if (nkeys != 0) {
806 for (i = 0; i < nkeys; i++)
807 sshkey_free(keys[i]);
808 free(keys);
809 }
810 return r;
811}
812
813#endif /* ENABLE_SK */
diff --git a/ssh-sk.h b/ssh-sk.h
new file mode 100644
index 000000000..0f566bbc3
--- /dev/null
+++ b/ssh-sk.h
@@ -0,0 +1,69 @@
1/* $OpenBSD: ssh-sk.h,v 1.10 2020/01/10 23:43:26 djm Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef _SSH_SK_H
19#define _SSH_SK_H 1
20
21struct sshbuf;
22struct sshkey;
23struct sk_option;
24
25/* Version of protocol expected from ssh-sk-helper */
26#define SSH_SK_HELPER_VERSION 5
27
28/* ssh-sk-helper messages */
29#define SSH_SK_HELPER_ERROR 0 /* Only valid H->C */
30#define SSH_SK_HELPER_SIGN 1
31#define SSH_SK_HELPER_ENROLL 2
32#define SSH_SK_HELPER_LOAD_RESIDENT 3
33
34/*
35 * Enroll (generate) a new security-key hosted private key of given type
36 * via the specified provider middleware.
37 * If challenge_buf is NULL then a random 256 bit challenge will be used.
38 *
39 * Returns 0 on success or a ssherr.h error code on failure.
40 *
41 * If successful and the attest_data buffer is not NULL then attestation
42 * information is placed there.
43 */
44int sshsk_enroll(int type, const char *provider_path, const char *device,
45 const char *application, const char *userid, uint8_t flags,
46 const char *pin, struct sshbuf *challenge_buf,
47 struct sshkey **keyp, struct sshbuf *attest);
48
49/*
50 * Calculate an ECDSA_SK or ED25519_SK signature using the specified key
51 * and provider middleware.
52 *
53 * Returns 0 on success or a ssherr.h error code on failure.
54 */
55int sshsk_sign(const char *provider_path, struct sshkey *key,
56 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
57 u_int compat, const char *pin);
58
59/*
60 * Enumerates and loads all SSH-compatible resident keys from a security
61 * key.
62 *
63 * Returns 0 on success or a ssherr.h error code on failure.
64 */
65int sshsk_load_resident(const char *provider_path, const char *device,
66 const char *pin, struct sshkey ***keysp, size_t *nkeysp);
67
68#endif /* _SSH_SK_H */
69
diff --git a/ssh.0 b/ssh.0
index bc7a05726..ffacbef65 100644
--- a/ssh.0
+++ b/ssh.0
@@ -1,7 +1,7 @@
1SSH(1) General Commands Manual SSH(1) 1SSH(1) General Commands Manual SSH(1)
2 2
3NAME 3NAME
4 ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) 4 ssh M-bM-^@M-^S OpenSSH remote login client
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] 7 ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]
@@ -33,9 +33,9 @@ DESCRIPTION
33 33
34 -6 Forces ssh to use IPv6 addresses only. 34 -6 Forces ssh to use IPv6 addresses only.
35 35
36 -A Enables forwarding of the authentication agent connection. This 36 -A Enables forwarding of connections from an authentication agent
37 can also be specified on a per-host basis in a configuration 37 such as ssh-agent(1). This can also be specified on a per-host
38 file. 38 basis in a configuration file.
39 39
40 Agent forwarding should be enabled with caution. Users with the 40 Agent forwarding should be enabled with caution. Users with the
41 ability to bypass file permissions on the remote host (for the 41 ability to bypass file permissions on the remote host (for the
@@ -43,7 +43,8 @@ DESCRIPTION
43 the forwarded connection. An attacker cannot obtain key material 43 the forwarded connection. An attacker cannot obtain key material
44 from the agent, however they can perform operations on the keys 44 from the agent, however they can perform operations on the keys
45 that enable them to authenticate using the identities loaded into 45 that enable them to authenticate using the identities loaded into
46 the agent. 46 the agent. A safer alternative may be to use a jump host (see
47 -J).
47 48
48 -a Disables forwarding of the authentication agent connection. 49 -a Disables forwarding of the authentication agent connection.
49 50
@@ -135,14 +136,14 @@ DESCRIPTION
135 -i identity_file 136 -i identity_file
136 Selects a file from which the identity (private key) for public 137 Selects a file from which the identity (private key) for public
137 key authentication is read. The default is ~/.ssh/id_dsa, 138 key authentication is read. The default is ~/.ssh/id_dsa,
138 ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity 139 ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
139 files may also be specified on a per-host basis in the 140 ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Identity files may also
140 configuration file. It is possible to have multiple -i options 141 be specified on a per-host basis in the configuration file. It
141 (and multiple identities specified in configuration files). If 142 is possible to have multiple -i options (and multiple identities
142 no certificates have been explicitly specified by the 143 specified in configuration files). If no certificates have been
143 CertificateFile directive, ssh will also try to load certificate 144 explicitly specified by the CertificateFile directive, ssh will
144 information from the filename obtained by appending -cert.pub to 145 also try to load certificate information from the filename
145 identity filenames. 146 obtained by appending -cert.pub to identity filenames.
146 147
147 -J destination 148 -J destination
148 Connect to the target host by first making a ssh connection to 149 Connect to the target host by first making a ssh connection to
@@ -329,8 +330,11 @@ DESCRIPTION
329 for use with the -Q flag), mac (supported message integrity 330 for use with the -Q flag), mac (supported message integrity
330 codes), kex (key exchange algorithms), key (key types), key-cert 331 codes), kex (key exchange algorithms), key (key types), key-cert
331 (certificate key types), key-plain (non-certificate key types), 332 (certificate key types), key-plain (non-certificate key types),
333 key-sig (all key types and signature algorithms),
332 protocol-version (supported SSH protocol versions), and sig 334 protocol-version (supported SSH protocol versions), and sig
333 (supported signature algorithms). 335 (supported signature algorithms). Alternatively, any keyword
336 from ssh_config(5) or sshd_config(5) that takes an algorithm list
337 may be used as an alias for the corresponding query_option.
334 338
335 -q Quiet mode. Causes most warning and diagnostic messages to be 339 -q Quiet mode. Causes most warning and diagnostic messages to be
336 suppressed. 340 suppressed.
@@ -491,9 +495,12 @@ AUTHENTICATION
491 495
492 The user creates his/her key pair by running ssh-keygen(1). This stores 496 The user creates his/her key pair by running ssh-keygen(1). This stores
493 the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), 497 the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
494 ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public 498 ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519
495 key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), 499 (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or
496 ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's 500 ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA),
501 ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted
502 ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub
503 (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
497 home directory. The user should then copy the public key to 504 home directory. The user should then copy the public key to
498 ~/.ssh/authorized_keys in his/her home directory on the remote machine. 505 ~/.ssh/authorized_keys in his/her home directory on the remote machine.
499 The authorized_keys file corresponds to the conventional ~/.rhosts file, 506 The authorized_keys file corresponds to the conventional ~/.rhosts file,
@@ -858,7 +865,9 @@ FILES
858 865
859 ~/.ssh/id_dsa 866 ~/.ssh/id_dsa
860 ~/.ssh/id_ecdsa 867 ~/.ssh/id_ecdsa
868 ~/.ssh/id_ecdsa_sk
861 ~/.ssh/id_ed25519 869 ~/.ssh/id_ed25519
870 ~/.ssh/id_ed25519_sk
862 ~/.ssh/id_rsa 871 ~/.ssh/id_rsa
863 Contains the private key for authentication. These files contain 872 Contains the private key for authentication. These files contain
864 sensitive data and should be readable by the user but not 873 sensitive data and should be readable by the user but not
@@ -870,7 +879,9 @@ FILES
870 879
871 ~/.ssh/id_dsa.pub 880 ~/.ssh/id_dsa.pub
872 ~/.ssh/id_ecdsa.pub 881 ~/.ssh/id_ecdsa.pub
882 ~/.ssh/id_ecdsa_sk.pub
873 ~/.ssh/id_ed25519.pub 883 ~/.ssh/id_ed25519.pub
884 ~/.ssh/id_ed25519_sk.pub
874 ~/.ssh/id_rsa.pub 885 ~/.ssh/id_rsa.pub
875 Contains the public key for authentication. These files are not 886 Contains the public key for authentication. These files are not
876 sensitive and can (but need not) be readable by anyone. 887 sensitive and can (but need not) be readable by anyone.
@@ -977,4 +988,4 @@ AUTHORS
977 created OpenSSH. Markus Friedl contributed the support for SSH protocol 988 created OpenSSH. Markus Friedl contributed the support for SSH protocol
978 versions 1.5 and 2.0. 989 versions 1.5 and 2.0.
979 990
980OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 991OpenBSD 6.6 February 7, 2020 OpenBSD 6.6
diff --git a/ssh.1 b/ssh.1
index 44a00d525..a8967c2f8 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,13 +33,13 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ 36.\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $
37.Dd $Mdocdate: June 12 2019 $ 37.Dd $Mdocdate: February 7 2020 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm ssh 41.Nm ssh
42.Nd OpenSSH SSH client (remote login program) 42.Nd OpenSSH remote login client
43.Sh SYNOPSIS 43.Sh SYNOPSIS
44.Nm ssh 44.Nm ssh
45.Op Fl 46AaCfGgKkMNnqsTtVvXxYy 45.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
@@ -110,7 +110,8 @@ Forces
110to use IPv6 addresses only. 110to use IPv6 addresses only.
111.Pp 111.Pp
112.It Fl A 112.It Fl A
113Enables forwarding of the authentication agent connection. 113Enables forwarding of connections from an authentication agent such as
114.Xr ssh-agent 1 .
114This can also be specified on a per-host basis in a configuration file. 115This can also be specified on a per-host basis in a configuration file.
115.Pp 116.Pp
116Agent forwarding should be enabled with caution. 117Agent forwarding should be enabled with caution.
@@ -121,6 +122,9 @@ socket) can access the local agent through the forwarded connection.
121An attacker cannot obtain key material from the agent, 122An attacker cannot obtain key material from the agent,
122however they can perform operations on the keys that enable them to 123however they can perform operations on the keys that enable them to
123authenticate using the identities loaded into the agent. 124authenticate using the identities loaded into the agent.
125A safer alternative may be to use a jump host
126(see
127.Fl J ) .
124.Pp 128.Pp
125.It Fl a 129.It Fl a
126Disables forwarding of the authentication agent connection. 130Disables forwarding of the authentication agent connection.
@@ -279,7 +283,9 @@ public key authentication is read.
279The default is 283The default is
280.Pa ~/.ssh/id_dsa , 284.Pa ~/.ssh/id_dsa ,
281.Pa ~/.ssh/id_ecdsa , 285.Pa ~/.ssh/id_ecdsa ,
282.Pa ~/.ssh/id_ed25519 286.Pa ~/.ssh/id_ecdsa_sk ,
287.Pa ~/.ssh/id_ed25519 ,
288.Pa ~/.ssh/id_ed25519_sk
283and 289and
284.Pa ~/.ssh/id_rsa . 290.Pa ~/.ssh/id_rsa .
285Identity files may also be specified on 291Identity files may also be specified on
@@ -587,10 +593,18 @@ flag),
587(certificate key types), 593(certificate key types),
588.Ar key-plain 594.Ar key-plain
589(non-certificate key types), 595(non-certificate key types),
596.Ar key-sig
597(all key types and signature algorithms),
590.Ar protocol-version 598.Ar protocol-version
591(supported SSH protocol versions), and 599(supported SSH protocol versions), and
592.Ar sig 600.Ar sig
593(supported signature algorithms). 601(supported signature algorithms).
602Alternatively, any keyword from
603.Xr ssh_config 5
604or
605.Xr sshd_config 5
606that takes an algorithm list may be used as an alias for the corresponding
607query_option.
594.Pp 608.Pp
595.It Fl q 609.It Fl q
596Quiet mode. 610Quiet mode.
@@ -932,8 +946,12 @@ This stores the private key in
932(DSA), 946(DSA),
933.Pa ~/.ssh/id_ecdsa 947.Pa ~/.ssh/id_ecdsa
934(ECDSA), 948(ECDSA),
949.Pa ~/.ssh/id_ecdsa_sk
950(authenticator-hosted ECDSA),
935.Pa ~/.ssh/id_ed25519 951.Pa ~/.ssh/id_ed25519
936(Ed25519), 952(Ed25519),
953.Pa ~/.ssh/id_ed25519_sk
954(authenticator-hosted Ed25519),
937or 955or
938.Pa ~/.ssh/id_rsa 956.Pa ~/.ssh/id_rsa
939(RSA) 957(RSA)
@@ -942,8 +960,12 @@ and stores the public key in
942(DSA), 960(DSA),
943.Pa ~/.ssh/id_ecdsa.pub 961.Pa ~/.ssh/id_ecdsa.pub
944(ECDSA), 962(ECDSA),
963.Pa ~/.ssh/id_ecdsa_sk.pub
964(authenticator-hosted ECDSA),
945.Pa ~/.ssh/id_ed25519.pub 965.Pa ~/.ssh/id_ed25519.pub
946(Ed25519), 966(Ed25519),
967.Pa ~/.ssh/id_ed25519_sk.pub
968(authenticator-hosted Ed25519),
947or 969or
948.Pa ~/.ssh/id_rsa.pub 970.Pa ~/.ssh/id_rsa.pub
949(RSA) 971(RSA)
@@ -1522,7 +1544,9 @@ above.
1522.Pp 1544.Pp
1523.It Pa ~/.ssh/id_dsa 1545.It Pa ~/.ssh/id_dsa
1524.It Pa ~/.ssh/id_ecdsa 1546.It Pa ~/.ssh/id_ecdsa
1547.It Pa ~/.ssh/id_ecdsa_sk
1525.It Pa ~/.ssh/id_ed25519 1548.It Pa ~/.ssh/id_ed25519
1549.It Pa ~/.ssh/id_ed25519_sk
1526.It Pa ~/.ssh/id_rsa 1550.It Pa ~/.ssh/id_rsa
1527Contains the private key for authentication. 1551Contains the private key for authentication.
1528These files 1552These files
@@ -1536,7 +1560,9 @@ sensitive part of this file using AES-128.
1536.Pp 1560.Pp
1537.It Pa ~/.ssh/id_dsa.pub 1561.It Pa ~/.ssh/id_dsa.pub
1538.It Pa ~/.ssh/id_ecdsa.pub 1562.It Pa ~/.ssh/id_ecdsa.pub
1563.It Pa ~/.ssh/id_ecdsa_sk.pub
1539.It Pa ~/.ssh/id_ed25519.pub 1564.It Pa ~/.ssh/id_ed25519.pub
1565.It Pa ~/.ssh/id_ed25519_sk.pub
1540.It Pa ~/.ssh/id_rsa.pub 1566.It Pa ~/.ssh/id_rsa.pub
1541Contains the public key for authentication. 1567Contains the public key for authentication.
1542These files are not 1568These files are not
diff --git a/ssh.c b/ssh.c
index 7b482dcb0..6138fd4d3 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.507 2019/09/13 04:27:35 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -65,6 +65,7 @@
65#include <stdio.h> 65#include <stdio.h>
66#include <stdlib.h> 66#include <stdlib.h>
67#include <string.h> 67#include <string.h>
68#include <stdarg.h>
68#include <unistd.h> 69#include <unistd.h>
69#include <limits.h> 70#include <limits.h>
70#include <locale.h> 71#include <locale.h>
@@ -167,6 +168,12 @@ char *config = NULL;
167 */ 168 */
168char *host; 169char *host;
169 170
171/*
172 * A config can specify a path to forward, overriding SSH_AUTH_SOCK. If this is
173 * not NULL, forward the socket at this path instead.
174 */
175char *forward_agent_sock_path = NULL;
176
170/* Various strings used to to percent_expand() arguments */ 177/* Various strings used to to percent_expand() arguments */
171static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; 178static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
172static char uidstr[32], *host_arg, *conn_hash_hex; 179static char uidstr[32], *host_arg, *conn_hash_hex;
@@ -595,6 +602,7 @@ main(int ac, char **av)
595 struct addrinfo *addrs = NULL; 602 struct addrinfo *addrs = NULL;
596 struct ssh_digest_ctx *md; 603 struct ssh_digest_ctx *md;
597 u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; 604 u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
605 size_t n, len;
598 606
599 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 607 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
600 sanitise_stdfd(); 608 sanitise_stdfd();
@@ -728,13 +736,16 @@ main(int ac, char **av)
728 break; 736 break;
729 case 'Q': 737 case 'Q':
730 cp = NULL; 738 cp = NULL;
731 if (strcmp(optarg, "cipher") == 0) 739 if (strcmp(optarg, "cipher") == 0 ||
740 strcasecmp(optarg, "Ciphers") == 0)
732 cp = cipher_alg_list('\n', 0); 741 cp = cipher_alg_list('\n', 0);
733 else if (strcmp(optarg, "cipher-auth") == 0) 742 else if (strcmp(optarg, "cipher-auth") == 0)
734 cp = cipher_alg_list('\n', 1); 743 cp = cipher_alg_list('\n', 1);
735 else if (strcmp(optarg, "mac") == 0) 744 else if (strcmp(optarg, "mac") == 0 ||
745 strcasecmp(optarg, "MACs") == 0)
736 cp = mac_alg_list('\n'); 746 cp = mac_alg_list('\n');
737 else if (strcmp(optarg, "kex") == 0) 747 else if (strcmp(optarg, "kex") == 0 ||
748 strcasecmp(optarg, "KexAlgorithms") == 0)
738 cp = kex_alg_list('\n'); 749 cp = kex_alg_list('\n');
739 else if (strcmp(optarg, "kex-gss") == 0) 750 else if (strcmp(optarg, "kex-gss") == 0)
740 cp = kex_gss_alg_list('\n'); 751 cp = kex_gss_alg_list('\n');
@@ -744,15 +755,27 @@ main(int ac, char **av)
744 cp = sshkey_alg_list(1, 0, 0, '\n'); 755 cp = sshkey_alg_list(1, 0, 0, '\n');
745 else if (strcmp(optarg, "key-plain") == 0) 756 else if (strcmp(optarg, "key-plain") == 0)
746 cp = sshkey_alg_list(0, 1, 0, '\n'); 757 cp = sshkey_alg_list(0, 1, 0, '\n');
758 else if (strcmp(optarg, "key-sig") == 0 ||
759 strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 ||
760 strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
761 strcasecmp(optarg, "HostbasedKeyTypes") == 0 ||
762 strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0)
763 cp = sshkey_alg_list(0, 0, 1, '\n');
747 else if (strcmp(optarg, "sig") == 0) 764 else if (strcmp(optarg, "sig") == 0)
748 cp = sshkey_alg_list(0, 1, 1, '\n'); 765 cp = sshkey_alg_list(0, 1, 1, '\n');
749 else if (strcmp(optarg, "protocol-version") == 0) 766 else if (strcmp(optarg, "protocol-version") == 0)
750 cp = xstrdup("2"); 767 cp = xstrdup("2");
751 else if (strcmp(optarg, "help") == 0) { 768 else if (strcmp(optarg, "compression") == 0) {
769 cp = xstrdup(compression_alg_list(0));
770 len = strlen(cp);
771 for (n = 0; n < len; n++)
772 if (cp[n] == ',')
773 cp[n] = '\n';
774 } else if (strcmp(optarg, "help") == 0) {
752 cp = xstrdup( 775 cp = xstrdup(
753 "cipher\ncipher-auth\nkex\nkex-gss\nkey\n" 776 "cipher\ncipher-auth\ncompression\nkex\n"
754 "key-cert\nkey-plain\nmac\n" 777 "kex-gss\nkey\nkey-cert\nkey-plain\n"
755 "protocol-version\nsig"); 778 "key-sig\nmac\nprotocol-version\nsig");
756 } 779 }
757 if (cp == NULL) 780 if (cp == NULL)
758 fatal("Unsupported query \"%s\"", optarg); 781 fatal("Unsupported query \"%s\"", optarg);
@@ -954,7 +977,11 @@ main(int ac, char **av)
954 break; 977 break;
955 978
956 case 'C': 979 case 'C':
980#ifdef WITH_ZLIB
957 options.compression = 1; 981 options.compression = 1;
982#else
983 error("Compression not supported, disabling.");
984#endif
958 break; 985 break;
959 case 'N': 986 case 'N':
960 no_shell_flag = 1; 987 no_shell_flag = 1;
@@ -1232,11 +1259,21 @@ main(int ac, char **av)
1232 strcmp(options.proxy_command, "-") == 0 && 1259 strcmp(options.proxy_command, "-") == 0 &&
1233 options.proxy_use_fdpass) 1260 options.proxy_use_fdpass)
1234 fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); 1261 fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
1235 if (options.control_persist && 1262 if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
1236 options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { 1263 if (options.control_persist && options.control_path != NULL) {
1237 debug("UpdateHostKeys=ask is incompatible with ControlPersist; " 1264 debug("UpdateHostKeys=ask is incompatible with "
1238 "disabling"); 1265 "ControlPersist; disabling");
1239 options.update_hostkeys = 0; 1266 options.update_hostkeys = 0;
1267 } else if (sshbuf_len(command) != 0 ||
1268 options.remote_command != NULL ||
1269 options.request_tty == REQUEST_TTY_NO) {
1270 debug("UpdateHostKeys=ask is incompatible with "
1271 "remote command execution; disabling");
1272 options.update_hostkeys = 0;
1273 } else if (options.log_level < SYSLOG_LEVEL_INFO) {
1274 /* no point logging anything; user won't see it */
1275 options.update_hostkeys = 0;
1276 }
1240 } 1277 }
1241 if (options.connection_attempts <= 0) 1278 if (options.connection_attempts <= 0)
1242 fatal("Invalid number of ConnectionAttempts"); 1279 fatal("Invalid number of ConnectionAttempts");
@@ -1346,6 +1383,22 @@ main(int ac, char **av)
1346 exit(0); 1383 exit(0);
1347 } 1384 }
1348 1385
1386 /* Expand SecurityKeyProvider if it refers to an environment variable */
1387 if (options.sk_provider != NULL && *options.sk_provider == '$' &&
1388 strlen(options.sk_provider) > 1) {
1389 if ((cp = getenv(options.sk_provider + 1)) == NULL) {
1390 debug("Authenticator provider %s did not resolve; "
1391 "disabling", options.sk_provider);
1392 free(options.sk_provider);
1393 options.sk_provider = NULL;
1394 } else {
1395 debug2("resolved SecurityKeyProvider %s => %s",
1396 options.sk_provider, cp);
1397 free(options.sk_provider);
1398 options.sk_provider = xstrdup(cp);
1399 }
1400 }
1401
1349 if (muxclient_command != 0 && options.control_path == NULL) 1402 if (muxclient_command != 0 && options.control_path == NULL)
1350 fatal("No ControlPath specified for \"-O\" command"); 1403 fatal("No ControlPath specified for \"-O\" command");
1351 if (options.control_path != NULL) { 1404 if (options.control_path != NULL) {
@@ -1371,7 +1424,7 @@ main(int ac, char **av)
1371 timeout_ms = options.connection_timeout * 1000; 1424 timeout_ms = options.connection_timeout * 1000;
1372 1425
1373 /* Open a connection to the remote host. */ 1426 /* Open a connection to the remote host. */
1374 if (ssh_connect(ssh, host_arg, host, addrs, &hostaddr, options.port, 1427 if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port,
1375 options.address_family, options.connection_attempts, 1428 options.address_family, options.connection_attempts,
1376 &timeout_ms, options.tcp_keep_alive) != 0) 1429 &timeout_ms, options.tcp_keep_alive) != 0)
1377 exit(255); 1430 exit(255);
@@ -1483,13 +1536,39 @@ main(int ac, char **av)
1483 } 1536 }
1484 } 1537 }
1485 1538
1539 if (options.forward_agent && (options.forward_agent_sock_path != NULL)) {
1540 p = tilde_expand_filename(options.forward_agent_sock_path, getuid());
1541 cp = percent_expand(p,
1542 "d", pw->pw_dir,
1543 "h", host,
1544 "i", uidstr,
1545 "l", thishost,
1546 "r", options.user,
1547 "u", pw->pw_name,
1548 (char *)NULL);
1549 free(p);
1550
1551 if (cp[0] == '$') {
1552 if (!valid_env_name(cp + 1)) {
1553 fatal("Invalid ForwardAgent environment variable name %s", cp);
1554 }
1555 if ((p = getenv(cp + 1)) != NULL)
1556 forward_agent_sock_path = p;
1557 else
1558 options.forward_agent = 0;
1559 free(cp);
1560 } else {
1561 forward_agent_sock_path = cp;
1562 }
1563 }
1564
1486 /* Expand ~ in known host file names. */ 1565 /* Expand ~ in known host file names. */
1487 tilde_expand_paths(options.system_hostfiles, 1566 tilde_expand_paths(options.system_hostfiles,
1488 options.num_system_hostfiles); 1567 options.num_system_hostfiles);
1489 tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); 1568 tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
1490 1569
1491 signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ 1570 ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
1492 signal(SIGCHLD, main_sigchld_handler); 1571 ssh_signal(SIGCHLD, main_sigchld_handler);
1493 1572
1494 /* Log into the remote system. Never returns if the login fails. */ 1573 /* Log into the remote system. Never returns if the login fails. */
1495 ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr, 1574 ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
@@ -2014,7 +2093,8 @@ load_public_identity_files(struct passwd *pw)
2014 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; 2093 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
2015 int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; 2094 int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES];
2016#ifdef ENABLE_PKCS11 2095#ifdef ENABLE_PKCS11
2017 struct sshkey **keys; 2096 struct sshkey **keys = NULL;
2097 char **comments = NULL;
2018 int nkeys; 2098 int nkeys;
2019#endif /* PKCS11 */ 2099#endif /* PKCS11 */
2020 2100
@@ -2033,18 +2113,19 @@ load_public_identity_files(struct passwd *pw)
2033 options.num_identity_files < SSH_MAX_IDENTITY_FILES && 2113 options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
2034 (pkcs11_init(!options.batch_mode) == 0) && 2114 (pkcs11_init(!options.batch_mode) == 0) &&
2035 (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, 2115 (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL,
2036 &keys)) > 0) { 2116 &keys, &comments)) > 0) {
2037 for (i = 0; i < nkeys; i++) { 2117 for (i = 0; i < nkeys; i++) {
2038 if (n_ids >= SSH_MAX_IDENTITY_FILES) { 2118 if (n_ids >= SSH_MAX_IDENTITY_FILES) {
2039 sshkey_free(keys[i]); 2119 sshkey_free(keys[i]);
2120 free(comments[i]);
2040 continue; 2121 continue;
2041 } 2122 }
2042 identity_keys[n_ids] = keys[i]; 2123 identity_keys[n_ids] = keys[i];
2043 identity_files[n_ids] = 2124 identity_files[n_ids] = comments[i]; /* transferred */
2044 xstrdup(options.pkcs11_provider); /* XXX */
2045 n_ids++; 2125 n_ids++;
2046 } 2126 }
2047 free(keys); 2127 free(keys);
2128 free(comments);
2048 } 2129 }
2049#endif /* ENABLE_PKCS11 */ 2130#endif /* ENABLE_PKCS11 */
2050 for (i = 0; i < options.num_identity_files; i++) { 2131 for (i = 0; i < options.num_identity_files; i++) {
diff --git a/ssh_api.c b/ssh_api.c
index 03dac0982..e0b195521 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */ 1/* $OpenBSD: ssh_api.c,v 1.19 2019/10/31 21:23:19 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 3 * Copyright (c) 2012 Markus Friedl. All rights reserved.
4 * 4 *
@@ -54,7 +54,7 @@ int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
54 */ 54 */
55int use_privsep = 0; 55int use_privsep = 0;
56int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, 56int mm_sshkey_sign(struct sshkey *, u_char **, u_int *,
57 u_char *, u_int, char *, u_int); 57 const u_char *, u_int, const char *, const char *, u_int);
58 58
59#ifdef WITH_OPENSSL 59#ifdef WITH_OPENSSL
60DH *mm_choose_dh(int, int, int); 60DH *mm_choose_dh(int, int, int);
@@ -66,7 +66,8 @@ u_int session_id2_len = 0;
66 66
67int 67int
68mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, 68mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
69 u_char *data, u_int datalen, char *alg, u_int compat) 69 const u_char *data, u_int datalen, const char *alg, const char *sk_provider,
70 u_int compat)
70{ 71{
71 return (-1); 72 return (-1);
72} 73}
@@ -568,5 +569,5 @@ _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,
568 const u_char *data, size_t dlen, const char *alg) 569 const u_char *data, size_t dlen, const char *alg)
569{ 570{
570 return sshkey_sign(privkey, signature, slen, data, dlen, 571 return sshkey_sign(privkey, signature, slen, data, dlen,
571 alg, ssh->compat); 572 alg, NULL, ssh->compat);
572} 573}
diff --git a/ssh_config.0 b/ssh_config.0
index 94ef73676..692e5f6d5 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -1,7 +1,7 @@
1SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) 1SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5)
2 2
3NAME 3NAME
4 ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files 4 ssh_config M-bM-^@M-^S OpenSSH client configuration file
5 5
6DESCRIPTION 6DESCRIPTION
7 ssh(1) obtains configuration data from the following sources in the 7 ssh(1) obtains configuration data from the following sources in the
@@ -107,10 +107,11 @@ DESCRIPTION
107 (use IPv6 only). 107 (use IPv6 only).
108 108
109 BatchMode 109 BatchMode
110 If set to yes, passphrase/password querying will be disabled. 110 If set to yes, user interaction such as password prompts and host
111 This option is useful in scripts and other batch jobs where no 111 key confirmation requests will be disabled. This option is
112 user is present to supply the password. The argument must be yes 112 useful in scripts and other batch jobs where no user is present
113 or no (the default). 113 to interact with ssh(1). The argument must be yes or no (the
114 default).
114 115
115 BindAddress 116 BindAddress
116 Use the specified address on the local machine as the source 117 Use the specified address on the local machine as the source
@@ -181,7 +182,8 @@ DESCRIPTION
181 Specifies a file from which the user's certificate is read. A 182 Specifies a file from which the user's certificate is read. A
182 corresponding private key must be provided separately in order to 183 corresponding private key must be provided separately in order to
183 use this certificate either from an IdentityFile directive or -i 184 use this certificate either from an IdentityFile directive or -i
184 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. 185 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider or
186 SecurityKeyProvider.
185 187
186 Arguments to CertificateFile may use the tilde syntax to refer to 188 Arguments to CertificateFile may use the tilde syntax to refer to
187 a user's home directory or the tokens described in the TOKENS 189 a user's home directory or the tokens described in the TOKENS
@@ -303,10 +305,10 @@ DESCRIPTION
303 When used in conjunction with ControlMaster, specifies that the 305 When used in conjunction with ControlMaster, specifies that the
304 master connection should remain open in the background (waiting 306 master connection should remain open in the background (waiting
305 for future client connections) after the initial client 307 for future client connections) after the initial client
306 connection has been closed. If set to no, then the master 308 connection has been closed. If set to no (the default), then the
307 connection will not be placed into the background, and will close 309 master connection will not be placed into the background, and
308 as soon as the initial client connection is closed. If set to 310 will close as soon as the initial client connection is closed.
309 yes or 0, then the master connection will remain in the 311 If set to yes or 0, then the master connection will remain in the
310 background indefinitely (until killed or closed via a mechanism 312 background indefinitely (until killed or closed via a mechanism
311 such as the "ssh -O exit"). If set to a time in seconds, or a 313 such as the "ssh -O exit"). If set to a time in seconds, or a
312 time in any of the formats documented in sshd_config(5), then the 314 time in any of the formats documented in sshd_config(5), then the
@@ -364,8 +366,10 @@ DESCRIPTION
364 366
365 ForwardAgent 367 ForwardAgent
366 Specifies whether the connection to the authentication agent (if 368 Specifies whether the connection to the authentication agent (if
367 any) will be forwarded to the remote machine. The argument must 369 any) will be forwarded to the remote machine. The argument may
368 be yes or no (the default). 370 be yes, no (the default), an explicit path to an agent socket or
371 the name of an environment variable (beginning with M-bM-^@M-^X$M-bM-^@M-^Y) in which
372 to find the path.
369 373
370 Agent forwarding should be enabled with caution. Users with the 374 Agent forwarding should be enabled with caution. Users with the
371 ability to bypass file permissions on the remote host (for the 375 ability to bypass file permissions on the remote host (for the
@@ -434,11 +438,11 @@ DESCRIPTION
434 HashKnownHosts 438 HashKnownHosts
435 Indicates that ssh(1) should hash host names and addresses when 439 Indicates that ssh(1) should hash host names and addresses when
436 they are added to ~/.ssh/known_hosts. These hashed names may be 440 they are added to ~/.ssh/known_hosts. These hashed names may be
437 used normally by ssh(1) and sshd(8), but they do not reveal 441 used normally by ssh(1) and sshd(8), but they do not visually
438 identifying information should the file's contents be disclosed. 442 reveal identifying information if the file's contents are
439 The default is no. Note that existing names and addresses in 443 disclosed. The default is no. Note that existing names and
440 known hosts files will not be converted automatically, but may be 444 addresses in known hosts files will not be converted
441 manually hashed using ssh-keygen(1). 445 automatically, but may be manually hashed using ssh-keygen(1).
442 446
443 HostbasedAuthentication 447 HostbasedAuthentication
444 Specifies whether to try rhosts based authentication with public 448 Specifies whether to try rhosts based authentication with public
@@ -460,11 +464,16 @@ DESCRIPTION
460 ecdsa-sha2-nistp256-cert-v01@openssh.com, 464 ecdsa-sha2-nistp256-cert-v01@openssh.com,
461 ecdsa-sha2-nistp384-cert-v01@openssh.com, 465 ecdsa-sha2-nistp384-cert-v01@openssh.com,
462 ecdsa-sha2-nistp521-cert-v01@openssh.com, 466 ecdsa-sha2-nistp521-cert-v01@openssh.com,
467 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
463 ssh-ed25519-cert-v01@openssh.com, 468 ssh-ed25519-cert-v01@openssh.com,
464 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 469 sk-ssh-ed25519-cert-v01@openssh.com,
470 rsa-sha2-512-cert-v01@openssh.com,
471 rsa-sha2-256-cert-v01@openssh.com,
465 ssh-rsa-cert-v01@openssh.com, 472 ssh-rsa-cert-v01@openssh.com,
466 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 473 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
467 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 474 sk-ecdsa-sha2-nistp256@openssh.com,
475 ssh-ed25519,sk-ssh-ed25519@openssh.com,
476 rsa-sha2-512,rsa-sha2-256,ssh-rsa
468 477
469 The -Q option of ssh(1) may be used to list supported key types. 478 The -Q option of ssh(1) may be used to list supported key types.
470 479
@@ -482,17 +491,22 @@ DESCRIPTION
482 ecdsa-sha2-nistp256-cert-v01@openssh.com, 491 ecdsa-sha2-nistp256-cert-v01@openssh.com,
483 ecdsa-sha2-nistp384-cert-v01@openssh.com, 492 ecdsa-sha2-nistp384-cert-v01@openssh.com,
484 ecdsa-sha2-nistp521-cert-v01@openssh.com, 493 ecdsa-sha2-nistp521-cert-v01@openssh.com,
494 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
485 ssh-ed25519-cert-v01@openssh.com, 495 ssh-ed25519-cert-v01@openssh.com,
486 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 496 sk-ssh-ed25519-cert-v01@openssh.com,
497 rsa-sha2-512-cert-v01@openssh.com,
498 rsa-sha2-256-cert-v01@openssh.com,
487 ssh-rsa-cert-v01@openssh.com, 499 ssh-rsa-cert-v01@openssh.com,
488 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 500 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
489 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 501 sk-ecdsa-sha2-nistp256@openssh.com,
502 ssh-ed25519,sk-ssh-ed25519@openssh.com,
503 rsa-sha2-512,rsa-sha2-256,ssh-rsa
490 504
491 If hostkeys are known for the destination host then this default 505 If hostkeys are known for the destination host then this default
492 is modified to prefer their algorithms. 506 is modified to prefer their algorithms.
493 507
494 The list of available key types may also be obtained using "ssh 508 The list of available key types may also be obtained using "ssh
495 -Q key". 509 -Q HostKeyAlgorithms".
496 510
497 HostKeyAlias 511 HostKeyAlias
498 Specifies an alias that should be used instead of the real host 512 Specifies an alias that should be used instead of the real host
@@ -514,9 +528,10 @@ DESCRIPTION
514 authentication identity and certificate files (either the default 528 authentication identity and certificate files (either the default
515 files, or those explicitly configured in the ssh_config files or 529 files, or those explicitly configured in the ssh_config files or
516 passed on the ssh(1) command-line), even if ssh-agent(1) or a 530 passed on the ssh(1) command-line), even if ssh-agent(1) or a
517 PKCS11Provider offers more identities. The argument to this 531 PKCS11Provider or SecurityKeyProvider offers more identities.
518 keyword must be yes or no (the default). This option is intended 532 The argument to this keyword must be yes or no (the default).
519 for situations where ssh-agent offers many different identities. 533 This option is intended for situations where ssh-agent offers
534 many different identities.
520 535
521 IdentityAgent 536 IdentityAgent
522 Specifies the UNIX-domain socket used to communicate with the 537 Specifies the UNIX-domain socket used to communicate with the
@@ -536,15 +551,17 @@ DESCRIPTION
536 section. 551 section.
537 552
538 IdentityFile 553 IdentityFile
539 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA 554 Specifies a file from which the user's DSA, ECDSA, authenticator-
555 hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA
540 authentication identity is read. The default is ~/.ssh/id_dsa, 556 authentication identity is read. The default is ~/.ssh/id_dsa,
541 ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. 557 ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
542 Additionally, any identities represented by the authentication 558 ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Additionally, any
543 agent will be used for authentication unless IdentitiesOnly is 559 identities represented by the authentication agent will be used
544 set. If no certificates have been explicitly specified by 560 for authentication unless IdentitiesOnly is set. If no
545 CertificateFile, ssh(1) will try to load certificate information 561 certificates have been explicitly specified by CertificateFile,
546 from the filename obtained by appending -cert.pub to the path of 562 ssh(1) will try to load certificate information from the filename
547 a specified IdentityFile. 563 obtained by appending -cert.pub to the path of a specified
564 IdentityFile.
548 565
549 Arguments to IdentityFile may use the tilde syntax to refer to a 566 Arguments to IdentityFile may use the tilde syntax to refer to a
550 user's home directory or the tokens described in the TOKENS 567 user's home directory or the tokens described in the TOKENS
@@ -583,14 +600,15 @@ DESCRIPTION
583 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. 600 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
584 Accepted values are af11, af12, af13, af21, af22, af23, af31, 601 Accepted values are af11, af12, af13, af21, af22, af23, af31,
585 af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, 602 af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
586 cs7, ef, lowdelay, throughput, reliability, a numeric value, or 603 cs7, ef, le, lowdelay, throughput, reliability, a numeric value,
587 none to use the operating system default. This option may take 604 or none to use the operating system default. This option may
588 one or two arguments, separated by whitespace. If one argument 605 take one or two arguments, separated by whitespace. If one
589 is specified, it is used as the packet class unconditionally. If 606 argument is specified, it is used as the packet class
590 two values are specified, the first is automatically selected for 607 unconditionally. If two values are specified, the first is
591 interactive sessions and the second for non-interactive sessions. 608 automatically selected for interactive sessions and the second
592 The default is af21 (Low-Latency Data) for interactive sessions 609 for non-interactive sessions. The default is af21 (Low-Latency
593 and cs1 (Lower Effort) for non-interactive sessions. 610 Data) for interactive sessions and cs1 (Lower Effort) for non-
611 interactive sessions.
594 612
595 KbdInteractiveAuthentication 613 KbdInteractiveAuthentication
596 Specifies whether to use keyboard-interactive authentication. 614 Specifies whether to use keyboard-interactive authentication.
@@ -619,8 +637,7 @@ DESCRIPTION
619 diffie-hellman-group-exchange-sha256, 637 diffie-hellman-group-exchange-sha256,
620 diffie-hellman-group16-sha512, 638 diffie-hellman-group16-sha512,
621 diffie-hellman-group18-sha512, 639 diffie-hellman-group18-sha512,
622 diffie-hellman-group14-sha256, 640 diffie-hellman-group14-sha256
623 diffie-hellman-group14-sha1
624 641
625 The list of available key exchange algorithms may also be 642 The list of available key exchange algorithms may also be
626 obtained using "ssh -Q kex". 643 obtained using "ssh -Q kex".
@@ -784,14 +801,19 @@ DESCRIPTION
784 ecdsa-sha2-nistp256-cert-v01@openssh.com, 801 ecdsa-sha2-nistp256-cert-v01@openssh.com,
785 ecdsa-sha2-nistp384-cert-v01@openssh.com, 802 ecdsa-sha2-nistp384-cert-v01@openssh.com,
786 ecdsa-sha2-nistp521-cert-v01@openssh.com, 803 ecdsa-sha2-nistp521-cert-v01@openssh.com,
804 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
787 ssh-ed25519-cert-v01@openssh.com, 805 ssh-ed25519-cert-v01@openssh.com,
788 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 806 sk-ssh-ed25519-cert-v01@openssh.com,
807 rsa-sha2-512-cert-v01@openssh.com,
808 rsa-sha2-256-cert-v01@openssh.com,
789 ssh-rsa-cert-v01@openssh.com, 809 ssh-rsa-cert-v01@openssh.com,
790 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 810 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
791 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 811 sk-ecdsa-sha2-nistp256@openssh.com,
812 ssh-ed25519,sk-ssh-ed25519@openssh.com,
813 rsa-sha2-512,rsa-sha2-256,ssh-rsa
792 814
793 The list of available key types may also be obtained using "ssh 815 The list of available key types may also be obtained using "ssh
794 -Q key". 816 -Q PubkeyAcceptedKeyTypes".
795 817
796 PubkeyAuthentication 818 PubkeyAuthentication
797 Specifies whether to try public key authentication. The argument 819 Specifies whether to try public key authentication. The argument
@@ -861,6 +883,15 @@ DESCRIPTION
861 List (KRL) as generated by ssh-keygen(1). For more information 883 List (KRL) as generated by ssh-keygen(1). For more information
862 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). 884 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
863 885
886 SecurityKeyProvider
887 Specifies a path to a library that will be used when loading any
888 FIDO authenticator-hosted keys, overriding the default of using
889 the built-in USB HID support.
890
891 If the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, then it will
892 be treated as an environment variable containing the path to the
893 library.
894
864 SendEnv 895 SendEnv
865 Specifies what variables from the local environ(7) should be sent 896 Specifies what variables from the local environ(7) should be sent
866 to the server. The server must also support it, and the server 897 to the server. The server must also support it, and the server
@@ -988,15 +1019,21 @@ DESCRIPTION
988 Specifies whether ssh(1) should accept notifications of 1019 Specifies whether ssh(1) should accept notifications of
989 additional hostkeys from the server sent after authentication has 1020 additional hostkeys from the server sent after authentication has
990 completed and add them to UserKnownHostsFile. The argument must 1021 completed and add them to UserKnownHostsFile. The argument must
991 be yes, no (the default) or ask. Enabling this option allows 1022 be yes, no or ask. This option allows learning alternate
992 learning alternate hostkeys for a server and supports graceful 1023 hostkeys for a server and supports graceful key rotation by
993 key rotation by allowing a server to send replacement public keys 1024 allowing a server to send replacement public keys before old ones
994 before old ones are removed. Additional hostkeys are only 1025 are removed. Additional hostkeys are only accepted if the key
995 accepted if the key used to authenticate the host was already 1026 used to authenticate the host was already trusted or explicitly
996 trusted or explicitly accepted by the user. If UpdateHostKeys is 1027 accepted by the user.
997 set to ask, then the user is asked to confirm the modifications 1028
998 to the known_hosts file. Confirmation is currently incompatible 1029 UpdateHostKeys is enabled by default if the user has not
999 with ControlPersist, and will be disabled if it is enabled. 1030 overridden the default UserKnownHostsFile setting, otherwise
1031 UpdateHostKeys will be set to ask.
1032
1033 If UpdateHostKeys is set to ask, then the user is asked to
1034 confirm the modifications to the known_hosts file. Confirmation
1035 is currently incompatible with ControlPersist, and will be
1036 disabled if it is enabled.
1000 1037
1001 Presently, only sshd(8) from OpenSSH 6.8 and greater support the 1038 Presently, only sshd(8) from OpenSSH 6.8 and greater support the
1002 "hostkeys@openssh.com" protocol extension used to inform the 1039 "hostkeys@openssh.com" protocol extension used to inform the
@@ -1130,4 +1167,4 @@ AUTHORS
1130 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1167 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1131 versions 1.5 and 2.0. 1168 versions 1.5 and 2.0.
1132 1169
1133OpenBSD 6.6 September 13, 2019 OpenBSD 6.6 1170OpenBSD 6.6 February 7, 2020 OpenBSD 6.6
diff --git a/ssh_config.5 b/ssh_config.5
index b71d5ede9..6b4e4f43b 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,13 +33,13 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.304 2019/09/13 04:52:34 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $
37.Dd $Mdocdate: September 13 2019 $ 37.Dd $Mdocdate: February 7 2020 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm ssh_config 41.Nm ssh_config
42.Nd OpenSSH SSH client configuration files 42.Nd OpenSSH client configuration file
43.Sh DESCRIPTION 43.Sh DESCRIPTION
44.Xr ssh 1 44.Xr ssh 1
45obtains configuration data from the following sources in 45obtains configuration data from the following sources in
@@ -280,12 +280,14 @@ Valid arguments are
280.It Cm BatchMode 280.It Cm BatchMode
281If set to 281If set to
282.Cm yes , 282.Cm yes ,
283passphrase/password querying will be disabled. 283user interaction such as password prompts and host key confirmation requests
284will be disabled.
284In addition, the 285In addition, the
285.Cm ServerAliveInterval 286.Cm ServerAliveInterval
286option will be set to 300 seconds by default (Debian-specific). 287option will be set to 300 seconds by default (Debian-specific).
287This option is useful in scripts and other batch jobs where no user 288This option is useful in scripts and other batch jobs where no user
288is present to supply the password, 289is present to interact with
290.Xr ssh 1 ,
289and where it is desirable to detect a broken network swiftly. 291and where it is desirable to detect a broken network swiftly.
290The argument must be 292The argument must be
291.Cm yes 293.Cm yes
@@ -401,7 +403,9 @@ flag to
401via 403via
402.Xr ssh-agent 1 , 404.Xr ssh-agent 1 ,
403or via a 405or via a
404.Cm PKCS11Provider . 406.Cm PKCS11Provider
407or
408.Cm SecurityKeyProvider .
405.Pp 409.Pp
406Arguments to 410Arguments to
407.Cm CertificateFile 411.Cm CertificateFile
@@ -584,7 +588,8 @@ specifies that the master connection should remain open
584in the background (waiting for future client connections) 588in the background (waiting for future client connections)
585after the initial client connection has been closed. 589after the initial client connection has been closed.
586If set to 590If set to
587.Cm no , 591.Cm no
592(the default),
588then the master connection will not be placed into the background, 593then the master connection will not be placed into the background,
589and will close as soon as the initial client connection is closed. 594and will close as soon as the initial client connection is closed.
590If set to 595If set to
@@ -687,11 +692,14 @@ and
687.It Cm ForwardAgent 692.It Cm ForwardAgent
688Specifies whether the connection to the authentication agent (if any) 693Specifies whether the connection to the authentication agent (if any)
689will be forwarded to the remote machine. 694will be forwarded to the remote machine.
690The argument must be 695The argument may be
691.Cm yes 696.Cm yes ,
692or
693.Cm no 697.Cm no
694(the default). 698(the default),
699an explicit path to an agent socket or the name of an environment variable
700(beginning with
701.Sq $ )
702in which to find the path.
695.Pp 703.Pp
696Agent forwarding should be enabled with caution. 704Agent forwarding should be enabled with caution.
697Users with the ability to bypass file permissions on the remote host 705Users with the ability to bypass file permissions on the remote host
@@ -849,8 +857,8 @@ These hashed names may be used normally by
849.Xr ssh 1 857.Xr ssh 1
850and 858and
851.Xr sshd 8 , 859.Xr sshd 8 ,
852but they do not reveal identifying information should the file's contents 860but they do not visually reveal identifying information if the
853be disclosed. 861file's contents are disclosed.
854The default is 862The default is
855.Cm no . 863.Cm no .
856Note that existing names and addresses in known hosts files 864Note that existing names and addresses in known hosts files
@@ -888,11 +896,16 @@ The default for this option is:
888ecdsa-sha2-nistp256-cert-v01@openssh.com, 896ecdsa-sha2-nistp256-cert-v01@openssh.com,
889ecdsa-sha2-nistp384-cert-v01@openssh.com, 897ecdsa-sha2-nistp384-cert-v01@openssh.com,
890ecdsa-sha2-nistp521-cert-v01@openssh.com, 898ecdsa-sha2-nistp521-cert-v01@openssh.com,
899sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
891ssh-ed25519-cert-v01@openssh.com, 900ssh-ed25519-cert-v01@openssh.com,
892rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 901sk-ssh-ed25519-cert-v01@openssh.com,
902rsa-sha2-512-cert-v01@openssh.com,
903rsa-sha2-256-cert-v01@openssh.com,
893ssh-rsa-cert-v01@openssh.com, 904ssh-rsa-cert-v01@openssh.com,
894ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 905ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
895ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 906sk-ecdsa-sha2-nistp256@openssh.com,
907ssh-ed25519,sk-ssh-ed25519@openssh.com,
908rsa-sha2-512,rsa-sha2-256,ssh-rsa
896.Ed 909.Ed
897.Pp 910.Pp
898The 911The
@@ -920,18 +933,23 @@ The default for this option is:
920ecdsa-sha2-nistp256-cert-v01@openssh.com, 933ecdsa-sha2-nistp256-cert-v01@openssh.com,
921ecdsa-sha2-nistp384-cert-v01@openssh.com, 934ecdsa-sha2-nistp384-cert-v01@openssh.com,
922ecdsa-sha2-nistp521-cert-v01@openssh.com, 935ecdsa-sha2-nistp521-cert-v01@openssh.com,
936sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
923ssh-ed25519-cert-v01@openssh.com, 937ssh-ed25519-cert-v01@openssh.com,
924rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 938sk-ssh-ed25519-cert-v01@openssh.com,
939rsa-sha2-512-cert-v01@openssh.com,
940rsa-sha2-256-cert-v01@openssh.com,
925ssh-rsa-cert-v01@openssh.com, 941ssh-rsa-cert-v01@openssh.com,
926ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 942ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
927ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 943sk-ecdsa-sha2-nistp256@openssh.com,
944ssh-ed25519,sk-ssh-ed25519@openssh.com,
945rsa-sha2-512,rsa-sha2-256,ssh-rsa
928.Ed 946.Ed
929.Pp 947.Pp
930If hostkeys are known for the destination host then this default is modified 948If hostkeys are known for the destination host then this default is modified
931to prefer their algorithms. 949to prefer their algorithms.
932.Pp 950.Pp
933The list of available key types may also be obtained using 951The list of available key types may also be obtained using
934.Qq ssh -Q key . 952.Qq ssh -Q HostKeyAlgorithms .
935.It Cm HostKeyAlias 953.It Cm HostKeyAlias
936Specifies an alias that should be used instead of the 954Specifies an alias that should be used instead of the
937real host name when looking up or saving the host key 955real host name when looking up or saving the host key
@@ -964,6 +982,8 @@ even if
964.Xr ssh-agent 1 982.Xr ssh-agent 1
965or a 983or a
966.Cm PKCS11Provider 984.Cm PKCS11Provider
985or
986.Cm SecurityKeyProvider
967offers more identities. 987offers more identities.
968The argument to this keyword must be 988The argument to this keyword must be
969.Cm yes 989.Cm yes
@@ -1000,12 +1020,14 @@ or the tokens described in the
1000.Sx TOKENS 1020.Sx TOKENS
1001section. 1021section.
1002.It Cm IdentityFile 1022.It Cm IdentityFile
1003Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 1023Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1004identity is read. 1024Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1005The default is 1025The default is
1006.Pa ~/.ssh/id_dsa , 1026.Pa ~/.ssh/id_dsa ,
1007.Pa ~/.ssh/id_ecdsa , 1027.Pa ~/.ssh/id_ecdsa ,
1008.Pa ~/.ssh/id_ed25519 1028.Pa ~/.ssh/id_ecdsa_sk ,
1029.Pa ~/.ssh/id_ed25519 ,
1030.Pa ~/.ssh/id_ed25519_sk
1009and 1031and
1010.Pa ~/.ssh/id_rsa . 1032.Pa ~/.ssh/id_rsa .
1011Additionally, any identities represented by the authentication agent 1033Additionally, any identities represented by the authentication agent
@@ -1099,6 +1121,7 @@ Accepted values are
1099.Cm cs6 , 1121.Cm cs6 ,
1100.Cm cs7 , 1122.Cm cs7 ,
1101.Cm ef , 1123.Cm ef ,
1124.Cm le ,
1102.Cm lowdelay , 1125.Cm lowdelay ,
1103.Cm throughput , 1126.Cm throughput ,
1104.Cm reliability , 1127.Cm reliability ,
@@ -1153,8 +1176,7 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1153diffie-hellman-group-exchange-sha256, 1176diffie-hellman-group-exchange-sha256,
1154diffie-hellman-group16-sha512, 1177diffie-hellman-group16-sha512,
1155diffie-hellman-group18-sha512, 1178diffie-hellman-group18-sha512,
1156diffie-hellman-group14-sha256, 1179diffie-hellman-group14-sha256
1157diffie-hellman-group14-sha1
1158.Ed 1180.Ed
1159.Pp 1181.Pp
1160The list of available key exchange algorithms may also be obtained using 1182The list of available key exchange algorithms may also be obtained using
@@ -1397,15 +1419,20 @@ The default for this option is:
1397ecdsa-sha2-nistp256-cert-v01@openssh.com, 1419ecdsa-sha2-nistp256-cert-v01@openssh.com,
1398ecdsa-sha2-nistp384-cert-v01@openssh.com, 1420ecdsa-sha2-nistp384-cert-v01@openssh.com,
1399ecdsa-sha2-nistp521-cert-v01@openssh.com, 1421ecdsa-sha2-nistp521-cert-v01@openssh.com,
1422sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1400ssh-ed25519-cert-v01@openssh.com, 1423ssh-ed25519-cert-v01@openssh.com,
1401rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 1424sk-ssh-ed25519-cert-v01@openssh.com,
1425rsa-sha2-512-cert-v01@openssh.com,
1426rsa-sha2-256-cert-v01@openssh.com,
1402ssh-rsa-cert-v01@openssh.com, 1427ssh-rsa-cert-v01@openssh.com,
1403ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1428ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1404ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 1429sk-ecdsa-sha2-nistp256@openssh.com,
1430ssh-ed25519,sk-ssh-ed25519@openssh.com,
1431rsa-sha2-512,rsa-sha2-256,ssh-rsa
1405.Ed 1432.Ed
1406.Pp 1433.Pp
1407The list of available key types may also be obtained using 1434The list of available key types may also be obtained using
1408.Qq ssh -Q key . 1435.Qq ssh -Q PubkeyAcceptedKeyTypes .
1409.It Cm PubkeyAuthentication 1436.It Cm PubkeyAuthentication
1410Specifies whether to try public key authentication. 1437Specifies whether to try public key authentication.
1411The argument to this keyword must be 1438The argument to this keyword must be
@@ -1516,6 +1543,15 @@ an OpenSSH Key Revocation List (KRL) as generated by
1516.Xr ssh-keygen 1 . 1543.Xr ssh-keygen 1 .
1517For more information on KRLs, see the KEY REVOCATION LISTS section in 1544For more information on KRLs, see the KEY REVOCATION LISTS section in
1518.Xr ssh-keygen 1 . 1545.Xr ssh-keygen 1 .
1546.It Cm SecurityKeyProvider
1547Specifies a path to a library that will be used when loading any
1548FIDO authenticator-hosted keys, overriding the default of using
1549the built-in USB HID support.
1550.Pp
1551If the specified value begins with a
1552.Sq $
1553character, then it will be treated as an environment variable containing
1554the path to the library.
1519.It Cm SendEnv 1555.It Cm SendEnv
1520Specifies what variables from the local 1556Specifies what variables from the local
1521.Xr environ 7 1557.Xr environ 7
@@ -1734,13 +1770,22 @@ after authentication has completed and add them to
1734The argument must be 1770The argument must be
1735.Cm yes , 1771.Cm yes ,
1736.Cm no 1772.Cm no
1737(the default) or 1773or
1738.Cm ask . 1774.Cm ask .
1739Enabling this option allows learning alternate hostkeys for a server 1775This option allows learning alternate hostkeys for a server
1740and supports graceful key rotation by allowing a server to send replacement 1776and supports graceful key rotation by allowing a server to send replacement
1741public keys before old ones are removed. 1777public keys before old ones are removed.
1742Additional hostkeys are only accepted if the key used to authenticate the 1778Additional hostkeys are only accepted if the key used to authenticate the
1743host was already trusted or explicitly accepted by the user. 1779host was already trusted or explicitly accepted by the user.
1780.Pp
1781.Cm UpdateHostKeys
1782is enabled by default if the user has not overridden the default
1783.Cm UserKnownHostsFile
1784setting, otherwise
1785.Cm UpdateHostKeys
1786will be set to
1787.Cm ask .
1788.Pp
1744If 1789If
1745.Cm UpdateHostKeys 1790.Cm UpdateHostKeys
1746is set to 1791is set to
diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c
index d401a7265..da834d008 100644
--- a/sshbuf-getput-basic.c
+++ b/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-basic.c,v 1.9 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-basic.c,v 1.10 2019/12/13 19:09:37 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -535,6 +535,9 @@ sshbuf_put_cstring(struct sshbuf *buf, const char *v)
535int 535int
536sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v) 536sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v)
537{ 537{
538 if (v == NULL)
539 return sshbuf_put_string(buf, NULL, 0);
540
538 return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v)); 541 return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v));
539} 542}
540 543
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index 3dd1e1446..2e61d3bcd 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $ */ 1/* $OpenBSD: sshbuf-getput-crypto.c,v 1.8 2019/11/15 06:00:20 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -23,6 +23,7 @@
23#include <stdio.h> 23#include <stdio.h>
24#include <string.h> 24#include <string.h>
25 25
26#ifdef WITH_OPENSSL
26#include <openssl/bn.h> 27#include <openssl/bn.h>
27#ifdef OPENSSL_HAS_ECC 28#ifdef OPENSSL_HAS_ECC
28# include <openssl/ec.h> 29# include <openssl/ec.h>
@@ -153,23 +154,17 @@ int
153sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) 154sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
154{ 155{
155 u_char d[SSHBUF_MAX_ECPOINT]; 156 u_char d[SSHBUF_MAX_ECPOINT];
156 BN_CTX *bn_ctx;
157 size_t len; 157 size_t len;
158 int ret; 158 int ret;
159 159
160 if ((bn_ctx = BN_CTX_new()) == NULL)
161 return SSH_ERR_ALLOC_FAIL;
162 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, 160 if ((len = EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
163 NULL, 0, bn_ctx)) > SSHBUF_MAX_ECPOINT) { 161 NULL, 0, NULL)) > SSHBUF_MAX_ECPOINT) {
164 BN_CTX_free(bn_ctx);
165 return SSH_ERR_INVALID_ARGUMENT; 162 return SSH_ERR_INVALID_ARGUMENT;
166 } 163 }
167 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED, 164 if (EC_POINT_point2oct(g, v, POINT_CONVERSION_UNCOMPRESSED,
168 d, len, bn_ctx) != len) { 165 d, len, NULL) != len) {
169 BN_CTX_free(bn_ctx);
170 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ 166 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
171 } 167 }
172 BN_CTX_free(bn_ctx);
173 ret = sshbuf_put_string(buf, d, len); 168 ret = sshbuf_put_string(buf, d, len);
174 explicit_bzero(d, len); 169 explicit_bzero(d, len);
175 return ret; 170 return ret;
@@ -182,4 +177,4 @@ sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
182 EC_KEY_get0_group(v)); 177 EC_KEY_get0_group(v));
183} 178}
184#endif /* OPENSSL_HAS_ECC */ 179#endif /* OPENSSL_HAS_ECC */
185 180#endif /* WITH_OPENSSL */
diff --git a/sshbuf-io.c b/sshbuf-io.c
new file mode 100644
index 000000000..13ef40e7d
--- /dev/null
+++ b/sshbuf-io.c
@@ -0,0 +1,117 @@
1/* $OpenBSD: sshbuf-io.c,v 1.2 2020/01/25 23:28:06 djm Exp $ */
2/*
3 * Copyright (c) 2011 Damien Miller
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include <sys/types.h>
21#include <sys/stat.h>
22
23#include <errno.h>
24#include <fcntl.h>
25#include <unistd.h>
26#include <string.h>
27
28#include "ssherr.h"
29#include "sshbuf.h"
30#include "atomicio.h"
31
32/* Load a file from a fd into a buffer */
33int
34sshbuf_load_fd(int fd, struct sshbuf **blobp)
35{
36 u_char buf[4096];
37 size_t len;
38 struct stat st;
39 int r;
40 struct sshbuf *blob;
41
42 *blobp = NULL;
43
44 if (fstat(fd, &st) == -1)
45 return SSH_ERR_SYSTEM_ERROR;
46 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
47 st.st_size > SSHBUF_SIZE_MAX)
48 return SSH_ERR_INVALID_FORMAT;
49 if ((blob = sshbuf_new()) == NULL)
50 return SSH_ERR_ALLOC_FAIL;
51 for (;;) {
52 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
53 if (errno == EPIPE)
54 break;
55 r = SSH_ERR_SYSTEM_ERROR;
56 goto out;
57 }
58 if ((r = sshbuf_put(blob, buf, len)) != 0)
59 goto out;
60 if (sshbuf_len(blob) > SSHBUF_SIZE_MAX) {
61 r = SSH_ERR_INVALID_FORMAT;
62 goto out;
63 }
64 }
65 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
66 st.st_size != (off_t)sshbuf_len(blob)) {
67 r = SSH_ERR_FILE_CHANGED;
68 goto out;
69 }
70 /* success */
71 *blobp = blob;
72 blob = NULL; /* transferred */
73 r = 0;
74 out:
75 explicit_bzero(buf, sizeof(buf));
76 sshbuf_free(blob);
77 return r;
78}
79
80int
81sshbuf_load_file(const char *path, struct sshbuf **bufp)
82{
83 int r, fd, oerrno;
84
85 *bufp = NULL;
86 if ((fd = open(path, O_RDONLY)) == -1)
87 return SSH_ERR_SYSTEM_ERROR;
88 if ((r = sshbuf_load_fd(fd, bufp)) != 0)
89 goto out;
90 /* success */
91 r = 0;
92 out:
93 oerrno = errno;
94 close(fd);
95 if (r != 0)
96 errno = oerrno;
97 return r;
98}
99
100int
101sshbuf_write_file(const char *path, struct sshbuf *buf)
102{
103 int fd, oerrno;
104
105 if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1)
106 return SSH_ERR_SYSTEM_ERROR;
107 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(buf),
108 sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
109 oerrno = errno;
110 close(fd);
111 unlink(path);
112 errno = oerrno;
113 return SSH_ERR_SYSTEM_ERROR;
114 }
115 return 0;
116}
117
diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index a73f008b0..c0336e867 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-misc.c,v 1.11 2019/07/30 05:04:49 djm Exp $ */ 1/* $OpenBSD: sshbuf-misc.c,v 1.13 2020/01/25 23:28:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
diff --git a/sshbuf.c b/sshbuf.c
index adfddf775..f4f7a220f 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $ */ 1/* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -42,7 +42,7 @@ sshbuf_check_sanity(const struct sshbuf *buf)
42 buf->off > buf->size)) { 42 buf->off > buf->size)) {
43 /* Do not try to recover from corrupted buffer internals */ 43 /* Do not try to recover from corrupted buffer internals */
44 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 44 SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
45 signal(SIGSEGV, SIG_DFL); 45 ssh_signal(SIGSEGV, SIG_DFL);
46 raise(SIGSEGV); 46 raise(SIGSEGV);
47 return SSH_ERR_INTERNAL_ERROR; 47 return SSH_ERR_INTERNAL_ERROR;
48 } 48 }
diff --git a/sshbuf.h b/sshbuf.h
index ebd64b10e..165cd0b18 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.h,v 1.18 2019/09/06 05:23:55 djm Exp $ */ 1/* $OpenBSD: sshbuf.h,v 1.19 2020/01/25 23:02:14 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -291,6 +291,22 @@ sshbuf_find(const struct sshbuf *b, size_t start_offset,
291 */ 291 */
292char *sshbuf_dup_string(struct sshbuf *buf); 292char *sshbuf_dup_string(struct sshbuf *buf);
293 293
294/*
295 * Fill a buffer from a file descriptor or filename. Both allocate the
296 * buffer for the caller.
297 */
298int sshbuf_load_fd(int, struct sshbuf **)
299 __attribute__((__nonnull__ (2)));
300int sshbuf_load_file(const char *, struct sshbuf **)
301 __attribute__((__nonnull__ (2)));
302
303/*
304 * Write a buffer to a path, creating/truncating as needed (mode 0644,
305 * subject to umask). The buffer contents are not modified.
306 */
307int sshbuf_write_file(const char *path, struct sshbuf *buf)
308 __attribute__((__nonnull__ (2)));
309
294/* Macros for decoding/encoding integers */ 310/* Macros for decoding/encoding integers */
295#define PEEK_U64(p) \ 311#define PEEK_U64(p) \
296 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ 312 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
diff --git a/sshconnect.c b/sshconnect.c
index 27daef74f..9f2412e0d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.319 2019/09/13 04:31:19 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,9 +39,9 @@
39#include <poll.h> 39#include <poll.h>
40#endif 40#endif
41#include <signal.h> 41#include <signal.h>
42#include <stdarg.h>
43#include <stdio.h> 42#include <stdio.h>
44#include <stdlib.h> 43#include <stdlib.h>
44#include <stdarg.h>
45#include <string.h> 45#include <string.h>
46#include <unistd.h> 46#include <unistd.h>
47#ifdef HAVE_IFADDRS_H 47#ifdef HAVE_IFADDRS_H
@@ -141,7 +141,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
141 "proxy dialer: %.100s", strerror(errno)); 141 "proxy dialer: %.100s", strerror(errno));
142 142
143 command_string = expand_proxy_command(proxy_command, options.user, 143 command_string = expand_proxy_command(proxy_command, options.user,
144 host_arg, host, port); 144 host, host_arg, port);
145 debug("Executing proxy dialer command: %.500s", command_string); 145 debug("Executing proxy dialer command: %.500s", command_string);
146 146
147 /* Fork and execute the proxy command. */ 147 /* Fork and execute the proxy command. */
@@ -224,7 +224,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
224 strerror(errno)); 224 strerror(errno));
225 225
226 command_string = expand_proxy_command(proxy_command, options.user, 226 command_string = expand_proxy_command(proxy_command, options.user,
227 host_arg, host, port); 227 host, host_arg, port);
228 debug("Executing proxy command: %.500s", command_string); 228 debug("Executing proxy command: %.500s", command_string);
229 229
230 /* Fork and execute the proxy command. */ 230 /* Fork and execute the proxy command. */
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
259 259
260 /* Execute the proxy command. Note that we gave up any 260 /* Execute the proxy command. Note that we gave up any
261 extra privileges above. */ 261 extra privileges above. */
262 signal(SIGPIPE, SIG_DFL); 262 ssh_signal(SIGPIPE, SIG_DFL);
263 execvp(argv[0], argv); 263 execvp(argv[0], argv);
264 perror(argv[0]); 264 perror(argv[0]);
265 exit(1); 265 exit(1);
@@ -580,22 +580,23 @@ confirm(const char *prompt, const char *fingerprint)
580{ 580{
581 const char *msg, *again = "Please type 'yes' or 'no': "; 581 const char *msg, *again = "Please type 'yes' or 'no': ";
582 const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; 582 const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
583 char *p; 583 char *p, *cp;
584 int ret = -1; 584 int ret = -1;
585 585
586 if (options.batch_mode) 586 if (options.batch_mode)
587 return 0; 587 return 0;
588 for (msg = prompt;;msg = fingerprint ? again_fp : again) { 588 for (msg = prompt;;msg = fingerprint ? again_fp : again) {
589 p = read_passphrase(msg, RP_ECHO); 589 cp = p = read_passphrase(msg, RP_ECHO);
590 if (p == NULL) 590 if (p == NULL)
591 return 0; 591 return 0;
592 p[strcspn(p, "\n")] = '\0'; 592 p += strspn(p, " \t"); /* skip leading whitespace */
593 p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
593 if (p[0] == '\0' || strcasecmp(p, "no") == 0) 594 if (p[0] == '\0' || strcasecmp(p, "no") == 0)
594 ret = 0; 595 ret = 0;
595 else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL && 596 else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
596 strcasecmp(p, fingerprint) == 0)) 597 strcasecmp(p, fingerprint) == 0))
597 ret = 1; 598 ret = 1;
598 free(p); 599 free(cp);
599 if (ret != -1) 600 if (ret != -1)
600 return ret; 601 return ret;
601 } 602 }
@@ -1389,10 +1390,10 @@ ssh_local_cmd(const char *args)
1389 if ((shell = getenv("SHELL")) == NULL || *shell == '\0') 1390 if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
1390 shell = _PATH_BSHELL; 1391 shell = _PATH_BSHELL;
1391 1392
1392 osighand = signal(SIGCHLD, SIG_DFL); 1393 osighand = ssh_signal(SIGCHLD, SIG_DFL);
1393 pid = fork(); 1394 pid = fork();
1394 if (pid == 0) { 1395 if (pid == 0) {
1395 signal(SIGPIPE, SIG_DFL); 1396 ssh_signal(SIGPIPE, SIG_DFL);
1396 debug3("Executing %s -c \"%s\"", shell, args); 1397 debug3("Executing %s -c \"%s\"", shell, args);
1397 execlp(shell, shell, "-c", args, (char *)NULL); 1398 execlp(shell, shell, "-c", args, (char *)NULL);
1398 error("Couldn't execute %s -c \"%s\": %s", 1399 error("Couldn't execute %s -c \"%s\": %s",
@@ -1403,7 +1404,7 @@ ssh_local_cmd(const char *args)
1403 while (waitpid(pid, &status, 0) == -1) 1404 while (waitpid(pid, &status, 0) == -1)
1404 if (errno != EINTR) 1405 if (errno != EINTR)
1405 fatal("Couldn't wait for child: %s", strerror(errno)); 1406 fatal("Couldn't wait for child: %s", strerror(errno));
1406 signal(SIGCHLD, osighand); 1407 ssh_signal(SIGCHLD, osighand);
1407 1408
1408 if (!WIFEXITED(status)) 1409 if (!WIFEXITED(status))
1409 return (1); 1410 return (1);
@@ -1412,10 +1413,11 @@ ssh_local_cmd(const char *args)
1412} 1413}
1413 1414
1414void 1415void
1415maybe_add_key_to_agent(char *authfile, struct sshkey *private, 1416maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
1416 char *comment, char *passphrase) 1417 const char *comment, const char *passphrase)
1417{ 1418{
1418 int auth_sock = -1, r; 1419 int auth_sock = -1, r;
1420 const char *skprovider = NULL;
1419 1421
1420 if (options.add_keys_to_agent == 0) 1422 if (options.add_keys_to_agent == 0)
1421 return; 1423 return;
@@ -1431,9 +1433,11 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private,
1431 close(auth_sock); 1433 close(auth_sock);
1432 return; 1434 return;
1433 } 1435 }
1434 1436 if (sshkey_is_sk(private))
1435 if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, 1437 skprovider = options.sk_provider;
1436 (options.add_keys_to_agent == 3), 0)) == 0) 1438 if ((r = ssh_add_identity_constrained(auth_sock, private,
1439 comment == NULL ? authfile : comment, 0,
1440 (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
1437 debug("identity added to agent: %s", authfile); 1441 debug("identity added to agent: %s", authfile);
1438 else 1442 else
1439 debug("could not add identity to agent: %s (%d)", authfile, r); 1443 debug("could not add identity to agent: %s (%d)", authfile, r);
diff --git a/sshconnect.h b/sshconnect.h
index 2e84b8bc5..7c091e2b1 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.39 2019/09/13 04:27:35 djm Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.40 2020/01/25 07:17:18 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -53,4 +53,5 @@ void ssh_userauth2(struct ssh *ssh, const char *, const char *,
53 53
54int ssh_local_cmd(const char *); 54int ssh_local_cmd(const char *);
55 55
56void maybe_add_key_to_agent(char *, struct sshkey *, char *, char *); 56void maybe_add_key_to_agent(const char *, struct sshkey *,
57 const char *, const char *);
diff --git a/sshconnect2.c b/sshconnect2.c
index a4ec75ca1..03bc87eb4 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.320 2020/02/06 22:48:23 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -36,9 +36,9 @@
36#include <netdb.h> 36#include <netdb.h>
37#include <pwd.h> 37#include <pwd.h>
38#include <signal.h> 38#include <signal.h>
39#include <stdarg.h>
40#include <stdio.h> 39#include <stdio.h>
41#include <string.h> 40#include <string.h>
41#include <stdarg.h>
42#include <unistd.h> 42#include <unistd.h>
43#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) 43#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
44#include <vis.h> 44#include <vis.h>
@@ -72,6 +72,8 @@
72#include "hostfile.h" 72#include "hostfile.h"
73#include "ssherr.h" 73#include "ssherr.h"
74#include "utf8.h" 74#include "utf8.h"
75#include "ssh-sk.h"
76#include "sk-api.h"
75 77
76#ifdef GSSAPI 78#ifdef GSSAPI
77#include "ssh-gss.h" 79#include "ssh-gss.h"
@@ -115,7 +117,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
115 for (i = 0; i < options.num_system_hostfiles; i++) 117 for (i = 0; i < options.num_system_hostfiles; i++)
116 load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); 118 load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
117 119
118 oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); 120 oavail = avail = xstrdup(options.hostkeyalgorithms);
119 maxlen = strlen(avail) + 1; 121 maxlen = strlen(avail) + 1;
120 first = xmalloc(maxlen); 122 first = xmalloc(maxlen);
121 last = xmalloc(maxlen); 123 last = xmalloc(maxlen);
@@ -157,7 +159,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
157{ 159{
158 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
159 char *s, *all_key; 161 char *s, *all_key;
160 int r; 162 int r, use_known_hosts_order = 0;
161 163
162#if defined(GSSAPI) && defined(WITH_OPENSSL) 164#if defined(GSSAPI) && defined(WITH_OPENSSL)
163 char *orig = NULL, *gss = NULL; 165 char *orig = NULL, *gss = NULL;
@@ -167,6 +169,23 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
167 xxx_host = host; 169 xxx_host = host;
168 xxx_hostaddr = hostaddr; 170 xxx_hostaddr = hostaddr;
169 171
172 /*
173 * If the user has not specified HostkeyAlgorithms, or has only
174 * appended or removed algorithms from that list then prefer algorithms
175 * that are in the list that are supported by known_hosts keys.
176 */
177 if (options.hostkeyalgorithms == NULL ||
178 options.hostkeyalgorithms[0] == '-' ||
179 options.hostkeyalgorithms[0] == '+')
180 use_known_hosts_order = 1;
181
182 /* Expand or fill in HostkeyAlgorithms */
183 all_key = sshkey_alg_list(0, 0, 1, ',');
184 if (kex_assemble_names(&options.hostkeyalgorithms,
185 kex_default_pk_alg(), all_key) != 0)
186 fatal("%s: kex_assemble_namelist", __func__);
187 free(all_key);
188
170 if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) 189 if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
171 fatal("%s: kex_names_cat", __func__); 190 fatal("%s: kex_names_cat", __func__);
172 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); 191 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
@@ -175,25 +194,19 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
175 myproposal[PROPOSAL_ENC_ALGS_STOC] = 194 myproposal[PROPOSAL_ENC_ALGS_STOC] =
176 compat_cipher_proposal(options.ciphers); 195 compat_cipher_proposal(options.ciphers);
177 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 196 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
178 myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? 197 myproposal[PROPOSAL_COMP_ALGS_STOC] =
179 "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; 198 (char *)compression_alg_list(options.compression);
180 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 199 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
181 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 200 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
182 if (options.hostkeyalgorithms != NULL) { 201 if (use_known_hosts_order) {
183 all_key = sshkey_alg_list(0, 0, 1, ','); 202 /* Query known_hosts and prefer algorithms that appear there */
184 if (kex_assemble_names(&options.hostkeyalgorithms,
185 KEX_DEFAULT_PK_ALG, all_key) != 0)
186 fatal("%s: kex_assemble_namelist", __func__);
187 free(all_key);
188 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
189 compat_pkalg_proposal(options.hostkeyalgorithms);
190 } else {
191 /* Enforce default */
192 options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
193 /* Prefer algorithms that we already have keys for */
194 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 203 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
195 compat_pkalg_proposal( 204 compat_pkalg_proposal(
196 order_hostkeyalgs(host, hostaddr, port)); 205 order_hostkeyalgs(host, hostaddr, port));
206 } else {
207 /* Use specified HostkeyAlgorithms exactly */
208 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
209 compat_pkalg_proposal(options.hostkeyalgorithms);
197 } 210 }
198 211
199#if defined(GSSAPI) && defined(WITH_OPENSSL) 212#if defined(GSSAPI) && defined(WITH_OPENSSL)
@@ -254,7 +267,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
254 ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client; 267 ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client;
255 } 268 }
256# endif 269# endif
257#endif 270#endif /* WITH_OPENSSL */
258 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; 271 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
259 ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; 272 ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
260 ssh->kex->verify_host_key=&verify_host_key_callback; 273 ssh->kex->verify_host_key=&verify_host_key_callback;
@@ -669,17 +682,23 @@ static char *
669format_identity(Identity *id) 682format_identity(Identity *id)
670{ 683{
671 char *fp = NULL, *ret = NULL; 684 char *fp = NULL, *ret = NULL;
685 const char *note = "";
672 686
673 if (id->key != NULL) { 687 if (id->key != NULL) {
674 fp = sshkey_fingerprint(id->key, options.fingerprint_hash, 688 fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
675 SSH_FP_DEFAULT); 689 SSH_FP_DEFAULT);
676 } 690 }
691 if (id->key) {
692 if ((id->key->flags & SSHKEY_FLAG_EXT) != 0)
693 note = " token";
694 else if (sshkey_is_sk(id->key))
695 note = " authenticator";
696 }
677 xasprintf(&ret, "%s %s%s%s%s%s%s", 697 xasprintf(&ret, "%s %s%s%s%s%s%s",
678 id->filename, 698 id->filename,
679 id->key ? sshkey_type(id->key) : "", id->key ? " " : "", 699 id->key ? sshkey_type(id->key) : "", id->key ? " " : "",
680 fp ? fp : "", 700 fp ? fp : "",
681 id->userprovided ? " explicit" : "", 701 id->userprovided ? " explicit" : "", note,
682 (id->key && (id->key->flags & SSHKEY_FLAG_EXT)) ? " token" : "",
683 id->agent_fd != -1 ? " agent" : ""); 702 id->agent_fd != -1 ? " agent" : "");
684 free(fp); 703 free(fp);
685 return ret; 704 return ret;
@@ -1272,8 +1291,13 @@ static int
1272identity_sign(struct identity *id, u_char **sigp, size_t *lenp, 1291identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1273 const u_char *data, size_t datalen, u_int compat, const char *alg) 1292 const u_char *data, size_t datalen, u_int compat, const char *alg)
1274{ 1293{
1275 struct sshkey *prv; 1294 struct sshkey *sign_key = NULL, *prv = NULL;
1276 int r; 1295 int r = SSH_ERR_INTERNAL_ERROR;
1296 struct notifier_ctx *notifier = NULL;
1297 char *fp = NULL;
1298
1299 *sigp = NULL;
1300 *lenp = 0;
1277 1301
1278 /* The agent supports this key. */ 1302 /* The agent supports this key. */
1279 if (id->key != NULL && id->agent_fd != -1) { 1303 if (id->key != NULL && id->agent_fd != -1) {
@@ -1287,27 +1311,47 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1287 */ 1311 */
1288 if (id->key != NULL && 1312 if (id->key != NULL &&
1289 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) { 1313 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) {
1290 if ((r = sshkey_sign(id->key, sigp, lenp, data, datalen, 1314 sign_key = id->key;
1291 alg, compat)) != 0) 1315 } else {
1292 return r; 1316 /* Load the private key from the file. */
1293 /* 1317 if ((prv = load_identity_file(id)) == NULL)
1294 * PKCS#11 tokens may not support all signature algorithms, 1318 return SSH_ERR_KEY_NOT_FOUND;
1295 * so check what we get back. 1319 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
1296 */ 1320 error("%s: private key %s contents do not match public",
1297 if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) 1321 __func__, id->filename);
1298 return r; 1322 r = SSH_ERR_KEY_NOT_FOUND;
1299 return 0; 1323 goto out;
1324 }
1325 sign_key = prv;
1326 if (sshkey_is_sk(sign_key) &&
1327 (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
1328 /* XXX match batch mode should just skip these keys? */
1329 if ((fp = sshkey_fingerprint(sign_key,
1330 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
1331 fatal("%s: sshkey_fingerprint", __func__);
1332 notifier = notify_start(options.batch_mode,
1333 "Confirm user presence for key %s %s",
1334 sshkey_type(sign_key), fp);
1335 free(fp);
1336 }
1300 } 1337 }
1301 1338 if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
1302 /* Load the private key from the file. */ 1339 alg, options.sk_provider, compat)) != 0) {
1303 if ((prv = load_identity_file(id)) == NULL) 1340 debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
1304 return SSH_ERR_KEY_NOT_FOUND; 1341 goto out;
1305 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
1306 error("%s: private key %s contents do not match public",
1307 __func__, id->filename);
1308 return SSH_ERR_KEY_NOT_FOUND;
1309 } 1342 }
1310 r = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); 1343 /*
1344 * PKCS#11 tokens may not support all signature algorithms,
1345 * so check what we get back.
1346 */
1347 if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
1348 debug("%s: sshkey_check_sigtype: %s", __func__, ssh_err(r));
1349 goto out;
1350 }
1351 /* success */
1352 r = 0;
1353 out:
1354 notify_complete(notifier);
1311 sshkey_free(prv); 1355 sshkey_free(prv);
1312 return r; 1356 return r;
1313} 1357}
@@ -1410,7 +1454,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
1410 error("%s: no mutual signature supported", __func__); 1454 error("%s: no mutual signature supported", __func__);
1411 goto out; 1455 goto out;
1412 } 1456 }
1413 debug3("%s: signing using %s", __func__, alg); 1457 debug3("%s: signing using %s %s", __func__, alg, fp);
1414 1458
1415 sshbuf_free(b); 1459 sshbuf_free(b);
1416 if ((b = sshbuf_new()) == NULL) 1460 if ((b = sshbuf_new()) == NULL)
@@ -1457,7 +1501,9 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
1457 loc, sshkey_type(id->key), fp); 1501 loc, sshkey_type(id->key), fp);
1458 continue; 1502 continue;
1459 } 1503 }
1460 error("%s: signing failed: %s", __func__, ssh_err(r)); 1504 error("%s: signing failed for %s \"%s\"%s: %s", __func__,
1505 sshkey_type(sign_id->key), sign_id->filename,
1506 id->agent_fd != -1 ? " from agent" : "", ssh_err(r));
1461 goto out; 1507 goto out;
1462 } 1508 }
1463 if (slen == 0 || signature == NULL) /* shouldn't happen */ 1509 if (slen == 0 || signature == NULL) /* shouldn't happen */
@@ -1582,6 +1628,14 @@ load_identity_file(Identity *id)
1582 quit = 1; 1628 quit = 1;
1583 break; 1629 break;
1584 } 1630 }
1631 if (private != NULL && sshkey_is_sk(private) &&
1632 options.sk_provider == NULL) {
1633 debug("key \"%s\" is an authenticator-hosted key, "
1634 "but no provider specified", id->filename);
1635 sshkey_free(private);
1636 private = NULL;
1637 quit = 1;
1638 }
1585 if (!quit && private != NULL && id->agent_fd == -1 && 1639 if (!quit && private != NULL && id->agent_fd == -1 &&
1586 !(id->key && id->isprivate)) 1640 !(id->key && id->isprivate))
1587 maybe_add_key_to_agent(id->filename, private, comment, 1641 maybe_add_key_to_agent(id->filename, private, comment,
@@ -1652,8 +1706,19 @@ pubkey_prepare(Authctxt *authctxt)
1652 /* list of keys stored in the filesystem and PKCS#11 */ 1706 /* list of keys stored in the filesystem and PKCS#11 */
1653 for (i = 0; i < options.num_identity_files; i++) { 1707 for (i = 0; i < options.num_identity_files; i++) {
1654 key = options.identity_keys[i]; 1708 key = options.identity_keys[i];
1655 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) 1709 if (key && key->cert &&
1710 key->cert->type != SSH2_CERT_TYPE_USER) {
1711 debug("%s: ignoring certificate %s: not a user "
1712 "certificate", __func__,
1713 options.identity_files[i]);
1714 continue;
1715 }
1716 if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
1717 debug("%s: ignoring authenticator-hosted key %s as no "
1718 "SecurityKeyProvider has been specified",
1719 __func__, options.identity_files[i]);
1656 continue; 1720 continue;
1721 }
1657 options.identity_keys[i] = NULL; 1722 options.identity_keys[i] = NULL;
1658 id = xcalloc(1, sizeof(*id)); 1723 id = xcalloc(1, sizeof(*id));
1659 id->agent_fd = -1; 1724 id->agent_fd = -1;
@@ -1666,8 +1731,19 @@ pubkey_prepare(Authctxt *authctxt)
1666 for (i = 0; i < options.num_certificate_files; i++) { 1731 for (i = 0; i < options.num_certificate_files; i++) {
1667 key = options.certificates[i]; 1732 key = options.certificates[i];
1668 if (!sshkey_is_cert(key) || key->cert == NULL || 1733 if (!sshkey_is_cert(key) || key->cert == NULL ||
1669 key->cert->type != SSH2_CERT_TYPE_USER) 1734 key->cert->type != SSH2_CERT_TYPE_USER) {
1735 debug("%s: ignoring certificate %s: not a user "
1736 "certificate", __func__,
1737 options.identity_files[i]);
1670 continue; 1738 continue;
1739 }
1740 if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
1741 debug("%s: ignoring authenticator-hosted key "
1742 "certificate %s as no "
1743 "SecurityKeyProvider has been specified",
1744 __func__, options.identity_files[i]);
1745 continue;
1746 }
1671 id = xcalloc(1, sizeof(*id)); 1747 id = xcalloc(1, sizeof(*id));
1672 id->agent_fd = -1; 1748 id->agent_fd = -1;
1673 id->key = key; 1749 id->key = key;
@@ -1992,7 +2068,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1992 error("%s: fork: %s", __func__, strerror(errno)); 2068 error("%s: fork: %s", __func__, strerror(errno));
1993 return -1; 2069 return -1;
1994 } 2070 }
1995 osigchld = signal(SIGCHLD, SIG_DFL); 2071 osigchld = ssh_signal(SIGCHLD, SIG_DFL);
1996 if (pid == 0) { 2072 if (pid == 0) {
1997 close(from[0]); 2073 close(from[0]);
1998 if (dup2(from[1], STDOUT_FILENO) == -1) 2074 if (dup2(from[1], STDOUT_FILENO) == -1)
@@ -2064,11 +2140,11 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
2064 if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) { 2140 if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
2065 error("%s: buffer error: %s", __func__, ssh_err(r)); 2141 error("%s: buffer error: %s", __func__, ssh_err(r));
2066 fail: 2142 fail:
2067 signal(SIGCHLD, osigchld); 2143 ssh_signal(SIGCHLD, osigchld);
2068 sshbuf_free(b); 2144 sshbuf_free(b);
2069 return -1; 2145 return -1;
2070 } 2146 }
2071 signal(SIGCHLD, osigchld); 2147 ssh_signal(SIGCHLD, osigchld);
2072 sshbuf_free(b); 2148 sshbuf_free(b);
2073 2149
2074 return 0; 2150 return 0;
diff --git a/sshd.0 b/sshd.0
index 1b0d5ce2e..15ef5dd3b 100644
--- a/sshd.0
+++ b/sshd.0
@@ -1,7 +1,7 @@
1SSHD(8) System Manager's Manual SSHD(8) 1SSHD(8) System Manager's Manual SSHD(8)
2 2
3NAME 3NAME
4 sshd M-bM-^@M-^S OpenSSH SSH daemon 4 sshd M-bM-^@M-^S OpenSSH daemon
5 5
6SYNOPSIS 6SYNOPSIS
7 sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file] 7 sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file]
@@ -128,14 +128,12 @@ AUTHENTICATION
128 host-specific key, used to identify the host. Whenever a client 128 host-specific key, used to identify the host. Whenever a client
129 connects, the daemon responds with its public host key. The client 129 connects, the daemon responds with its public host key. The client
130 compares the host key against its own database to verify that it has not 130 compares the host key against its own database to verify that it has not
131 changed. Forward security is provided through a Diffie-Hellman key 131 changed. Forward secrecy is provided through a Diffie-Hellman key
132 agreement. This key agreement results in a shared session key. The rest 132 agreement. This key agreement results in a shared session key. The rest
133 of the session is encrypted using a symmetric cipher, currently 128-bit 133 of the session is encrypted using a symmetric cipher. The client selects
134 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 134 the encryption algorithm to use from those offered by the server.
135 client selects the encryption algorithm to use from those offered by the 135 Additionally, session integrity is provided through a cryptographic
136 server. Additionally, session integrity is provided through a 136 message authentication code (MAC).
137 cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
138 umac-128, hmac-sha2-256 or hmac-sha2-512).
139 137
140 Finally, the server and the client enter an authentication dialog. The 138 Finally, the server and the client enter an authentication dialog. The
141 client tries to authenticate itself using host-based authentication, 139 client tries to authenticate itself using host-based authentication,
@@ -237,16 +235,25 @@ AUTHORIZED_KEYS FILE FORMAT
237 file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are 235 file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
238 ignored as comments). Public keys consist of the following space- 236 ignored as comments). Public keys consist of the following space-
239 separated fields: options, keytype, base64-encoded key, comment. The 237 separated fields: options, keytype, base64-encoded key, comment. The
240 options field is optional. The keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], 238 options field is optional. The supported key types are:
241 M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or 239
242 M-bM-^@M-^\ssh-rsaM-bM-^@M-^]; the comment field is not used for anything (but may be 240 sk-ecdsa-sha2-nistp256@openssh.com
243 convenient for the user to identify the key). 241 ecdsa-sha2-nistp256
242 ecdsa-sha2-nistp384
243 ecdsa-sha2-nistp521
244 sk-ssh-ed25519@openssh.com
245 ssh-ed25519
246 ssh-dss
247 ssh-rsa
248
249 The comment field is not used for anything (but may be convenient for the
250 user to identify the key).
244 251
245 Note that lines in this file can be several hundred bytes long (because 252 Note that lines in this file can be several hundred bytes long (because
246 of the size of the public key encoding) up to a limit of 8 kilobytes, 253 of the size of the public key encoding) up to a limit of 8 kilobytes,
247 which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. 254 which permits RSA keys up to 16 kilobits. You don't want to type them
248 You don't want to type them in; instead, copy the id_dsa.pub, 255 in; instead, copy the id_dsa.pub, id_ecdsa.pub, id_ecdsa_sk.pub,
249 id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. 256 id_ed25519.pub, id_ed25519_sk.pub, or the id_rsa.pub file and edit it.
250 257
251 sshd enforces a minimum RSA key modulus size of 1024 bits. 258 sshd enforces a minimum RSA key modulus size of 1024 bits.
252 259
@@ -360,9 +367,9 @@ AUTHORIZED_KEYS FILE FORMAT
360 it may only connect to the specified host and port. IPv6 367 it may only connect to the specified host and port. IPv6
361 addresses can be specified by enclosing the address in square 368 addresses can be specified by enclosing the address in square
362 brackets. Multiple permitopen options may be applied separated 369 brackets. Multiple permitopen options may be applied separated
363 by commas. No pattern matching is performed on the specified 370 by commas. No pattern matching or name lookup is performed on
364 hostnames, they must be literal domains or addresses. A port 371 the specified hostnames, they must be literal host names and/or
365 specification of * matches any port. 372 addresses. A port specification of * matches any port.
366 373
367 port-forwarding 374 port-forwarding
368 Enable port forwarding previously disabled by the restrict 375 Enable port forwarding previously disabled by the restrict
@@ -379,6 +386,11 @@ AUTHORIZED_KEYS FILE FORMAT
379 pty Permits tty allocation previously disabled by the restrict 386 pty Permits tty allocation previously disabled by the restrict
380 option. 387 option.
381 388
389 no-touch-required
390 Do not require demonstration of user presence for signatures made
391 using this key. This option only makes sense for the FIDO
392 authenticator algorithms ecdsa-sk and ed25519-sk.
393
382 restrict 394 restrict
383 Enable all restrictions, i.e. disable port, agent and X11 395 Enable all restrictions, i.e. disable port, agent and X11
384 forwarding, as well as disabling PTY allocation and execution of 396 forwarding, as well as disabling PTY allocation and execution of
@@ -416,6 +428,8 @@ AUTHORIZED_KEYS FILE FORMAT
416 user@example.net 428 user@example.net
417 restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== 429 restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
418 user@example.net 430 user@example.net
431 no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko==
432 user@example.net
419 433
420SSH_KNOWN_HOSTS FILE FORMAT 434SSH_KNOWN_HOSTS FILE FORMAT
421 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 435 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
@@ -650,4 +664,4 @@ AUTHORS
650 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 664 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
651 for privilege separation. 665 for privilege separation.
652 666
653OpenBSD 6.6 July 22, 2018 OpenBSD 6.6 667OpenBSD 6.6 January 25, 2020 OpenBSD 6.6
diff --git a/sshd.8 b/sshd.8
index 4abc01d66..5ce0ea4fa 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,13 +33,13 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $ 36.\" $OpenBSD: sshd.8,v 1.312 2020/01/25 06:03:10 djm Exp $
37.Dd $Mdocdate: July 22 2018 $ 37.Dd $Mdocdate: January 25 2020 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm sshd 41.Nm sshd
42.Nd OpenSSH SSH daemon 42.Nd OpenSSH daemon
43.Sh SYNOPSIS 43.Sh SYNOPSIS
44.Nm sshd 44.Nm sshd
45.Bk -words 45.Bk -words
@@ -253,16 +253,13 @@ Whenever a client connects, the daemon responds with its public
253host key. 253host key.
254The client compares the 254The client compares the
255host key against its own database to verify that it has not changed. 255host key against its own database to verify that it has not changed.
256Forward security is provided through a Diffie-Hellman key agreement. 256Forward secrecy is provided through a Diffie-Hellman key agreement.
257This key agreement results in a shared session key. 257This key agreement results in a shared session key.
258The rest of the session is encrypted using a symmetric cipher, currently 258The rest of the session is encrypted using a symmetric cipher.
259128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
260The client selects the encryption algorithm 259The client selects the encryption algorithm
261to use from those offered by the server. 260to use from those offered by the server.
262Additionally, session integrity is provided 261Additionally, session integrity is provided
263through a cryptographic message authentication code 262through a cryptographic message authentication code (MAC).
264(hmac-md5, hmac-sha1, umac-64, umac-128,
265hmac-sha2-256 or hmac-sha2-512).
266.Pp 263.Pp
267Finally, the server and the client enter an authentication dialog. 264Finally, the server and the client enter an authentication dialog.
268The client tries to authenticate itself using 265The client tries to authenticate itself using
@@ -429,25 +426,39 @@ comments).
429Public keys consist of the following space-separated fields: 426Public keys consist of the following space-separated fields:
430options, keytype, base64-encoded key, comment. 427options, keytype, base64-encoded key, comment.
431The options field is optional. 428The options field is optional.
432The keytype is 429The supported key types are:
433.Dq ecdsa-sha2-nistp256 , 430.Pp
434.Dq ecdsa-sha2-nistp384 , 431.Bl -item -compact -offset indent
435.Dq ecdsa-sha2-nistp521 , 432.It
436.Dq ssh-ed25519 , 433sk-ecdsa-sha2-nistp256@openssh.com
437.Dq ssh-dss 434.It
438or 435ecdsa-sha2-nistp256
439.Dq ssh-rsa ; 436.It
440the comment field is not used for anything (but may be convenient for the 437ecdsa-sha2-nistp384
438.It
439ecdsa-sha2-nistp521
440.It
441sk-ssh-ed25519@openssh.com
442.It
443ssh-ed25519
444.It
445ssh-dss
446.It
447ssh-rsa
448.El
449.Pp
450The comment field is not used for anything (but may be convenient for the
441user to identify the key). 451user to identify the key).
442.Pp 452.Pp
443Note that lines in this file can be several hundred bytes long 453Note that lines in this file can be several hundred bytes long
444(because of the size of the public key encoding) up to a limit of 454(because of the size of the public key encoding) up to a limit of
4458 kilobytes, which permits DSA keys up to 8 kilobits and RSA 4558 kilobytes, which permits RSA keys up to 16 kilobits.
446keys up to 16 kilobits.
447You don't want to type them in; instead, copy the 456You don't want to type them in; instead, copy the
448.Pa id_dsa.pub , 457.Pa id_dsa.pub ,
449.Pa id_ecdsa.pub , 458.Pa id_ecdsa.pub ,
459.Pa id_ecdsa_sk.pub ,
450.Pa id_ed25519.pub , 460.Pa id_ed25519.pub ,
461.Pa id_ed25519_sk.pub ,
451or the 462or the
452.Pa id_rsa.pub 463.Pa id_rsa.pub
453file and edit it. 464file and edit it.
@@ -589,8 +600,8 @@ IPv6 addresses can be specified by enclosing the address in square brackets.
589Multiple 600Multiple
590.Cm permitopen 601.Cm permitopen
591options may be applied separated by commas. 602options may be applied separated by commas.
592No pattern matching is performed on the specified hostnames, 603No pattern matching or name lookup is performed on the
593they must be literal domains or addresses. 604specified hostnames, they must be literal host names and/or addresses.
594A port specification of 605A port specification of
595.Cm * 606.Cm *
596matches any port. 607matches any port.
@@ -613,6 +624,13 @@ option.
613Permits tty allocation previously disabled by the 624Permits tty allocation previously disabled by the
614.Cm restrict 625.Cm restrict
615option. 626option.
627.It Cm no-touch-required
628Do not require demonstration of user presence
629for signatures made using this key.
630This option only makes sense for the FIDO authenticator algorithms
631.Cm ecdsa-sk
632and
633.Cm ed25519-sk .
616.It Cm restrict 634.It Cm restrict
617Enable all restrictions, i.e. disable port, agent and X11 forwarding, 635Enable all restrictions, i.e. disable port, agent and X11 forwarding,
618as well as disabling PTY allocation 636as well as disabling PTY allocation
@@ -656,6 +674,8 @@ restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
656user@example.net 674user@example.net
657restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== 675restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
658user@example.net 676user@example.net
677no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko==
678user@example.net
659.Ed 679.Ed
660.Sh SSH_KNOWN_HOSTS FILE FORMAT 680.Sh SSH_KNOWN_HOSTS FILE FORMAT
661The 681The
diff --git a/sshd.c b/sshd.c
index 5e7679a33..c069505a0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ 1/* $OpenBSD: sshd.c,v 1.549 2020/01/31 23:13:04 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -126,10 +126,7 @@
126#include "auth-options.h" 126#include "auth-options.h"
127#include "version.h" 127#include "version.h"
128#include "ssherr.h" 128#include "ssherr.h"
129 129#include "sk-api.h"
130#ifdef USE_SECURITY_SESSION_API
131#include <Security/AuthSession.h>
132#endif
133 130
134#ifdef LIBWRAP 131#ifdef LIBWRAP
135#include <tcpd.h> 132#include <tcpd.h>
@@ -265,6 +262,9 @@ struct sshauthopt *auth_opts = NULL;
265/* sshd_config buffer */ 262/* sshd_config buffer */
266struct sshbuf *cfg; 263struct sshbuf *cfg;
267 264
265/* Included files from the configuration file */
266struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
267
268/* message to be displayed after login */ 268/* message to be displayed after login */
269struct sshbuf *loginmsg; 269struct sshbuf *loginmsg;
270 270
@@ -276,6 +276,8 @@ void destroy_sensitive_data(void);
276void demote_sensitive_data(void); 276void demote_sensitive_data(void);
277static void do_ssh2_kex(struct ssh *); 277static void do_ssh2_kex(struct ssh *);
278 278
279static char *listener_proctitle;
280
279/* 281/*
280 * Close all listening sockets 282 * Close all listening sockets
281 */ 283 */
@@ -310,10 +312,7 @@ close_startup_pipes(void)
310static void 312static void
311sighup_handler(int sig) 313sighup_handler(int sig)
312{ 314{
313 int save_errno = errno;
314
315 received_sighup = 1; 315 received_sighup = 1;
316 errno = save_errno;
317} 316}
318 317
319/* 318/*
@@ -330,7 +329,7 @@ sighup_restart(void)
330 close_listen_socks(); 329 close_listen_socks();
331 close_startup_pipes(); 330 close_startup_pipes();
332 alarm(0); /* alarm timer persists across exec */ 331 alarm(0); /* alarm timer persists across exec */
333 signal(SIGHUP, SIG_IGN); /* will be restored after exec */ 332 ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
334 execv(saved_argv[0], saved_argv); 333 execv(saved_argv[0], saved_argv);
335 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], 334 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
336 strerror(errno)); 335 strerror(errno));
@@ -359,6 +358,8 @@ main_sigchld_handler(int sig)
359 pid_t pid; 358 pid_t pid;
360 int status; 359 int status;
361 360
361 debug("main_sigchld_handler: %s", strsignal(sig));
362
362 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 363 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
363 (pid == -1 && errno == EINTR)) 364 (pid == -1 && errno == EINTR))
364 ; 365 ;
@@ -380,7 +381,7 @@ grace_alarm_handler(int sig)
380 * keys command helpers. 381 * keys command helpers.
381 */ 382 */
382 if (getpgid(0) == getpid()) { 383 if (getpgid(0) == getpid()) {
383 signal(SIGTERM, SIG_IGN); 384 ssh_signal(SIGTERM, SIG_IGN);
384 kill(0, SIGTERM); 385 kill(0, SIGTERM);
385 } 386 }
386 387
@@ -650,6 +651,8 @@ list_hostkey_types(void)
650 case KEY_DSA: 651 case KEY_DSA:
651 case KEY_ECDSA: 652 case KEY_ECDSA:
652 case KEY_ED25519: 653 case KEY_ED25519:
654 case KEY_ECDSA_SK:
655 case KEY_ED25519_SK:
653 case KEY_XMSS: 656 case KEY_XMSS:
654 append_hostkey_type(b, sshkey_ssh_name(key)); 657 append_hostkey_type(b, sshkey_ssh_name(key));
655 break; 658 break;
@@ -669,6 +672,8 @@ list_hostkey_types(void)
669 case KEY_DSA_CERT: 672 case KEY_DSA_CERT:
670 case KEY_ECDSA_CERT: 673 case KEY_ECDSA_CERT:
671 case KEY_ED25519_CERT: 674 case KEY_ED25519_CERT:
675 case KEY_ECDSA_SK_CERT:
676 case KEY_ED25519_SK_CERT:
672 case KEY_XMSS_CERT: 677 case KEY_XMSS_CERT:
673 append_hostkey_type(b, sshkey_ssh_name(key)); 678 append_hostkey_type(b, sshkey_ssh_name(key));
674 break; 679 break;
@@ -693,6 +698,8 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
693 case KEY_DSA_CERT: 698 case KEY_DSA_CERT:
694 case KEY_ECDSA_CERT: 699 case KEY_ECDSA_CERT:
695 case KEY_ED25519_CERT: 700 case KEY_ED25519_CERT:
701 case KEY_ECDSA_SK_CERT:
702 case KEY_ED25519_SK_CERT:
696 case KEY_XMSS_CERT: 703 case KEY_XMSS_CERT:
697 key = sensitive_data.host_certificates[i]; 704 key = sensitive_data.host_certificates[i];
698 break; 705 break;
@@ -702,10 +709,20 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
702 key = sensitive_data.host_pubkeys[i]; 709 key = sensitive_data.host_pubkeys[i];
703 break; 710 break;
704 } 711 }
705 if (key != NULL && key->type == type && 712 if (key == NULL || key->type != type)
706 (key->type != KEY_ECDSA || key->ecdsa_nid == nid)) 713 continue;
714 switch (type) {
715 case KEY_ECDSA:
716 case KEY_ECDSA_SK:
717 case KEY_ECDSA_CERT:
718 case KEY_ECDSA_SK_CERT:
719 if (key->ecdsa_nid != nid)
720 continue;
721 /* FALLTHROUGH */
722 default:
707 return need_private ? 723 return need_private ?
708 sensitive_data.host_keys[i] : key; 724 sensitive_data.host_keys[i] : key;
725 }
709 } 726 }
710 return NULL; 727 return NULL;
711} 728}
@@ -867,30 +884,45 @@ usage(void)
867static void 884static void
868send_rexec_state(int fd, struct sshbuf *conf) 885send_rexec_state(int fd, struct sshbuf *conf)
869{ 886{
870 struct sshbuf *m; 887 struct sshbuf *m = NULL, *inc = NULL;
888 struct include_item *item = NULL;
871 int r; 889 int r;
872 890
873 debug3("%s: entering fd = %d config len %zu", __func__, fd, 891 debug3("%s: entering fd = %d config len %zu", __func__, fd,
874 sshbuf_len(conf)); 892 sshbuf_len(conf));
875 893
894 if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
895 fatal("%s: sshbuf_new failed", __func__);
896
897 /* pack includes into a string */
898 TAILQ_FOREACH(item, &includes, entry) {
899 if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
900 (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
901 (r = sshbuf_put_stringb(inc, item->contents)) != 0)
902 fatal("%s: buffer error: %s", __func__, ssh_err(r));
903 }
904
876 /* 905 /*
877 * Protocol from reexec master to child: 906 * Protocol from reexec master to child:
878 * string configuration 907 * string configuration
879 * string rngseed (only if OpenSSL is not self-seeded) 908 * string included_files[] {
909 * string selector
910 * string filename
911 * string contents
912 * }
913 * string rng_seed (if required)
880 */ 914 */
881 if ((m = sshbuf_new()) == NULL) 915 if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
882 fatal("%s: sshbuf_new failed", __func__); 916 (r = sshbuf_put_stringb(m, inc)) != 0)
883 if ((r = sshbuf_put_stringb(m, conf)) != 0)
884 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 917 fatal("%s: buffer error: %s", __func__, ssh_err(r));
885
886#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 918#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
887 rexec_send_rng_seed(m); 919 rexec_send_rng_seed(m);
888#endif 920#endif
889
890 if (ssh_msg_send(fd, 0, m) == -1) 921 if (ssh_msg_send(fd, 0, m) == -1)
891 fatal("%s: ssh_msg_send failed", __func__); 922 fatal("%s: ssh_msg_send failed", __func__);
892 923
893 sshbuf_free(m); 924 sshbuf_free(m);
925 sshbuf_free(inc);
894 926
895 debug3("%s: done", __func__); 927 debug3("%s: done", __func__);
896} 928}
@@ -898,14 +930,15 @@ send_rexec_state(int fd, struct sshbuf *conf)
898static void 930static void
899recv_rexec_state(int fd, struct sshbuf *conf) 931recv_rexec_state(int fd, struct sshbuf *conf)
900{ 932{
901 struct sshbuf *m; 933 struct sshbuf *m, *inc;
902 u_char *cp, ver; 934 u_char *cp, ver;
903 size_t len; 935 size_t len;
904 int r; 936 int r;
937 struct include_item *item;
905 938
906 debug3("%s: entering fd = %d", __func__, fd); 939 debug3("%s: entering fd = %d", __func__, fd);
907 940
908 if ((m = sshbuf_new()) == NULL) 941 if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
909 fatal("%s: sshbuf_new failed", __func__); 942 fatal("%s: sshbuf_new failed", __func__);
910 if (ssh_msg_recv(fd, m) == -1) 943 if (ssh_msg_recv(fd, m) == -1)
911 fatal("%s: ssh_msg_recv failed", __func__); 944 fatal("%s: ssh_msg_recv failed", __func__);
@@ -913,14 +946,28 @@ recv_rexec_state(int fd, struct sshbuf *conf)
913 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 946 fatal("%s: buffer error: %s", __func__, ssh_err(r));
914 if (ver != 0) 947 if (ver != 0)
915 fatal("%s: rexec version mismatch", __func__); 948 fatal("%s: rexec version mismatch", __func__);
916 if ((r = sshbuf_get_string(m, &cp, &len)) != 0) 949 if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
917 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 950 (r = sshbuf_get_stringb(m, inc)) != 0)
918 if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
919 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 951 fatal("%s: buffer error: %s", __func__, ssh_err(r));
952
920#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 953#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
921 rexec_recv_rng_seed(m); 954 rexec_recv_rng_seed(m);
922#endif 955#endif
923 956
957 if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
958 fatal("%s: buffer error: %s", __func__, ssh_err(r));
959
960 while (sshbuf_len(inc) != 0) {
961 item = xcalloc(1, sizeof(*item));
962 if ((item->contents = sshbuf_new()) == NULL)
963 fatal("%s: sshbuf_new failed", __func__);
964 if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
965 (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
966 (r = sshbuf_get_stringb(inc, item->contents)) != 0)
967 fatal("%s: buffer error: %s", __func__, ssh_err(r));
968 TAILQ_INSERT_TAIL(&includes, item, entry);
969 }
970
924 free(cp); 971 free(cp);
925 sshbuf_free(m); 972 sshbuf_free(m);
926 973
@@ -1060,7 +1107,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1060{ 1107{
1061 fd_set *fdset; 1108 fd_set *fdset;
1062 int i, j, ret, maxfd; 1109 int i, j, ret, maxfd;
1063 int startups = 0, listening = 0, lameduck = 0; 1110 int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
1064 int startup_p[2] = { -1 , -1 }; 1111 int startup_p[2] = { -1 , -1 };
1065 char c = 0; 1112 char c = 0;
1066 struct sockaddr_storage from; 1113 struct sockaddr_storage from;
@@ -1085,6 +1132,12 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1085 * the daemon is killed with a signal. 1132 * the daemon is killed with a signal.
1086 */ 1133 */
1087 for (;;) { 1134 for (;;) {
1135 if (ostartups != startups) {
1136 setproctitle("%s [listener] %d of %d-%d startups",
1137 listener_proctitle, startups,
1138 options.max_startups_begin, options.max_startups);
1139 ostartups = startups;
1140 }
1088 if (received_sighup) { 1141 if (received_sighup) {
1089 if (!lameduck) { 1142 if (!lameduck) {
1090 debug("Received SIGHUP; waiting for children"); 1143 debug("Received SIGHUP; waiting for children");
@@ -1172,6 +1225,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1172 if (drop_connection(startups) == 1) { 1225 if (drop_connection(startups) == 1) {
1173 char *laddr = get_local_ipaddr(*newsock); 1226 char *laddr = get_local_ipaddr(*newsock);
1174 char *raddr = get_peer_ipaddr(*newsock); 1227 char *raddr = get_peer_ipaddr(*newsock);
1228 char msg[] = "Exceeded MaxStartups\r\n";
1175 1229
1176 verbose("drop connection #%d from [%s]:%d " 1230 verbose("drop connection #%d from [%s]:%d "
1177 "on [%s]:%d past MaxStartups", startups, 1231 "on [%s]:%d past MaxStartups", startups,
@@ -1179,6 +1233,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1179 laddr, get_local_port(*newsock)); 1233 laddr, get_local_port(*newsock));
1180 free(laddr); 1234 free(laddr);
1181 free(raddr); 1235 free(raddr);
1236 /* best-effort notification to client */
1237 (void)write(*newsock, msg, strlen(msg));
1182 close(*newsock); 1238 close(*newsock);
1183 continue; 1239 continue;
1184 } 1240 }
@@ -1425,6 +1481,17 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
1425 sshbuf_free(buf); 1481 sshbuf_free(buf);
1426} 1482}
1427 1483
1484static char *
1485prepare_proctitle(int ac, char **av)
1486{
1487 char *ret = NULL;
1488 int i;
1489
1490 for (i = 0; i < ac; i++)
1491 xextendf(&ret, " ", "%s", av[i]);
1492 return ret;
1493}
1494
1428/* 1495/*
1429 * Main program for the daemon. 1496 * Main program for the daemon.
1430 */ 1497 */
@@ -1577,7 +1644,7 @@ main(int ac, char **av)
1577 case 'o': 1644 case 'o':
1578 line = xstrdup(optarg); 1645 line = xstrdup(optarg);
1579 if (process_server_config_line(&options, line, 1646 if (process_server_config_line(&options, line,
1580 "command-line", 0, NULL, NULL) != 0) 1647 "command-line", 0, NULL, NULL, &includes) != 0)
1581 exit(1); 1648 exit(1);
1582 free(line); 1649 free(line);
1583 break; 1650 break;
@@ -1608,7 +1675,7 @@ main(int ac, char **av)
1608 SYSLOG_LEVEL_INFO : options.log_level, 1675 SYSLOG_LEVEL_INFO : options.log_level,
1609 options.log_facility == SYSLOG_FACILITY_NOT_SET ? 1676 options.log_facility == SYSLOG_FACILITY_NOT_SET ?
1610 SYSLOG_FACILITY_AUTH : options.log_facility, 1677 SYSLOG_FACILITY_AUTH : options.log_facility,
1611 log_stderr || !inetd_flag); 1678 log_stderr || !inetd_flag || debug_flag);
1612 1679
1613 /* 1680 /*
1614 * Unset KRB5CCNAME, otherwise the user's session may inherit it from 1681 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
@@ -1641,12 +1708,11 @@ main(int ac, char **av)
1641 */ 1708 */
1642 (void)atomicio(vwrite, startup_pipe, "\0", 1); 1709 (void)atomicio(vwrite, startup_pipe, "\0", 1);
1643 } 1710 }
1644 } 1711 } else if (strcasecmp(config_file_name, "none") != 0)
1645 else if (strcasecmp(config_file_name, "none") != 0)
1646 load_server_config(config_file_name, cfg); 1712 load_server_config(config_file_name, cfg);
1647 1713
1648 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, 1714 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
1649 cfg, NULL); 1715 cfg, &includes, NULL);
1650 1716
1651 /* Fill in default values for those options not explicitly set. */ 1717 /* Fill in default values for those options not explicitly set. */
1652 fill_default_server_options(&options); 1718 fill_default_server_options(&options);
@@ -1738,7 +1804,14 @@ main(int ac, char **av)
1738 &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) 1804 &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
1739 do_log2(ll, "Unable to load host key \"%s\": %s", 1805 do_log2(ll, "Unable to load host key \"%s\": %s",
1740 options.host_key_files[i], ssh_err(r)); 1806 options.host_key_files[i], ssh_err(r));
1741 if (r == 0 && (r = sshkey_shield_private(key)) != 0) { 1807 if (sshkey_is_sk(key) &&
1808 key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
1809 debug("host key %s requires user presence, ignoring",
1810 options.host_key_files[i]);
1811 key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
1812 }
1813 if (r == 0 && key != NULL &&
1814 (r = sshkey_shield_private(key)) != 0) {
1742 do_log2(ll, "Unable to shield host key \"%s\": %s", 1815 do_log2(ll, "Unable to shield host key \"%s\": %s",
1743 options.host_key_files[i], ssh_err(r)); 1816 options.host_key_files[i], ssh_err(r));
1744 sshkey_free(key); 1817 sshkey_free(key);
@@ -1775,6 +1848,8 @@ main(int ac, char **av)
1775 case KEY_DSA: 1848 case KEY_DSA:
1776 case KEY_ECDSA: 1849 case KEY_ECDSA:
1777 case KEY_ED25519: 1850 case KEY_ED25519:
1851 case KEY_ECDSA_SK:
1852 case KEY_ED25519_SK:
1778 case KEY_XMSS: 1853 case KEY_XMSS:
1779 if (have_agent || key != NULL) 1854 if (have_agent || key != NULL)
1780 sensitive_data.have_ssh2_key = 1; 1855 sensitive_data.have_ssh2_key = 1;
@@ -1864,7 +1939,7 @@ main(int ac, char **av)
1864 if (connection_info == NULL) 1939 if (connection_info == NULL)
1865 connection_info = get_connection_info(ssh, 0, 0); 1940 connection_info = get_connection_info(ssh, 0, 0);
1866 connection_info->test = 1; 1941 connection_info->test = 1;
1867 parse_server_match_config(&options, connection_info); 1942 parse_server_match_config(&options, &includes, connection_info);
1868 dump_config(&options); 1943 dump_config(&options);
1869 } 1944 }
1870 1945
@@ -1893,6 +1968,7 @@ main(int ac, char **av)
1893 rexec_argv[rexec_argc] = "-R"; 1968 rexec_argv[rexec_argc] = "-R";
1894 rexec_argv[rexec_argc + 1] = NULL; 1969 rexec_argv[rexec_argc + 1] = NULL;
1895 } 1970 }
1971 listener_proctitle = prepare_proctitle(ac, av);
1896 1972
1897 /* Ensure that umask disallows at least group and world write */ 1973 /* Ensure that umask disallows at least group and world write */
1898 new_umask = umask(0077) | 0022; 1974 new_umask = umask(0077) | 0022;
@@ -1925,7 +2001,7 @@ main(int ac, char **av)
1925 error("chdir(\"/\"): %s", strerror(errno)); 2001 error("chdir(\"/\"): %s", strerror(errno));
1926 2002
1927 /* ignore SIGPIPE */ 2003 /* ignore SIGPIPE */
1928 signal(SIGPIPE, SIG_IGN); 2004 ssh_signal(SIGPIPE, SIG_IGN);
1929 2005
1930 /* Get a connection, either from inetd or a listening TCP socket */ 2006 /* Get a connection, either from inetd or a listening TCP socket */
1931 if (inetd_flag) { 2007 if (inetd_flag) {
@@ -1934,10 +2010,10 @@ main(int ac, char **av)
1934 platform_pre_listen(); 2010 platform_pre_listen();
1935 server_listen(); 2011 server_listen();
1936 2012
1937 signal(SIGHUP, sighup_handler); 2013 ssh_signal(SIGHUP, sighup_handler);
1938 signal(SIGCHLD, main_sigchld_handler); 2014 ssh_signal(SIGCHLD, main_sigchld_handler);
1939 signal(SIGTERM, sigterm_handler); 2015 ssh_signal(SIGTERM, sigterm_handler);
1940 signal(SIGQUIT, sigterm_handler); 2016 ssh_signal(SIGQUIT, sigterm_handler);
1941 2017
1942 /* 2018 /*
1943 * Write out the pid file after the sigterm handler 2019 * Write out the pid file after the sigterm handler
@@ -2032,12 +2108,12 @@ main(int ac, char **av)
2032 * will not restart on SIGHUP since it no longer makes sense. 2108 * will not restart on SIGHUP since it no longer makes sense.
2033 */ 2109 */
2034 alarm(0); 2110 alarm(0);
2035 signal(SIGALRM, SIG_DFL); 2111 ssh_signal(SIGALRM, SIG_DFL);
2036 signal(SIGHUP, SIG_DFL); 2112 ssh_signal(SIGHUP, SIG_DFL);
2037 signal(SIGTERM, SIG_DFL); 2113 ssh_signal(SIGTERM, SIG_DFL);
2038 signal(SIGQUIT, SIG_DFL); 2114 ssh_signal(SIGQUIT, SIG_DFL);
2039 signal(SIGCHLD, SIG_DFL); 2115 ssh_signal(SIGCHLD, SIG_DFL);
2040 signal(SIGINT, SIG_DFL); 2116 ssh_signal(SIGINT, SIG_DFL);
2041 2117
2042 /* 2118 /*
2043 * Register our connection. This turns encryption off because we do 2119 * Register our connection. This turns encryption off because we do
@@ -2108,60 +2184,6 @@ main(int ac, char **av)
2108 rdomain == NULL ? "" : "\""); 2184 rdomain == NULL ? "" : "\"");
2109 free(laddr); 2185 free(laddr);
2110 2186
2111#ifdef USE_SECURITY_SESSION_API
2112 /*
2113 * Create a new security session for use by the new user login if
2114 * the current session is the root session or we are not launched
2115 * by inetd (eg: debugging mode or server mode). We do not
2116 * necessarily need to create a session if we are launched from
2117 * inetd because Panther xinetd will create a session for us.
2118 *
2119 * The only case where this logic will fail is if there is an
2120 * inetd running in a non-root session which is not creating
2121 * new sessions for us. Then all the users will end up in the
2122 * same session (bad).
2123 *
2124 * When the client exits, the session will be destroyed for us
2125 * automatically.
2126 *
2127 * We must create the session before any credentials are stored
2128 * (including AFS pags, which happens a few lines below).
2129 */
2130 {
2131 OSStatus err = 0;
2132 SecuritySessionId sid = 0;
2133 SessionAttributeBits sattrs = 0;
2134
2135 err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
2136 if (err)
2137 error("SessionGetInfo() failed with error %.8X",
2138 (unsigned) err);
2139 else
2140 debug("Current Session ID is %.8X / Session Attributes are %.8X",
2141 (unsigned) sid, (unsigned) sattrs);
2142
2143 if (inetd_flag && !(sattrs & sessionIsRoot))
2144 debug("Running in inetd mode in a non-root session... "
2145 "assuming inetd created the session for us.");
2146 else {
2147 debug("Creating new security session...");
2148 err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
2149 if (err)
2150 error("SessionCreate() failed with error %.8X",
2151 (unsigned) err);
2152
2153 err = SessionGetInfo(callerSecuritySession, &sid,
2154 &sattrs);
2155 if (err)
2156 error("SessionGetInfo() failed with error %.8X",
2157 (unsigned) err);
2158 else
2159 debug("New Session ID is %.8X / Session Attributes are %.8X",
2160 (unsigned) sid, (unsigned) sattrs);
2161 }
2162 }
2163#endif
2164
2165 /* 2187 /*
2166 * We don't want to listen forever unless the other side 2188 * We don't want to listen forever unless the other side
2167 * successfully authenticates itself. So we set up an alarm which is 2189 * successfully authenticates itself. So we set up an alarm which is
@@ -2170,7 +2192,7 @@ main(int ac, char **av)
2170 * mode; it is just annoying to have the server exit just when you 2192 * mode; it is just annoying to have the server exit just when you
2171 * are about to discover the bug. 2193 * are about to discover the bug.
2172 */ 2194 */
2173 signal(SIGALRM, grace_alarm_handler); 2195 ssh_signal(SIGALRM, grace_alarm_handler);
2174 if (!debug_flag) 2196 if (!debug_flag)
2175 alarm(options.login_grace_time); 2197 alarm(options.login_grace_time);
2176 2198
@@ -2229,7 +2251,7 @@ main(int ac, char **av)
2229 * authentication. 2251 * authentication.
2230 */ 2252 */
2231 alarm(0); 2253 alarm(0);
2232 signal(SIGALRM, SIG_DFL); 2254 ssh_signal(SIGALRM, SIG_DFL);
2233 authctxt->authenticated = 1; 2255 authctxt->authenticated = 1;
2234 if (startup_pipe != -1) { 2256 if (startup_pipe != -1) {
2235 close(startup_pipe); 2257 close(startup_pipe);
@@ -2306,17 +2328,19 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
2306 if (use_privsep) { 2328 if (use_privsep) {
2307 if (privkey) { 2329 if (privkey) {
2308 if (mm_sshkey_sign(ssh, privkey, signature, slenp, 2330 if (mm_sshkey_sign(ssh, privkey, signature, slenp,
2309 data, dlen, alg, ssh->compat) < 0) 2331 data, dlen, alg, options.sk_provider,
2332 ssh->compat) < 0)
2310 fatal("%s: privkey sign failed", __func__); 2333 fatal("%s: privkey sign failed", __func__);
2311 } else { 2334 } else {
2312 if (mm_sshkey_sign(ssh, pubkey, signature, slenp, 2335 if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
2313 data, dlen, alg, ssh->compat) < 0) 2336 data, dlen, alg, options.sk_provider,
2337 ssh->compat) < 0)
2314 fatal("%s: pubkey sign failed", __func__); 2338 fatal("%s: pubkey sign failed", __func__);
2315 } 2339 }
2316 } else { 2340 } else {
2317 if (privkey) { 2341 if (privkey) {
2318 if (sshkey_sign(privkey, signature, slenp, data, dlen, 2342 if (sshkey_sign(privkey, signature, slenp, data, dlen,
2319 alg, ssh->compat) < 0) 2343 alg, options.sk_provider, ssh->compat) < 0)
2320 fatal("%s: privkey sign failed", __func__); 2344 fatal("%s: privkey sign failed", __func__);
2321 } else { 2345 } else {
2322 if ((r = ssh_agent_sign(auth_sock, pubkey, 2346 if ((r = ssh_agent_sign(auth_sock, pubkey,
diff --git a/sshd_config.0 b/sshd_config.0
index 1b732197c..1d655a3b8 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -1,7 +1,7 @@
1SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) 1SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5)
2 2
3NAME 3NAME
4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file 4 sshd_config M-bM-^@M-^S OpenSSH daemon configuration file
5 5
6DESCRIPTION 6DESCRIPTION
7 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file 7 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
@@ -45,9 +45,8 @@ DESCRIPTION
45 users whose primary group or supplementary group list matches one 45 users whose primary group or supplementary group list matches one
46 of the patterns. Only group names are valid; a numerical group 46 of the patterns. Only group names are valid; a numerical group
47 ID is not recognized. By default, login is allowed for all 47 ID is not recognized. By default, login is allowed for all
48 groups. The allow/deny directives are processed in the following 48 groups. The allow/deny groups directives are processed in the
49 order: DenyUsers, AllowUsers, DenyGroups, and finally 49 following order: DenyGroups, AllowGroups.
50 AllowGroups.
51 50
52 See PATTERNS in ssh_config(5) for more information on patterns. 51 See PATTERNS in ssh_config(5) for more information on patterns.
53 52
@@ -79,9 +78,8 @@ DESCRIPTION
79 USER@HOST then USER and HOST are separately checked, restricting 78 USER@HOST then USER and HOST are separately checked, restricting
80 logins to particular users from particular hosts. HOST criteria 79 logins to particular users from particular hosts. HOST criteria
81 may additionally contain addresses to match in CIDR 80 may additionally contain addresses to match in CIDR
82 address/masklen format. The allow/deny directives are processed 81 address/masklen format. The allow/deny users directives are
83 in the following order: DenyUsers, AllowUsers, DenyGroups, and 82 processed in the following order: DenyUsers, AllowUsers.
84 finally AllowGroups.
85 83
86 See PATTERNS in ssh_config(5) for more information on patterns. 84 See PATTERNS in ssh_config(5) for more information on patterns.
87 85
@@ -295,6 +293,8 @@ DESCRIPTION
295 The default value is 3. If ClientAliveInterval is set to 15, and 293 The default value is 3. If ClientAliveInterval is set to 15, and
296 ClientAliveCountMax is left at the default, unresponsive SSH 294 ClientAliveCountMax is left at the default, unresponsive SSH
297 clients will be disconnected after approximately 45 seconds. 295 clients will be disconnected after approximately 45 seconds.
296 Setting a zero ClientAliveCountMax disables connection
297 termination.
298 298
299 ClientAliveInterval 299 ClientAliveInterval
300 Sets a timeout interval in seconds after which if no data has 300 Sets a timeout interval in seconds after which if no data has
@@ -314,8 +314,8 @@ DESCRIPTION
314 group or supplementary group list matches one of the patterns. 314 group or supplementary group list matches one of the patterns.
315 Only group names are valid; a numerical group ID is not 315 Only group names are valid; a numerical group ID is not
316 recognized. By default, login is allowed for all groups. The 316 recognized. By default, login is allowed for all groups. The
317 allow/deny directives are processed in the following order: 317 allow/deny groups directives are processed in the following
318 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. 318 order: DenyGroups, AllowGroups.
319 319
320 See PATTERNS in ssh_config(5) for more information on patterns. 320 See PATTERNS in ssh_config(5) for more information on patterns.
321 321
@@ -328,9 +328,8 @@ DESCRIPTION
328 then USER and HOST are separately checked, restricting logins to 328 then USER and HOST are separately checked, restricting logins to
329 particular users from particular hosts. HOST criteria may 329 particular users from particular hosts. HOST criteria may
330 additionally contain addresses to match in CIDR address/masklen 330 additionally contain addresses to match in CIDR address/masklen
331 format. The allow/deny directives are processed in the following 331 format. The allow/deny users directives are processed in the
332 order: DenyUsers, AllowUsers, DenyGroups, and finally 332 following order: DenyUsers, AllowUsers.
333 AllowGroups.
334 333
335 See PATTERNS in ssh_config(5) for more information on patterns. 334 See PATTERNS in ssh_config(5) for more information on patterns.
336 335
@@ -407,14 +406,19 @@ DESCRIPTION
407 ecdsa-sha2-nistp256-cert-v01@openssh.com, 406 ecdsa-sha2-nistp256-cert-v01@openssh.com,
408 ecdsa-sha2-nistp384-cert-v01@openssh.com, 407 ecdsa-sha2-nistp384-cert-v01@openssh.com,
409 ecdsa-sha2-nistp521-cert-v01@openssh.com, 408 ecdsa-sha2-nistp521-cert-v01@openssh.com,
409 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
410 ssh-ed25519-cert-v01@openssh.com, 410 ssh-ed25519-cert-v01@openssh.com,
411 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 411 sk-ssh-ed25519-cert-v01@openssh.com,
412 rsa-sha2-512-cert-v01@openssh.com,
413 rsa-sha2-256-cert-v01@openssh.com,
412 ssh-rsa-cert-v01@openssh.com, 414 ssh-rsa-cert-v01@openssh.com,
413 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 415 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
414 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 416 sk-ecdsa-sha2-nistp256@openssh.com,
417 ssh-ed25519,sk-ssh-ed25519@openssh.com,
418 rsa-sha2-512,rsa-sha2-256,ssh-rsa
415 419
416 The list of available key types may also be obtained using "ssh 420 The list of available key types may also be obtained using "ssh
417 -Q key". 421 -Q HostbasedAcceptedKeyTypes".
418 422
419 HostbasedAuthentication 423 HostbasedAuthentication
420 Specifies whether rhosts or /etc/hosts.equiv authentication 424 Specifies whether rhosts or /etc/hosts.equiv authentication
@@ -463,14 +467,19 @@ DESCRIPTION
463 ecdsa-sha2-nistp256-cert-v01@openssh.com, 467 ecdsa-sha2-nistp256-cert-v01@openssh.com,
464 ecdsa-sha2-nistp384-cert-v01@openssh.com, 468 ecdsa-sha2-nistp384-cert-v01@openssh.com,
465 ecdsa-sha2-nistp521-cert-v01@openssh.com, 469 ecdsa-sha2-nistp521-cert-v01@openssh.com,
470 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
466 ssh-ed25519-cert-v01@openssh.com, 471 ssh-ed25519-cert-v01@openssh.com,
467 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 472 sk-ssh-ed25519-cert-v01@openssh.com,
473 rsa-sha2-512-cert-v01@openssh.com,
474 rsa-sha2-256-cert-v01@openssh.com,
468 ssh-rsa-cert-v01@openssh.com, 475 ssh-rsa-cert-v01@openssh.com,
469 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 476 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
470 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 477 sk-ecdsa-sha2-nistp256@openssh.com,
478 ssh-ed25519,sk-ssh-ed25519@openssh.com,
479 rsa-sha2-512,rsa-sha2-256,ssh-rsa
471 480
472 The list of available key types may also be obtained using "ssh 481 The list of available key types may also be obtained using "ssh
473 -Q key". 482 -Q HostKeyAlgorithms".
474 483
475 IgnoreRhosts 484 IgnoreRhosts
476 Specifies that .rhosts and .shosts files will not be used in 485 Specifies that .rhosts and .shosts files will not be used in
@@ -483,12 +492,19 @@ DESCRIPTION
483 Specifies whether sshd(8) should ignore the user's 492 Specifies whether sshd(8) should ignore the user's
484 ~/.ssh/known_hosts during HostbasedAuthentication and use only 493 ~/.ssh/known_hosts during HostbasedAuthentication and use only
485 the system-wide known hosts file /etc/ssh/known_hosts. The 494 the system-wide known hosts file /etc/ssh/known_hosts. The
486 default is no. 495 default is M-bM-^@M-^\noM-bM-^@M-^].
496
497 Include
498 Include the specified configuration file(s). Multiple pathnames
499 may be specified and each pathname may contain glob(7) wildcards.
500 Files without absolute paths are assumed to be in /etc/ssh. An
501 Include directive may appear inside a Match block to perform
502 conditional inclusion.
487 503
488 IPQoS Specifies the IPv4 type-of-service or DSCP class for the 504 IPQoS Specifies the IPv4 type-of-service or DSCP class for the
489 connection. Accepted values are af11, af12, af13, af21, af22, 505 connection. Accepted values are af11, af12, af13, af21, af22,
490 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, 506 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3,
491 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, a 507 cs4, cs5, cs6, cs7, ef, le, lowdelay, throughput, reliability, a
492 numeric value, or none to use the operating system default. This 508 numeric value, or none to use the operating system default. This
493 option may take one or two arguments, separated by whitespace. 509 option may take one or two arguments, separated by whitespace.
494 If one argument is specified, it is used as the packet class 510 If one argument is specified, it is used as the packet class
@@ -548,6 +564,7 @@ DESCRIPTION
548 ecdh-sha2-nistp256 564 ecdh-sha2-nistp256
549 ecdh-sha2-nistp384 565 ecdh-sha2-nistp384
550 ecdh-sha2-nistp521 566 ecdh-sha2-nistp521
567 sntrup4591761x25519-sha512@tinyssh.org
551 568
552 The default is: 569 The default is:
553 570
@@ -555,10 +572,10 @@ DESCRIPTION
555 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 572 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
556 diffie-hellman-group-exchange-sha256, 573 diffie-hellman-group-exchange-sha256,
557 diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, 574 diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
558 diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 575 diffie-hellman-group14-sha256
559 576
560 The list of available key exchange algorithms may also be 577 The list of available key exchange algorithms may also be
561 obtained using "ssh -Q kex". 578 obtained using "ssh -Q KexAlgorithms".
562 579
563 ListenAddress 580 ListenAddress
564 Specifies the local addresses sshd(8) should listen on. The 581 Specifies the local addresses sshd(8) should listen on. The
@@ -669,14 +686,15 @@ DESCRIPTION
669 Banner, ChrootDirectory, ClientAliveCountMax, 686 Banner, ChrootDirectory, ClientAliveCountMax,
670 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, 687 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
671 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, 688 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
672 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, 689 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
673 KbdInteractiveAuthentication, KerberosAuthentication, LogLevel, 690 Include, IPQoS, KbdInteractiveAuthentication,
674 MaxAuthTries, MaxSessions, PasswordAuthentication, 691 KerberosAuthentication, LogLevel, MaxAuthTries, MaxSessions,
675 PermitEmptyPasswords, PermitListen, PermitOpen, PermitRootLogin, 692 PasswordAuthentication, PermitEmptyPasswords, PermitListen,
676 PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, 693 PermitOpen, PermitRootLogin, PermitTTY, PermitTunnel,
677 PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, 694 PermitUserRC, PubkeyAcceptedKeyTypes, PubkeyAuthentication,
678 StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, 695 RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask,
679 X11DisplayOffset, X11Forwarding and X11UseLocalhost. 696 StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset,
697 X11Forwarding and X11UseLocalhost.
680 698
681 MaxAuthTries 699 MaxAuthTries
682 Specifies the maximum number of authentication attempts permitted 700 Specifies the maximum number of authentication attempts permitted
@@ -751,8 +769,9 @@ DESCRIPTION
751 restrictions and permit any forwarding requests. An argument of 769 restrictions and permit any forwarding requests. An argument of
752 none can be used to prohibit all forwarding requests. The 770 none can be used to prohibit all forwarding requests. The
753 wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or 771 wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or
754 ports, respectively. By default all port forwarding requests are 772 ports respectively. Otherwise, no pattern matching or address
755 permitted. 773 lookups are performed on supplied names. By default all port
774 forwarding requests are permitted.
756 775
757 PermitRootLogin 776 PermitRootLogin
758 Specifies whether root can log in using ssh(1). The argument 777 Specifies whether root can log in using ssh(1). The argument
@@ -831,14 +850,33 @@ DESCRIPTION
831 ecdsa-sha2-nistp256-cert-v01@openssh.com, 850 ecdsa-sha2-nistp256-cert-v01@openssh.com,
832 ecdsa-sha2-nistp384-cert-v01@openssh.com, 851 ecdsa-sha2-nistp384-cert-v01@openssh.com,
833 ecdsa-sha2-nistp521-cert-v01@openssh.com, 852 ecdsa-sha2-nistp521-cert-v01@openssh.com,
853 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
834 ssh-ed25519-cert-v01@openssh.com, 854 ssh-ed25519-cert-v01@openssh.com,
835 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 855 sk-ssh-ed25519-cert-v01@openssh.com,
856 rsa-sha2-512-cert-v01@openssh.com,
857 rsa-sha2-256-cert-v01@openssh.com,
836 ssh-rsa-cert-v01@openssh.com, 858 ssh-rsa-cert-v01@openssh.com,
837 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 859 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
838 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 860 sk-ecdsa-sha2-nistp256@openssh.com,
861 ssh-ed25519,sk-ssh-ed25519@openssh.com,
862 rsa-sha2-512,rsa-sha2-256,ssh-rsa
839 863
840 The list of available key types may also be obtained using "ssh 864 The list of available key types may also be obtained using "ssh
841 -Q key". 865 -Q PubkeyAcceptedKeyTypes".
866
867 PubkeyAuthOptions
868 Sets one or more public key authentication options. Two option
869 keywords are currently supported: none (the default; indicating
870 no additional options are enabled) and touch-required.
871
872 The touch-required option causes public key authentication using
873 a FIDO authenticator algorithm (i.e. ecdsa-sk or ed25519-sk) to
874 always require the signature to attest that a physically present
875 user explicitly confirmed the authentication (usually by touching
876 the authenticator). By default, sshd(8) requires user presence
877 unless overridden with an authorized_keys option. The
878 touch-required flag disables this override. This option has no
879 effect for other, non-authenticator public key types.
842 880
843 PubkeyAuthentication 881 PubkeyAuthentication
844 Specifies whether public key authentication is allowed. The 882 Specifies whether public key authentication is allowed. The
@@ -875,6 +913,11 @@ DESCRIPTION
875 rdomain(4). If the routing domain is set to %D, then the domain 913 rdomain(4). If the routing domain is set to %D, then the domain
876 in which the incoming connection was received will be applied. 914 in which the incoming connection was received will be applied.
877 915
916 SecurityKeyProvider
917 Specifies a path to a library that will be used when loading FIDO
918 authenticator-hosted keys, overriding the default of using the
919 built-in USB HID support.
920
878 SetEnv Specifies one or more environment variables to set in child 921 SetEnv Specifies one or more environment variables to set in child
879 sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment 922 sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment
880 value may be quoted (e.g. if it contains whitespace characters). 923 value may be quoted (e.g. if it contains whitespace characters).
@@ -1099,4 +1142,4 @@ AUTHORS
1099 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1142 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1100 for privilege separation. 1143 for privilege separation.
1101 1144
1102OpenBSD 6.6 September 6, 2019 OpenBSD 6.6 1145OpenBSD 6.6 February 7, 2020 OpenBSD 6.6
diff --git a/sshd_config.5 b/sshd_config.5
index ba533af9e..fd205e418 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,13 +33,13 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.290 2019/09/06 14:45:34 naddy Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $
37.Dd $Mdocdate: September 6 2019 $ 37.Dd $Mdocdate: February 7 2020 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm sshd_config 41.Nm sshd_config
42.Nd OpenSSH SSH daemon configuration file 42.Nd OpenSSH daemon configuration file
43.Sh DESCRIPTION 43.Sh DESCRIPTION
44.Xr sshd 8 44.Xr sshd 8
45reads configuration data from 45reads configuration data from
@@ -135,11 +135,8 @@ If specified, login is allowed only for users whose primary
135group or supplementary group list matches one of the patterns. 135group or supplementary group list matches one of the patterns.
136Only group names are valid; a numerical group ID is not recognized. 136Only group names are valid; a numerical group ID is not recognized.
137By default, login is allowed for all groups. 137By default, login is allowed for all groups.
138The allow/deny directives are processed in the following order: 138The allow/deny groups directives are processed in the following order:
139.Cm DenyUsers ,
140.Cm AllowUsers ,
141.Cm DenyGroups , 139.Cm DenyGroups ,
142and finally
143.Cm AllowGroups . 140.Cm AllowGroups .
144.Pp 141.Pp
145See PATTERNS in 142See PATTERNS in
@@ -195,12 +192,9 @@ are separately checked, restricting logins to particular
195users from particular hosts. 192users from particular hosts.
196HOST criteria may additionally contain addresses to match in CIDR 193HOST criteria may additionally contain addresses to match in CIDR
197address/masklen format. 194address/masklen format.
198The allow/deny directives are processed in the following order: 195The allow/deny users directives are processed in the following order:
199.Cm DenyUsers , 196.Cm DenyUsers ,
200.Cm AllowUsers , 197.Cm AllowUsers .
201.Cm DenyGroups ,
202and finally
203.Cm AllowGroups .
204.Pp 198.Pp
205See PATTERNS in 199See PATTERNS in
206.Xr ssh_config 5 200.Xr ssh_config 5
@@ -546,6 +540,9 @@ is set to 15, and
546.Cm ClientAliveCountMax 540.Cm ClientAliveCountMax
547is left at the default, unresponsive SSH clients 541is left at the default, unresponsive SSH clients
548will be disconnected after approximately 45 seconds. 542will be disconnected after approximately 45 seconds.
543Setting a zero
544.Cm ClientAliveCountMax
545disables connection termination.
549.It Cm ClientAliveInterval 546.It Cm ClientAliveInterval
550Sets a timeout interval in seconds after which if no data has been received 547Sets a timeout interval in seconds after which if no data has been received
551from the client, 548from the client,
@@ -578,11 +575,8 @@ Login is disallowed for users whose primary group or supplementary
578group list matches one of the patterns. 575group list matches one of the patterns.
579Only group names are valid; a numerical group ID is not recognized. 576Only group names are valid; a numerical group ID is not recognized.
580By default, login is allowed for all groups. 577By default, login is allowed for all groups.
581The allow/deny directives are processed in the following order: 578The allow/deny groups directives are processed in the following order:
582.Cm DenyUsers ,
583.Cm AllowUsers ,
584.Cm DenyGroups , 579.Cm DenyGroups ,
585and finally
586.Cm AllowGroups . 580.Cm AllowGroups .
587.Pp 581.Pp
588See PATTERNS in 582See PATTERNS in
@@ -599,12 +593,9 @@ are separately checked, restricting logins to particular
599users from particular hosts. 593users from particular hosts.
600HOST criteria may additionally contain addresses to match in CIDR 594HOST criteria may additionally contain addresses to match in CIDR
601address/masklen format. 595address/masklen format.
602The allow/deny directives are processed in the following order: 596The allow/deny users directives are processed in the following order:
603.Cm DenyUsers , 597.Cm DenyUsers ,
604.Cm AllowUsers , 598.Cm AllowUsers .
605.Cm DenyGroups ,
606and finally
607.Cm AllowGroups .
608.Pp 599.Pp
609See PATTERNS in 600See PATTERNS in
610.Xr ssh_config 5 601.Xr ssh_config 5
@@ -745,15 +736,20 @@ The default for this option is:
745ecdsa-sha2-nistp256-cert-v01@openssh.com, 736ecdsa-sha2-nistp256-cert-v01@openssh.com,
746ecdsa-sha2-nistp384-cert-v01@openssh.com, 737ecdsa-sha2-nistp384-cert-v01@openssh.com,
747ecdsa-sha2-nistp521-cert-v01@openssh.com, 738ecdsa-sha2-nistp521-cert-v01@openssh.com,
739sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
748ssh-ed25519-cert-v01@openssh.com, 740ssh-ed25519-cert-v01@openssh.com,
749rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 741sk-ssh-ed25519-cert-v01@openssh.com,
742rsa-sha2-512-cert-v01@openssh.com,
743rsa-sha2-256-cert-v01@openssh.com,
750ssh-rsa-cert-v01@openssh.com, 744ssh-rsa-cert-v01@openssh.com,
751ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 745ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
752ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 746sk-ecdsa-sha2-nistp256@openssh.com,
747ssh-ed25519,sk-ssh-ed25519@openssh.com,
748rsa-sha2-512,rsa-sha2-256,ssh-rsa
753.Ed 749.Ed
754.Pp 750.Pp
755The list of available key types may also be obtained using 751The list of available key types may also be obtained using
756.Qq ssh -Q key . 752.Qq ssh -Q HostbasedAcceptedKeyTypes .
757.It Cm HostbasedAuthentication 753.It Cm HostbasedAuthentication
758Specifies whether rhosts or /etc/hosts.equiv authentication together 754Specifies whether rhosts or /etc/hosts.equiv authentication together
759with successful public key client host authentication is allowed 755with successful public key client host authentication is allowed
@@ -823,15 +819,20 @@ The default for this option is:
823ecdsa-sha2-nistp256-cert-v01@openssh.com, 819ecdsa-sha2-nistp256-cert-v01@openssh.com,
824ecdsa-sha2-nistp384-cert-v01@openssh.com, 820ecdsa-sha2-nistp384-cert-v01@openssh.com,
825ecdsa-sha2-nistp521-cert-v01@openssh.com, 821ecdsa-sha2-nistp521-cert-v01@openssh.com,
822sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
826ssh-ed25519-cert-v01@openssh.com, 823ssh-ed25519-cert-v01@openssh.com,
827rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 824sk-ssh-ed25519-cert-v01@openssh.com,
825rsa-sha2-512-cert-v01@openssh.com,
826rsa-sha2-256-cert-v01@openssh.com,
828ssh-rsa-cert-v01@openssh.com, 827ssh-rsa-cert-v01@openssh.com,
829ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 828ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
830ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 829sk-ecdsa-sha2-nistp256@openssh.com,
830ssh-ed25519,sk-ssh-ed25519@openssh.com,
831rsa-sha2-512,rsa-sha2-256,ssh-rsa
831.Ed 832.Ed
832.Pp 833.Pp
833The list of available key types may also be obtained using 834The list of available key types may also be obtained using
834.Qq ssh -Q key . 835.Qq ssh -Q HostKeyAlgorithms .
835.It Cm IgnoreRhosts 836.It Cm IgnoreRhosts
836Specifies that 837Specifies that
837.Pa .rhosts 838.Pa .rhosts
@@ -856,7 +857,20 @@ during
856and use only the system-wide known hosts file 857and use only the system-wide known hosts file
857.Pa /etc/ssh/known_hosts . 858.Pa /etc/ssh/known_hosts .
858The default is 859The default is
859.Cm no . 860.Dq no .
861.It Cm Include
862Include the specified configuration file(s).
863Multiple pathnames may be specified and each pathname may contain
864.Xr glob 7
865wildcards.
866Files without absolute paths are assumed to be in
867.Pa /etc/ssh .
868An
869.Cm Include
870directive may appear inside a
871.Cm Match
872block
873to perform conditional inclusion.
860.It Cm IPQoS 874.It Cm IPQoS
861Specifies the IPv4 type-of-service or DSCP class for the connection. 875Specifies the IPv4 type-of-service or DSCP class for the connection.
862Accepted values are 876Accepted values are
@@ -881,6 +895,7 @@ Accepted values are
881.Cm cs6 , 895.Cm cs6 ,
882.Cm cs7 , 896.Cm cs7 ,
883.Cm ef , 897.Cm ef ,
898.Cm le ,
884.Cm lowdelay , 899.Cm lowdelay ,
885.Cm throughput , 900.Cm throughput ,
886.Cm reliability , 901.Cm reliability ,
@@ -974,6 +989,8 @@ ecdh-sha2-nistp256
974ecdh-sha2-nistp384 989ecdh-sha2-nistp384
975.It 990.It
976ecdh-sha2-nistp521 991ecdh-sha2-nistp521
992.It
993sntrup4591761x25519-sha512@tinyssh.org
977.El 994.El
978.Pp 995.Pp
979The default is: 996The default is:
@@ -982,11 +999,11 @@ curve25519-sha256,curve25519-sha256@libssh.org,
982ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 999ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
983diffie-hellman-group-exchange-sha256, 1000diffie-hellman-group-exchange-sha256,
984diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, 1001diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
985diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 1002diffie-hellman-group14-sha256
986.Ed 1003.Ed
987.Pp 1004.Pp
988The list of available key exchange algorithms may also be obtained using 1005The list of available key exchange algorithms may also be obtained using
989.Qq ssh -Q kex . 1006.Qq ssh -Q KexAlgorithms .
990.It Cm ListenAddress 1007.It Cm ListenAddress
991Specifies the local addresses 1008Specifies the local addresses
992.Xr sshd 8 1009.Xr sshd 8
@@ -1199,6 +1216,7 @@ Available keywords are
1199.Cm HostbasedAcceptedKeyTypes , 1216.Cm HostbasedAcceptedKeyTypes ,
1200.Cm HostbasedAuthentication , 1217.Cm HostbasedAuthentication ,
1201.Cm HostbasedUsesNameFromPacketOnly , 1218.Cm HostbasedUsesNameFromPacketOnly ,
1219.Cm Include ,
1202.Cm IPQoS , 1220.Cm IPQoS ,
1203.Cm KbdInteractiveAuthentication , 1221.Cm KbdInteractiveAuthentication ,
1204.Cm KerberosAuthentication , 1222.Cm KerberosAuthentication ,
@@ -1341,7 +1359,9 @@ An argument of
1341can be used to prohibit all forwarding requests. 1359can be used to prohibit all forwarding requests.
1342The wildcard 1360The wildcard
1343.Sq * 1361.Sq *
1344can be used for host or port to allow all hosts or ports, respectively. 1362can be used for host or port to allow all hosts or ports respectively.
1363Otherwise, no pattern matching or address lookups are performed on supplied
1364names.
1345By default all port forwarding requests are permitted. 1365By default all port forwarding requests are permitted.
1346.It Cm PermitRootLogin 1366.It Cm PermitRootLogin
1347Specifies whether root can log in using 1367Specifies whether root can log in using
@@ -1482,15 +1502,44 @@ The default for this option is:
1482ecdsa-sha2-nistp256-cert-v01@openssh.com, 1502ecdsa-sha2-nistp256-cert-v01@openssh.com,
1483ecdsa-sha2-nistp384-cert-v01@openssh.com, 1503ecdsa-sha2-nistp384-cert-v01@openssh.com,
1484ecdsa-sha2-nistp521-cert-v01@openssh.com, 1504ecdsa-sha2-nistp521-cert-v01@openssh.com,
1505sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1485ssh-ed25519-cert-v01@openssh.com, 1506ssh-ed25519-cert-v01@openssh.com,
1486rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 1507sk-ssh-ed25519-cert-v01@openssh.com,
1508rsa-sha2-512-cert-v01@openssh.com,
1509rsa-sha2-256-cert-v01@openssh.com,
1487ssh-rsa-cert-v01@openssh.com, 1510ssh-rsa-cert-v01@openssh.com,
1488ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1511ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1489ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 1512sk-ecdsa-sha2-nistp256@openssh.com,
1513ssh-ed25519,sk-ssh-ed25519@openssh.com,
1514rsa-sha2-512,rsa-sha2-256,ssh-rsa
1490.Ed 1515.Ed
1491.Pp 1516.Pp
1492The list of available key types may also be obtained using 1517The list of available key types may also be obtained using
1493.Qq ssh -Q key . 1518.Qq ssh -Q PubkeyAcceptedKeyTypes .
1519.It Cm PubkeyAuthOptions
1520Sets one or more public key authentication options.
1521Two option keywords are currently supported:
1522.Cm none
1523(the default; indicating no additional options are enabled)
1524and
1525.Cm touch-required .
1526.Pp
1527The
1528.Cm touch-required
1529option causes public key authentication using a FIDO authenticator algorithm
1530(i.e.\&
1531.Cm ecdsa-sk
1532or
1533.Cm ed25519-sk )
1534to always require the signature to attest that a physically present user
1535explicitly confirmed the authentication (usually by touching the authenticator).
1536By default,
1537.Xr sshd 8
1538requires user presence unless overridden with an authorized_keys option.
1539The
1540.Cm touch-required
1541flag disables this override.
1542This option has no effect for other, non-authenticator public key types.
1494.It Cm PubkeyAuthentication 1543.It Cm PubkeyAuthentication
1495Specifies whether public key authentication is allowed. 1544Specifies whether public key authentication is allowed.
1496The default is 1545The default is
@@ -1541,6 +1590,10 @@ will be bound to this
1541If the routing domain is set to 1590If the routing domain is set to
1542.Cm \&%D , 1591.Cm \&%D ,
1543then the domain in which the incoming connection was received will be applied. 1592then the domain in which the incoming connection was received will be applied.
1593.It Cm SecurityKeyProvider
1594Specifies a path to a library that will be used when loading
1595FIDO authenticator-hosted keys, overriding the default of using
1596the built-in USB HID support.
1544.It Cm SetEnv 1597.It Cm SetEnv
1545Specifies one or more environment variables to set in child sessions started 1598Specifies one or more environment variables to set in child sessions started
1546by 1599by
diff --git a/ssherr.c b/ssherr.c
index 8ad3d5750..bd954aadd 100644
--- a/ssherr.c
+++ b/ssherr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssherr.c,v 1.8 2018/07/03 11:39:54 djm Exp $ */ 1/* $OpenBSD: ssherr.c,v 1.10 2020/01/25 23:13:09 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -141,6 +141,10 @@ ssh_err(int n)
141 return "number is too large"; 141 return "number is too large";
142 case SSH_ERR_SIGN_ALG_UNSUPPORTED: 142 case SSH_ERR_SIGN_ALG_UNSUPPORTED:
143 return "signature algorithm not supported"; 143 return "signature algorithm not supported";
144 case SSH_ERR_FEATURE_UNSUPPORTED:
145 return "requested feature not supported";
146 case SSH_ERR_DEVICE_NOT_FOUND:
147 return "device not found";
144 default: 148 default:
145 return "unknown error"; 149 return "unknown error";
146 } 150 }
diff --git a/ssherr.h b/ssherr.h
index 348da5a20..085e75274 100644
--- a/ssherr.h
+++ b/ssherr.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssherr.h,v 1.6 2018/07/03 11:39:54 djm Exp $ */ 1/* $OpenBSD: ssherr.h,v 1.8 2020/01/25 23:13:09 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -80,6 +80,8 @@
80#define SSH_ERR_KEY_LENGTH -56 80#define SSH_ERR_KEY_LENGTH -56
81#define SSH_ERR_NUMBER_TOO_LARGE -57 81#define SSH_ERR_NUMBER_TOO_LARGE -57
82#define SSH_ERR_SIGN_ALG_UNSUPPORTED -58 82#define SSH_ERR_SIGN_ALG_UNSUPPORTED -58
83#define SSH_ERR_FEATURE_UNSUPPORTED -59
84#define SSH_ERR_DEVICE_NOT_FOUND -60
83 85
84/* Translate a numeric error code to a human-readable error string */ 86/* Translate a numeric error code to a human-readable error string */
85const char *ssh_err(int n); 87const char *ssh_err(int n);
diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index 9e5f5e475..88e9ddf4d 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */ 1/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Markus Friedl. All rights reserved. 3 * Copyright (c) 2017 Markus Friedl. All rights reserved.
4 * 4 *
@@ -69,7 +69,7 @@ struct ssh_xmss_state {
69 u_int32_t maxidx; /* restricted # of signatures */ 69 u_int32_t maxidx; /* restricted # of signatures */
70 int have_state; /* .state file exists */ 70 int have_state; /* .state file exists */
71 int lockfd; /* locked in sshkey_xmss_get_state() */ 71 int lockfd; /* locked in sshkey_xmss_get_state() */
72 int allow_update; /* allow sshkey_xmss_update_state() */ 72 u_char allow_update; /* allow sshkey_xmss_update_state() */
73 char *enc_ciphername;/* encrypt state with cipher */ 73 char *enc_ciphername;/* encrypt state with cipher */
74 u_char *enc_keyiv; /* encrypt state with key */ 74 u_char *enc_keyiv; /* encrypt state with key */
75 u_int32_t enc_keyiv_len; /* length of enc_keyiv */ 75 u_int32_t enc_keyiv_len; /* length of enc_keyiv */
@@ -716,6 +716,7 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b,
716{ 716{
717 struct ssh_xmss_state *state = k->xmss_state; 717 struct ssh_xmss_state *state = k->xmss_state;
718 int r = SSH_ERR_INVALID_ARGUMENT; 718 int r = SSH_ERR_INVALID_ARGUMENT;
719 u_char have_stack, have_filename, have_enc;
719 720
720 if (state == NULL) 721 if (state == NULL)
721 return SSH_ERR_INVALID_ARGUMENT; 722 return SSH_ERR_INVALID_ARGUMENT;
@@ -727,9 +728,35 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b,
727 break; 728 break;
728 case SSHKEY_SERIALIZE_FULL: 729 case SSHKEY_SERIALIZE_FULL:
729 if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0) 730 if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
730 break; 731 return r;
731 r = sshkey_xmss_serialize_state(k, b); 732 r = sshkey_xmss_serialize_state(k, b);
732 break; 733 break;
734 case SSHKEY_SERIALIZE_SHIELD:
735 /* all of stack/filename/enc are optional */
736 have_stack = state->stack != NULL;
737 if ((r = sshbuf_put_u8(b, have_stack)) != 0)
738 return r;
739 if (have_stack) {
740 state->idx = PEEK_U32(k->xmss_sk); /* update */
741 if ((r = sshkey_xmss_serialize_state(k, b)) != 0)
742 return r;
743 }
744 have_filename = k->xmss_filename != NULL;
745 if ((r = sshbuf_put_u8(b, have_filename)) != 0)
746 return r;
747 if (have_filename &&
748 (r = sshbuf_put_cstring(b, k->xmss_filename)) != 0)
749 return r;
750 have_enc = state->enc_keyiv != NULL;
751 if ((r = sshbuf_put_u8(b, have_enc)) != 0)
752 return r;
753 if (have_enc &&
754 (r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
755 return r;
756 if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 ||
757 (r = sshbuf_put_u8(b, state->allow_update)) != 0)
758 return r;
759 break;
733 case SSHKEY_SERIALIZE_DEFAULT: 760 case SSHKEY_SERIALIZE_DEFAULT:
734 r = 0; 761 r = 0;
735 break; 762 break;
@@ -748,7 +775,7 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
748 u_int32_t i, lh, node; 775 u_int32_t i, lh, node;
749 size_t ls, lsl, la, lk, ln, lr; 776 size_t ls, lsl, la, lk, ln, lr;
750 char *magic; 777 char *magic;
751 int r; 778 int r = SSH_ERR_INTERNAL_ERROR;
752 779
753 if (state == NULL) 780 if (state == NULL)
754 return SSH_ERR_INVALID_ARGUMENT; 781 return SSH_ERR_INVALID_ARGUMENT;
@@ -767,9 +794,11 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
767 (r = sshbuf_get_string(b, &state->th_nodes, &ln)) != 0 || 794 (r = sshbuf_get_string(b, &state->th_nodes, &ln)) != 0 ||
768 (r = sshbuf_get_string(b, &state->retain, &lr)) != 0 || 795 (r = sshbuf_get_string(b, &state->retain, &lr)) != 0 ||
769 (r = sshbuf_get_u32(b, &lh)) != 0) 796 (r = sshbuf_get_u32(b, &lh)) != 0)
770 return r; 797 goto out;
771 if (strcmp(magic, SSH_XMSS_K2_MAGIC) != 0) 798 if (strcmp(magic, SSH_XMSS_K2_MAGIC) != 0) {
772 return SSH_ERR_INVALID_ARGUMENT; 799 r = SSH_ERR_INVALID_ARGUMENT;
800 goto out;
801 }
773 /* XXX check stackoffset */ 802 /* XXX check stackoffset */
774 if (ls != num_stack(state) || 803 if (ls != num_stack(state) ||
775 lsl != num_stacklevels(state) || 804 lsl != num_stacklevels(state) ||
@@ -777,8 +806,10 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
777 lk != num_keep(state) || 806 lk != num_keep(state) ||
778 ln != num_th_nodes(state) || 807 ln != num_th_nodes(state) ||
779 lr != num_retain(state) || 808 lr != num_retain(state) ||
780 lh != num_treehash(state)) 809 lh != num_treehash(state)) {
781 return SSH_ERR_INVALID_ARGUMENT; 810 r = SSH_ERR_INVALID_ARGUMENT;
811 goto out;
812 }
782 for (i = 0; i < num_treehash(state); i++) { 813 for (i = 0; i < num_treehash(state); i++) {
783 th = &state->treehash[i]; 814 th = &state->treehash[i];
784 if ((r = sshbuf_get_u32(b, &th->h)) != 0 || 815 if ((r = sshbuf_get_u32(b, &th->h)) != 0 ||
@@ -786,7 +817,7 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
786 (r = sshbuf_get_u32(b, &th->stackusage)) != 0 || 817 (r = sshbuf_get_u32(b, &th->stackusage)) != 0 ||
787 (r = sshbuf_get_u8(b, &th->completed)) != 0 || 818 (r = sshbuf_get_u8(b, &th->completed)) != 0 ||
788 (r = sshbuf_get_u32(b, &node)) != 0) 819 (r = sshbuf_get_u32(b, &node)) != 0)
789 return r; 820 goto out;
790 if (node < num_th_nodes(state)) 821 if (node < num_th_nodes(state))
791 th->node = &state->th_nodes[node]; 822 th->node = &state->th_nodes[node];
792 } 823 }
@@ -794,14 +825,19 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
794 xmss_set_bds_state(&state->bds, state->stack, state->stackoffset, 825 xmss_set_bds_state(&state->bds, state->stack, state->stackoffset,
795 state->stacklevels, state->auth, state->keep, state->treehash, 826 state->stacklevels, state->auth, state->keep, state->treehash,
796 state->retain, 0); 827 state->retain, 0);
797 return 0; 828 /* success */
829 r = 0;
830 out:
831 free(magic);
832 return r;
798} 833}
799 834
800int 835int
801sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) 836sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b)
802{ 837{
838 struct ssh_xmss_state *state = k->xmss_state;
803 enum sshkey_serialize_rep opts; 839 enum sshkey_serialize_rep opts;
804 u_char have_state; 840 u_char have_state, have_stack, have_filename, have_enc;
805 int r; 841 int r;
806 842
807 if ((r = sshbuf_get_u8(b, &have_state)) != 0) 843 if ((r = sshbuf_get_u8(b, &have_state)) != 0)
@@ -812,6 +848,26 @@ sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b)
812 case SSHKEY_SERIALIZE_DEFAULT: 848 case SSHKEY_SERIALIZE_DEFAULT:
813 r = 0; 849 r = 0;
814 break; 850 break;
851 case SSHKEY_SERIALIZE_SHIELD:
852 if ((r = sshbuf_get_u8(b, &have_stack)) != 0)
853 return r;
854 if (have_stack &&
855 (r = sshkey_xmss_deserialize_state(k, b)) != 0)
856 return r;
857 if ((r = sshbuf_get_u8(b, &have_filename)) != 0)
858 return r;
859 if (have_filename &&
860 (r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0)
861 return r;
862 if ((r = sshbuf_get_u8(b, &have_enc)) != 0)
863 return r;
864 if (have_enc &&
865 (r = sshkey_xmss_deserialize_enc_key(k, b)) != 0)
866 return r;
867 if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 ||
868 (r = sshbuf_get_u8(b, &state->allow_update)) != 0)
869 return r;
870 break;
815 case SSHKEY_SERIALIZE_STATE: 871 case SSHKEY_SERIALIZE_STATE:
816 if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) 872 if ((r = sshkey_xmss_deserialize_state(k, b)) != 0)
817 return r; 873 return r;
diff --git a/sshkey.c b/sshkey.c
index 4d2048b6a..fd5b77246 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.84 2019/10/09 00:04:42 djm Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -57,6 +57,7 @@
57#define SSHKEY_INTERNAL 57#define SSHKEY_INTERNAL
58#include "sshkey.h" 58#include "sshkey.h"
59#include "match.h" 59#include "match.h"
60#include "ssh-sk.h"
60 61
61#ifdef WITH_XMSS 62#ifdef WITH_XMSS
62#include "sshkey-xmss.h" 63#include "sshkey-xmss.h"
@@ -106,6 +107,10 @@ static const struct keytype keytypes[] = {
106 { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, 107 { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 },
107 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, 108 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL,
108 KEY_ED25519_CERT, 0, 1, 0 }, 109 KEY_ED25519_CERT, 0, 1, 0 },
110 { "sk-ssh-ed25519@openssh.com", "ED25519-SK", NULL,
111 KEY_ED25519_SK, 0, 0, 0 },
112 { "sk-ssh-ed25519-cert-v01@openssh.com", "ED25519-SK-CERT", NULL,
113 KEY_ED25519_SK_CERT, 0, 1, 0 },
109#ifdef WITH_XMSS 114#ifdef WITH_XMSS
110 { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, 115 { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 },
111 { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, 116 { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL,
@@ -125,6 +130,8 @@ static const struct keytype keytypes[] = {
125 { "ecdsa-sha2-nistp521", "ECDSA", NULL, 130 { "ecdsa-sha2-nistp521", "ECDSA", NULL,
126 KEY_ECDSA, NID_secp521r1, 0, 0 }, 131 KEY_ECDSA, NID_secp521r1, 0, 0 },
127# endif /* OPENSSL_HAS_NISTP521 */ 132# endif /* OPENSSL_HAS_NISTP521 */
133 { "sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL,
134 KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 0 },
128# endif /* OPENSSL_HAS_ECC */ 135# endif /* OPENSSL_HAS_ECC */
129 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, 136 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,
130 KEY_RSA_CERT, 0, 1, 0 }, 137 KEY_RSA_CERT, 0, 1, 0 },
@@ -143,6 +150,8 @@ static const struct keytype keytypes[] = {
143 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, 150 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL,
144 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, 151 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },
145# endif /* OPENSSL_HAS_NISTP521 */ 152# endif /* OPENSSL_HAS_NISTP521 */
153 { "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL,
154 KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 },
146# endif /* OPENSSL_HAS_ECC */ 155# endif /* OPENSSL_HAS_ECC */
147#endif /* WITH_OPENSSL */ 156#endif /* WITH_OPENSSL */
148 { "null", "null", NULL, KEY_NULL, 0, 0, 0 }, 157 { "null", "null", NULL, KEY_NULL, 0, 0, 0 },
@@ -212,13 +221,26 @@ sshkey_type_from_name(const char *name)
212 return KEY_UNSPEC; 221 return KEY_UNSPEC;
213} 222}
214 223
224static int
225key_type_is_ecdsa_variant(int type)
226{
227 switch (type) {
228 case KEY_ECDSA:
229 case KEY_ECDSA_CERT:
230 case KEY_ECDSA_SK:
231 case KEY_ECDSA_SK_CERT:
232 return 1;
233 }
234 return 0;
235}
236
215int 237int
216sshkey_ecdsa_nid_from_name(const char *name) 238sshkey_ecdsa_nid_from_name(const char *name)
217{ 239{
218 const struct keytype *kt; 240 const struct keytype *kt;
219 241
220 for (kt = keytypes; kt->type != -1; kt++) { 242 for (kt = keytypes; kt->type != -1; kt++) {
221 if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) 243 if (!key_type_is_ecdsa_variant(kt->type))
222 continue; 244 continue;
223 if (kt->name != NULL && strcmp(name, kt->name) == 0) 245 if (kt->name != NULL && strcmp(name, kt->name) == 0)
224 return kt->nid; 246 return kt->nid;
@@ -314,10 +336,14 @@ sshkey_size(const struct sshkey *k)
314 return BN_num_bits(dsa_p); 336 return BN_num_bits(dsa_p);
315 case KEY_ECDSA: 337 case KEY_ECDSA:
316 case KEY_ECDSA_CERT: 338 case KEY_ECDSA_CERT:
339 case KEY_ECDSA_SK:
340 case KEY_ECDSA_SK_CERT:
317 return sshkey_curve_nid_to_bits(k->ecdsa_nid); 341 return sshkey_curve_nid_to_bits(k->ecdsa_nid);
318#endif /* WITH_OPENSSL */ 342#endif /* WITH_OPENSSL */
319 case KEY_ED25519: 343 case KEY_ED25519:
320 case KEY_ED25519_CERT: 344 case KEY_ED25519_CERT:
345 case KEY_ED25519_SK:
346 case KEY_ED25519_SK_CERT:
321 case KEY_XMSS: 347 case KEY_XMSS:
322 case KEY_XMSS_CERT: 348 case KEY_XMSS_CERT:
323 return 256; /* XXX */ 349 return 256; /* XXX */
@@ -332,7 +358,9 @@ sshkey_type_is_valid_ca(int type)
332 case KEY_RSA: 358 case KEY_RSA:
333 case KEY_DSA: 359 case KEY_DSA:
334 case KEY_ECDSA: 360 case KEY_ECDSA:
361 case KEY_ECDSA_SK:
335 case KEY_ED25519: 362 case KEY_ED25519:
363 case KEY_ED25519_SK:
336 case KEY_XMSS: 364 case KEY_XMSS:
337 return 1; 365 return 1;
338 default: 366 default:
@@ -348,6 +376,20 @@ sshkey_is_cert(const struct sshkey *k)
348 return sshkey_type_is_cert(k->type); 376 return sshkey_type_is_cert(k->type);
349} 377}
350 378
379int
380sshkey_is_sk(const struct sshkey *k)
381{
382 if (k == NULL)
383 return 0;
384 switch (sshkey_type_plain(k->type)) {
385 case KEY_ECDSA_SK:
386 case KEY_ED25519_SK:
387 return 1;
388 default:
389 return 0;
390 }
391}
392
351/* Return the cert-less equivalent to a certified key type */ 393/* Return the cert-less equivalent to a certified key type */
352int 394int
353sshkey_type_plain(int type) 395sshkey_type_plain(int type)
@@ -359,8 +401,12 @@ sshkey_type_plain(int type)
359 return KEY_DSA; 401 return KEY_DSA;
360 case KEY_ECDSA_CERT: 402 case KEY_ECDSA_CERT:
361 return KEY_ECDSA; 403 return KEY_ECDSA;
404 case KEY_ECDSA_SK_CERT:
405 return KEY_ECDSA_SK;
362 case KEY_ED25519_CERT: 406 case KEY_ED25519_CERT:
363 return KEY_ED25519; 407 return KEY_ED25519;
408 case KEY_ED25519_SK_CERT:
409 return KEY_ED25519_SK;
364 case KEY_XMSS_CERT: 410 case KEY_XMSS_CERT:
365 return KEY_XMSS; 411 return KEY_XMSS;
366 default: 412 default:
@@ -534,11 +580,15 @@ sshkey_new(int type)
534 break; 580 break;
535 case KEY_ECDSA: 581 case KEY_ECDSA:
536 case KEY_ECDSA_CERT: 582 case KEY_ECDSA_CERT:
583 case KEY_ECDSA_SK:
584 case KEY_ECDSA_SK_CERT:
537 /* Cannot do anything until we know the group */ 585 /* Cannot do anything until we know the group */
538 break; 586 break;
539#endif /* WITH_OPENSSL */ 587#endif /* WITH_OPENSSL */
540 case KEY_ED25519: 588 case KEY_ED25519:
541 case KEY_ED25519_CERT: 589 case KEY_ED25519_CERT:
590 case KEY_ED25519_SK:
591 case KEY_ED25519_SK_CERT:
542 case KEY_XMSS: 592 case KEY_XMSS:
543 case KEY_XMSS_CERT: 593 case KEY_XMSS_CERT:
544 /* no need to prealloc */ 594 /* no need to prealloc */
@@ -578,6 +628,12 @@ sshkey_free(struct sshkey *k)
578 k->dsa = NULL; 628 k->dsa = NULL;
579 break; 629 break;
580# ifdef OPENSSL_HAS_ECC 630# ifdef OPENSSL_HAS_ECC
631 case KEY_ECDSA_SK:
632 case KEY_ECDSA_SK_CERT:
633 free(k->sk_application);
634 sshbuf_free(k->sk_key_handle);
635 sshbuf_free(k->sk_reserved);
636 /* FALLTHROUGH */
581 case KEY_ECDSA: 637 case KEY_ECDSA:
582 case KEY_ECDSA_CERT: 638 case KEY_ECDSA_CERT:
583 EC_KEY_free(k->ecdsa); 639 EC_KEY_free(k->ecdsa);
@@ -585,6 +641,12 @@ sshkey_free(struct sshkey *k)
585 break; 641 break;
586# endif /* OPENSSL_HAS_ECC */ 642# endif /* OPENSSL_HAS_ECC */
587#endif /* WITH_OPENSSL */ 643#endif /* WITH_OPENSSL */
644 case KEY_ED25519_SK:
645 case KEY_ED25519_SK_CERT:
646 free(k->sk_application);
647 sshbuf_free(k->sk_key_handle);
648 sshbuf_free(k->sk_reserved);
649 /* FALLTHROUGH */
588 case KEY_ED25519: 650 case KEY_ED25519:
589 case KEY_ED25519_CERT: 651 case KEY_ED25519_CERT:
590 freezero(k->ed25519_pk, ED25519_PK_SZ); 652 freezero(k->ed25519_pk, ED25519_PK_SZ);
@@ -645,9 +707,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
645 const BIGNUM *rsa_e_b, *rsa_n_b; 707 const BIGNUM *rsa_e_b, *rsa_n_b;
646 const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; 708 const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
647 const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; 709 const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
648# if defined(OPENSSL_HAS_ECC)
649 BN_CTX *bnctx;
650# endif /* OPENSSL_HAS_ECC */
651#endif /* WITH_OPENSSL */ 710#endif /* WITH_OPENSSL */
652 711
653 if (a == NULL || b == NULL || 712 if (a == NULL || b == NULL ||
@@ -677,26 +736,35 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
677 BN_cmp(dsa_g_a, dsa_g_b) == 0 && 736 BN_cmp(dsa_g_a, dsa_g_b) == 0 &&
678 BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0; 737 BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
679# ifdef OPENSSL_HAS_ECC 738# ifdef OPENSSL_HAS_ECC
739 case KEY_ECDSA_SK:
740 case KEY_ECDSA_SK_CERT:
741 if (a->sk_application == NULL || b->sk_application == NULL)
742 return 0;
743 if (strcmp(a->sk_application, b->sk_application) != 0)
744 return 0;
745 /* FALLTHROUGH */
680 case KEY_ECDSA_CERT: 746 case KEY_ECDSA_CERT:
681 case KEY_ECDSA: 747 case KEY_ECDSA:
682 if (a->ecdsa == NULL || b->ecdsa == NULL || 748 if (a->ecdsa == NULL || b->ecdsa == NULL ||
683 EC_KEY_get0_public_key(a->ecdsa) == NULL || 749 EC_KEY_get0_public_key(a->ecdsa) == NULL ||
684 EC_KEY_get0_public_key(b->ecdsa) == NULL) 750 EC_KEY_get0_public_key(b->ecdsa) == NULL)
685 return 0; 751 return 0;
686 if ((bnctx = BN_CTX_new()) == NULL)
687 return 0;
688 if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), 752 if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa),
689 EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || 753 EC_KEY_get0_group(b->ecdsa), NULL) != 0 ||
690 EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), 754 EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa),
691 EC_KEY_get0_public_key(a->ecdsa), 755 EC_KEY_get0_public_key(a->ecdsa),
692 EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { 756 EC_KEY_get0_public_key(b->ecdsa), NULL) != 0)
693 BN_CTX_free(bnctx);
694 return 0; 757 return 0;
695 }
696 BN_CTX_free(bnctx);
697 return 1; 758 return 1;
698# endif /* OPENSSL_HAS_ECC */ 759# endif /* OPENSSL_HAS_ECC */
699#endif /* WITH_OPENSSL */ 760#endif /* WITH_OPENSSL */
761 case KEY_ED25519_SK:
762 case KEY_ED25519_SK_CERT:
763 if (a->sk_application == NULL || b->sk_application == NULL)
764 return 0;
765 if (strcmp(a->sk_application, b->sk_application) != 0)
766 return 0;
767 /* FALLTHROUGH */
700 case KEY_ED25519: 768 case KEY_ED25519:
701 case KEY_ED25519_CERT: 769 case KEY_ED25519_CERT:
702 return a->ed25519_pk != NULL && b->ed25519_pk != NULL && 770 return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
@@ -752,9 +820,11 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
752#ifdef WITH_OPENSSL 820#ifdef WITH_OPENSSL
753 case KEY_DSA_CERT: 821 case KEY_DSA_CERT:
754 case KEY_ECDSA_CERT: 822 case KEY_ECDSA_CERT:
823 case KEY_ECDSA_SK_CERT:
755 case KEY_RSA_CERT: 824 case KEY_RSA_CERT:
756#endif /* WITH_OPENSSL */ 825#endif /* WITH_OPENSSL */
757 case KEY_ED25519_CERT: 826 case KEY_ED25519_CERT:
827 case KEY_ED25519_SK_CERT:
758#ifdef WITH_XMSS 828#ifdef WITH_XMSS
759 case KEY_XMSS_CERT: 829 case KEY_XMSS_CERT:
760#endif /* WITH_XMSS */ 830#endif /* WITH_XMSS */
@@ -778,6 +848,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
778 break; 848 break;
779# ifdef OPENSSL_HAS_ECC 849# ifdef OPENSSL_HAS_ECC
780 case KEY_ECDSA: 850 case KEY_ECDSA:
851 case KEY_ECDSA_SK:
781 if (key->ecdsa == NULL) 852 if (key->ecdsa == NULL)
782 return SSH_ERR_INVALID_ARGUMENT; 853 return SSH_ERR_INVALID_ARGUMENT;
783 if ((ret = sshbuf_put_cstring(b, typename)) != 0 || 854 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
@@ -785,6 +856,11 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
785 sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || 856 sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||
786 (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) 857 (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0)
787 return ret; 858 return ret;
859 if (type == KEY_ECDSA_SK) {
860 if ((ret = sshbuf_put_cstring(b,
861 key->sk_application)) != 0)
862 return ret;
863 }
788 break; 864 break;
789# endif 865# endif
790 case KEY_RSA: 866 case KEY_RSA:
@@ -798,12 +874,18 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
798 break; 874 break;
799#endif /* WITH_OPENSSL */ 875#endif /* WITH_OPENSSL */
800 case KEY_ED25519: 876 case KEY_ED25519:
877 case KEY_ED25519_SK:
801 if (key->ed25519_pk == NULL) 878 if (key->ed25519_pk == NULL)
802 return SSH_ERR_INVALID_ARGUMENT; 879 return SSH_ERR_INVALID_ARGUMENT;
803 if ((ret = sshbuf_put_cstring(b, typename)) != 0 || 880 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
804 (ret = sshbuf_put_string(b, 881 (ret = sshbuf_put_string(b,
805 key->ed25519_pk, ED25519_PK_SZ)) != 0) 882 key->ed25519_pk, ED25519_PK_SZ)) != 0)
806 return ret; 883 return ret;
884 if (type == KEY_ED25519_SK) {
885 if ((ret = sshbuf_put_cstring(b,
886 key->sk_application)) != 0)
887 return ret;
888 }
807 break; 889 break;
808#ifdef WITH_XMSS 890#ifdef WITH_XMSS
809 case KEY_XMSS: 891 case KEY_XMSS:
@@ -1218,7 +1300,7 @@ peek_type_nid(const char *s, size_t l, int *nid)
1218 continue; 1300 continue;
1219 if (memcmp(s, kt->name, l) == 0) { 1301 if (memcmp(s, kt->name, l) == 0) {
1220 *nid = -1; 1302 *nid = -1;
1221 if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT) 1303 if (key_type_is_ecdsa_variant(kt->type))
1222 *nid = kt->nid; 1304 *nid = kt->nid;
1223 return kt->type; 1305 return kt->type;
1224 } 1306 }
@@ -1244,11 +1326,15 @@ sshkey_read(struct sshkey *ret, char **cpp)
1244 case KEY_RSA: 1326 case KEY_RSA:
1245 case KEY_DSA: 1327 case KEY_DSA:
1246 case KEY_ECDSA: 1328 case KEY_ECDSA:
1329 case KEY_ECDSA_SK:
1247 case KEY_ED25519: 1330 case KEY_ED25519:
1331 case KEY_ED25519_SK:
1248 case KEY_DSA_CERT: 1332 case KEY_DSA_CERT:
1249 case KEY_ECDSA_CERT: 1333 case KEY_ECDSA_CERT:
1334 case KEY_ECDSA_SK_CERT:
1250 case KEY_RSA_CERT: 1335 case KEY_RSA_CERT:
1251 case KEY_ED25519_CERT: 1336 case KEY_ED25519_CERT:
1337 case KEY_ED25519_SK_CERT:
1252#ifdef WITH_XMSS 1338#ifdef WITH_XMSS
1253 case KEY_XMSS: 1339 case KEY_XMSS:
1254 case KEY_XMSS_CERT: 1340 case KEY_XMSS_CERT:
@@ -1303,7 +1389,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
1303 sshkey_free(k); 1389 sshkey_free(k);
1304 return SSH_ERR_KEY_TYPE_MISMATCH; 1390 return SSH_ERR_KEY_TYPE_MISMATCH;
1305 } 1391 }
1306 if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) { 1392 if (key_type_is_ecdsa_variant(type) && curve_nid != k->ecdsa_nid) {
1307 sshkey_free(k); 1393 sshkey_free(k);
1308 return SSH_ERR_EC_CURVE_MISMATCH; 1394 return SSH_ERR_EC_CURVE_MISMATCH;
1309 } 1395 }
@@ -1349,6 +1435,19 @@ sshkey_read(struct sshkey *ret, char **cpp)
1349 sshkey_dump_ec_key(ret->ecdsa); 1435 sshkey_dump_ec_key(ret->ecdsa);
1350#endif 1436#endif
1351 break; 1437 break;
1438 case KEY_ECDSA_SK:
1439 EC_KEY_free(ret->ecdsa);
1440 ret->ecdsa = k->ecdsa;
1441 ret->ecdsa_nid = k->ecdsa_nid;
1442 ret->sk_application = k->sk_application;
1443 k->ecdsa = NULL;
1444 k->ecdsa_nid = -1;
1445 k->sk_application = NULL;
1446#ifdef DEBUG_PK
1447 sshkey_dump_ec_key(ret->ecdsa);
1448 fprintf(stderr, "App: %s\n", ret->sk_application);
1449#endif
1450 break;
1352# endif /* OPENSSL_HAS_ECC */ 1451# endif /* OPENSSL_HAS_ECC */
1353#endif /* WITH_OPENSSL */ 1452#endif /* WITH_OPENSSL */
1354 case KEY_ED25519: 1453 case KEY_ED25519:
@@ -1359,6 +1458,13 @@ sshkey_read(struct sshkey *ret, char **cpp)
1359 /* XXX */ 1458 /* XXX */
1360#endif 1459#endif
1361 break; 1460 break;
1461 case KEY_ED25519_SK:
1462 freezero(ret->ed25519_pk, ED25519_PK_SZ);
1463 ret->ed25519_pk = k->ed25519_pk;
1464 ret->sk_application = k->sk_application;
1465 k->ed25519_pk = NULL;
1466 k->sk_application = NULL;
1467 break;
1362#ifdef WITH_XMSS 1468#ifdef WITH_XMSS
1363 case KEY_XMSS: 1469 case KEY_XMSS:
1364 free(ret->xmss_pk); 1470 free(ret->xmss_pk);
@@ -1547,7 +1653,6 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k)
1547 }; 1653 };
1548 int nid; 1654 int nid;
1549 u_int i; 1655 u_int i;
1550 BN_CTX *bnctx;
1551 const EC_GROUP *g = EC_KEY_get0_group(k); 1656 const EC_GROUP *g = EC_KEY_get0_group(k);
1552 1657
1553 /* 1658 /*
@@ -1560,18 +1665,13 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k)
1560 */ 1665 */
1561 if ((nid = EC_GROUP_get_curve_name(g)) > 0) 1666 if ((nid = EC_GROUP_get_curve_name(g)) > 0)
1562 return nid; 1667 return nid;
1563 if ((bnctx = BN_CTX_new()) == NULL)
1564 return -1;
1565 for (i = 0; nids[i] != -1; i++) { 1668 for (i = 0; nids[i] != -1; i++) {
1566 if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) { 1669 if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL)
1567 BN_CTX_free(bnctx);
1568 return -1; 1670 return -1;
1569 } 1671 if (EC_GROUP_cmp(g, eg, NULL) == 0)
1570 if (EC_GROUP_cmp(g, eg, bnctx) == 0)
1571 break; 1672 break;
1572 EC_GROUP_free(eg); 1673 EC_GROUP_free(eg);
1573 } 1674 }
1574 BN_CTX_free(bnctx);
1575 if (nids[i] != -1) { 1675 if (nids[i] != -1) {
1576 /* Use the group with the NID attached */ 1676 /* Use the group with the NID attached */
1577 EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); 1677 EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE);
@@ -1748,15 +1848,14 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1748#endif /* WITH_OPENSSL */ 1848#endif /* WITH_OPENSSL */
1749 1849
1750 *pkp = NULL; 1850 *pkp = NULL;
1851 if ((n = sshkey_new(k->type)) == NULL) {
1852 r = SSH_ERR_ALLOC_FAIL;
1853 goto out;
1854 }
1751 switch (k->type) { 1855 switch (k->type) {
1752#ifdef WITH_OPENSSL 1856#ifdef WITH_OPENSSL
1753 case KEY_DSA: 1857 case KEY_DSA:
1754 case KEY_DSA_CERT: 1858 case KEY_DSA_CERT:
1755 if ((n = sshkey_new(k->type)) == NULL) {
1756 r = SSH_ERR_ALLOC_FAIL;
1757 goto out;
1758 }
1759
1760 DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); 1859 DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
1761 DSA_get0_key(k->dsa, &dsa_pub_key, NULL); 1860 DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
1762 if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || 1861 if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
@@ -1781,10 +1880,8 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1781# ifdef OPENSSL_HAS_ECC 1880# ifdef OPENSSL_HAS_ECC
1782 case KEY_ECDSA: 1881 case KEY_ECDSA:
1783 case KEY_ECDSA_CERT: 1882 case KEY_ECDSA_CERT:
1784 if ((n = sshkey_new(k->type)) == NULL) { 1883 case KEY_ECDSA_SK:
1785 r = SSH_ERR_ALLOC_FAIL; 1884 case KEY_ECDSA_SK_CERT:
1786 goto out;
1787 }
1788 n->ecdsa_nid = k->ecdsa_nid; 1885 n->ecdsa_nid = k->ecdsa_nid;
1789 n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); 1886 n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
1790 if (n->ecdsa == NULL) { 1887 if (n->ecdsa == NULL) {
@@ -1796,14 +1893,15 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1796 r = SSH_ERR_LIBCRYPTO_ERROR; 1893 r = SSH_ERR_LIBCRYPTO_ERROR;
1797 goto out; 1894 goto out;
1798 } 1895 }
1896 if (k->type != KEY_ECDSA_SK && k->type != KEY_ECDSA_SK_CERT)
1897 break;
1898 /* Append security-key application string */
1899 if ((n->sk_application = strdup(k->sk_application)) == NULL)
1900 goto out;
1799 break; 1901 break;
1800# endif /* OPENSSL_HAS_ECC */ 1902# endif /* OPENSSL_HAS_ECC */
1801 case KEY_RSA: 1903 case KEY_RSA:
1802 case KEY_RSA_CERT: 1904 case KEY_RSA_CERT:
1803 if ((n = sshkey_new(k->type)) == NULL) {
1804 r = SSH_ERR_ALLOC_FAIL;
1805 goto out;
1806 }
1807 RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); 1905 RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
1808 if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || 1906 if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
1809 (rsa_e_dup = BN_dup(rsa_e)) == NULL) { 1907 (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
@@ -1819,10 +1917,8 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1819#endif /* WITH_OPENSSL */ 1917#endif /* WITH_OPENSSL */
1820 case KEY_ED25519: 1918 case KEY_ED25519:
1821 case KEY_ED25519_CERT: 1919 case KEY_ED25519_CERT:
1822 if ((n = sshkey_new(k->type)) == NULL) { 1920 case KEY_ED25519_SK:
1823 r = SSH_ERR_ALLOC_FAIL; 1921 case KEY_ED25519_SK_CERT:
1824 goto out;
1825 }
1826 if (k->ed25519_pk != NULL) { 1922 if (k->ed25519_pk != NULL) {
1827 if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { 1923 if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
1828 r = SSH_ERR_ALLOC_FAIL; 1924 r = SSH_ERR_ALLOC_FAIL;
@@ -1830,17 +1926,20 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1830 } 1926 }
1831 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); 1927 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
1832 } 1928 }
1929 if (k->type != KEY_ED25519_SK &&
1930 k->type != KEY_ED25519_SK_CERT)
1931 break;
1932 /* Append security-key application string */
1933 if ((n->sk_application = strdup(k->sk_application)) == NULL)
1934 goto out;
1833 break; 1935 break;
1834#ifdef WITH_XMSS 1936#ifdef WITH_XMSS
1835 case KEY_XMSS: 1937 case KEY_XMSS:
1836 case KEY_XMSS_CERT: 1938 case KEY_XMSS_CERT:
1837 if ((n = sshkey_new(k->type)) == NULL) {
1838 r = SSH_ERR_ALLOC_FAIL;
1839 goto out;
1840 }
1841 if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) 1939 if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0)
1842 goto out; 1940 goto out;
1843 if (k->xmss_pk != NULL) { 1941 if (k->xmss_pk != NULL) {
1942 u_int32_t left;
1844 size_t pklen = sshkey_xmss_pklen(k); 1943 size_t pklen = sshkey_xmss_pklen(k);
1845 if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { 1944 if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) {
1846 r = SSH_ERR_INTERNAL_ERROR; 1945 r = SSH_ERR_INTERNAL_ERROR;
@@ -1851,6 +1950,10 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1851 goto out; 1950 goto out;
1852 } 1951 }
1853 memcpy(n->xmss_pk, k->xmss_pk, pklen); 1952 memcpy(n->xmss_pk, k->xmss_pk, pklen);
1953 /* simulate number of signatures left on pubkey */
1954 left = sshkey_xmss_signatures_left(k);
1955 if (left)
1956 sshkey_xmss_enable_maxsign(n, left);
1854 } 1957 }
1855 break; 1958 break;
1856#endif /* WITH_XMSS */ 1959#endif /* WITH_XMSS */
@@ -1935,7 +2038,7 @@ sshkey_shield_private(struct sshkey *k)
1935 if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) 2038 if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0)
1936 goto out; 2039 goto out;
1937 if ((r = sshkey_private_serialize_opt(k, prvbuf, 2040 if ((r = sshkey_private_serialize_opt(k, prvbuf,
1938 SSHKEY_SERIALIZE_FULL)) != 0) 2041 SSHKEY_SERIALIZE_SHIELD)) != 0)
1939 goto out; 2042 goto out;
1940 /* pad to cipher blocksize */ 2043 /* pad to cipher blocksize */
1941 i = 0; 2044 i = 0;
@@ -1978,6 +2081,9 @@ sshkey_shield_private(struct sshkey *k)
1978 enc = prekey = NULL; /* transferred */ 2081 enc = prekey = NULL; /* transferred */
1979 enclen = 0; 2082 enclen = 0;
1980 2083
2084 /* preserve key fields that are required for correct operation */
2085 k->sk_flags = kswap->sk_flags;
2086
1981 /* success */ 2087 /* success */
1982 r = 0; 2088 r = 0;
1983 2089
@@ -2199,7 +2305,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
2199 goto out; 2305 goto out;
2200 } 2306 }
2201 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, 2307 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
2202 sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) 2308 sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0)
2203 goto out; 2309 goto out;
2204 if ((ret = sshkey_get_sigtype(sig, slen, 2310 if ((ret = sshkey_get_sigtype(sig, slen,
2205 &key->cert->signature_type)) != 0) 2311 &key->cert->signature_type)) != 0)
@@ -2329,15 +2435,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2329 DSA_print_fp(stderr, key->dsa, 8); 2435 DSA_print_fp(stderr, key->dsa, 8);
2330#endif 2436#endif
2331 break; 2437 break;
2438# ifdef OPENSSL_HAS_ECC
2332 case KEY_ECDSA_CERT: 2439 case KEY_ECDSA_CERT:
2440 case KEY_ECDSA_SK_CERT:
2333 /* Skip nonce */ 2441 /* Skip nonce */
2334 if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { 2442 if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
2335 ret = SSH_ERR_INVALID_FORMAT; 2443 ret = SSH_ERR_INVALID_FORMAT;
2336 goto out; 2444 goto out;
2337 } 2445 }
2338 /* FALLTHROUGH */ 2446 /* FALLTHROUGH */
2339# ifdef OPENSSL_HAS_ECC
2340 case KEY_ECDSA: 2447 case KEY_ECDSA:
2448 case KEY_ECDSA_SK:
2341 if ((key = sshkey_new(type)) == NULL) { 2449 if ((key = sshkey_new(type)) == NULL) {
2342 ret = SSH_ERR_ALLOC_FAIL; 2450 ret = SSH_ERR_ALLOC_FAIL;
2343 goto out; 2451 goto out;
@@ -2378,10 +2486,22 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2378#ifdef DEBUG_PK 2486#ifdef DEBUG_PK
2379 sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); 2487 sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q);
2380#endif 2488#endif
2489 if (type == KEY_ECDSA_SK || type == KEY_ECDSA_SK_CERT) {
2490 /* Parse additional security-key application string */
2491 if (sshbuf_get_cstring(b, &key->sk_application,
2492 NULL) != 0) {
2493 ret = SSH_ERR_INVALID_FORMAT;
2494 goto out;
2495 }
2496#ifdef DEBUG_PK
2497 fprintf(stderr, "App: %s\n", key->sk_application);
2498#endif
2499 }
2381 break; 2500 break;
2382# endif /* OPENSSL_HAS_ECC */ 2501# endif /* OPENSSL_HAS_ECC */
2383#endif /* WITH_OPENSSL */ 2502#endif /* WITH_OPENSSL */
2384 case KEY_ED25519_CERT: 2503 case KEY_ED25519_CERT:
2504 case KEY_ED25519_SK_CERT:
2385 /* Skip nonce */ 2505 /* Skip nonce */
2386 if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { 2506 if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
2387 ret = SSH_ERR_INVALID_FORMAT; 2507 ret = SSH_ERR_INVALID_FORMAT;
@@ -2389,6 +2509,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2389 } 2509 }
2390 /* FALLTHROUGH */ 2510 /* FALLTHROUGH */
2391 case KEY_ED25519: 2511 case KEY_ED25519:
2512 case KEY_ED25519_SK:
2392 if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) 2513 if ((ret = sshbuf_get_string(b, &pk, &len)) != 0)
2393 goto out; 2514 goto out;
2394 if (len != ED25519_PK_SZ) { 2515 if (len != ED25519_PK_SZ) {
@@ -2399,6 +2520,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2399 ret = SSH_ERR_ALLOC_FAIL; 2520 ret = SSH_ERR_ALLOC_FAIL;
2400 goto out; 2521 goto out;
2401 } 2522 }
2523 if (type == KEY_ED25519_SK || type == KEY_ED25519_SK_CERT) {
2524 /* Parse additional security-key application string */
2525 if (sshbuf_get_cstring(b, &key->sk_application,
2526 NULL) != 0) {
2527 ret = SSH_ERR_INVALID_FORMAT;
2528 goto out;
2529 }
2530#ifdef DEBUG_PK
2531 fprintf(stderr, "App: %s\n", key->sk_application);
2532#endif
2533 }
2402 key->ed25519_pk = pk; 2534 key->ed25519_pk = pk;
2403 pk = NULL; 2535 pk = NULL;
2404 break; 2536 break;
@@ -2597,7 +2729,8 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen,
2597int 2729int
2598sshkey_sign(struct sshkey *key, 2730sshkey_sign(struct sshkey *key,
2599 u_char **sigp, size_t *lenp, 2731 u_char **sigp, size_t *lenp,
2600 const u_char *data, size_t datalen, const char *alg, u_int compat) 2732 const u_char *data, size_t datalen,
2733 const char *alg, const char *sk_provider, u_int compat)
2601{ 2734{
2602 int was_shielded = sshkey_is_shielded(key); 2735 int was_shielded = sshkey_is_shielded(key);
2603 int r2, r = SSH_ERR_INTERNAL_ERROR; 2736 int r2, r = SSH_ERR_INTERNAL_ERROR;
@@ -2631,6 +2764,13 @@ sshkey_sign(struct sshkey *key,
2631 case KEY_ED25519_CERT: 2764 case KEY_ED25519_CERT:
2632 r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); 2765 r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
2633 break; 2766 break;
2767 case KEY_ED25519_SK:
2768 case KEY_ED25519_SK_CERT:
2769 case KEY_ECDSA_SK_CERT:
2770 case KEY_ECDSA_SK:
2771 r = sshsk_sign(sk_provider, key, sigp, lenp, data,
2772 datalen, compat, /* XXX PIN */ NULL);
2773 break;
2634#ifdef WITH_XMSS 2774#ifdef WITH_XMSS
2635 case KEY_XMSS: 2775 case KEY_XMSS:
2636 case KEY_XMSS_CERT: 2776 case KEY_XMSS_CERT:
@@ -2653,8 +2793,11 @@ sshkey_sign(struct sshkey *key,
2653int 2793int
2654sshkey_verify(const struct sshkey *key, 2794sshkey_verify(const struct sshkey *key,
2655 const u_char *sig, size_t siglen, 2795 const u_char *sig, size_t siglen,
2656 const u_char *data, size_t dlen, const char *alg, u_int compat) 2796 const u_char *data, size_t dlen, const char *alg, u_int compat,
2797 struct sshkey_sig_details **detailsp)
2657{ 2798{
2799 if (detailsp != NULL)
2800 *detailsp = NULL;
2658 if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) 2801 if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)
2659 return SSH_ERR_INVALID_ARGUMENT; 2802 return SSH_ERR_INVALID_ARGUMENT;
2660 switch (key->type) { 2803 switch (key->type) {
@@ -2666,6 +2809,10 @@ sshkey_verify(const struct sshkey *key,
2666 case KEY_ECDSA_CERT: 2809 case KEY_ECDSA_CERT:
2667 case KEY_ECDSA: 2810 case KEY_ECDSA:
2668 return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); 2811 return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);
2812 case KEY_ECDSA_SK_CERT:
2813 case KEY_ECDSA_SK:
2814 return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen,
2815 compat, detailsp);
2669# endif /* OPENSSL_HAS_ECC */ 2816# endif /* OPENSSL_HAS_ECC */
2670 case KEY_RSA_CERT: 2817 case KEY_RSA_CERT:
2671 case KEY_RSA: 2818 case KEY_RSA:
@@ -2674,6 +2821,10 @@ sshkey_verify(const struct sshkey *key,
2674 case KEY_ED25519: 2821 case KEY_ED25519:
2675 case KEY_ED25519_CERT: 2822 case KEY_ED25519_CERT:
2676 return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); 2823 return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
2824 case KEY_ED25519_SK:
2825 case KEY_ED25519_SK_CERT:
2826 return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen,
2827 compat, detailsp);
2677#ifdef WITH_XMSS 2828#ifdef WITH_XMSS
2678 case KEY_XMSS: 2829 case KEY_XMSS:
2679 case KEY_XMSS_CERT: 2830 case KEY_XMSS_CERT:
@@ -2701,7 +2852,13 @@ sshkey_to_certified(struct sshkey *k)
2701 case KEY_ECDSA: 2852 case KEY_ECDSA:
2702 newtype = KEY_ECDSA_CERT; 2853 newtype = KEY_ECDSA_CERT;
2703 break; 2854 break;
2855 case KEY_ECDSA_SK:
2856 newtype = KEY_ECDSA_SK_CERT;
2857 break;
2704#endif /* WITH_OPENSSL */ 2858#endif /* WITH_OPENSSL */
2859 case KEY_ED25519_SK:
2860 newtype = KEY_ED25519_SK_CERT;
2861 break;
2705 case KEY_ED25519: 2862 case KEY_ED25519:
2706 newtype = KEY_ED25519_CERT; 2863 newtype = KEY_ED25519_CERT;
2707 break; 2864 break;
@@ -2734,7 +2891,7 @@ sshkey_drop_cert(struct sshkey *k)
2734/* Sign a certified key, (re-)generating the signed certblob. */ 2891/* Sign a certified key, (re-)generating the signed certblob. */
2735int 2892int
2736sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, 2893sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2737 sshkey_certify_signer *signer, void *signer_ctx) 2894 const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx)
2738{ 2895{
2739 struct sshbuf *principals = NULL; 2896 struct sshbuf *principals = NULL;
2740 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; 2897 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32];
@@ -2798,12 +2955,18 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2798 break; 2955 break;
2799# ifdef OPENSSL_HAS_ECC 2956# ifdef OPENSSL_HAS_ECC
2800 case KEY_ECDSA_CERT: 2957 case KEY_ECDSA_CERT:
2958 case KEY_ECDSA_SK_CERT:
2801 if ((ret = sshbuf_put_cstring(cert, 2959 if ((ret = sshbuf_put_cstring(cert,
2802 sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || 2960 sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 ||
2803 (ret = sshbuf_put_ec(cert, 2961 (ret = sshbuf_put_ec(cert,
2804 EC_KEY_get0_public_key(k->ecdsa), 2962 EC_KEY_get0_public_key(k->ecdsa),
2805 EC_KEY_get0_group(k->ecdsa))) != 0) 2963 EC_KEY_get0_group(k->ecdsa))) != 0)
2806 goto out; 2964 goto out;
2965 if (k->type == KEY_ECDSA_SK_CERT) {
2966 if ((ret = sshbuf_put_cstring(cert,
2967 k->sk_application)) != 0)
2968 goto out;
2969 }
2807 break; 2970 break;
2808# endif /* OPENSSL_HAS_ECC */ 2971# endif /* OPENSSL_HAS_ECC */
2809 case KEY_RSA_CERT: 2972 case KEY_RSA_CERT:
@@ -2814,9 +2977,15 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2814 break; 2977 break;
2815#endif /* WITH_OPENSSL */ 2978#endif /* WITH_OPENSSL */
2816 case KEY_ED25519_CERT: 2979 case KEY_ED25519_CERT:
2980 case KEY_ED25519_SK_CERT:
2817 if ((ret = sshbuf_put_string(cert, 2981 if ((ret = sshbuf_put_string(cert,
2818 k->ed25519_pk, ED25519_PK_SZ)) != 0) 2982 k->ed25519_pk, ED25519_PK_SZ)) != 0)
2819 goto out; 2983 goto out;
2984 if (k->type == KEY_ED25519_SK_CERT) {
2985 if ((ret = sshbuf_put_cstring(cert,
2986 k->sk_application)) != 0)
2987 goto out;
2988 }
2820 break; 2989 break;
2821#ifdef WITH_XMSS 2990#ifdef WITH_XMSS
2822 case KEY_XMSS_CERT: 2991 case KEY_XMSS_CERT:
@@ -2860,7 +3029,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2860 3029
2861 /* Sign the whole mess */ 3030 /* Sign the whole mess */
2862 if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), 3031 if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2863 sshbuf_len(cert), alg, 0, signer_ctx)) != 0) 3032 sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0)
2864 goto out; 3033 goto out;
2865 /* Check and update signature_type against what was actually used */ 3034 /* Check and update signature_type against what was actually used */
2866 if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) 3035 if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
@@ -2890,17 +3059,20 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2890static int 3059static int
2891default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, 3060default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
2892 const u_char *data, size_t datalen, 3061 const u_char *data, size_t datalen,
2893 const char *alg, u_int compat, void *ctx) 3062 const char *alg, const char *sk_provider, u_int compat, void *ctx)
2894{ 3063{
2895 if (ctx != NULL) 3064 if (ctx != NULL)
2896 return SSH_ERR_INVALID_ARGUMENT; 3065 return SSH_ERR_INVALID_ARGUMENT;
2897 return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); 3066 return sshkey_sign(key, sigp, lenp, data, datalen, alg,
3067 sk_provider, compat);
2898} 3068}
2899 3069
2900int 3070int
2901sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) 3071sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg,
3072 const char *sk_provider)
2902{ 3073{
2903 return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); 3074 return sshkey_certify_custom(k, ca, alg, sk_provider,
3075 default_key_sign, NULL);
2904} 3076}
2905 3077
2906int 3078int
@@ -3083,6 +3255,28 @@ sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf,
3083 EC_KEY_get0_private_key(key->ecdsa))) != 0) 3255 EC_KEY_get0_private_key(key->ecdsa))) != 0)
3084 goto out; 3256 goto out;
3085 break; 3257 break;
3258 case KEY_ECDSA_SK:
3259 if ((r = sshbuf_put_cstring(b,
3260 sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||
3261 (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 ||
3262 (r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||
3263 (r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||
3264 (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||
3265 (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)
3266 goto out;
3267 break;
3268 case KEY_ECDSA_SK_CERT:
3269 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
3270 r = SSH_ERR_INVALID_ARGUMENT;
3271 goto out;
3272 }
3273 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
3274 (r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||
3275 (r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||
3276 (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||
3277 (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)
3278 goto out;
3279 break;
3086# endif /* OPENSSL_HAS_ECC */ 3280# endif /* OPENSSL_HAS_ECC */
3087#endif /* WITH_OPENSSL */ 3281#endif /* WITH_OPENSSL */
3088 case KEY_ED25519: 3282 case KEY_ED25519:
@@ -3104,6 +3298,29 @@ sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf,
3104 ED25519_SK_SZ)) != 0) 3298 ED25519_SK_SZ)) != 0)
3105 goto out; 3299 goto out;
3106 break; 3300 break;
3301 case KEY_ED25519_SK:
3302 if ((r = sshbuf_put_string(b, key->ed25519_pk,
3303 ED25519_PK_SZ)) != 0 ||
3304 (r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||
3305 (r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||
3306 (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||
3307 (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)
3308 goto out;
3309 break;
3310 case KEY_ED25519_SK_CERT:
3311 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
3312 r = SSH_ERR_INVALID_ARGUMENT;
3313 goto out;
3314 }
3315 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
3316 (r = sshbuf_put_string(b, key->ed25519_pk,
3317 ED25519_PK_SZ)) != 0 ||
3318 (r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||
3319 (r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||
3320 (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||
3321 (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)
3322 goto out;
3323 break;
3107#ifdef WITH_XMSS 3324#ifdef WITH_XMSS
3108 case KEY_XMSS: 3325 case KEY_XMSS:
3109 if (key->xmss_name == NULL) { 3326 if (key->xmss_name == NULL) {
@@ -3271,6 +3488,60 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3271 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 3488 (r = sshkey_ec_validate_private(k->ecdsa)) != 0)
3272 goto out; 3489 goto out;
3273 break; 3490 break;
3491 case KEY_ECDSA_SK:
3492 if ((k = sshkey_new(type)) == NULL) {
3493 r = SSH_ERR_ALLOC_FAIL;
3494 goto out;
3495 }
3496 if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) {
3497 r = SSH_ERR_INVALID_ARGUMENT;
3498 goto out;
3499 }
3500 if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0)
3501 goto out;
3502 if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) {
3503 r = SSH_ERR_EC_CURVE_MISMATCH;
3504 goto out;
3505 }
3506 if ((k->sk_key_handle = sshbuf_new()) == NULL ||
3507 (k->sk_reserved = sshbuf_new()) == NULL) {
3508 r = SSH_ERR_ALLOC_FAIL;
3509 goto out;
3510 }
3511 k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
3512 if (k->ecdsa == NULL) {
3513 r = SSH_ERR_LIBCRYPTO_ERROR;
3514 goto out;
3515 }
3516 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 ||
3517 (r = sshbuf_get_cstring(buf, &k->sk_application,
3518 NULL)) != 0 ||
3519 (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||
3520 (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||
3521 (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)
3522 goto out;
3523 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
3524 EC_KEY_get0_public_key(k->ecdsa))) != 0)
3525 goto out;
3526 break;
3527 case KEY_ECDSA_SK_CERT:
3528 if ((r = sshkey_froms(buf, &k)) != 0)
3529 goto out;
3530 if ((k->sk_key_handle = sshbuf_new()) == NULL ||
3531 (k->sk_reserved = sshbuf_new()) == NULL) {
3532 r = SSH_ERR_ALLOC_FAIL;
3533 goto out;
3534 }
3535 if ((r = sshbuf_get_cstring(buf, &k->sk_application,
3536 NULL)) != 0 ||
3537 (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||
3538 (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||
3539 (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)
3540 goto out;
3541 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
3542 EC_KEY_get0_public_key(k->ecdsa))) != 0)
3543 goto out;
3544 break;
3274# endif /* OPENSSL_HAS_ECC */ 3545# endif /* OPENSSL_HAS_ECC */
3275 case KEY_RSA: 3546 case KEY_RSA:
3276 if ((k = sshkey_new(type)) == NULL) { 3547 if ((k = sshkey_new(type)) == NULL) {
@@ -3359,6 +3630,57 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3359 k->ed25519_sk = ed25519_sk; 3630 k->ed25519_sk = ed25519_sk;
3360 ed25519_pk = ed25519_sk = NULL; /* transferred */ 3631 ed25519_pk = ed25519_sk = NULL; /* transferred */
3361 break; 3632 break;
3633 case KEY_ED25519_SK:
3634 if ((k = sshkey_new(type)) == NULL) {
3635 r = SSH_ERR_ALLOC_FAIL;
3636 goto out;
3637 }
3638 if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0)
3639 goto out;
3640 if (pklen != ED25519_PK_SZ) {
3641 r = SSH_ERR_INVALID_FORMAT;
3642 goto out;
3643 }
3644 if ((k->sk_key_handle = sshbuf_new()) == NULL ||
3645 (k->sk_reserved = sshbuf_new()) == NULL) {
3646 r = SSH_ERR_ALLOC_FAIL;
3647 goto out;
3648 }
3649 if ((r = sshbuf_get_cstring(buf, &k->sk_application,
3650 NULL)) != 0 ||
3651 (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||
3652 (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||
3653 (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)
3654 goto out;
3655 k->ed25519_pk = ed25519_pk;
3656 ed25519_pk = NULL;
3657 break;
3658 case KEY_ED25519_SK_CERT:
3659 if ((r = sshkey_froms(buf, &k)) != 0 ||
3660 (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0)
3661 goto out;
3662 if (k->type != type) {
3663 r = SSH_ERR_INVALID_FORMAT;
3664 goto out;
3665 }
3666 if (pklen != ED25519_PK_SZ) {
3667 r = SSH_ERR_INVALID_FORMAT;
3668 goto out;
3669 }
3670 if ((k->sk_key_handle = sshbuf_new()) == NULL ||
3671 (k->sk_reserved = sshbuf_new()) == NULL) {
3672 r = SSH_ERR_ALLOC_FAIL;
3673 goto out;
3674 }
3675 if ((r = sshbuf_get_cstring(buf, &k->sk_application,
3676 NULL)) != 0 ||
3677 (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||
3678 (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||
3679 (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)
3680 goto out;
3681 k->ed25519_pk = ed25519_pk;
3682 ed25519_pk = NULL; /* transferred */
3683 break;
3362#ifdef WITH_XMSS 3684#ifdef WITH_XMSS
3363 case KEY_XMSS: 3685 case KEY_XMSS:
3364 if ((k = sshkey_new(type)) == NULL) { 3686 if ((k = sshkey_new(type)) == NULL) {
@@ -3457,9 +3779,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
3457int 3779int
3458sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) 3780sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3459{ 3781{
3460 BN_CTX *bnctx;
3461 EC_POINT *nq = NULL; 3782 EC_POINT *nq = NULL;
3462 BIGNUM *order, *x, *y, *tmp; 3783 BIGNUM *order = NULL, *x = NULL, *y = NULL, *tmp = NULL;
3463 int ret = SSH_ERR_KEY_INVALID_EC_VALUE; 3784 int ret = SSH_ERR_KEY_INVALID_EC_VALUE;
3464 3785
3465 /* 3786 /*
@@ -3470,10 +3791,6 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3470 * EC_POINT_oct2point then the caller will need to explicitly check. 3791 * EC_POINT_oct2point then the caller will need to explicitly check.
3471 */ 3792 */
3472 3793
3473 if ((bnctx = BN_CTX_new()) == NULL)
3474 return SSH_ERR_ALLOC_FAIL;
3475 BN_CTX_start(bnctx);
3476
3477 /* 3794 /*
3478 * We shouldn't ever hit this case because bignum_get_ecpoint() 3795 * We shouldn't ever hit this case because bignum_get_ecpoint()
3479 * refuses to load GF2m points. 3796 * refuses to load GF2m points.
@@ -3486,18 +3803,18 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3486 if (EC_POINT_is_at_infinity(group, public)) 3803 if (EC_POINT_is_at_infinity(group, public))
3487 goto out; 3804 goto out;
3488 3805
3489 if ((x = BN_CTX_get(bnctx)) == NULL || 3806 if ((x = BN_new()) == NULL ||
3490 (y = BN_CTX_get(bnctx)) == NULL || 3807 (y = BN_new()) == NULL ||
3491 (order = BN_CTX_get(bnctx)) == NULL || 3808 (order = BN_new()) == NULL ||
3492 (tmp = BN_CTX_get(bnctx)) == NULL) { 3809 (tmp = BN_new()) == NULL) {
3493 ret = SSH_ERR_ALLOC_FAIL; 3810 ret = SSH_ERR_ALLOC_FAIL;
3494 goto out; 3811 goto out;
3495 } 3812 }
3496 3813
3497 /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ 3814 /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */
3498 if (EC_GROUP_get_order(group, order, bnctx) != 1 || 3815 if (EC_GROUP_get_order(group, order, NULL) != 1 ||
3499 EC_POINT_get_affine_coordinates_GFp(group, public, 3816 EC_POINT_get_affine_coordinates_GFp(group, public,
3500 x, y, bnctx) != 1) { 3817 x, y, NULL) != 1) {
3501 ret = SSH_ERR_LIBCRYPTO_ERROR; 3818 ret = SSH_ERR_LIBCRYPTO_ERROR;
3502 goto out; 3819 goto out;
3503 } 3820 }
@@ -3510,7 +3827,7 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3510 ret = SSH_ERR_ALLOC_FAIL; 3827 ret = SSH_ERR_ALLOC_FAIL;
3511 goto out; 3828 goto out;
3512 } 3829 }
3513 if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) { 3830 if (EC_POINT_mul(group, nq, NULL, public, order, NULL) != 1) {
3514 ret = SSH_ERR_LIBCRYPTO_ERROR; 3831 ret = SSH_ERR_LIBCRYPTO_ERROR;
3515 goto out; 3832 goto out;
3516 } 3833 }
@@ -3526,7 +3843,10 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3526 goto out; 3843 goto out;
3527 ret = 0; 3844 ret = 0;
3528 out: 3845 out:
3529 BN_CTX_free(bnctx); 3846 BN_clear_free(x);
3847 BN_clear_free(y);
3848 BN_clear_free(order);
3849 BN_clear_free(tmp);
3530 EC_POINT_free(nq); 3850 EC_POINT_free(nq);
3531 return ret; 3851 return ret;
3532} 3852}
@@ -3534,22 +3854,16 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
3534int 3854int
3535sshkey_ec_validate_private(const EC_KEY *key) 3855sshkey_ec_validate_private(const EC_KEY *key)
3536{ 3856{
3537 BN_CTX *bnctx; 3857 BIGNUM *order = NULL, *tmp = NULL;
3538 BIGNUM *order, *tmp;
3539 int ret = SSH_ERR_KEY_INVALID_EC_VALUE; 3858 int ret = SSH_ERR_KEY_INVALID_EC_VALUE;
3540 3859
3541 if ((bnctx = BN_CTX_new()) == NULL) 3860 if ((order = BN_new()) == NULL || (tmp = BN_new()) == NULL) {
3542 return SSH_ERR_ALLOC_FAIL;
3543 BN_CTX_start(bnctx);
3544
3545 if ((order = BN_CTX_get(bnctx)) == NULL ||
3546 (tmp = BN_CTX_get(bnctx)) == NULL) {
3547 ret = SSH_ERR_ALLOC_FAIL; 3861 ret = SSH_ERR_ALLOC_FAIL;
3548 goto out; 3862 goto out;
3549 } 3863 }
3550 3864
3551 /* log2(private) > log2(order)/2 */ 3865 /* log2(private) > log2(order)/2 */
3552 if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) { 3866 if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, NULL) != 1) {
3553 ret = SSH_ERR_LIBCRYPTO_ERROR; 3867 ret = SSH_ERR_LIBCRYPTO_ERROR;
3554 goto out; 3868 goto out;
3555 } 3869 }
@@ -3566,47 +3880,43 @@ sshkey_ec_validate_private(const EC_KEY *key)
3566 goto out; 3880 goto out;
3567 ret = 0; 3881 ret = 0;
3568 out: 3882 out:
3569 BN_CTX_free(bnctx); 3883 BN_clear_free(order);
3884 BN_clear_free(tmp);
3570 return ret; 3885 return ret;
3571} 3886}
3572 3887
3573void 3888void
3574sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) 3889sshkey_dump_ec_point(const EC_GROUP *group, const EC_POINT *point)
3575{ 3890{
3576 BIGNUM *x, *y; 3891 BIGNUM *x = NULL, *y = NULL;
3577 BN_CTX *bnctx;
3578 3892
3579 if (point == NULL) { 3893 if (point == NULL) {
3580 fputs("point=(NULL)\n", stderr); 3894 fputs("point=(NULL)\n", stderr);
3581 return; 3895 return;
3582 } 3896 }
3583 if ((bnctx = BN_CTX_new()) == NULL) { 3897 if ((x = BN_new()) == NULL || (y = BN_new()) == NULL) {
3584 fprintf(stderr, "%s: BN_CTX_new failed\n", __func__); 3898 fprintf(stderr, "%s: BN_new failed\n", __func__);
3585 return; 3899 goto out;
3586 }
3587 BN_CTX_start(bnctx);
3588 if ((x = BN_CTX_get(bnctx)) == NULL ||
3589 (y = BN_CTX_get(bnctx)) == NULL) {
3590 fprintf(stderr, "%s: BN_CTX_get failed\n", __func__);
3591 return;
3592 } 3900 }
3593 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 3901 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
3594 NID_X9_62_prime_field) { 3902 NID_X9_62_prime_field) {
3595 fprintf(stderr, "%s: group is not a prime field\n", __func__); 3903 fprintf(stderr, "%s: group is not a prime field\n", __func__);
3596 return; 3904 goto out;
3597 } 3905 }
3598 if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, 3906 if (EC_POINT_get_affine_coordinates_GFp(group, point,
3599 bnctx) != 1) { 3907 x, y, NULL) != 1) {
3600 fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", 3908 fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n",
3601 __func__); 3909 __func__);
3602 return; 3910 goto out;
3603 } 3911 }
3604 fputs("x=", stderr); 3912 fputs("x=", stderr);
3605 BN_print_fp(stderr, x); 3913 BN_print_fp(stderr, x);
3606 fputs("\ny=", stderr); 3914 fputs("\ny=", stderr);
3607 BN_print_fp(stderr, y); 3915 BN_print_fp(stderr, y);
3608 fputs("\n", stderr); 3916 fputs("\n", stderr);
3609 BN_CTX_free(bnctx); 3917 out:
3918 BN_clear_free(x);
3919 BN_clear_free(y);
3610} 3920}
3611 3921
3612void 3922void
@@ -4088,9 +4398,13 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
4088 break; /* see below */ 4398 break; /* see below */
4089#endif /* WITH_OPENSSL */ 4399#endif /* WITH_OPENSSL */
4090 case KEY_ED25519: 4400 case KEY_ED25519:
4401 case KEY_ED25519_SK:
4091#ifdef WITH_XMSS 4402#ifdef WITH_XMSS
4092 case KEY_XMSS: 4403 case KEY_XMSS:
4093#endif /* WITH_XMSS */ 4404#endif /* WITH_XMSS */
4405#ifdef WITH_OPENSSL
4406 case KEY_ECDSA_SK:
4407#endif /* WITH_OPENSSL */
4094 return sshkey_private_to_blob2(key, blob, passphrase, 4408 return sshkey_private_to_blob2(key, blob, passphrase,
4095 comment, openssh_format_cipher, openssh_format_rounds); 4409 comment, openssh_format_cipher, openssh_format_rounds);
4096 default: 4410 default:
@@ -4112,7 +4426,6 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
4112#endif /* WITH_OPENSSL */ 4426#endif /* WITH_OPENSSL */
4113} 4427}
4114 4428
4115
4116#ifdef WITH_OPENSSL 4429#ifdef WITH_OPENSSL
4117static int 4430static int
4118translate_libcrypto_error(unsigned long pem_err) 4431translate_libcrypto_error(unsigned long pem_err)
@@ -4346,6 +4659,12 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase,
4346 passphrase, keyp, commentp); 4659 passphrase, keyp, commentp);
4347} 4660}
4348 4661
4662void
4663sshkey_sig_details_free(struct sshkey_sig_details *details)
4664{
4665 freezero(details, sizeof(*details));
4666}
4667
4349#ifdef WITH_XMSS 4668#ifdef WITH_XMSS
4350/* 4669/*
4351 * serialize the key with the current state and forward the state 4670 * serialize the key with the current state and forward the state
diff --git a/sshkey.h b/sshkey.h
index 1bf30d055..37a43a67a 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.44 2019/12/30 09:23:28 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -65,6 +65,10 @@ enum sshkey_types {
65 KEY_ED25519_CERT, 65 KEY_ED25519_CERT,
66 KEY_XMSS, 66 KEY_XMSS,
67 KEY_XMSS_CERT, 67 KEY_XMSS_CERT,
68 KEY_ECDSA_SK,
69 KEY_ECDSA_SK_CERT,
70 KEY_ED25519_SK,
71 KEY_ED25519_SK_CERT,
68 KEY_NULL, 72 KEY_NULL,
69 KEY_UNSPEC 73 KEY_UNSPEC
70}; 74};
@@ -84,9 +88,10 @@ enum sshkey_fp_rep {
84/* Private key serialisation formats, used on the wire */ 88/* Private key serialisation formats, used on the wire */
85enum sshkey_serialize_rep { 89enum sshkey_serialize_rep {
86 SSHKEY_SERIALIZE_DEFAULT = 0, 90 SSHKEY_SERIALIZE_DEFAULT = 0,
87 SSHKEY_SERIALIZE_STATE = 1, 91 SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */
88 SSHKEY_SERIALIZE_FULL = 2, 92 SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */
89 SSHKEY_SERIALIZE_INFO = 254, 93 SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */
94 SSHKEY_SERIALIZE_INFO = 254, /* minimal information */
90}; 95};
91 96
92/* Private key disk formats */ 97/* Private key disk formats */
@@ -119,18 +124,30 @@ struct sshkey_cert {
119struct sshkey { 124struct sshkey {
120 int type; 125 int type;
121 int flags; 126 int flags;
127 /* KEY_RSA */
122 RSA *rsa; 128 RSA *rsa;
129 /* KEY_DSA */
123 DSA *dsa; 130 DSA *dsa;
131 /* KEY_ECDSA and KEY_ECDSA_SK */
124 int ecdsa_nid; /* NID of curve */ 132 int ecdsa_nid; /* NID of curve */
125 EC_KEY *ecdsa; 133 EC_KEY *ecdsa;
134 /* KEY_ED25519 and KEY_ED25519_SK */
126 u_char *ed25519_sk; 135 u_char *ed25519_sk;
127 u_char *ed25519_pk; 136 u_char *ed25519_pk;
137 /* KEY_XMSS */
128 char *xmss_name; 138 char *xmss_name;
129 char *xmss_filename; /* for state file updates */ 139 char *xmss_filename; /* for state file updates */
130 void *xmss_state; /* depends on xmss_name, opaque */ 140 void *xmss_state; /* depends on xmss_name, opaque */
131 u_char *xmss_sk; 141 u_char *xmss_sk;
132 u_char *xmss_pk; 142 u_char *xmss_pk;
143 /* KEY_ECDSA_SK and KEY_ED25519_SK */
144 char *sk_application;
145 uint8_t sk_flags;
146 struct sshbuf *sk_key_handle;
147 struct sshbuf *sk_reserved;
148 /* Certificates */
133 struct sshkey_cert *cert; 149 struct sshkey_cert *cert;
150 /* Private key shielding */
134 u_char *shielded_private; 151 u_char *shielded_private;
135 size_t shielded_len; 152 size_t shielded_len;
136 u_char *shield_prekey; 153 u_char *shield_prekey;
@@ -140,6 +157,12 @@ struct sshkey {
140#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES 157#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
141#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES 158#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
142 159
160/* Additional fields contained in signature */
161struct sshkey_sig_details {
162 uint32_t sk_counter; /* U2F signature counter */
163 uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */
164};
165
143struct sshkey *sshkey_new(int); 166struct sshkey *sshkey_new(int);
144void sshkey_free(struct sshkey *); 167void sshkey_free(struct sshkey *);
145int sshkey_equal_public(const struct sshkey *, 168int sshkey_equal_public(const struct sshkey *,
@@ -165,6 +188,7 @@ int sshkey_unshield_private(struct sshkey *);
165 188
166int sshkey_type_from_name(const char *); 189int sshkey_type_from_name(const char *);
167int sshkey_is_cert(const struct sshkey *); 190int sshkey_is_cert(const struct sshkey *);
191int sshkey_is_sk(const struct sshkey *);
168int sshkey_type_is_cert(int); 192int sshkey_type_is_cert(int);
169int sshkey_type_plain(int); 193int sshkey_type_plain(int);
170int sshkey_to_certified(struct sshkey *); 194int sshkey_to_certified(struct sshkey *);
@@ -176,12 +200,13 @@ size_t sshkey_format_cert_validity(const struct sshkey_cert *,
176 char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); 200 char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
177int sshkey_check_cert_sigtype(const struct sshkey *, const char *); 201int sshkey_check_cert_sigtype(const struct sshkey *, const char *);
178 202
179int sshkey_certify(struct sshkey *, struct sshkey *, const char *); 203int sshkey_certify(struct sshkey *, struct sshkey *,
204 const char *, const char *);
180/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ 205/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
181typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, 206typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *,
182 const u_char *, size_t, const char *, u_int, void *); 207 const u_char *, size_t, const char *, const char *, u_int, void *);
183int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, 208int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *,
184 sshkey_certify_signer *, void *); 209 const char *, sshkey_certify_signer *, void *);
185 210
186int sshkey_ecdsa_nid_from_name(const char *); 211int sshkey_ecdsa_nid_from_name(const char *);
187int sshkey_curve_name_to_nid(const char *); 212int sshkey_curve_name_to_nid(const char *);
@@ -210,9 +235,9 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *);
210int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 235int sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
211 236
212int sshkey_sign(struct sshkey *, u_char **, size_t *, 237int sshkey_sign(struct sshkey *, u_char **, size_t *,
213 const u_char *, size_t, const char *, u_int); 238 const u_char *, size_t, const char *, const char *, u_int);
214int sshkey_verify(const struct sshkey *, const u_char *, size_t, 239int sshkey_verify(const struct sshkey *, const u_char *, size_t,
215 const u_char *, size_t, const char *, u_int); 240 const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **);
216int sshkey_check_sigtype(const u_char *, size_t, const char *); 241int sshkey_check_sigtype(const u_char *, size_t, const char *);
217const char *sshkey_sigalg_by_name(const char *); 242const char *sshkey_sigalg_by_name(const char *);
218int sshkey_get_sigtype(const u_char *, size_t, char **); 243int sshkey_get_sigtype(const u_char *, size_t, char **);
@@ -252,6 +277,8 @@ int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
252int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, 277int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf,
253 u_int32_t maxsign, sshkey_printfn *pr); 278 u_int32_t maxsign, sshkey_printfn *pr);
254 279
280void sshkey_sig_details_free(struct sshkey_sig_details *);
281
255#ifdef SSHKEY_INTERNAL 282#ifdef SSHKEY_INTERNAL
256int ssh_rsa_sign(const struct sshkey *key, 283int ssh_rsa_sign(const struct sshkey *key,
257 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, 284 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
@@ -269,11 +296,19 @@ int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
269int ssh_ecdsa_verify(const struct sshkey *key, 296int ssh_ecdsa_verify(const struct sshkey *key,
270 const u_char *signature, size_t signaturelen, 297 const u_char *signature, size_t signaturelen,
271 const u_char *data, size_t datalen, u_int compat); 298 const u_char *data, size_t datalen, u_int compat);
299int ssh_ecdsa_sk_verify(const struct sshkey *key,
300 const u_char *signature, size_t signaturelen,
301 const u_char *data, size_t datalen, u_int compat,
302 struct sshkey_sig_details **detailsp);
272int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 303int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
273 const u_char *data, size_t datalen, u_int compat); 304 const u_char *data, size_t datalen, u_int compat);
274int ssh_ed25519_verify(const struct sshkey *key, 305int ssh_ed25519_verify(const struct sshkey *key,
275 const u_char *signature, size_t signaturelen, 306 const u_char *signature, size_t signaturelen,
276 const u_char *data, size_t datalen, u_int compat); 307 const u_char *data, size_t datalen, u_int compat);
308int ssh_ed25519_sk_verify(const struct sshkey *key,
309 const u_char *signature, size_t signaturelen,
310 const u_char *data, size_t datalen, u_int compat,
311 struct sshkey_sig_details **detailsp);
277int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 312int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
278 const u_char *data, size_t datalen, u_int compat); 313 const u_char *data, size_t datalen, u_int compat);
279int ssh_xmss_verify(const struct sshkey *key, 314int ssh_xmss_verify(const struct sshkey *key,
diff --git a/sshsig.c b/sshsig.c
index b19cd077d..e63a36e1e 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -151,8 +151,9 @@ done:
151 151
152static int 152static int
153sshsig_wrap_sign(struct sshkey *key, const char *hashalg, 153sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
154 const struct sshbuf *h_message, const char *sig_namespace, 154 const char *sk_provider, const struct sshbuf *h_message,
155 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) 155 const char *sig_namespace, struct sshbuf **out,
156 sshsig_signer *signer, void *signer_ctx)
156{ 157{
157 int r; 158 int r;
158 size_t slen = 0; 159 size_t slen = 0;
@@ -184,14 +185,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
184 if (signer != NULL) { 185 if (signer != NULL) {
185 if ((r = signer(key, &sig, &slen, 186 if ((r = signer(key, &sig, &slen,
186 sshbuf_ptr(tosign), sshbuf_len(tosign), 187 sshbuf_ptr(tosign), sshbuf_len(tosign),
187 sign_alg, 0, signer_ctx)) != 0) { 188 sign_alg, sk_provider, 0, signer_ctx)) != 0) {
188 error("Couldn't sign message: %s", ssh_err(r)); 189 error("Couldn't sign message: %s", ssh_err(r));
189 goto done; 190 goto done;
190 } 191 }
191 } else { 192 } else {
192 if ((r = sshkey_sign(key, &sig, &slen, 193 if ((r = sshkey_sign(key, &sig, &slen,
193 sshbuf_ptr(tosign), sshbuf_len(tosign), 194 sshbuf_ptr(tosign), sshbuf_len(tosign),
194 sign_alg, 0)) != 0) { 195 sign_alg, sk_provider, 0)) != 0) {
195 error("Couldn't sign message: %s", ssh_err(r)); 196 error("Couldn't sign message: %s", ssh_err(r));
196 goto done; 197 goto done;
197 } 198 }
@@ -285,7 +286,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp)
285static int 286static int
286sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, 287sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
287 const struct sshbuf *h_message, const char *expect_namespace, 288 const struct sshbuf *h_message, const char *expect_namespace,
288 struct sshkey **sign_keyp) 289 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details)
289{ 290{
290 int r = SSH_ERR_INTERNAL_ERROR; 291 int r = SSH_ERR_INTERNAL_ERROR;
291 struct sshbuf *buf = NULL, *toverify = NULL; 292 struct sshbuf *buf = NULL, *toverify = NULL;
@@ -295,6 +296,8 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
295 size_t siglen; 296 size_t siglen;
296 297
297 debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); 298 debug("%s: verify message length %zu", __func__, sshbuf_len(h_message));
299 if (sig_details != NULL)
300 *sig_details = NULL;
298 if (sign_keyp != NULL) 301 if (sign_keyp != NULL)
299 *sign_keyp = NULL; 302 *sign_keyp = NULL;
300 303
@@ -360,7 +363,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
360 } 363 }
361 } 364 }
362 if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), 365 if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
363 sshbuf_len(toverify), NULL, 0)) != 0) { 366 sshbuf_len(toverify), NULL, 0, sig_details)) != 0) {
364 error("Signature verification failed: %s", ssh_err(r)); 367 error("Signature verification failed: %s", ssh_err(r));
365 goto done; 368 goto done;
366 } 369 }
@@ -425,7 +428,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
425} 428}
426 429
427int 430int
428sshsig_signb(struct sshkey *key, const char *hashalg, 431sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider,
429 const struct sshbuf *message, const char *sig_namespace, 432 const struct sshbuf *message, const char *sig_namespace,
430 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) 433 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
431{ 434{
@@ -440,8 +443,8 @@ sshsig_signb(struct sshkey *key, const char *hashalg,
440 error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); 443 error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
441 goto out; 444 goto out;
442 } 445 }
443 if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, 446 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
444 signer, signer_ctx)) != 0) 447 sig_namespace, out, signer, signer_ctx)) != 0)
445 goto out; 448 goto out;
446 /* success */ 449 /* success */
447 r = 0; 450 r = 0;
@@ -452,15 +455,17 @@ sshsig_signb(struct sshkey *key, const char *hashalg,
452 455
453int 456int
454sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, 457sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
455 const char *expect_namespace, struct sshkey **sign_keyp) 458 const char *expect_namespace, struct sshkey **sign_keyp,
459 struct sshkey_sig_details **sig_details)
456{ 460{
457 struct sshbuf *b = NULL; 461 struct sshbuf *b = NULL;
458 int r = SSH_ERR_INTERNAL_ERROR; 462 int r = SSH_ERR_INTERNAL_ERROR;
459 char *hashalg = NULL; 463 char *hashalg = NULL;
460 464
465 if (sig_details != NULL)
466 *sig_details = NULL;
461 if (sign_keyp != NULL) 467 if (sign_keyp != NULL)
462 *sign_keyp = NULL; 468 *sign_keyp = NULL;
463
464 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 469 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
465 return r; 470 return r;
466 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 471 debug("%s: signature made with hash \"%s\"", __func__, hashalg);
@@ -469,7 +474,7 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
469 goto out; 474 goto out;
470 } 475 }
471 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 476 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
472 sign_keyp)) != 0) 477 sign_keyp, sig_details)) != 0)
473 goto out; 478 goto out;
474 /* success */ 479 /* success */
475 r = 0; 480 r = 0;
@@ -551,7 +556,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
551} 556}
552 557
553int 558int
554sshsig_sign_fd(struct sshkey *key, const char *hashalg, 559sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider,
555 int fd, const char *sig_namespace, struct sshbuf **out, 560 int fd, const char *sig_namespace, struct sshbuf **out,
556 sshsig_signer *signer, void *signer_ctx) 561 sshsig_signer *signer, void *signer_ctx)
557{ 562{
@@ -566,8 +571,8 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg,
566 error("%s: hash_file failed: %s", __func__, ssh_err(r)); 571 error("%s: hash_file failed: %s", __func__, ssh_err(r));
567 return r; 572 return r;
568 } 573 }
569 if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, 574 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
570 signer, signer_ctx)) != 0) 575 sig_namespace, out, signer, signer_ctx)) != 0)
571 goto out; 576 goto out;
572 /* success */ 577 /* success */
573 r = 0; 578 r = 0;
@@ -578,15 +583,17 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg,
578 583
579int 584int
580sshsig_verify_fd(struct sshbuf *signature, int fd, 585sshsig_verify_fd(struct sshbuf *signature, int fd,
581 const char *expect_namespace, struct sshkey **sign_keyp) 586 const char *expect_namespace, struct sshkey **sign_keyp,
587 struct sshkey_sig_details **sig_details)
582{ 588{
583 struct sshbuf *b = NULL; 589 struct sshbuf *b = NULL;
584 int r = SSH_ERR_INTERNAL_ERROR; 590 int r = SSH_ERR_INTERNAL_ERROR;
585 char *hashalg = NULL; 591 char *hashalg = NULL;
586 592
593 if (sig_details != NULL)
594 *sig_details = NULL;
587 if (sign_keyp != NULL) 595 if (sign_keyp != NULL)
588 *sign_keyp = NULL; 596 *sign_keyp = NULL;
589
590 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 597 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
591 return r; 598 return r;
592 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 599 debug("%s: signature made with hash \"%s\"", __func__, hashalg);
@@ -595,7 +602,7 @@ sshsig_verify_fd(struct sshbuf *signature, int fd,
595 goto out; 602 goto out;
596 } 603 }
597 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 604 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
598 sign_keyp)) != 0) 605 sign_keyp, sig_details)) != 0)
599 goto out; 606 goto out;
600 /* success */ 607 /* success */
601 r = 0; 608 r = 0;
@@ -672,56 +679,116 @@ sshsigopt_free(struct sshsigopt *opts)
672} 679}
673 680
674static int 681static int
675check_allowed_keys_line(const char *path, u_long linenum, char *line, 682parse_principals_key_and_options(const char *path, u_long linenum, char *line,
676 const struct sshkey *sign_key, const char *principal, 683 const char *required_principal, char **principalsp, struct sshkey **keyp,
677 const char *sig_namespace) 684 struct sshsigopt **sigoptsp)
678{ 685{
679 struct sshkey *found_key = NULL; 686 char *opts = NULL, *tmp, *cp, *principals = NULL;
680 char *cp, *opts = NULL, *identities = NULL;
681 int r, found = 0;
682 const char *reason = NULL; 687 const char *reason = NULL;
683 struct sshsigopt *sigopts = NULL; 688 struct sshsigopt *sigopts = NULL;
689 struct sshkey *key = NULL;
690 int r = SSH_ERR_INTERNAL_ERROR;
684 691
685 if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { 692 if (principalsp != NULL)
686 error("%s: sshkey_new failed", __func__); 693 *principalsp = NULL;
687 return SSH_ERR_ALLOC_FAIL; 694 if (sigoptsp != NULL)
688 } 695 *sigoptsp = NULL;
696 if (keyp != NULL)
697 *keyp = NULL;
689 698
690 /* format: identity[,identity...] [option[,option...]] key */
691 cp = line; 699 cp = line;
692 cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ 700 cp = cp + strspn(cp, " \t"); /* skip leading whitespace */
693 if (*cp == '#' || *cp == '\0') 701 if (*cp == '#' || *cp == '\0')
694 goto done; 702 return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
695 if ((identities = strdelimw(&cp)) == NULL) { 703
704 /* format: identity[,identity...] [option[,option...]] key */
705 if ((tmp = strdelimw(&cp)) == NULL) {
696 error("%s:%lu: invalid line", path, linenum); 706 error("%s:%lu: invalid line", path, linenum);
697 goto done; 707 r = SSH_ERR_INVALID_FORMAT;
708 goto out;
698 } 709 }
699 if (match_pattern_list(principal, identities, 0) != 1) { 710 if ((principals = strdup(tmp)) == NULL) {
700 /* principal didn't match */ 711 error("%s: strdup failed", __func__);
701 goto done; 712 r = SSH_ERR_ALLOC_FAIL;
713 goto out;
714 }
715 /*
716 * Bail out early if we're looking for a particular principal and this
717 * line does not list it.
718 */
719 if (required_principal != NULL) {
720 if (match_pattern_list(required_principal,
721 principals, 0) != 1) {
722 /* principal didn't match */
723 r = SSH_ERR_KEY_NOT_FOUND;
724 goto out;
725 }
726 debug("%s: %s:%lu: matched principal \"%s\"",
727 __func__, path, linenum, required_principal);
702 } 728 }
703 debug("%s: %s:%lu: matched principal \"%s\"",
704 __func__, path, linenum, principal);
705 729
706 if (sshkey_read(found_key, &cp) != 0) { 730 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
731 error("%s: sshkey_new failed", __func__);
732 r = SSH_ERR_ALLOC_FAIL;
733 goto out;
734 }
735 if (sshkey_read(key, &cp) != 0) {
707 /* no key? Check for options */ 736 /* no key? Check for options */
708 opts = cp; 737 opts = cp;
709 if (sshkey_advance_past_options(&cp) != 0) { 738 if (sshkey_advance_past_options(&cp) != 0) {
710 error("%s:%lu: invalid options", 739 error("%s:%lu: invalid options", path, linenum);
711 path, linenum); 740 r = SSH_ERR_INVALID_FORMAT;
712 goto done; 741 goto out;
713 } 742 }
714 *cp++ = '\0'; 743 *cp++ = '\0';
715 skip_space(&cp); 744 skip_space(&cp);
716 if (sshkey_read(found_key, &cp) != 0) { 745 if (sshkey_read(key, &cp) != 0) {
717 error("%s:%lu: invalid key", path, 746 error("%s:%lu: invalid key", path, linenum);
718 linenum); 747 r = SSH_ERR_INVALID_FORMAT;
719 goto done; 748 goto out;
720 } 749 }
721 } 750 }
722 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); 751 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
723 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) { 752 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
724 error("%s:%lu: bad options: %s", path, linenum, reason); 753 error("%s:%lu: bad options: %s", path, linenum, reason);
754 r = SSH_ERR_INVALID_FORMAT;
755 goto out;
756 }
757 /* success */
758 if (principalsp != NULL) {
759 *principalsp = principals;
760 principals = NULL; /* transferred */
761 }
762 if (sigoptsp != NULL) {
763 *sigoptsp = sigopts;
764 sigopts = NULL; /* transferred */
765 }
766 if (keyp != NULL) {
767 *keyp = key;
768 key = NULL; /* transferred */
769 }
770 r = 0;
771 out:
772 free(principals);
773 sshsigopt_free(sigopts);
774 sshkey_free(key);
775 return r;
776}
777
778static int
779check_allowed_keys_line(const char *path, u_long linenum, char *line,
780 const struct sshkey *sign_key, const char *principal,
781 const char *sig_namespace)
782{
783 struct sshkey *found_key = NULL;
784 int r, found = 0;
785 const char *reason = NULL;
786 struct sshsigopt *sigopts = NULL;
787
788 /* Parse the line */
789 if ((r = parse_principals_key_and_options(path, linenum, line,
790 principal, NULL, &found_key, &sigopts)) != 0) {
791 /* error already logged */
725 goto done; 792 goto done;
726 } 793 }
727 794
@@ -799,3 +866,172 @@ sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
799 free(line); 866 free(line);
800 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; 867 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r;
801} 868}
869
870static int
871cert_filter_principals(const char *path, u_long linenum,
872 char **principalsp, const struct sshkey *cert)
873{
874 char *cp, *oprincipals, *principals;
875 const char *reason;
876 struct sshbuf *nprincipals;
877 int r = SSH_ERR_INTERNAL_ERROR, success = 0;
878
879 oprincipals = principals = *principalsp;
880 *principalsp = NULL;
881
882 if ((nprincipals = sshbuf_new()) == NULL)
883 return SSH_ERR_ALLOC_FAIL;
884
885 while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') {
886 if (strcspn(cp, "!?*") != strlen(cp)) {
887 debug("%s:%lu: principal \"%s\" not authorized: "
888 "contains wildcards", path, linenum, cp);
889 continue;
890 }
891 /* Check against principals list in certificate */
892 if ((r = sshkey_cert_check_authority(cert, 0, 1,
893 cp, &reason)) != 0) {
894 debug("%s:%lu: principal \"%s\" not authorized: %s",
895 path, linenum, cp, reason);
896 continue;
897 }
898 if ((r = sshbuf_putf(nprincipals, "%s%s",
899 sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) {
900 error("%s: buffer error", __func__);
901 goto out;
902 }
903 }
904 if (sshbuf_len(nprincipals) == 0) {
905 error("%s:%lu: no valid principals found", path, linenum);
906 r = SSH_ERR_KEY_CERT_INVALID;
907 goto out;
908 }
909 if ((principals = sshbuf_dup_string(nprincipals)) == NULL) {
910 error("%s: buffer error", __func__);
911 goto out;
912 }
913 /* success */
914 success = 1;
915 *principalsp = principals;
916 out:
917 sshbuf_free(nprincipals);
918 free(oprincipals);
919 return success ? 0 : r;
920}
921
922static int
923get_matching_principals_from_line(const char *path, u_long linenum, char *line,
924 const struct sshkey *sign_key, char **principalsp)
925{
926 struct sshkey *found_key = NULL;
927 char *principals = NULL;
928 int r, found = 0;
929 struct sshsigopt *sigopts = NULL;
930
931 if (principalsp != NULL)
932 *principalsp = NULL;
933
934 /* Parse the line */
935 if ((r = parse_principals_key_and_options(path, linenum, line,
936 NULL, &principals, &found_key, &sigopts)) != 0) {
937 /* error already logged */
938 goto done;
939 }
940
941 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) {
942 /* Exact match of key */
943 debug("%s:%lu: matched key", path, linenum);
944 /* success */
945 found = 1;
946 } else if (sigopts->ca && sshkey_is_cert(sign_key) &&
947 sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
948 /* Remove principals listed in file but not allowed by cert */
949 if ((r = cert_filter_principals(path, linenum,
950 &principals, sign_key)) != 0) {
951 /* error already displayed */
952 debug("%s:%lu: cert_filter_principals: %s",
953 path, linenum, ssh_err(r));
954 goto done;
955 }
956 debug("%s:%lu: matched certificate CA key", path, linenum);
957 /* success */
958 found = 1;
959 } else {
960 /* Key didn't match */
961 goto done;
962 }
963 done:
964 if (found) {
965 *principalsp = principals;
966 principals = NULL; /* transferred */
967 }
968 free(principals);
969 sshkey_free(found_key);
970 sshsigopt_free(sigopts);
971 return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
972}
973
974int
975sshsig_find_principals(const char *path, const struct sshkey *sign_key,
976 char **principals)
977{
978 FILE *f = NULL;
979 char *line = NULL;
980 size_t linesize = 0;
981 u_long linenum = 0;
982 int r, oerrno;
983
984 if ((f = fopen(path, "r")) == NULL) {
985 oerrno = errno;
986 error("Unable to open allowed keys file \"%s\": %s",
987 path, strerror(errno));
988 errno = oerrno;
989 return SSH_ERR_SYSTEM_ERROR;
990 }
991
992 while (getline(&line, &linesize, f) != -1) {
993 linenum++;
994 r = get_matching_principals_from_line(path, linenum, line,
995 sign_key, principals);
996 free(line);
997 line = NULL;
998 if (r == SSH_ERR_KEY_NOT_FOUND)
999 continue;
1000 else if (r == 0) {
1001 /* success */
1002 fclose(f);
1003 return 0;
1004 } else
1005 break;
1006 }
1007 free(line);
1008 /* Either we hit an error parsing or we simply didn't find the key */
1009 if (ferror(f) != 0) {
1010 oerrno = errno;
1011 fclose(f);
1012 error("Unable to read allowed keys file \"%s\": %s",
1013 path, strerror(errno));
1014 errno = oerrno;
1015 return SSH_ERR_SYSTEM_ERROR;
1016 }
1017 fclose(f);
1018 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r;
1019}
1020
1021int
1022sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey)
1023{
1024 struct sshkey *pk = NULL;
1025 int r = SSH_ERR_SIGNATURE_INVALID;
1026
1027 if (pubkey != NULL)
1028 *pubkey = NULL;
1029 if ((r = sshsig_parse_preamble(signature)) != 0)
1030 return r;
1031 if ((r = sshkey_froms(signature, &pk)) != 0)
1032 return r;
1033
1034 *pubkey = pk;
1035 pk = NULL;
1036 return 0;
1037}
diff --git a/sshsig.h b/sshsig.h
index e3eeb601b..63cc1ad1a 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -20,9 +20,10 @@
20struct sshbuf; 20struct sshbuf;
21struct sshkey; 21struct sshkey;
22struct sshsigopt; 22struct sshsigopt;
23struct sshkey_sig_details;
23 24
24typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, 25typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
25 const u_char *, size_t, const char *, u_int, void *); 26 const u_char *, size_t, const char *, const char *, u_int, void *);
26 27
27/* Buffer-oriented API */ 28/* Buffer-oriented API */
28 29
@@ -32,8 +33,9 @@ typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
32 * out is populated with the detached signature, or NULL on failure. 33 * out is populated with the detached signature, or NULL on failure.
33 */ 34 */
34int sshsig_signb(struct sshkey *key, const char *hashalg, 35int sshsig_signb(struct sshkey *key, const char *hashalg,
35 const struct sshbuf *message, const char *sig_namespace, 36 const char *sk_provider, const struct sshbuf *message,
36 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); 37 const char *sig_namespace, struct sshbuf **out,
38 sshsig_signer *signer, void *signer_ctx);
37 39
38/* 40/*
39 * Verifies that a detached signature is valid and optionally returns key 41 * Verifies that a detached signature is valid and optionally returns key
@@ -42,7 +44,7 @@ int sshsig_signb(struct sshkey *key, const char *hashalg,
42 */ 44 */
43int sshsig_verifyb(struct sshbuf *signature, 45int sshsig_verifyb(struct sshbuf *signature,
44 const struct sshbuf *message, const char *sig_namespace, 46 const struct sshbuf *message, const char *sig_namespace,
45 struct sshkey **sign_keyp); 47 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details);
46 48
47/* File/FD-oriented API */ 49/* File/FD-oriented API */
48 50
@@ -52,8 +54,8 @@ int sshsig_verifyb(struct sshbuf *signature,
52 * out is populated with the detached signature, or NULL on failure. 54 * out is populated with the detached signature, or NULL on failure.
53 */ 55 */
54int sshsig_sign_fd(struct sshkey *key, const char *hashalg, 56int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
55 int fd, const char *sig_namespace, struct sshbuf **out, 57 const char *sk_provider, int fd, const char *sig_namespace,
56 sshsig_signer *signer, void *signer_ctx); 58 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
57 59
58/* 60/*
59 * Verifies that a detached signature over a file is valid and optionally 61 * Verifies that a detached signature over a file is valid and optionally
@@ -61,7 +63,8 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
61 * Returns 0 on success or a negative SSH_ERR_* error code on failure. 63 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
62 */ 64 */
63int sshsig_verify_fd(struct sshbuf *signature, int fd, 65int sshsig_verify_fd(struct sshbuf *signature, int fd,
64 const char *sig_namespace, struct sshkey **sign_keyp); 66 const char *sig_namespace, struct sshkey **sign_keyp,
67 struct sshkey_sig_details **sig_details);
65 68
66/* Utility functions */ 69/* Utility functions */
67 70
@@ -89,4 +92,13 @@ struct sshsigopt *sshsigopt_parse(const char *opts,
89/* Free signature options */ 92/* Free signature options */
90void sshsigopt_free(struct sshsigopt *opts); 93void sshsigopt_free(struct sshsigopt *opts);
91 94
95/* Get public key from signature */
96int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
97
98/* Find principal in allowed_keys file, given a sshkey. Returns
99 * 0 on success.
100 */
101int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
102 char **principal);
103
92#endif /* SSHSIG_H */ 104#endif /* SSHSIG_H */
diff --git a/umac.c b/umac.c
index ccae39f30..2a6b6ae6b 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: umac.c,v 1.17 2018/04/10 00:10:49 djm Exp $ */ 1/* $OpenBSD: umac.c,v 1.18 2019/11/13 04:47:52 deraadt Exp $ */
2/* ----------------------------------------------------------------------- 2/* -----------------------------------------------------------------------
3 * 3 *
4 * umac.c -- C Implementation UMAC Message Authentication 4 * umac.c -- C Implementation UMAC Message Authentication
@@ -74,6 +74,7 @@
74#include "includes.h" 74#include "includes.h"
75#include <sys/types.h> 75#include <sys/types.h>
76#include <string.h> 76#include <string.h>
77#include <stdarg.h>
77#include <stdio.h> 78#include <stdio.h>
78#include <stdlib.h> 79#include <stdlib.h>
79#include <stddef.h> 80#include <stddef.h>
diff --git a/version.h b/version.h
index a24017eca..d79126cc3 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.85 2019/10/09 00:04:57 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_8.1" 3#define SSH_VERSION "OpenSSH_8.2"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
diff --git a/xmalloc.c b/xmalloc.c
index 9cd0127dd..b48d33bbf 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.c,v 1.35 2019/06/06 05:13:13 otto Exp $ */ 1/* $OpenBSD: xmalloc.c,v 1.36 2019/11/12 22:32:48 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,17 +96,24 @@ xstrdup(const char *str)
96} 96}
97 97
98int 98int
99xvasprintf(char **ret, const char *fmt, va_list ap)
100{
101 int i;
102
103 i = vasprintf(ret, fmt, ap);
104 if (i < 0 || *ret == NULL)
105 fatal("xvasprintf: could not allocate memory");
106 return i;
107}
108
109int
99xasprintf(char **ret, const char *fmt, ...) 110xasprintf(char **ret, const char *fmt, ...)
100{ 111{
101 va_list ap; 112 va_list ap;
102 int i; 113 int i;
103 114
104 va_start(ap, fmt); 115 va_start(ap, fmt);
105 i = vasprintf(ret, fmt, ap); 116 i = xvasprintf(ret, fmt, ap);
106 va_end(ap); 117 va_end(ap);
107 118 return i;
108 if (i < 0 || *ret == NULL)
109 fatal("xasprintf: could not allocate memory");
110
111 return (i);
112} 119}
diff --git a/xmalloc.h b/xmalloc.h
index 1d5f62df7..abaf7ada2 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: xmalloc.h,v 1.18 2019/06/06 05:13:13 otto Exp $ */ 1/* $OpenBSD: xmalloc.h,v 1.19 2019/11/12 22:32:48 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -24,3 +24,5 @@ char *xstrdup(const char *);
24int xasprintf(char **, const char *, ...) 24int xasprintf(char **, const char *, ...)
25 __attribute__((__format__ (printf, 2, 3))) 25 __attribute__((__format__ (printf, 2, 3)))
26 __attribute__((__nonnull__ (2))); 26 __attribute__((__nonnull__ (2)));
27int xvasprintf(char **, const char *, va_list)
28 __attribute__((__nonnull__ (2)));
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 16:41:32 +0000