summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.cvsignore28
-rw-r--r--.skipped-commit-ids11
-rw-r--r--ChangeLog3379
-rw-r--r--INSTALL5
-rw-r--r--Makefile.in45
-rw-r--r--PROTOCOL4
-rw-r--r--PROTOCOL.agent24
-rw-r--r--PROTOCOL.certkeys42
-rw-r--r--PROTOCOL.chacha20poly13054
-rw-r--r--README2
-rw-r--r--audit-linux.c28
-rw-r--r--auth-krb5.c3
-rw-r--r--auth-options.c13
-rw-r--r--auth-pam.c107
-rw-r--r--auth-pam.h2
-rw-r--r--auth-passwd.c19
-rw-r--r--auth-rh-rsa.c11
-rw-r--r--auth-rhosts.c12
-rw-r--r--auth.c151
-rw-r--r--auth.h7
-rw-r--r--auth2-chall.c6
-rw-r--r--auth2-hostbased.c7
-rw-r--r--auth2.c6
-rw-r--r--authfile.c34
-rw-r--r--canohost.c262
-rw-r--r--canohost.h13
-rw-r--r--channels.c12
-rw-r--r--cipher-bf1.c4
-rw-r--r--cipher.c12
-rw-r--r--clientloop.c12
-rw-r--r--compat.c2
-rw-r--r--config.h.in35
-rwxr-xr-xconfigure365
-rw-r--r--configure.ac192
-rw-r--r--contrib/cygwin/README1
-rw-r--r--contrib/redhat/openssh.spec4
-rw-r--r--contrib/ssh-copy-id10
-rw-r--r--contrib/suse/openssh.spec4
-rw-r--r--defines.h13
-rw-r--r--dh.c116
-rw-r--r--dh.h4
-rw-r--r--kex.c8
-rw-r--r--kex.h17
-rw-r--r--kexc25519.c6
-rw-r--r--kexdh.c9
-rw-r--r--kexdhc.c10
-rw-r--r--kexdhs.c10
-rw-r--r--kexgexs.c4
-rw-r--r--key.c4
-rw-r--r--log.c14
-rw-r--r--log.h4
-rw-r--r--mac.c23
-rw-r--r--mac.h4
-rw-r--r--misc.c150
-rw-r--r--misc.h6
-rw-r--r--moduli474
-rw-r--r--moduli.02
-rw-r--r--monitor.c45
-rw-r--r--monitor_fdpass.c8
-rw-r--r--monitor_wrap.c17
-rw-r--r--monitor_wrap.h10
-rw-r--r--mux.c12
-rw-r--r--myproposal.h15
-rw-r--r--opacket.h4
-rw-r--r--openbsd-compat/.cvsignore1
-rw-r--r--openbsd-compat/Makefile.in2
-rw-r--r--openbsd-compat/arc4random.c4
-rw-r--r--openbsd-compat/bindresvport.c1
-rw-r--r--openbsd-compat/bsd-asprintf.c12
-rw-r--r--openbsd-compat/bsd-err.c71
-rw-r--r--openbsd-compat/bsd-misc.c17
-rw-r--r--openbsd-compat/bsd-misc.h11
-rw-r--r--openbsd-compat/bsd-snprintf.c12
-rw-r--r--openbsd-compat/inet_aton.c10
-rw-r--r--openbsd-compat/openbsd-compat.h35
-rw-r--r--openbsd-compat/port-solaris.h1
-rw-r--r--openbsd-compat/regress/.cvsignore6
-rw-r--r--openbsd-compat/vis.c60
-rw-r--r--openbsd-compat/vis.h5
-rw-r--r--openbsd-compat/xcrypt.c40
-rw-r--r--packet.c142
-rw-r--r--packet.h8
-rw-r--r--pathnames.h4
-rw-r--r--platform-tracing.c43
-rw-r--r--platform.c10
-rw-r--r--platform.h1
-rw-r--r--progressmeter.c19
-rw-r--r--readconf.c264
-rw-r--r--readconf.h14
-rw-r--r--regress/.cvsignore31
-rw-r--r--regress/Makefile49
-rw-r--r--regress/agent-getpeereid.sh25
-rw-r--r--regress/cert-hostkey.sh126
-rw-r--r--regress/cert-userkey.sh48
-rw-r--r--regress/cfginclude.sh293
-rw-r--r--regress/cfgparse.sh4
-rw-r--r--regress/connect-privsep.sh7
-rw-r--r--regress/forwarding.sh4
-rw-r--r--regress/integrity.sh4
-rw-r--r--regress/misc/Makefile3
-rw-r--r--regress/misc/kexfuzz/Makefile78
-rw-r--r--regress/misc/kexfuzz/README28
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c410
-rwxr-xr-xregress/modpipe.c31
-rw-r--r--regress/netcat.c43
-rw-r--r--regress/sshcfgparse.sh29
-rw-r--r--regress/test-exec.sh10
-rw-r--r--regress/unittests/Makefile4
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_misc.c31
-rw-r--r--regress/unittests/sshkey/test_sshkey.c4
-rw-r--r--regress/unittests/test_helper/Makefile3
-rw-r--r--regress/unittests/utf8/Makefile12
-rw-r--r--regress/unittests/utf8/tests.c82
-rw-r--r--roaming.h0
-rw-r--r--sandbox-seccomp-filter.c6
-rw-r--r--scard/.cvsignore2
-rw-r--r--scp.06
-rw-r--r--scp.18
-rw-r--r--scp.c53
-rw-r--r--servconf.c60
-rw-r--r--serverloop.c47
-rw-r--r--session.c47
-rw-r--r--session.h4
-rw-r--r--sftp-client.c14
-rw-r--r--sftp-server.02
-rw-r--r--sftp-server.c10
-rw-r--r--sftp.06
-rw-r--r--sftp.18
-rw-r--r--sftp.c77
-rw-r--r--ssh-add.02
-rw-r--r--ssh-agent.02
-rw-r--r--ssh-agent.c24
-rw-r--r--ssh-dss.c5
-rw-r--r--ssh-ecdsa.c5
-rw-r--r--ssh-ed25519.c5
-rw-r--r--ssh-keygen.021
-rw-r--r--ssh-keygen.112
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keyscan.02
-rw-r--r--ssh-keyscan.c5
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-pkcs11-helper.02
-rw-r--r--ssh-rsa.c5
-rw-r--r--ssh.027
-rw-r--r--ssh.133
-rw-r--r--ssh.c140
-rw-r--r--ssh1.h3
-rw-r--r--ssh2.h6
-rw-r--r--ssh_api.c10
-rw-r--r--ssh_config.040
-rw-r--r--ssh_config.577
-rw-r--r--sshbuf-getput-basic.c8
-rw-r--r--sshbuf-misc.c25
-rw-r--r--sshbuf.h9
-rw-r--r--sshconnect2.c96
-rw-r--r--sshd.02
-rw-r--r--sshd.c179
-rw-r--r--sshd_config3
-rw-r--r--sshd_config.041
-rw-r--r--sshd_config.528
-rw-r--r--sshkey.c44
-rw-r--r--sshkey.h4
-rw-r--r--ttymodes.c3
-rw-r--r--ttymodes.h5
-rw-r--r--utf8.c290
-rw-r--r--utf8.h24
-rw-r--r--version.h6
167 files changed, 6354 insertions, 3228 deletions
diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index 9baaa3b4e..000000000
--- a/.cvsignore
+++ /dev/null
@@ -1,28 +0,0 @@
1*.0
2*.out
3Makefile
4autom4te.cache
5buildit.sh
6buildpkg.sh
7config.cache
8config.h
9config.h.in
10config.log
11config.status
12configure
13openssh.xml
14opensshd.init
15scp
16sftp
17sftp-server
18ssh
19ssh-add
20ssh-agent
21ssh-keygen
22ssh-keyscan
23ssh-keysign
24ssh-pkcs11-helper
25sshd
26stamp-h.in
27survey
28survey.sh
diff --git a/.skipped-commit-ids b/.skipped-commit-ids
new file mode 100644
index 000000000..02088ce56
--- /dev/null
+++ b/.skipped-commit-ids
@@ -0,0 +1,11 @@
1321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups
2d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups
3aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli
48fa9cd1dee3c3339ae329cf20fb591db6d605120 put back SSH1 for 6.9
5f31327a48dd4103333cc53315ec53fe65ed8a17a Generate new moduli
6edbfde98c40007b7752a4ac106095e060c25c1ef Regen moduli
7052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Switch to tame-based sandbox
87cf73737f357492776223da1c09179fa6ba74660 Remove moduli <2k
9180d84674be1344e45a63990d60349988187c1ae Update moduli
10f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead.
1196c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile
diff --git a/ChangeLog b/ChangeLog
index 1e4346715..f66ca4b1e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,16 +1,1847 @@
1commit 5c35450a0c901d9375fb23343a8dc82397da5f75 1commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
2Author: Damien Miller <djm@mindrot.org> 2Author: Damien Miller <djm@mindrot.org>
3Date: Thu Mar 10 05:04:48 2016 +1100 3Date: Thu Jul 28 08:54:27 2016 +1000
4 4
5 update versions for release 5 define _OPENBSD_SOURCE for reallocarray on NetBSD
6
7 Report by and debugged with Hisashi T Fujinaka, dtucker nailed
8 the problem (lack of prototype causing return type confusion).
9
10commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
11Author: Damien Miller <djm@mindrot.org>
12Date: Wed Jul 27 08:25:42 2016 +1000
13
14 KNF
15
16commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
17Author: Damien Miller <djm@mindrot.org>
18Date: Wed Jul 27 08:25:23 2016 +1000
19
20 Linux auditing also needs packet.h
21
22commit 393bd381a45884b589baa9aed4394f1d250255ca
23Author: Damien Miller <djm@mindrot.org>
24Date: Wed Jul 27 08:18:05 2016 +1000
25
26 fix auditing on Linux
27
28 get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
29
30commit 80e766fb089de4f3c92b1600eb99e9495e37c992
31Author: Damien Miller <djm@mindrot.org>
32Date: Sun Jul 24 21:50:13 2016 +1000
33
34 crank version numbers
35
36commit b1a478792d458f2e938a302e64bab2b520edc1b3
37Author: djm@openbsd.org <djm@openbsd.org>
38Date: Sun Jul 24 11:45:36 2016 +0000
39
40 upstream commit
41
42 openssh-7.3
43
44 Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
45
46commit 353766e0881f069aeca30275ab706cd60a1a8fdd
47Author: Darren Tucker <dtucker@zip.com.au>
48Date: Sat Jul 23 16:14:42 2016 +1000
49
50 Move Cygwin IPPORT_RESERVED overrride to defines.h
51
52 Patch from vinschen at redhat.com.
53
54commit 368dd977ae07afb93f4ecea23615128c95ab2b32
55Author: djm@openbsd.org <djm@openbsd.org>
56Date: Sat Jul 23 02:54:08 2016 +0000
57
58 upstream commit
59
60 fix pledge violation with ssh -f; reported by Valentin
61 Kozamernik ok dtucker@
62
63 Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
64
65commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
66Author: djm@openbsd.org <djm@openbsd.org>
67Date: Fri Jul 22 07:00:46 2016 +0000
68
69 upstream commit
70
71 improve wording; suggested by jmc@
72
73 Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
74
75commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
76Author: dtucker@openbsd.org <dtucker@openbsd.org>
77Date: Fri Jul 22 05:46:11 2016 +0000
78
79 upstream commit
80
81 Lower loglevel for "Authenticated with partial success"
82 message similar to other similar level. bz#2599, patch from cgallek at
83 gmail.com, ok markus@
84
85 Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
86
87commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
88Author: Damien Miller <djm@mindrot.org>
89Date: Fri Jul 22 14:06:36 2016 +1000
90
91 retry waitpid on EINTR failure
92
93 patch from Jakub Jelen on bz#2581; ok dtucker@
94
95commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
96Author: djm@openbsd.org <djm@openbsd.org>
97Date: Fri Jul 22 03:47:36 2016 +0000
98
99 upstream commit
100
101 constify a few functions' arguments; patch from Jakub
102 Jelen bz#2581
103
104 Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
105
106commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
107Author: djm@openbsd.org <djm@openbsd.org>
108Date: Fri Jul 22 03:39:13 2016 +0000
109
110 upstream commit
111
112 move debug("%p", key) to before key is free'd; probable
113 undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
114
115 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
116
117commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
118Author: djm@openbsd.org <djm@openbsd.org>
119Date: Fri Jul 22 03:35:11 2016 +0000
120
121 upstream commit
122
123 reverse the order in which -J/JumpHost proxies are visited to
124 be more intuitive and document
125
126 reported by and manpage bits naddy@
127
128 Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
129
130commit fcd135c9df440bcd2d5870405ad3311743d78d97
131Author: dtucker@openbsd.org <dtucker@openbsd.org>
132Date: Thu Jul 21 01:39:35 2016 +0000
133
134 upstream commit
135
136 Skip passwords longer than 1k in length so clients can't
137 easily DoS sshd by sending very long passwords, causing it to spend CPU
138 hashing them. feedback djm@, ok markus@.
139
140 Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
141 360.cn and coredump at autistici.org
142
143 Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
144
145commit 324583e8fb3935690be58790425793df619c6d4d
146Author: naddy@openbsd.org <naddy@openbsd.org>
147Date: Wed Jul 20 10:45:27 2016 +0000
148
149 upstream commit
150
151 Do not clobber the global jump_host variables when
152 parsing an inactive configuration. ok djm@
153
154 Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
155
156commit 32d921c323b989d28405e78d0a8923d12913d737
157Author: jmc@openbsd.org <jmc@openbsd.org>
158Date: Tue Jul 19 12:59:16 2016 +0000
159
160 upstream commit
161
162 tweak previous;
163
164 Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
165
166commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
167Author: dtucker@openbsd.org <dtucker@openbsd.org>
168Date: Tue Jul 19 11:38:53 2016 +0000
169
170 upstream commit
171
172 Allow wildcard for PermitOpen hosts as well as ports.
173 bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
174 markus@
175
176 Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
177
178commit b98a2a8348e907b3d71caafd80f0be8fdd075943
179Author: markus@openbsd.org <markus@openbsd.org>
180Date: Mon Jul 18 11:35:33 2016 +0000
181
182 upstream commit
183
184 Reduce timing attack against obsolete CBC modes by always
185 computing the MAC over a fixed size of data. Reported by Jean Paul
186 Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
187
188 Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
189
190commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
191Author: Darren Tucker <dtucker@zip.com.au>
192Date: Thu Jul 21 14:17:31 2016 +1000
193
194 Search users for one with a valid salt.
195
196 If the root account is locked (eg password "!!" or "*LK*") keep looking
197 until we find a user with a valid salt to use for crypting passwords of
198 invalid users. ok djm@
199
200commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
201Author: Darren Tucker <dtucker@zip.com.au>
202Date: Mon Jul 18 17:22:49 2016 +1000
203
204 Explicitly specify source files for regress tools.
205
206 Since adding $(REGRESSLIBS), $? is wrong because it includes only the
207 changed source files. $< seems like it'd be right however it doesn't
208 seem to work on some non-GNU makes, so do what works everywhere.
209
210commit eac1bbd06872c273f16ac0f9976b0aef026b701b
211Author: Darren Tucker <dtucker@zip.com.au>
212Date: Mon Jul 18 17:12:22 2016 +1000
213
214 Conditionally include err.h.
215
216commit 0a454147568746c503f669e1ba861f76a2e7a585
217Author: Darren Tucker <dtucker@zip.com.au>
218Date: Mon Jul 18 16:26:26 2016 +1000
219
220 Remove local implementation of err, errx.
221
222 We now have a shared implementation in libopenbsd-compat.
223
224commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
225Author: djm@openbsd.org <djm@openbsd.org>
226Date: Mon Jul 18 06:08:01 2016 +0000
227
228 upstream commit
229
230 Add some unsigned overflow checks for extra_pad. None of
231 these are reachable with the amount of padding that we use internally.
232 bz#2566, pointed out by Torben Hansen. ok markus@
233
234 Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
235
236commit c71ba790c304545464bb494de974cdf0f4b5cf1e
237Author: Darren Tucker <dtucker@zip.com.au>
238Date: Mon Jul 18 15:43:25 2016 +1000
239
240 Add dependency on libs for unit tests.
241
242 Makes "./configure && make tests" work again. ok djm@
243
244commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
245Author: Darren Tucker <dtucker@zip.com.au>
246Date: Mon Jul 18 13:47:39 2016 +1000
247
248 Correct location for kexfuzz in clean target.
249
250commit 01558b7b07af43da774d3a11a5c51fa9c310849d
251Author: Darren Tucker <dtucker@zip.com.au>
252Date: Mon Jul 18 09:33:25 2016 +1000
253
254 Handle PAM_MAXTRIES from modules.
255
256 bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
257 password and keyboard-interative authentication methods. Should prevent
258 "sshd ignoring max retries" warnings in the log. ok djm@
259
260 It probably won't trigger with keyboard-interactive in the default
261 configuration because the retry counter is stored in module-private
262 storage which goes away with the sshd PAM process (see bz#688). On the
263 other hand, those cases probably won't log a warning either.
264
265commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
266Author: djm@openbsd.org <djm@openbsd.org>
267Date: Sun Jul 17 04:20:16 2016 +0000
268
269 upstream commit
270
271 support UTF-8 characters in ssh(1) banners using
272 schwarze@'s safe fmprintf printer; bz#2058
273
274 feedback schwarze@ ok dtucker@
275
276 Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
277
278commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
279Author: jmc@openbsd.org <jmc@openbsd.org>
280Date: Sat Jul 16 06:57:55 2016 +0000
281
282 upstream commit
283
284 - add proxyjump to the options list - formatting fixes -
285 update usage()
286
287 ok djm
288
289 Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
290
291commit af1f084857621f14bd9391aba8033d35886c2455
292Author: dtucker@openbsd.org <dtucker@openbsd.org>
293Date: Fri Jul 15 05:01:58 2016 +0000
294
295 upstream commit
296
297 Reduce the syslog level of some relatively common protocol
298 events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
299 bz#2585, ok djm@
300
301 Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
302
303commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
304Author: Damien Miller <djm@mindrot.org>
305Date: Fri Jul 15 19:14:48 2016 +1000
306
307 missing openssl/dh.h
308
309commit 4a984fd342effe5f0aad874a0d538c4322d973c0
310Author: Damien Miller <djm@mindrot.org>
311Date: Fri Jul 15 18:47:07 2016 +1000
312
313 cast to avoid type warning in error message
314
315commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
316Author: Darren Tucker <dtucker@zip.com.au>
317Date: Fri Jul 15 14:48:30 2016 +1000
318
319 Move VA_COPY macro into compat header.
320
321 Some AIX compilers unconditionally undefine va_copy but don't set it back
322 to an internal function, causing link errors. In some compat code we
323 already use VA_COPY instead so move the two existing instances into the
324 shared header and use for sshbuf-getput-basic.c too. Should fix building
325 with at lease some versions of AIX's compiler. bz#2589, ok djm@
326
327commit 832b7443b7a8e181c95898bc5d73497b7190decd
328Author: Damien Miller <djm@mindrot.org>
329Date: Fri Jul 15 14:45:34 2016 +1000
330
331 disable ciphers not supported by OpenSSL
332
333 bz#2466 ok dtucker@
334
335commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
336Author: Damien Miller <djm@mindrot.org>
337Date: Fri Jul 15 13:54:31 2016 +1000
338
339 add a --disable-pkcs11 knob
340
341commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
342Author: Damien Miller <djm@mindrot.org>
343Date: Fri Jul 15 13:44:38 2016 +1000
344
345 fix newline escaping for unsupported_algorithms
346
347 The hmac-ripemd160 was incorrect and could lead to broken
348 Makefiles on systems that lacked support for it, but I made
349 all the others consistent too.
350
351commit ed877ef653847d056bb433975d731b7a1132a979
352Author: djm@openbsd.org <djm@openbsd.org>
353Date: Fri Jul 15 00:24:30 2016 +0000
354
355 upstream commit
356
357 Add a ProxyJump ssh_config(5) option and corresponding -J
358 ssh(1) command-line flag to allow simplified indirection through a SSH
359 bastion or "jump host".
360
361 These options construct a proxy command that connects to the
362 specified jump host(s) (more than one may be specified) and uses
363 port-forwarding to establish a connection to the next destination.
364
365 This codifies the safest way of indirecting connections through SSH
366 servers and makes it easy to use.
367
368 ok markus@
369
370 Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
371
372commit 5c02dd126206a26785379e80f2d3848e4470b711
373Author: Darren Tucker <dtucker@zip.com.au>
374Date: Fri Jul 15 12:56:39 2016 +1000
375
376 Map umac_ctx struct name too.
377
378 Prevents size mismatch linker warnings on Solaris 11.
379
380commit 283b97ff33ea2c641161950849931bd578de6946
381Author: Darren Tucker <dtucker@zip.com.au>
382Date: Fri Jul 15 13:49:44 2016 +1000
383
384 Mitigate timing of disallowed users PAM logins.
385
386 When sshd decides to not allow a login (eg PermitRootLogin=no) and
387 it's using PAM, it sends a fake password to PAM so that the timing for
388 the failure is not noticeably different whether or not the password
389 is correct. This behaviour can be detected by sending a very long
390 password string which is slower to hash than the fake password.
391
392 Mitigate by constructing an invalid password that is the same length
393 as the one from the client and thus takes the same time to hash.
394 Diff from djm@
395
396commit 9286875a73b2de7736b5e50692739d314cd8d9dc
397Author: Darren Tucker <dtucker@zip.com.au>
398Date: Fri Jul 15 13:32:45 2016 +1000
399
400 Determine appropriate salt for invalid users.
401
402 When sshd is processing a non-PAM login for a non-existent user it uses
403 the string from the fakepw structure as the salt for crypt(3)ing the
404 password supplied by the client. That string has a Blowfish prefix, so on
405 systems that don't understand that crypt will fail fast due to an invalid
406 salt, and even on those that do it may have significantly different timing
407 from the hash methods used for real accounts (eg sha512). This allows
408 user enumeration by, eg, sending large password strings. This was noted
409 by EddieEzra.Harari at verint.com (CVE-2016-6210).
410
411 To mitigate, use the same hash algorithm that root uses for hashing
412 passwords for users that do not exist on the system. ok djm@
413
414commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
415Author: Darren Tucker <dtucker@zip.com.au>
416Date: Thu Jul 14 21:19:59 2016 +1000
417
418 OpenSSL 1.1.x not currently supported.
419
420commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
421Author: Darren Tucker <dtucker@zip.com.au>
422Date: Thu Jul 14 12:25:24 2016 +1000
423
424 Check for VIS_ALL.
425
426 If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
427
428commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
429Author: dtucker@openbsd.org <dtucker@openbsd.org>
430Date: Thu Jul 14 01:24:21 2016 +0000
431
432 upstream commit
433
434 Correct equal in test.
435
436 Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
437
438commit 372807c2065c8572fdc6478b25cc5ac363743073
439Author: tb@openbsd.org <tb@openbsd.org>
440Date: Mon Jul 11 21:38:13 2016 +0000
441
442 upstream commit
443
444 Add missing "recvfd" pledge promise: Raf Czlonka reported
445 ssh coredumps when Control* keywords were set in ssh_config. This patch also
446 fixes similar problems with scp and sftp.
447
448 ok deraadt, looks good to millert
449
450 Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
451
452commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
453Author: tedu@openbsd.org <tedu@openbsd.org>
454Date: Mon Jul 11 03:19:44 2016 +0000
455
456 upstream commit
457
458 obsolete note about fascistloggin is obsolete. ok djm
459 dtucker
460
461 Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
462
463commit a2333584170a565adf4f209586772ef8053b10b8
464Author: Darren Tucker <dtucker@zip.com.au>
465Date: Thu Jul 14 10:59:09 2016 +1000
466
467 Add compat code for missing wcwidth.
468
469 If we don't have wcwidth force fallback implementations of nl_langinfo
470 and mbtowc. Based on advice from Ingo Schwarze.
471
472commit 8aaec7050614494014c47510b7e94daf6e644c62
473Author: Damien Miller <djm@mindrot.org>
474Date: Thu Jul 14 09:48:48 2016 +1000
475
476 fix missing include for systems with err.h
477
478commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
479Author: Darren Tucker <dtucker@zip.com.au>
480Date: Wed Jul 13 14:42:35 2016 +1000
481
482 Move err.h replacements into compat lib.
483
484 Move implementations of err.h replacement functions into their own file
485 in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
486
487commit f3f2cc8386868f51440c45210098f65f9787449a
488Author: Darren Tucker <dtucker@zip.com.au>
489Date: Mon Jul 11 17:23:38 2016 +1000
490
491 Check for wchar.h and langinfo.h
492
493 Wrap includes in the appropriate #ifdefs.
494
495commit b9c50614eba9d90939b2b119b6e1b7e03b462278
496Author: Damien Miller <djm@mindrot.org>
497Date: Fri Jul 8 13:59:13 2016 +1000
498
499 whitelist more architectures for seccomp-bpf
500
501 bz#2590 - testing and patch from Jakub Jelen
502
503commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
504Author: guenther@openbsd.org <guenther@openbsd.org>
505Date: Mon Jul 4 18:01:44 2016 +0000
506
507 upstream commit
508
509 DEBUGLIBS has been broken since the gcc4 switch, so delete
510 it. CFLAGS contains -g by default anyway
511
512 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
513 ok millert@ kettenis@ deraadt@
514
515 Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
516
517commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
518Author: djm@openbsd.org <djm@openbsd.org>
519Date: Fri Jul 8 03:44:42 2016 +0000
520
521 upstream commit
522
523 Improve crypto ordering for Encrypt-then-MAC (EtM) mode
524 MAC algorithms.
525
526 Previously we were computing the MAC, decrypting the packet and then
527 checking the MAC. This gave rise to the possibility of creating a
528 side-channel oracle in the decryption step, though no such oracle has
529 been identified.
530
531 This adds a mac_check() function that computes and checks the MAC in
532 one pass, and uses it to advance MAC checking for EtM algorithms to
533 before payload decryption.
534
535 Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
536 Martin Albrecht. feedback and ok markus@
537
538 Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
539
540commit 71f5598f06941f645a451948c4a5125c83828e1c
541Author: guenther@openbsd.org <guenther@openbsd.org>
542Date: Mon Jul 4 18:01:44 2016 +0000
543
544 upstream commit
545
546 DEBUGLIBS has been broken since the gcc4 switch, so
547 delete it. CFLAGS contains -g by default anyway
548
549 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
550 ok millert@ kettenis@ deraadt@
551
552 Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
553
554commit e683fc6f1c8c7295648dbda679df8307786ec1ce
555Author: dtucker@openbsd.org <dtucker@openbsd.org>
556Date: Thu Jun 30 05:17:05 2016 +0000
557
558 upstream commit
559
560 Explicitly check for 100% completion to avoid potential
561 floating point rounding error, which could cause progressmeter to report 99%
562 on completion. While there invert the test so the 100% case is clearer. with
563 & ok djm@
564
565 Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
566
567commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
568Author: jmc@openbsd.org <jmc@openbsd.org>
569Date: Wed Jun 29 17:14:28 2016 +0000
570
571 upstream commit
572
573 sort the -o list;
574
575 Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
576
577commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
578Author: djm@openbsd.org <djm@openbsd.org>
579Date: Thu Jun 23 05:17:51 2016 +0000
580
581 upstream commit
582
583 fix AuthenticationMethods during configuration re-parse;
584 reported by Juan Francisco Cantero Hurtado
585
586 Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
587
588commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
589Author: djm@openbsd.org <djm@openbsd.org>
590Date: Sun Jun 19 07:48:02 2016 +0000
591
592 upstream commit
593
594 revert 1.34; causes problems loading public keys
595
596 reported by semarie@
597
598 Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
599
600commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
601Author: jmc@openbsd.org <jmc@openbsd.org>
602Date: Fri Jun 17 06:33:30 2016 +0000
603
604 upstream commit
605
606 grammar fix;
607
608 Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
609
610commit 5e28b1a2a3757548b40018cc2493540a17c82e27
611Author: djm@openbsd.org <djm@openbsd.org>
612Date: Fri Jun 17 05:06:23 2016 +0000
613
614 upstream commit
615
616 translate OpenSSL error codes to something more
617 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
618
619 Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
620
621commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
622Author: djm@openbsd.org <djm@openbsd.org>
623Date: Fri Jun 17 05:03:40 2016 +0000
624
625 upstream commit
626
627 ban AuthenticationMethods="" and accept
628 AuthenticationMethods=any for the default behaviour of not requiring multiple
629 authentication
630
631 bz#2398 from Jakub Jelen; ok dtucker@
632
633 Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
634
635commit 9816fc5daee5ca924dd5c4781825afbaab728877
636Author: dtucker@openbsd.org <dtucker@openbsd.org>
637Date: Thu Jun 16 11:00:17 2016 +0000
638
639 upstream commit
640
641 Include stdarg.h for va_copy as per man page.
642
643 Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
644
645commit b6cf84b51bc0f5889db48bf29a0c771954ade283
646Author: jmc@openbsd.org <jmc@openbsd.org>
647Date: Thu Jun 16 06:10:45 2016 +0000
648
649 upstream commit
650
651 keys stored in openssh format can have comments too; diff
652 from yonas yanfa, tweaked a bit;
653
654 ok djm
655
656 Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
657
658commit aa37768f17d01974b6bfa481e5e83841b6c76f86
659Author: Darren Tucker <dtucker@zip.com.au>
660Date: Mon Jun 20 15:55:34 2016 +1000
661
662 get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
663
664 Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
665 change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
666 Fixes build on AIX.
667
668commit 009891afc8df37bc2101e15d1e0b6433cfb90549
669Author: Darren Tucker <dtucker@zip.com.au>
670Date: Fri Jun 17 14:34:09 2016 +1000
671
672 Remove duplicate code from PAM. ok djm@
673
674commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba
675Author: dtucker@openbsd.org <dtucker@openbsd.org>
676Date: Wed Jun 15 00:40:40 2016 +0000
677
678 upstream commit
679
680 Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
681 about forward and reverse DNS not matching. We haven't supported IP-based
682 auth methods for a very long time so it's now misleading. part of bz#2585,
683 ok markus@
684
685 Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
686
687commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd
688Author: Darren Tucker <dtucker@zip.com.au>
689Date: Wed Jun 15 11:22:38 2016 +1000
690
691 Move platform_disable_tracing into its own file.
692
693 Prevents link errors resolving the extern "options" when platform.o
694 gets linked into ssh-agent when building --with-pam.
695
696commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070
697Author: Darren Tucker <dtucker@zip.com.au>
698Date: Tue Jun 14 13:55:12 2016 +1000
699
700 Track skipped upstream commit IDs.
701
702 There are a small number of "upstream" commits that do not correspond to
703 a file in -portable. This file tracks those so that we can reconcile
704 OpenBSD and Portable to ensure that no commits are accidentally missed.
705
706 If you add something to .skipped-commit-ids please also add an upstream
707 ID line in the following format when you commit it.
708
709 Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
710 Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
711 Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
712 Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
713 Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
714 Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
715 Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
716 Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
717 Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
718 Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
719
720commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f
721Author: Darren Tucker <dtucker@zip.com.au>
722Date: Tue Jun 14 13:51:01 2016 +1000
723
724 Remove now-defunct .cvsignore files. ok djm
725
726commit 68777faf271efb2713960605c748f6c8a4b26d55
727Author: dtucker@openbsd.org <dtucker@openbsd.org>
728Date: Wed Jun 8 02:13:01 2016 +0000
729
730 upstream commit
731
732 Back out rev 1.28 "Check min and max sizes sent by the
733 client" change. It caused "key_verify failed for server_host_key" in clients
734 that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
735 ok djm@
736
737 Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
738
739commit a86ec4d0737ac5879223e7cd9d68c448df46e169
740Author: Darren Tucker <dtucker@zip.com.au>
741Date: Tue Jun 14 10:48:27 2016 +1000
742
743 Use Solaris setpflags(__PROC_PROTECT, ...).
744
745 Where possible, use Solaris setpflags to disable process tracing on
746 ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
747 at oracle.com, ok djm.
748
749commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573
750Author: Darren Tucker <dtucker@zip.com.au>
751Date: Tue Jun 14 10:43:53 2016 +1000
752
753 Shorten prctl code a tiny bit.
754
755commit 0fb7f5985351fbbcd2613d8485482c538e5123be
756Author: Darren Tucker <dtucker@zip.com.au>
757Date: Thu Jun 9 16:23:07 2016 +1000
758
759 Move prctl PR_SET_DUMPABLE into platform.c.
760
761 This should make it easier to add additional platform support such as
762 Solaris (bz#2584).
763
764commit e6508898c3cd838324ecfe1abd0eb8cf802e7106
765Author: dtucker@openbsd.org <dtucker@openbsd.org>
766Date: Fri Jun 3 04:10:41 2016 +0000
767
768 upstream commit
769
770 Add a test for ssh(1)'s config file parsing.
771
772 Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
773
774commit ab0a536066dfa32def0bd7272c096ebb5eb25b11
775Author: dtucker@openbsd.org <dtucker@openbsd.org>
776Date: Fri Jun 3 03:47:59 2016 +0000
777
778 upstream commit
779
780 Add 'sshd' to the test ID as I'm about to add a similar
781 set for ssh.
782
783 Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
784
785commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb
786Author: schwarze@openbsd.org <schwarze@openbsd.org>
787Date: Mon May 30 12:14:08 2016 +0000
788
789 upstream commit
790
791 stricter malloc.conf(5) options for utf8 tests
792
793 Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
794
795commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc
796Author: schwarze@openbsd.org <schwarze@openbsd.org>
797Date: Mon May 30 12:05:56 2016 +0000
798
799 upstream commit
800
801 Fix two rare edge cases: 1. If vasprintf() returns < 0,
802 do not access a NULL pointer in snmprintf(), and do not free() the pointer
803 returned from vasprintf() because on some systems other than OpenBSD, it
804 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
805 rather than -1 and NULL.
806
807 Besides, free(dst) is pointless after failure (not a bug).
808
809 One half OK martijn@, the other half OK deraadt@;
810 committing quickly before people get hurt.
811
812 Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
813
814commit 016881eb33a7948028848c90f4c7ac42e3af0e87
815Author: schwarze@openbsd.org <schwarze@openbsd.org>
816Date: Thu May 26 19:14:25 2016 +0000
817
818 upstream commit
819
820 test the new utf8 module
821
822 Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
823
824commit d4219028bdef448e089376f3afe81ef6079da264
825Author: dtucker@openbsd.org <dtucker@openbsd.org>
826Date: Tue May 3 15:30:46 2016 +0000
827
828 upstream commit
829
830 Set umask to prevent "Bad owner or permissions" errors.
831
832 Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
833
834commit 07d5608bb237e9b3fe86a2aeaa429392230faebf
835Author: djm@openbsd.org <djm@openbsd.org>
836Date: Tue May 3 14:41:04 2016 +0000
837
838 upstream commit
839
840 support doas
841
842 Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
843
844commit 01cabf10adc7676cba5f40536a34d3b246edb73f
845Author: djm@openbsd.org <djm@openbsd.org>
846Date: Tue May 3 13:48:33 2016 +0000
847
848 upstream commit
849
850 unit tests for sshbuf_dup_string()
851
852 Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
853
854commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372
855Author: jmc@openbsd.org <jmc@openbsd.org>
856Date: Fri Jun 3 06:44:12 2016 +0000
857
858 upstream commit
859
860 tweak previous;
861
862 Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
863
864commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
865Author: dtucker@openbsd.org <dtucker@openbsd.org>
866Date: Fri Jun 3 04:09:38 2016 +0000
867
868 upstream commit
869
870 Allow ExitOnForwardFailure and ClearAllForwardings to be
871 overridden when using ssh -W (but still default to yes in that case).
872 bz#2577, ok djm@.
873
874 Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
875
876commit 8543ff3f5020fe659839b15f05b8c522bde6cee5
877Author: dtucker@openbsd.org <dtucker@openbsd.org>
878Date: Fri Jun 3 03:14:41 2016 +0000
879
880 upstream commit
881
882 Move the host and port used by ssh -W into the Options
883 struct. This will make future changes a bit easier. ok djm@
884
885 Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
886
887commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368
888Author: dtucker@openbsd.org <dtucker@openbsd.org>
889Date: Wed Jun 1 04:19:49 2016 +0000
890
891 upstream commit
892
893 Check min and max sizes sent by the client against what
894 we support before passing them to the monitor. ok djm@
895
896 Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
897
898commit 564cd2a8926ccb1dca43a535073540935b5e0373
899Author: dtucker@openbsd.org <dtucker@openbsd.org>
900Date: Tue May 31 23:46:14 2016 +0000
901
902 upstream commit
903
904 Ensure that the client's proposed DH-GEX max value is at
905 least as big as the minimum the server will accept. ok djm@
906
907 Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
908
909commit df820722e40309c9b3f360ea4ed47a584ed74333
910Author: Darren Tucker <dtucker@zip.com.au>
911Date: Mon Jun 6 11:36:13 2016 +1000
912
913 Add compat bits to utf8.c.
914
915commit 05c6574652571becfe9d924226c967a3f4b3f879
916Author: Darren Tucker <dtucker@zip.com.au>
917Date: Mon Jun 6 11:33:43 2016 +1000
918
919 Fix utf->utf8 typo.
920
921commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce
922Author: schwarze@openbsd.org <schwarze@openbsd.org>
923Date: Mon May 30 18:34:41 2016 +0000
924
925 upstream commit
926
927 Backout rev. 1.43 for now.
928
929 The function update_progress_meter() calls refresh_progress_meter()
930 which calls snmprintf() which calls malloc(); but update_progress_meter()
931 acts as the SIGALRM signal handler.
932
933 "malloc(): error: recursive call" reported by sobrado@.
934
935 Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
936
937commit cd9e1eabeb4137182200035ab6fa4522f8d24044
938Author: schwarze@openbsd.org <schwarze@openbsd.org>
939Date: Mon May 30 12:57:21 2016 +0000
940
941 upstream commit
942
943 Even when only writing an unescaped character, the dst
944 buffer may need to grow, or it would be overrun; issue found by tb@ with
945 malloc.conf(5) 'C'.
946
947 While here, reserve an additional byte for the terminating NUL
948 up front such that we don't have to realloc() later just for that.
949
950 OK tb@
951
952 Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
953
954commit ac284a355f8065eaef2a16f446f3c44cdd17371d
955Author: schwarze@openbsd.org <schwarze@openbsd.org>
956Date: Mon May 30 12:05:56 2016 +0000
957
958 upstream commit
959
960 Fix two rare edge cases: 1. If vasprintf() returns < 0,
961 do not access a NULL pointer in snmprintf(), and do not free() the pointer
962 returned from vasprintf() because on some systems other than OpenBSD, it
963 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
964 rather than -1 and NULL.
965
966 Besides, free(dst) is pointless after failure (not a bug).
967
968 One half OK martijn@, the other half OK deraadt@;
969 committing quickly before people get hurt.
970
971 Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
972
973commit 0e059cdf5fd86297546c63fa8607c24059118832
974Author: schwarze@openbsd.org <schwarze@openbsd.org>
975Date: Wed May 25 23:48:45 2016 +0000
976
977 upstream commit
978
979 To prevent screwing up terminal settings when printing to
980 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
981 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
982 character sets, abort printing of the current string in these cases. In
983 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
984 sanitize data received from the remote host; * sanitize filenames, usernames,
985 and similar data even locally; * take character display widths into account
986 for the progressmeter.
987
988 This is believed to be sufficient to keep the local terminal safe
989 on OpenBSD, but bad things can still happen on other systems with
990 state-dependent locales because many places in the code print
991 unencoded ASCII characters into the output stream.
992
993 Using feedback from djm@ and martijn@,
994 various aspects discussed with many others.
995
996 deraadt@ says it should go in now, i probably already hesitated too long
997
998 Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
999
1000commit 8c02e3639acefe1e447e293dbe23a0917abd3734
1001Author: dtucker@openbsd.org <dtucker@openbsd.org>
1002Date: Tue May 24 04:43:45 2016 +0000
1003
1004 upstream commit
1005
1006 KNF compression proposal and simplify the client side a
1007 little. ok djm@
1008
1009 Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
1010
1011commit 7ec4946fb686813eb5f8c57397e465f5485159f4
1012Author: dtucker@openbsd.org <dtucker@openbsd.org>
1013Date: Tue May 24 02:31:57 2016 +0000
1014
1015 upstream commit
1016
1017 Back out 'plug memleak'.
1018
1019 Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
1020
1021commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5
1022Author: djm@openbsd.org <djm@openbsd.org>
1023Date: Mon May 23 23:30:50 2016 +0000
1024
1025 upstream commit
1026
1027 prefer agent-hosted keys to keys from PKCS#11; ok markus
1028
1029 Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
1030
1031commit a0cb7778fbc9b43458f7072eb68dd858766384d1
1032Author: dtucker@openbsd.org <dtucker@openbsd.org>
1033Date: Mon May 23 00:17:27 2016 +0000
1034
1035 upstream commit
1036
1037 Plug mem leak in filter_proposal. ok djm@
1038
1039 Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
1040
1041commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743
1042Author: Darren Tucker <dtucker@zip.com.au>
1043Date: Fri Jun 3 16:03:44 2016 +1000
1044
1045 Update vis.h and vis.c from OpenBSD.
1046
1047 This will be needed for the upcoming utf8 changes.
1048
1049commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77
1050Author: Tim Rice <tim@multitalents.net>
1051Date: Tue May 31 11:13:22 2016 -0700
1052
1053 modified: configure.ac
1054 whitspace clean up. No code changes.
1055
1056commit 604a037d84e41e31f0aec9075df0b8740c130200
1057Author: Damien Miller <djm@mindrot.org>
1058Date: Tue May 31 16:45:28 2016 +1000
1059
1060 whitespace at EOL
1061
1062commit 18424200160ff5c923113e0a37ebe21ab7bcd17c
1063Author: Darren Tucker <dtucker@zip.com.au>
1064Date: Mon May 30 19:35:28 2016 +1000
1065
1066 Add missing ssh-host-config --name option
1067
1068 Patch from vinschen@redhat.com.
1069
1070commit 39c0cecaa188a37a2e134795caa68e03f3ced592
1071Author: Darren Tucker <dtucker@zip.com.au>
1072Date: Fri May 20 10:01:58 2016 +1000
1073
1074 Fix comment about sshpam_const and AIX.
1075
1076 From mschwager via github.
1077
1078commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30
1079Author: Damien Miller <djm@mindrot.org>
1080Date: Fri May 20 09:56:53 2016 +1000
1081
1082 Deny lstat syscalls in seccomp sandbox
1083
1084 Avoids sandbox violations for some krb/gssapi libraries.
1085
1086commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0
1087Author: djm@openbsd.org <djm@openbsd.org>
1088Date: Thu May 19 07:45:32 2016 +0000
1089
1090 upstream commit
1091
1092 fix type of ed25519 values
1093
1094 Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
1095
1096commit 75e21688f523799c9e0cc6601d76a9c5ca79f787
1097Author: markus@openbsd.org <markus@openbsd.org>
1098Date: Wed May 4 14:32:26 2016 +0000
1099
1100 upstream commit
1101
1102 add IdentityAgent; noticed & ok jmc@
1103
1104 Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
1105
1106commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b
1107Author: markus@openbsd.org <markus@openbsd.org>
1108Date: Wed May 4 14:29:58 2016 +0000
1109
1110 upstream commit
1111
1112 allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
1113
1114 Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
1115
1116commit 0516454151ae722fc8256c3c56115c6baf24c5b0
1117Author: markus@openbsd.org <markus@openbsd.org>
1118Date: Wed May 4 14:22:33 2016 +0000
1119
1120 upstream commit
1121
1122 move SSH_MSG_NONE, so we don't have to include ssh1.h;
1123 ok deraadt@
1124
1125 Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
1126
1127commit 332ff3d770631e7513fea38cf0d3689f673f0e3f
1128Author: Damien Miller <djm@mindrot.org>
1129Date: Tue May 10 09:51:06 2016 +1000
1130
1131 initialise salen in binresvport_sa
1132
1133 avoids failures with UsePrivilegedPort=yes
1134
1135 patch from Juan Gallego
1136
1137commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804
1138Author: markus@openbsd.org <markus@openbsd.org>
1139Date: Wed May 4 14:04:40 2016 +0000
1140
1141 upstream commit
1142
1143 missing const in prototypes (ssh1)
1144
1145 Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
1146
1147commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28
1148Author: dtucker@openbsd.org <dtucker@openbsd.org>
1149Date: Wed May 4 14:00:09 2016 +0000
1150
1151 upstream commit
1152
1153 Fix inverted logic for updating StreamLocalBindMask which
1154 would cause the server to set an invalid mask. ok djm@
1155
1156 Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
1157
1158commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81
1159Author: markus@openbsd.org <markus@openbsd.org>
1160Date: Wed May 4 12:21:53 2016 +0000
1161
1162 upstream commit
1163
1164 IdentityAgent for specifying specific agent sockets; ok
1165 djm@
1166
1167 Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
1168
1169commit 910e59bba09ac309d78ce61e356da35292212935
1170Author: djm@openbsd.org <djm@openbsd.org>
1171Date: Wed May 4 12:16:39 2016 +0000
1172
1173 upstream commit
1174
1175 fix junk characters after quotes
1176
1177 Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
1178
1179commit 9283884e647b8be50ccd2997537af0065672107d
1180Author: jmc@openbsd.org <jmc@openbsd.org>
1181Date: Tue May 3 18:38:12 2016 +0000
1182
1183 upstream commit
1184
1185 correct article;
1186
1187 Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
1188
1189commit cfefbcea1057c2623e76c579174a4107a0b6e6cd
1190Author: djm@openbsd.org <djm@openbsd.org>
1191Date: Tue May 3 15:57:39 2016 +0000
1192
1193 upstream commit
1194
1195 fix overriding of StreamLocalBindMask and
1196 StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
1197
1198 Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
1199
1200commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549
1201Author: djm@openbsd.org <djm@openbsd.org>
1202Date: Tue May 3 15:25:06 2016 +0000
1203
1204 upstream commit
1205
1206 don't forget to include StreamLocalBindUnlink in the
1207 config dump output
1208
1209 Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
1210
1211commit cdcd941994dc430f50d0a4e6a712d32b66e6199e
1212Author: djm@openbsd.org <djm@openbsd.org>
1213Date: Tue May 3 14:54:08 2016 +0000
1214
1215 upstream commit
1216
1217 make nethack^wrandomart fingerprint flag more readily
1218 searchable pointed out by Matt Johnston
1219
1220 Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
1221
1222commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d
1223Author: djm@openbsd.org <djm@openbsd.org>
1224Date: Tue May 3 13:10:24 2016 +0000
1225
1226 upstream commit
1227
1228 clarify ordering of subkeys; pointed out by ietf-ssh AT
1229 stbuehler.de
1230
1231 Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
1232
1233commit cca3b4395807bfb7aaeb83d2838f5c062ce30566
1234Author: dtucker@openbsd.org <dtucker@openbsd.org>
1235Date: Tue May 3 12:15:49 2016 +0000
1236
1237 upstream commit
1238
1239 Use a subshell for constructing key types to work around
1240 different sed behaviours for -portable.
1241
1242 Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
1243
1244commit fa58208c6502dcce3e0daac0ca991ee657daf1f5
1245Author: djm@openbsd.org <djm@openbsd.org>
1246Date: Tue May 3 10:27:59 2016 +0000
1247
1248 upstream commit
1249
1250 correct some typos and remove a long-stale XXX note.
1251
1252 add specification for ed25519 certificates
1253
1254 mention no host certificate options/extensions are currently defined
1255
1256 pointed out by Simon Tatham
1257
1258 Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
1259
1260commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04
1261Author: djm@openbsd.org <djm@openbsd.org>
1262Date: Tue May 3 10:24:27 2016 +0000
1263
1264 upstream commit
1265
1266 add ed25519 keys that are supported but missing from this
1267 documents; from Peter Moody
1268
1269 Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
1270
1271commit 7f3d76319a69dab2efe3a520a8fef5b97e923636
1272Author: dtucker@openbsd.org <dtucker@openbsd.org>
1273Date: Tue May 3 09:03:49 2016 +0000
1274
1275 upstream commit
1276
1277 Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch
1278 from Simon Tatham, ok markus@
1279
1280 Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
1281
1282commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62
1283Author: djm@openbsd.org <djm@openbsd.org>
1284Date: Mon May 2 14:10:58 2016 +0000
1285
1286 upstream commit
1287
1288 unbreak config parsing on reexec from previous commit
1289
1290 Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
1291
1292commit 67f1459efd2e85bf03d032539283fa8107218936
1293Author: djm@openbsd.org <djm@openbsd.org>
1294Date: Mon May 2 09:52:00 2016 +0000
1295
1296 upstream commit
1297
1298 unit and regress tests for SHA256/512; ok markus
1299
1300 Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
1301
1302commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7
1303Author: djm@openbsd.org <djm@openbsd.org>
1304Date: Mon May 2 10:26:04 2016 +0000
1305
1306 upstream commit
1307
1308 add support for additional fixed DH groups from
1309 draft-ietf-curdle-ssh-kex-sha2-03
1310
1311 diffie-hellman-group14-sha256 (2K group)
1312 diffie-hellman-group16-sha512 (4K group)
1313 diffie-hellman-group18-sha512 (8K group)
1314
1315 based on patch from Mark D. Baushke and Darren Tucker
1316 ok markus@
1317
1318 Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
1319
1320commit 57464e3934ba53ad8590ee3ccd840f693407fc1e
1321Author: djm@openbsd.org <djm@openbsd.org>
1322Date: Mon May 2 09:36:42 2016 +0000
1323
1324 upstream commit
1325
1326 support SHA256 and SHA512 RSA signatures in certificates;
1327 ok markus@
1328
1329 Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
1330
1331commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e
1332Author: djm@openbsd.org <djm@openbsd.org>
1333Date: Mon May 2 08:49:03 2016 +0000
1334
1335 upstream commit
1336
1337 fix signed/unsigned errors reported by clang-3.7; add
1338 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
1339 better safety checking; feedback and ok markus@
1340
1341 Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
1342
1343commit d2d6bf864e52af8491a60dd507f85b74361f5da3
1344Author: djm@openbsd.org <djm@openbsd.org>
1345Date: Fri Apr 29 08:07:53 2016 +0000
1346
1347 upstream commit
1348
1349 close ControlPersist background process stderr when not
1350 in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
1351
1352 Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
1353
1354commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8
1355Author: djm@openbsd.org <djm@openbsd.org>
1356Date: Thu Apr 28 14:30:21 2016 +0000
1357
1358 upstream commit
1359
1360 fix comment
1361
1362 Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
1363
1364commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6
1365Author: jmc@openbsd.org <jmc@openbsd.org>
1366Date: Wed Apr 27 13:53:48 2016 +0000
1367
1368 upstream commit
1369
1370 cidr permitted for {allow,deny}users; from lars nooden ok djm
1371
1372 Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
1373
1374commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22
1375Author: djm@openbsd.org <djm@openbsd.org>
1376Date: Thu Apr 21 06:08:02 2016 +0000
1377
1378 upstream commit
1379
1380 make argument == NULL tests more consistent
1381
1382 Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
1383
1384commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3
1385Author: jmc@openbsd.org <jmc@openbsd.org>
1386Date: Sun Apr 17 14:34:46 2016 +0000
1387
1388 upstream commit
1389
1390 tweak previous;
1391
1392 Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
1393
1394commit 0f839e5969efa3bda615991be8a9d9311554c573
1395Author: djm@openbsd.org <djm@openbsd.org>
1396Date: Fri Apr 15 02:57:10 2016 +0000
1397
1398 upstream commit
1399
1400 missing bit of Include regress
1401
1402 Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
1403
1404commit 12e4ac46aed681da55c2bba3cd11dfcab23591be
1405Author: djm@openbsd.org <djm@openbsd.org>
1406Date: Fri Apr 15 02:55:53 2016 +0000
1407
1408 upstream commit
1409
1410 remove redundant CLEANFILES section
1411
1412 Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
1413
1414commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c
1415Author: djm@openbsd.org <djm@openbsd.org>
1416Date: Fri Apr 15 00:48:01 2016 +0000
1417
1418 upstream commit
1419
1420 sync CLEANFILES with portable, sort
1421
1422 Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
1423
1424commit 35f22dad263cce5c61d933ae439998cb965b8748
1425Author: djm@openbsd.org <djm@openbsd.org>
1426Date: Fri Apr 15 00:31:10 2016 +0000
1427
1428 upstream commit
1429
1430 regression test for ssh_config Include directive
1431
1432 Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
1433
1434commit 6b8a1a87005818d4700ce8b42faef746e82c1f51
1435Author: djm@openbsd.org <djm@openbsd.org>
1436Date: Thu Apr 14 23:57:17 2016 +0000
1437
1438 upstream commit
1439
1440 unbreak test for recent ssh de-duplicated forwarding
1441 change
1442
1443 Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
1444
1445commit 076787702418985a2cc6808212dc28ce7afc01f0
1446Author: djm@openbsd.org <djm@openbsd.org>
1447Date: Thu Apr 14 23:21:42 2016 +0000
1448
1449 upstream commit
1450
1451 add test knob and warning for StrictModes
1452
1453 Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
1454
1455commit dc7990be865450574c7940c9880567f5d2555b37
1456Author: djm@openbsd.org <djm@openbsd.org>
1457Date: Fri Apr 15 00:30:19 2016 +0000
1458
1459 upstream commit
1460
1461 Include directive for ssh_config(5); feedback & ok markus@
1462
1463 Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
1464
1465commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
1466Author: Damien Miller <djm@mindrot.org>
1467Date: Wed Apr 13 10:39:57 2016 +1000
1468
1469 ignore PAM environment vars when UseLogin=yes
1470
1471 If PAM is configured to read user-specified environment variables
1472 and UseLogin=yes in sshd_config, then a hostile local user may
1473 attack /bin/login via LD_PRELOAD or similar environment variables
1474 set via PAM.
1475
1476 CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
1477
1478commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9
1479Author: djm@openbsd.org <djm@openbsd.org>
1480Date: Sat Apr 9 12:39:30 2016 +0000
1481
1482 upstream commit
1483
1484 make private key loading functions consistently handle NULL
1485 key pointer arguments; ok markus@
1486
1487 Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
1488
1489commit 5f41f030e2feb5295657285aa8c6602c7810bc4b
1490Author: Darren Tucker <dtucker@zip.com.au>
1491Date: Fri Apr 8 21:14:13 2016 +1000
1492
1493 Remove NO_IPPORT_RESERVED_CONCEPT
1494
1495 Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
1496 the same effect without causing problems syncing patches with OpenBSD.
1497 Resync the two affected functions with OpenBSD. ok djm, sanity checked
1498 by Corinna.
1499
1500commit 34a01b2cf737d946ddb140618e28c3048ab7a229
1501Author: djm@openbsd.org <djm@openbsd.org>
1502Date: Fri Apr 8 08:19:17 2016 +0000
1503
1504 upstream commit
1505
1506 whitespace at EOL
1507
1508 Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
1509
1510commit 90ee563fa6b54c59896c6c332c5188f866c5e75f
1511Author: djm@openbsd.org <djm@openbsd.org>
1512Date: Fri Apr 8 06:35:54 2016 +0000
1513
1514 upstream commit
1515
1516 We accidentally send an empty string and a zero uint32 with
1517 every direct-streamlocal@openssh.com channel open, in contravention of our
1518 own spec.
1519
1520 Fixing this is too hard wrt existing versions that expect these
1521 fields to be present and fatal() if they aren't, so document them
1522 as "reserved" fields in the PROTOCOL spec as though we always
1523 intended this and let us never speak of it again.
1524
1525 bz#2529, reported by Ron Frederick
1526
1527 Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
1528
1529commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558
1530Author: djm@openbsd.org <djm@openbsd.org>
1531Date: Wed Apr 6 06:42:17 2016 +0000
1532
1533 upstream commit
1534
1535 don't record duplicate LocalForward and RemoteForward
1536 entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
1537 where the same forwards are added on the second pass through the
1538 configuration file. bz#2562; ok dtucker@
1539
1540 Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
1541
1542commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8
1543Author: krw@openbsd.org <krw@openbsd.org>
1544Date: Sat Apr 2 14:37:42 2016 +0000
1545
1546 upstream commit
1547
1548 Another use for fcntl() and thus of the superfluous 3rd
1549 parameter is when sanitising standard fd's before calling daemon().
1550
1551 Use a tweaked version of the ssh(1) function in all three places
1552 found using fcntl() this way.
1553
1554 ok jca@ beck@
1555
1556 Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
1557
1558commit b3413534aa9d71a941005df2760d1eec2c2b0854
1559Author: Darren Tucker <dtucker@zip.com.au>
1560Date: Mon Apr 4 11:09:21 2016 +1000
1561
1562 Tidy up openssl header test.
1563
1564commit 815bcac0b94bb448de5acdd6ba925b8725240b4f
1565Author: Darren Tucker <dtucker@zip.com.au>
1566Date: Mon Apr 4 11:07:59 2016 +1000
1567
1568 Fix configure-time warnings for openssl test.
1569
1570commit 95687f5831ae680f7959446d8ae4b52452ee05dd
1571Author: djm@openbsd.org <djm@openbsd.org>
1572Date: Fri Apr 1 02:34:10 2016 +0000
1573
1574 upstream commit
1575
1576 whitespace at EOL
1577
1578 Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
1579
1580commit fdfbf4580de09d84a974211715e14f88a5704b8e
1581Author: dtucker@openbsd.org <dtucker@openbsd.org>
1582Date: Thu Mar 31 05:24:06 2016 +0000
1583
1584 upstream commit
1585
1586 Remove fallback from moduli to "primes" file that was
1587 deprecated in 2001 and fix log messages referring to primes file. Based on
1588 patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
1589
1590 Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
1591
1592commit 0235a5fa67fcac51adb564cba69011a535f86f6b
1593Author: djm@openbsd.org <djm@openbsd.org>
1594Date: Thu Mar 17 17:19:43 2016 +0000
1595
1596 upstream commit
1597
1598 UseDNS affects ssh hostname processing in authorized_keys,
1599 not known_hosts; bz#2554 reported by jjelen AT redhat.com
1600
1601 Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
1602
1603commit 8c4739338f5e379d05b19d6e544540114965f07e
1604Author: Darren Tucker <dtucker@zip.com.au>
1605Date: Tue Mar 15 09:24:43 2016 +1100
1606
1607 Don't call Solaris setproject() with UsePAM=yes.
1608
1609 When Solaris Projects are enabled along with PAM setting the project
1610 is PAM's responsiblity. bz#2425, based on patch from
1611 brent.paulson at gmail.com.
1612
1613commit cff26f373c58457a32cb263e212cfff53fca987b
1614Author: Damien Miller <djm@mindrot.org>
1615Date: Tue Mar 15 04:30:21 2016 +1100
1616
1617 remove slogin from *.spec
1618
1619commit c38905ba391434834da86abfc988a2b8b9b62477
1620Author: djm@openbsd.org <djm@openbsd.org>
1621Date: Mon Mar 14 16:20:54 2016 +0000
1622
1623 upstream commit
1624
1625 unbreak authentication using lone certificate keys in
1626 ssh-agent: when attempting pubkey auth with a certificate, if no separate
1627 private key is found among the keys then try with the certificate key itself.
1628
1629 bz#2550 reported by Peter Moody
1630
1631 Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
1632
1633commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871
1634Author: djm@openbsd.org <djm@openbsd.org>
1635Date: Thu Mar 10 11:47:57 2016 +0000
1636
1637 upstream commit
1638
1639 sanitise characters destined for xauth reported by
1640 github.com/tintinweb feedback and ok deraadt and markus
1641
1642 Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
1643
1644commit 732b463d37221722b1206f43aa59563766a6a968
1645Author: Darren Tucker <dtucker@zip.com.au>
1646Date: Mon Mar 14 16:04:23 2016 +1100
1647
1648 Pass supported malloc options to connect-privsep.
1649
1650 This allows us to activate only the supported options during the malloc
1651 option portion of the connect-privsep test.
1652
1653commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744
1654Author: Darren Tucker <dtucker@zip.com.au>
1655Date: Mon Mar 14 09:30:58 2016 +1100
1656
1657 Remove leftover roaming.h file.
1658
1659 Pointed out by des at des.no.
1660
1661commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea
1662Author: Darren Tucker <dtucker@zip.com.au>
1663Date: Mon Mar 14 09:24:03 2016 +1100
1664
1665 Quote variables that may contain whitespace.
1666
1667 The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to
1668 survive paths containing whitespace. bz#2551, from Corinna Vinschen via
1669 Philip Hands.
1670
1671commit 627824480c01f0b24541842c7206ab9009644d02
1672Author: Darren Tucker <dtucker@zip.com.au>
1673Date: Fri Mar 11 14:47:41 2016 +1100
1674
1675 Include priv.h for priv_set_t.
1676
1677 From alex at cooperi.net.
1678
1679commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf
1680Author: Darren Tucker <dtucker@zip.com.au>
1681Date: Wed Mar 9 13:14:18 2016 +1100
1682
1683 Wrap stdint.h inside #ifdef HAVE_STDINT_H.
1684
1685commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363
1686Author: Darren Tucker <dtucker@zip.com.au>
1687Date: Wed Mar 9 12:46:50 2016 +1100
1688
1689 Add compat to monotime_double().
1690
1691 Apply all of the portability changes in monotime() to monotime() double.
1692 Fixes build on at least older FreeBSD systems.
1693
1694commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9
1695Author: Damien Miller <djm@mindrot.org>
1696Date: Tue Mar 8 14:12:58 2016 -0800
1697
1698 make a regress-binaries target
1699
1700 Easier to build all the regression/unit test binaries in one pass
1701 than going through all of ${REGRESS_BINARIES}
1702
1703commit c425494d6b6181beb54a1b3763ef9e944fd3c214
1704Author: Damien Miller <djm@mindrot.org>
1705Date: Tue Mar 8 14:03:54 2016 -0800
1706
1707 unbreak kexfuzz for -Werror without __bounded__
1708
1709commit 3ed9218c336607846563daea5d5ab4f701f4e042
1710Author: Damien Miller <djm@mindrot.org>
1711Date: Tue Mar 8 14:01:29 2016 -0800
1712
1713 unbreak PAM after canohost refactor
1714
1715commit 885fb2a44ff694f01e4f6470f803629e11f62961
1716Author: Darren Tucker <dtucker@zip.com.au>
1717Date: Tue Mar 8 11:58:43 2016 +1100
1718
1719 auth_get_canonical_hostname in portable code.
1720
1721 "refactor canohost.c" replaced get_canonical_hostname, this makes the
1722 same change to some portable-specific code.
1723
1724commit 95767262caa6692eff1e1565be1f5cb297949a89
1725Author: djm@openbsd.org <djm@openbsd.org>
1726Date: Mon Mar 7 19:02:43 2016 +0000
6 1727
7commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56 1728 upstream commit
1729
1730 refactor canohost.c: move functions that cache results closer
1731 to the places that use them (authn and session code). After this, no state is
1732 cached in canohost.c
1733
1734 feedback and ok markus@
1735
1736 Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
1737
1738commit af0bb38ffd1f2c4f9f43b0029be2efe922815255
8Author: Damien Miller <djm@mindrot.org> 1739Author: Damien Miller <djm@mindrot.org>
9Date: Thu Mar 10 05:03:39 2016 +1100 1740Date: Fri Mar 4 15:11:55 2016 +1100
1741
1742 hook unittests/misc/kexfuzz into build
1743
1744commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248
1745Author: dtucker@openbsd.org <dtucker@openbsd.org>
1746Date: Fri Mar 4 02:48:06 2016 +0000
1747
1748 upstream commit
1749
1750 Filter debug messages out of log before picking the last
1751 two lines. Should prevent problems if any more debug output is added late in
1752 the connection.
1753
1754 Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
1755
1756commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb
1757Author: djm@openbsd.org <djm@openbsd.org>
1758Date: Fri Mar 4 02:30:36 2016 +0000
1759
1760 upstream commit
1761
1762 add KEX fuzzer harness; ok deraadt@
1763
1764 Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1
1765
1766commit ae2562c47d41b68dbb00240fd6dd60bed205367a
1767Author: dtucker@openbsd.org <dtucker@openbsd.org>
1768Date: Thu Mar 3 00:46:53 2016 +0000
1769
1770 upstream commit
1771
1772 Look back 3 lines for possible error messages. Changes
1773 to the code mean that "Bad packet length" errors are 3 lines back instead of
1774 the previous two, which meant we didn't skip some offsets that we intended
1775 to.
1776
1777 Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
10 1778
11 sanitise characters destined for xauth(1) 1779commit 988e429d903acfb298bfddfd75e7994327adfed0
1780Author: djm@openbsd.org <djm@openbsd.org>
1781Date: Fri Mar 4 03:35:44 2016 +0000
1782
1783 upstream commit
12 1784
13 reported by github.com/tintinweb 1785 fix ClientAliveInterval when a time-based RekeyLimit is
1786 set; previously keepalive packets were not being sent. bz#2252 report and
1787 analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@
1788
1789 Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
1790
1791commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d
1792Author: dtucker@openbsd.org <dtucker@openbsd.org>
1793Date: Wed Mar 2 22:43:52 2016 +0000
1794
1795 upstream commit
1796
1797 Improve accuracy of reported transfer speeds by waiting
1798 for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
1799
1800 Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
1801
1802commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723
1803Author: dtucker@openbsd.org <dtucker@openbsd.org>
1804Date: Wed Mar 2 22:42:40 2016 +0000
1805
1806 upstream commit
1807
1808 Improve precision of progressmeter for sftp and scp by
1809 storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
1810
1811 Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
1812
1813commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0
1814Author: jca@openbsd.org <jca@openbsd.org>
1815Date: Mon Feb 29 20:22:36 2016 +0000
1816
1817 upstream commit
1818
1819 Print ssize_t with %zd; ok deraadt@ mmcc@
1820
1821 Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd
1822
1823commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d
1824Author: djm@openbsd.org <djm@openbsd.org>
1825Date: Sun Feb 28 22:27:00 2016 +0000
1826
1827 upstream commit
1828
1829 rearrange DH public value tests to be a little more clear
1830
1831 rearrange DH private value generation to explain rationale more
1832 clearly and include an extra sanity check.
1833
1834 ok deraadt
1835
1836 Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
1837
1838commit 2ed17aa34008bdfc8db674315adc425a0712be11
1839Author: Darren Tucker <dtucker@zip.com.au>
1840Date: Tue Mar 1 15:24:20 2016 +1100
1841
1842 Import updated moduli file from OpenBSD.
1843
1844 Note that 1.5k bit groups have been removed.
14 1845
15commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 1846commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
16Author: Darren Tucker <dtucker@zip.com.au> 1847Author: Darren Tucker <dtucker@zip.com.au>
@@ -7369,1537 +9200,3 @@ Date: Fri Aug 1 12:26:49 2014 +1000
7369 9200
7370 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need 9201 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
7371 a better solution, but this will have to do for now. 9202 a better solution, but this will have to do for now.
7372
7373commit 426117b2e965e43f47015942b5be8dd88fe74b88
7374Author: Damien Miller <djm@mindrot.org>
7375Date: Wed Jul 30 12:33:20 2014 +1000
7376
7377 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
7378 [sftp-server.8 sshd_config.5]
7379 some systems no longer need /dev/log;
7380 issue noticed by jirib;
7381 ok deraadt
7382
7383commit f497794b6962eaf802ab4ac2a7b22ae591cca1d5
7384Author: Damien Miller <djm@mindrot.org>
7385Date: Wed Jul 30 12:32:46 2014 +1000
7386
7387 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
7388 [ssh-agent.c]
7389 Clear buffer used for handling messages. This prevents keys being
7390 left in memory after they have been expired or deleted in some cases
7391 (but note that ssh-agent is setgid so you would still need root to
7392 access them). Pointed out by Kevin Burns, ok deraadt
7393
7394commit a8a0f65c57c8ecba94d65948e9090da54014dfef
7395Author: Damien Miller <djm@mindrot.org>
7396Date: Wed Jul 30 12:32:28 2014 +1000
7397
7398 - OpenBSD CVS Sync
7399 - millert@cvs.openbsd.org 2014/07/24 22:57:10
7400 [ssh.1]
7401 Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
7402
7403commit 56b840f2b81e14a2f95c203403633a72566736f8
7404Author: Damien Miller <djm@mindrot.org>
7405Date: Fri Jul 25 08:11:30 2014 +1000
7406
7407 - (djm) [regress/multiplex.sh] restore incorrectly deleted line;
7408 pointed out by Christian Hesse
7409
7410commit dd417b60d5ca220565d1014e92b7f8f43dc081eb
7411Author: Darren Tucker <dtucker@zip.com.au>
7412Date: Wed Jul 23 10:41:21 2014 +1000
7413
7414 - dtucker@cvs.openbsd.org 2014/07/22 23:35:38
7415 [regress/unittests/sshkey/testdata/*]
7416 Regenerate test keys with certs signed with ed25519 instead of ecdsa.
7417 These can be used in -portable on platforms that don't support ECDSA.
7418
7419commit 40e50211896369dba8f64f3b5e5fd58b76f5ac3f
7420Author: Darren Tucker <dtucker@zip.com.au>
7421Date: Wed Jul 23 10:35:45 2014 +1000
7422
7423 - dtucker@cvs.openbsd.org 2014/07/22 23:57:40
7424 [regress/unittests/sshkey/mktestdata.sh]
7425 Add $OpenBSD tag to make syncs easier
7426
7427commit 07e644251e809b1d4c062cf85bd1146a7e3f5a8a
7428Author: Darren Tucker <dtucker@zip.com.au>
7429Date: Wed Jul 23 10:34:26 2014 +1000
7430
7431 - dtucker@cvs.openbsd.org 2014/07/22 23:23:22
7432 [regress/unittests/sshkey/mktestdata.sh]
7433 Sign test certs with ed25519 instead of ecdsa so that they'll work in
7434 -portable on platforms that don't have ECDSA in their OpenSSL. ok djm
7435
7436commit cea099a7c4eaecb01b001e5453bb4e5c25006c22
7437Author: Darren Tucker <dtucker@zip.com.au>
7438Date: Wed Jul 23 10:04:02 2014 +1000
7439
7440 - djm@cvs.openbsd.org 2014/07/22 01:32:12
7441 [regress/multiplex.sh]
7442 change the test for still-open Unix domain sockets to be robust against
7443 nc implementations that produce error messages. from -portable
7444 (Id sync only)
7445
7446commit 31eb78078d349b32ea41952ecc944b3ad6cb0d45
7447Author: Darren Tucker <dtucker@zip.com.au>
7448Date: Wed Jul 23 09:43:42 2014 +1000
7449
7450 - guenther@cvs.openbsd.org 2014/07/22 07:13:42
7451 [umac.c]
7452 Convert from <sys/endian.h> to the shiney new <endian.h>
7453 ok dtucker@, who also confirmed that -portable handles this already
7454 (ID sync only, includes.h pulls in endian.h if available.)
7455
7456commit 820763efef2d19d965602533036c2b4badc9d465
7457Author: Darren Tucker <dtucker@zip.com.au>
7458Date: Wed Jul 23 09:40:46 2014 +1000
7459
7460 - dtucker@cvs.openbsd.org 2014/07/22 01:18:50
7461 [key.c]
7462 Prevent spam from key_load_private_pem during hostbased auth. ok djm@
7463
7464commit c4ee219a66f3190fa96cbd45b4d11015685c6306
7465Author: Darren Tucker <dtucker@zip.com.au>
7466Date: Wed Jul 23 04:27:50 2014 +1000
7467
7468 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
7469 specific tests inside OPENSSL_HAS_ECC.
7470
7471commit 04f4824940ea3edd60835416ececbae16438968a
7472Author: Damien Miller <djm@mindrot.org>
7473Date: Tue Jul 22 11:31:47 2014 +1000
7474
7475 - (djm) [regress/multiplex.sh] change the test for still-open Unix
7476 domain sockets to be robust against nc implementations that produce
7477 error messages.
7478
7479commit 5ea4fe00d55453aaa44007330bb4c3181bd9b796
7480Author: Damien Miller <djm@mindrot.org>
7481Date: Tue Jul 22 09:39:19 2014 +1000
7482
7483 - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;
7484 put it back
7485
7486commit 948a1774a79a85f9deba6d74db95f402dee32c69
7487Author: Darren Tucker <dtucker@zip.com.au>
7488Date: Tue Jul 22 01:07:11 2014 +1000
7489
7490 - (dtucker) [sshkey.c] ifdef out unused variable when compiling without
7491 OPENSSL_HAS_ECC.
7492
7493commit c8f610f6cc57ae129758052439d9baf13699097b
7494Author: Damien Miller <djm@mindrot.org>
7495Date: Mon Jul 21 10:23:27 2014 +1000
7496
7497 - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.
7498
7499commit 0e4e95566cd95c887f69272499b8f3880b3ec0f5
7500Author: Damien Miller <djm@mindrot.org>
7501Date: Mon Jul 21 09:52:54 2014 +1000
7502
7503 - millert@cvs.openbsd.org 2014/07/15 15:54:15
7504 [forwarding.sh multiplex.sh]
7505 Add support for Unix domain socket forwarding. A remote TCP port
7506 may be forwarded to a local Unix domain socket and vice versa or
7507 both ends may be a Unix domain socket. This is a reimplementation
7508 of the streamlocal patches by William Ahern from:
7509 http://www.25thandclement.com/~william/projects/streamlocal.html
7510 OK djm@ markus@
7511
7512commit 93a87ab27ecdc709169fb24411133998f81e2761
7513Author: Darren Tucker <dtucker@zip.com.au>
7514Date: Mon Jul 21 06:30:25 2014 +1000
7515
7516 - (dtucker) [regress/unittests/sshkey/
7517 {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
7518 ifdefs.
7519
7520commit 5573171352ea23df2dc6d2fe0324d023b7ba697c
7521Author: Darren Tucker <dtucker@zip.com.au>
7522Date: Mon Jul 21 02:24:59 2014 +1000
7523
7524 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
7525 needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
7526
7527commit 74e28682711d005026c7c8f15f96aea9d3c8b5a3
7528Author: Tim Rice <tim@multitalents.net>
7529Date: Fri Jul 18 20:00:11 2014 -0700
7530
7531 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
7532 in servconf.h.
7533
7534commit d1a0421f8e5e933fee6fb58ee6b9a22c63c8a613
7535Author: Darren Tucker <dtucker@zip.com.au>
7536Date: Sat Jul 19 07:23:55 2014 +1000
7537
7538 - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.
7539
7540commit f0fe9ea1be62227c130b317769de3d1e736b6dc1
7541Author: Darren Tucker <dtucker@zip.com.au>
7542Date: Sat Jul 19 06:33:12 2014 +1000
7543
7544 - (dtucker) [Makefile.in] Add a t-exec target to run just the executable
7545 tests.
7546
7547commit 450bc1180d4b061434a4b733c5c8814fa30b022b
7548Author: Darren Tucker <dtucker@zip.com.au>
7549Date: Sat Jul 19 06:23:18 2014 +1000
7550
7551 - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used
7552 in servconf.h.
7553
7554commit ab2ec586baad122ed169285c31927ccf58bc7b28
7555Author: Damien Miller <djm@mindrot.org>
7556Date: Fri Jul 18 15:04:47 2014 +1000
7557
7558 - djm@cvs.openbsd.org 2014/07/18 02:46:01
7559 [ssh-agent.c]
7560 restore umask around listener socket creation (dropped in streamlocal patch
7561 merge)
7562
7563commit 357610d15946381ae90c271837dcdd0cdce7145f
7564Author: Damien Miller <djm@mindrot.org>
7565Date: Fri Jul 18 15:04:10 2014 +1000
7566
7567 - djm@cvs.openbsd.org 2014/07/17 07:22:19
7568 [mux.c ssh.c]
7569 reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
7570 previously we were always returning 0. bz#2255 reported by Brendan
7571 Germain; ok dtucker
7572
7573commit dad9a4a0b7c2b5d78605f8df28718f116524134e
7574Author: Damien Miller <djm@mindrot.org>
7575Date: Fri Jul 18 15:03:49 2014 +1000
7576
7577 - djm@cvs.openbsd.org 2014/07/17 00:12:03
7578 [key.c]
7579 silence "incorrect passphrase" error spam; reported and ok dtucker@
7580
7581commit f42f7684ecbeec6ce50e0310f80b3d6da2aaf533
7582Author: Damien Miller <djm@mindrot.org>
7583Date: Fri Jul 18 15:03:27 2014 +1000
7584
7585 - djm@cvs.openbsd.org 2014/07/17 00:10:18
7586 [mux.c]
7587 preserve errno across syscall
7588
7589commit 1b83320628cb0733e3688b85bfe4d388a7c51909
7590Author: Damien Miller <djm@mindrot.org>
7591Date: Fri Jul 18 15:03:02 2014 +1000
7592
7593 - djm@cvs.openbsd.org 2014/07/17 00:10:56
7594 [sandbox-systrace.c]
7595 ifdef SYS_sendsyslog so this will compile without patching on -stable
7596
7597commit 6d57656331bcd754d912950e4a18ad259d596e61
7598Author: Damien Miller <djm@mindrot.org>
7599Date: Fri Jul 18 15:02:06 2014 +1000
7600
7601 - jmc@cvs.openbsd.org 2014/07/16 14:48:57
7602 [ssh.1]
7603 add the streamlocal* options to ssh's -o list; millert says they're
7604 irrelevant for scp/sftp;
7605
7606 ok markus millert
7607
7608commit 7acefbbcbeab725420ea07397ae35992f505f702
7609Author: Damien Miller <djm@mindrot.org>
7610Date: Fri Jul 18 14:11:24 2014 +1000
7611
7612 - millert@cvs.openbsd.org 2014/07/15 15:54:14
7613 [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
7614 [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
7615 [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
7616 [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
7617 [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
7618 [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
7619 [sshd_config.5 sshlogin.c]
7620 Add support for Unix domain socket forwarding. A remote TCP port
7621 may be forwarded to a local Unix domain socket and vice versa or
7622 both ends may be a Unix domain socket. This is a reimplementation
7623 of the streamlocal patches by William Ahern from:
7624 http://www.25thandclement.com/~william/projects/streamlocal.html
7625 OK djm@ markus@
7626
7627commit 6262d760e00714523633bd989d62e273a3dca99a
7628Author: Damien Miller <djm@mindrot.org>
7629Date: Thu Jul 17 09:52:07 2014 +1000
7630
7631 - tedu@cvs.openbsd.org 2014/07/11 13:54:34
7632 [myproposal.h]
7633 by popular demand, add back hamc-sha1 to server proposal for better compat
7634 with many clients still in use. ok deraadt
7635
7636commit 9d69d937b46ecba17f16d923e538ceda7b705c7a
7637Author: Damien Miller <djm@mindrot.org>
7638Date: Thu Jul 17 09:49:37 2014 +1000
7639
7640 - deraadt@cvs.openbsd.org 2014/07/11 08:09:54
7641 [sandbox-systrace.c]
7642 Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking,
7643 update your kernels and sshd soon.. libc will start using sendsyslog()
7644 in about 4 days.
7645
7646commit f6293a0b4129826fc2e37e4062f96825df43c326
7647Author: Damien Miller <djm@mindrot.org>
7648Date: Thu Jul 17 09:01:25 2014 +1000
7649
7650 - (djm) [digest-openssl.c] Preserve array order when disabling digests.
7651 Reported by Petr Lautrbach.
7652
7653commit 00f9cd230709c04399ef5ff80492d70a55230694
7654Author: Damien Miller <djm@mindrot.org>
7655Date: Tue Jul 15 10:41:38 2014 +1000
7656
7657 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
7658 has been located; fixes builds agains libressl-portable
7659
7660commit 1d0df3249c87019556b83306c28d4769375c2edc
7661Author: Damien Miller <djm@mindrot.org>
7662Date: Fri Jul 11 09:19:04 2014 +1000
7663
7664 - OpenBSD CVS Sync
7665 - benno@cvs.openbsd.org 2014/07/09 14:15:56
7666 [ssh-add.c]
7667 fix ssh-add crash while loading more than one key
7668 ok markus@
7669
7670commit 7a57eb3d105aa4ced15fb47001092c58811e6d9d
7671Author: Damien Miller <djm@mindrot.org>
7672Date: Wed Jul 9 13:22:31 2014 +1000
7673
7674 - djm@cvs.openbsd.org 2014/07/07 08:15:26
7675 [multiplex.sh]
7676 remove forced-fatal that I stuck in there to test the new cleanup
7677 logic and forgot to remove...
7678
7679commit 612f965239a30fe536b11ece1834d9f470aeb029
7680Author: Damien Miller <djm@mindrot.org>
7681Date: Wed Jul 9 13:22:03 2014 +1000
7682
7683 - djm@cvs.openbsd.org 2014/07/06 07:42:03
7684 [multiplex.sh test-exec.sh]
7685 add a hook to the cleanup() function to kill $SSH_PID if it is set
7686
7687 use it to kill the mux master started in multiplex.sh (it was being left
7688 around on fatal failures)
7689
7690commit d0bb950485ba121e43a77caf434115ed6417b46f
7691Author: Damien Miller <djm@mindrot.org>
7692Date: Wed Jul 9 13:07:28 2014 +1000
7693
7694 - djm@cvs.openbsd.org 2014/07/09 03:02:15
7695 [key.c]
7696 downgrade more error() to debug() to better match what old authfile.c
7697 did; suppresses spurious errors with hostbased authentication enabled
7698
7699commit 0070776a038655c57f57e70cd05e4c38a5de9d84
7700Author: Damien Miller <djm@mindrot.org>
7701Date: Wed Jul 9 13:07:06 2014 +1000
7702
7703 - djm@cvs.openbsd.org 2014/07/09 01:45:10
7704 [sftp.c]
7705 more useful error message when GLOB_NOSPACE occurs;
7706 bz#2254, patch from Orion Poplawski
7707
7708commit 079bac2a43c74ef7cf56850afbab3b1932534c50
7709Author: Damien Miller <djm@mindrot.org>
7710Date: Wed Jul 9 13:06:25 2014 +1000
7711
7712 - djm@cvs.openbsd.org 2014/07/07 08:19:12
7713 [ssh_config.5]
7714 mention that ProxyCommand is executed using shell "exec" to avoid
7715 a lingering process; bz#1977
7716
7717commit 3a48cc090096cf99b9de592deb5f90e444edebfb
7718Author: Damien Miller <djm@mindrot.org>
7719Date: Sun Jul 6 09:32:49 2014 +1000
7720
7721 - djm@cvs.openbsd.org 2014/07/05 23:11:48
7722 [channels.c]
7723 fix remote-forward cancel regression; ok markus@
7724
7725commit 48bae3a38cb578713e676708164f6e7151cc64fa
7726Author: Damien Miller <djm@mindrot.org>
7727Date: Sun Jul 6 09:27:06 2014 +1000
7728
7729 - djm@cvs.openbsd.org 2014/07/03 23:18:35
7730 [authfile.h]
7731 remove leakmalloc droppings
7732
7733commit 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826
7734Author: Damien Miller <djm@mindrot.org>
7735Date: Fri Jul 4 09:00:04 2014 +1000
7736
7737 - djm@cvs.openbsd.org 2014/07/03 22:40:43
7738 [servconf.c servconf.h session.c sshd.8 sshd_config.5]
7739 Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
7740 executed, mirroring the no-user-rc authorized_keys option;
7741 bz#2160; ok markus@
7742
7743commit 602943d1179a08dfa70af94f62296ea5e3d6ebb8
7744Author: Damien Miller <djm@mindrot.org>
7745Date: Fri Jul 4 08:59:41 2014 +1000
7746
7747 - djm@cvs.openbsd.org 2014/07/03 22:33:41
7748 [channels.c]
7749 allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
7750 GatewayPorts=no; allows client to choose address family;
7751 bz#2222 ok markus@
7752
7753commit 6b37fbb7921d156b31e2c8f39d9e1b6746c34983
7754Author: Damien Miller <djm@mindrot.org>
7755Date: Fri Jul 4 08:59:24 2014 +1000
7756
7757 - djm@cvs.openbsd.org 2014/07/03 22:23:46
7758 [sshconnect.c]
7759 when rekeying, skip file/DNS lookup if it is the same as the key sent
7760 during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
7761
7762commit d2c3cd5f2e47ee24cf7093ce8e948c2e79dfc3fd
7763Author: Damien Miller <djm@mindrot.org>
7764Date: Fri Jul 4 08:59:01 2014 +1000
7765
7766 - jsing@cvs.openbsd.org 2014/07/03 12:42:16
7767 [cipher-chachapoly.c]
7768 Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this
7769 makes it easier to verify that chacha_encrypt_bytes() is only called once
7770 per chacha_ivsetup() call.
7771 ok djm@
7772
7773commit 686feb560ec43a06ba04da82b50f3c183c947309
7774Author: Damien Miller <djm@mindrot.org>
7775Date: Thu Jul 3 21:29:38 2014 +1000
7776
7777 - djm@cvs.openbsd.org 2014/07/03 11:16:55
7778 [auth.c auth.h auth1.c auth2.c]
7779 make the "Too many authentication failures" message include the
7780 user, source address, port and protocol in a format similar to the
7781 authentication success / failure messages; bz#2199, ok dtucker
7782
7783commit 0f12341402e18fd9996ec23189b9418d2722453f
7784Author: Damien Miller <djm@mindrot.org>
7785Date: Thu Jul 3 21:28:09 2014 +1000
7786
7787 - jmc@cvs.openbsd.org 2014/07/03 07:45:27
7788 [ssh_config.5]
7789 escape %C since groff thinks it part of an Rs/Re block;
7790
7791commit 9c38643c5cd47a19db2cc28279dcc28abadc22b3
7792Author: Damien Miller <djm@mindrot.org>
7793Date: Thu Jul 3 21:27:46 2014 +1000
7794
7795 - djm@cvs.openbsd.org 2014/07/03 06:39:19
7796 [ssh.c ssh_config.5]
7797 Add a %C escape sequence for LocalCommand and ControlPath that expands
7798 to a unique identifer based on a has of the tuple of (local host,
7799 remote user, hostname, port).
7800
7801 Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
7802 control paths.
7803
7804 bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
7805
7806commit 49d9bfe2b2f3e90cc158a215dffa7675e57e7830
7807Author: Damien Miller <djm@mindrot.org>
7808Date: Thu Jul 3 21:26:42 2014 +1000
7809
7810 - djm@cvs.openbsd.org 2014/07/03 05:38:17
7811 [ssh.1]
7812 document that -g will only work in the multiplexed case if applied to
7813 the mux master
7814
7815commit ef9f13ba4c58057b2166d1f2e790535da402fbe5
7816Author: Damien Miller <djm@mindrot.org>
7817Date: Thu Jul 3 21:26:21 2014 +1000
7818
7819 - djm@cvs.openbsd.org 2014/07/03 05:32:36
7820 [ssh_config.5]
7821 mention '%%' escape sequence in HostName directives and how it may
7822 be used to specify IPv6 link-local addresses
7823
7824commit e6a407789e5432dd2e53336fb73476cc69048c54
7825Author: Damien Miller <djm@mindrot.org>
7826Date: Thu Jul 3 21:25:03 2014 +1000
7827
7828 - djm@cvs.openbsd.org 2014/07/03 04:36:45
7829 [digest.h]
7830 forward-declare struct sshbuf so consumers don't need to include sshbuf.h
7831
7832commit 4a1d3d50f02d0a8a4ef95ea4749293cbfb89f919
7833Author: Damien Miller <djm@mindrot.org>
7834Date: Thu Jul 3 21:24:40 2014 +1000
7835
7836 - djm@cvs.openbsd.org 2014/07/03 03:47:27
7837 [ssh-keygen.c]
7838 When hashing or removing hosts using ssh-keygen, don't choke on
7839 @revoked markers and don't remove @cert-authority markers;
7840 bz#2241, reported by mlindgren AT runelind.net
7841
7842commit e5c0d52ceb575c3db8c313e0b1aa3845943d7ba8
7843Author: Damien Miller <djm@mindrot.org>
7844Date: Thu Jul 3 21:24:19 2014 +1000
7845
7846 - djm@cvs.openbsd.org 2014/07/03 03:34:09
7847 [gss-serv.c session.c ssh-keygen.c]
7848 standardise on NI_MAXHOST for gethostname() string lengths; about
7849 1/2 the cases were using it already. Fixes bz#2239 en passant
7850
7851commit c174a3b7c14e0d178c61219de2aa1110e209950c
7852Author: Damien Miller <djm@mindrot.org>
7853Date: Thu Jul 3 21:23:24 2014 +1000
7854
7855 - djm@cvs.openbsd.org 2014/07/03 03:26:43
7856 [digest-openssl.c]
7857 use EVP_Digest() for one-shot hash instead of creating, updating,
7858 finalising and destroying a context.
7859 bz#2231, based on patch from Timo Teras
7860
7861commit d7ca2cd31ecc4d63a055e2dcc4bf35c13f2db4c5
7862Author: Damien Miller <djm@mindrot.org>
7863Date: Thu Jul 3 21:23:01 2014 +1000
7864
7865 - djm@cvs.openbsd.org 2014/07/03 03:15:01
7866 [ssh-add.c]
7867 make stdout line-buffered; saves partial output getting lost when
7868 ssh-add fatal()s part-way through (e.g. when listing keys from an
7869 agent that supports key types that ssh-add doesn't);
7870 bz#2234, reported by Phil Pennock
7871
7872commit b1e967c8d7c7578dd0c172d85b3046cf54ea42ba
7873Author: Damien Miller <djm@mindrot.org>
7874Date: Thu Jul 3 21:22:40 2014 +1000
7875
7876 - djm@cvs.openbsd.org 2014/07/03 03:11:03
7877 [ssh-agent.c]
7878 Only cleanup agent socket in the main agent process and not in any
7879 subprocesses it may have started (e.g. forked askpass). Fixes
7880 agent sockets being zapped when askpass processes fatal();
7881 bz#2236 patch from Dmitry V. Levin
7882
7883commit 61e28e55c3438d796b02ef878bcd28620d452670
7884Author: Damien Miller <djm@mindrot.org>
7885Date: Thu Jul 3 21:22:22 2014 +1000
7886
7887 - djm@cvs.openbsd.org 2014/07/03 01:45:38
7888 [sshkey.c]
7889 make Ed25519 keys' title fit properly in the randomart border; bz#2247
7890 based on patch from Christian Hesse
7891
7892commit 9eb4cd9a32c32d40d36450b68ed93badc6a94c68
7893Author: Damien Miller <djm@mindrot.org>
7894Date: Thu Jul 3 13:29:50 2014 +1000
7895
7896 - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist;
7897 bz#2237
7898
7899commit 8da0fa24934501909408327298097b1629b89eaa
7900Author: Damien Miller <djm@mindrot.org>
7901Date: Thu Jul 3 11:54:19 2014 +1000
7902
7903 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
7904 doesn't support it.
7905
7906commit 81309c857dd0dbc0a1245a16d621c490ad48cfbb
7907Author: Damien Miller <djm@mindrot.org>
7908Date: Wed Jul 2 17:45:55 2014 +1000
7909
7910 - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test
7911
7912commit 82b2482ce68654815ee049b9bf021bb362a35ff2
7913Author: Damien Miller <djm@mindrot.org>
7914Date: Wed Jul 2 17:43:41 2014 +1000
7915
7916 - (djm) [sshkey.c] Conditionalise inclusion of util.h
7917
7918commit dd8b1dd7933eb6f5652641b0cdced34a387f2e80
7919Author: Damien Miller <djm@mindrot.org>
7920Date: Wed Jul 2 17:38:31 2014 +1000
7921
7922 - djm@cvs.openbsd.org 2014/06/24 01:14:17
7923 [Makefile.in regress/Makefile regress/unittests/Makefile]
7924 [regress/unittests/sshkey/Makefile]
7925 [regress/unittests/sshkey/common.c]
7926 [regress/unittests/sshkey/common.h]
7927 [regress/unittests/sshkey/mktestdata.sh]
7928 [regress/unittests/sshkey/test_file.c]
7929 [regress/unittests/sshkey/test_fuzz.c]
7930 [regress/unittests/sshkey/test_sshkey.c]
7931 [regress/unittests/sshkey/tests.c]
7932 [regress/unittests/sshkey/testdata/dsa_1]
7933 [regress/unittests/sshkey/testdata/dsa_1-cert.fp]
7934 [regress/unittests/sshkey/testdata/dsa_1-cert.pub]
7935 [regress/unittests/sshkey/testdata/dsa_1.fp]
7936 [regress/unittests/sshkey/testdata/dsa_1.fp.bb]
7937 [regress/unittests/sshkey/testdata/dsa_1.param.g]
7938 [regress/unittests/sshkey/testdata/dsa_1.param.priv]
7939 [regress/unittests/sshkey/testdata/dsa_1.param.pub]
7940 [regress/unittests/sshkey/testdata/dsa_1.pub]
7941 [regress/unittests/sshkey/testdata/dsa_1_pw]
7942 [regress/unittests/sshkey/testdata/dsa_2]
7943 [regress/unittests/sshkey/testdata/dsa_2.fp]
7944 [regress/unittests/sshkey/testdata/dsa_2.fp.bb]
7945 [regress/unittests/sshkey/testdata/dsa_2.pub]
7946 [regress/unittests/sshkey/testdata/dsa_n]
7947 [regress/unittests/sshkey/testdata/dsa_n_pw]
7948 [regress/unittests/sshkey/testdata/ecdsa_1]
7949 [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp]
7950 [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub]
7951 [regress/unittests/sshkey/testdata/ecdsa_1.fp]
7952 [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb]
7953 [regress/unittests/sshkey/testdata/ecdsa_1.param.curve]
7954 [regress/unittests/sshkey/testdata/ecdsa_1.param.priv]
7955 [regress/unittests/sshkey/testdata/ecdsa_1.param.pub]
7956 [regress/unittests/sshkey/testdata/ecdsa_1.pub]
7957 [regress/unittests/sshkey/testdata/ecdsa_1_pw]
7958 [regress/unittests/sshkey/testdata/ecdsa_2]
7959 [regress/unittests/sshkey/testdata/ecdsa_2.fp]
7960 [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb]
7961 [regress/unittests/sshkey/testdata/ecdsa_2.param.curve]
7962 [regress/unittests/sshkey/testdata/ecdsa_2.param.priv]
7963 [regress/unittests/sshkey/testdata/ecdsa_2.param.pub]
7964 [regress/unittests/sshkey/testdata/ecdsa_2.pub]
7965 [regress/unittests/sshkey/testdata/ecdsa_n]
7966 [regress/unittests/sshkey/testdata/ecdsa_n_pw]
7967 [regress/unittests/sshkey/testdata/ed25519_1]
7968 [regress/unittests/sshkey/testdata/ed25519_1-cert.fp]
7969 [regress/unittests/sshkey/testdata/ed25519_1-cert.pub]
7970 [regress/unittests/sshkey/testdata/ed25519_1.fp]
7971 [regress/unittests/sshkey/testdata/ed25519_1.fp.bb]
7972 [regress/unittests/sshkey/testdata/ed25519_1.pub]
7973 [regress/unittests/sshkey/testdata/ed25519_1_pw]
7974 [regress/unittests/sshkey/testdata/ed25519_2]
7975 [regress/unittests/sshkey/testdata/ed25519_2.fp]
7976 [regress/unittests/sshkey/testdata/ed25519_2.fp.bb]
7977 [regress/unittests/sshkey/testdata/ed25519_2.pub]
7978 [regress/unittests/sshkey/testdata/pw]
7979 [regress/unittests/sshkey/testdata/rsa1_1]
7980 [regress/unittests/sshkey/testdata/rsa1_1.fp]
7981 [regress/unittests/sshkey/testdata/rsa1_1.fp.bb]
7982 [regress/unittests/sshkey/testdata/rsa1_1.param.n]
7983 [regress/unittests/sshkey/testdata/rsa1_1.pub]
7984 [regress/unittests/sshkey/testdata/rsa1_1_pw]
7985 [regress/unittests/sshkey/testdata/rsa1_2]
7986 [regress/unittests/sshkey/testdata/rsa1_2.fp]
7987 [regress/unittests/sshkey/testdata/rsa1_2.fp.bb]
7988 [regress/unittests/sshkey/testdata/rsa1_2.param.n]
7989 [regress/unittests/sshkey/testdata/rsa1_2.pub]
7990 [regress/unittests/sshkey/testdata/rsa_1]
7991 [regress/unittests/sshkey/testdata/rsa_1-cert.fp]
7992 [regress/unittests/sshkey/testdata/rsa_1-cert.pub]
7993 [regress/unittests/sshkey/testdata/rsa_1.fp]
7994 [regress/unittests/sshkey/testdata/rsa_1.fp.bb]
7995 [regress/unittests/sshkey/testdata/rsa_1.param.n]
7996 [regress/unittests/sshkey/testdata/rsa_1.param.p]
7997 [regress/unittests/sshkey/testdata/rsa_1.param.q]
7998 [regress/unittests/sshkey/testdata/rsa_1.pub]
7999 [regress/unittests/sshkey/testdata/rsa_1_pw]
8000 [regress/unittests/sshkey/testdata/rsa_2]
8001 [regress/unittests/sshkey/testdata/rsa_2.fp]
8002 [regress/unittests/sshkey/testdata/rsa_2.fp.bb]
8003 [regress/unittests/sshkey/testdata/rsa_2.param.n]
8004 [regress/unittests/sshkey/testdata/rsa_2.param.p]
8005 [regress/unittests/sshkey/testdata/rsa_2.param.q]
8006 [regress/unittests/sshkey/testdata/rsa_2.pub]
8007 [regress/unittests/sshkey/testdata/rsa_n]
8008 [regress/unittests/sshkey/testdata/rsa_n_pw]
8009 unit and fuzz tests for new key API
8010
8011commit c1dc24b71f087f385b92652b9673f52af64e0428
8012Author: Damien Miller <djm@mindrot.org>
8013Date: Wed Jul 2 17:02:03 2014 +1000
8014
8015 - djm@cvs.openbsd.org 2014/06/24 01:04:43
8016 [regress/krl.sh]
8017 regress test for broken consecutive revoked serial number ranges
8018
8019commit 43d3ed2dd3feca6d0326c7dc82588d2faa115e92
8020Author: Damien Miller <djm@mindrot.org>
8021Date: Wed Jul 2 17:01:08 2014 +1000
8022
8023 - djm@cvs.openbsd.org 2014/05/21 07:04:21
8024 [regress/integrity.sh]
8025 when failing because of unexpected output, show the offending output
8026
8027commit 5a96707ffc8d227c2e7d94fa6b0317f8a152cf4e
8028Author: Damien Miller <djm@mindrot.org>
8029Date: Wed Jul 2 15:38:05 2014 +1000
8030
8031 - djm@cvs.openbsd.org 2014/04/30 05:32:00
8032 [regress/Makefile]
8033 unit tests for new buffer API; including basic fuzz testing
8034 NB. Id sync only.
8035
8036commit 3ff92ba756aee48e4ae3e0aeff7293517b3dd185
8037Author: Damien Miller <djm@mindrot.org>
8038Date: Wed Jul 2 15:33:09 2014 +1000
8039
8040 - djm@cvs.openbsd.org 2014/06/30 12:54:39
8041 [key.c]
8042 suppress spurious error message when loading key with a passphrase;
8043 reported by kettenis@ ok markus@
8044 - djm@cvs.openbsd.org 2014/07/02 04:59:06
8045 [cipher-3des1.c]
8046 fix ssh protocol 1 on the server that regressed with the sshkey change
8047 (sometimes fatal() after auth completed), make file return useful status
8048 codes.
8049 NB. Id sync only for these two. They were bundled into the sshkey merge
8050 above, since it was easier to sync the entire file and then apply
8051 portable-specific changed atop it.
8052
8053commit ec3d0e24a1e46873d80507f5cd8ee6d0d03ac5dc
8054Author: Damien Miller <djm@mindrot.org>
8055Date: Wed Jul 2 15:30:00 2014 +1000
8056
8057 - markus@cvs.openbsd.org 2014/06/27 18:50:39
8058 [ssh-add.c]
8059 fix loading of private keys
8060
8061commit 4b3ed647d5b328cf68e6a8ffbee490d8e0683e82
8062Author: Damien Miller <djm@mindrot.org>
8063Date: Wed Jul 2 15:29:40 2014 +1000
8064
8065 - markus@cvs.openbsd.org 2014/06/27 16:41:56
8066 [channels.c channels.h clientloop.c ssh.c]
8067 fix remote fwding with same listen port but different listen address
8068 with gerhard@, ok djm@
8069
8070commit 9e01ff28664921ce9b6500681333e42fb133b4d0
8071Author: Damien Miller <djm@mindrot.org>
8072Date: Wed Jul 2 15:29:21 2014 +1000
8073
8074 - deraadt@cvs.openbsd.org 2014/06/25 14:16:09
8075 [sshbuf.c]
8076 unblock SIGSEGV before raising it
8077 ok djm
8078
8079commit 1845fe6bda0729e52f4c645137f4fc3070b5438a
8080Author: Damien Miller <djm@mindrot.org>
8081Date: Wed Jul 2 15:29:01 2014 +1000
8082
8083 - djm@cvs.openbsd.org 2014/06/24 02:21:01
8084 [scp.c]
8085 when copying local->remote fails during read, don't send uninitialised
8086 heap to the remote end. Reported by Jann Horn
8087
8088commit 19439e9a2a0ac0b4b3b1210e89695418beb1c883
8089Author: Damien Miller <djm@mindrot.org>
8090Date: Wed Jul 2 15:28:40 2014 +1000
8091
8092 - djm@cvs.openbsd.org 2014/06/24 02:19:48
8093 [ssh.c]
8094 don't fatal() when hostname canonicalisation fails with a
8095 ProxyCommand in use; continue and allow the ProxyCommand to
8096 connect anyway (e.g. to a host with a name outside the DNS
8097 behind a bastion)
8098
8099commit 8668706d0f52654fe64c0ca41a96113aeab8d2b8
8100Author: Damien Miller <djm@mindrot.org>
8101Date: Wed Jul 2 15:28:02 2014 +1000
8102
8103 - djm@cvs.openbsd.org 2014/06/24 01:13:21
8104 [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
8105 [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
8106 [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
8107 [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
8108 [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
8109 [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
8110 [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
8111 [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
8112 [sshconnect2.c sshd.c sshkey.c sshkey.h
8113 [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
8114 New key API: refactor key-related functions to be more library-like,
8115 existing API is offered as a set of wrappers.
8116
8117 with and ok markus@
8118
8119 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
8120 Dempsky and Ron Bowes for a detailed review a few months ago.
8121
8122 NB. This commit also removes portable OpenSSH support for OpenSSL
8123 <0.9.8e.
8124
8125commit 2cd7929250cf9e9f658d70dcd452f529ba08c942
8126Author: Damien Miller <djm@mindrot.org>
8127Date: Wed Jul 2 12:48:30 2014 +1000
8128
8129 - djm@cvs.openbsd.org 2014/06/24 00:52:02
8130 [krl.c]
8131 fix bug in KRL generation: multiple consecutive revoked certificate
8132 serial number ranges could be serialised to an invalid format.
8133
8134 Readers of a broken KRL caused by this bug will fail closed, so no
8135 should-have-been-revoked key will be accepted.
8136
8137commit 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898
8138Author: Damien Miller <djm@mindrot.org>
8139Date: Wed Jul 2 12:48:04 2014 +1000
8140
8141 - naddy@cvs.openbsd.org 2014/06/18 15:42:09
8142 [sshbuf-getput-crypto.c]
8143 The ssh_get_bignum functions must accept the same range of bignums
8144 the corresponding ssh_put_bignum functions create. This fixes the
8145 use of 16384-bit RSA keys (bug reported by Eivind Evensen).
8146 ok djm@
8147
8148commit 84a89161a9629239b64171ef3e22ef6a3e462d51
8149Author: Damien Miller <djm@mindrot.org>
8150Date: Wed Jul 2 12:47:48 2014 +1000
8151
8152 - matthew@cvs.openbsd.org 2014/06/18 02:59:13
8153 [sandbox-systrace.c]
8154 Now that we have a dedicated getentropy(2) system call for
8155 arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace
8156 sandbox.
8157
8158 ok djm
8159
8160commit 51504ceec627c0ad57b9f75585c7b3d277f326be
8161Author: Damien Miller <djm@mindrot.org>
8162Date: Wed Jul 2 12:47:25 2014 +1000
8163
8164 - deraadt@cvs.openbsd.org 2014/06/13 08:26:29
8165 [sandbox-systrace.c]
8166 permit SYS_getentropy
8167 from matthew
8168
8169commit a261b8df59117f7dc52abb3a34b35a40c2c9fa88
8170Author: Tim Rice <tim@multitalents.net>
8171Date: Wed Jun 18 16:17:28 2014 -0700
8172
8173 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
8174
8175commit 316fac6f18f87262a315c79bcf68b9f92c9337e4
8176Author: Darren Tucker <dtucker@zip.com.au>
8177Date: Tue Jun 17 23:06:07 2014 +1000
8178
8179 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
8180 openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
8181 Move the OpenSSL header/library version test into its own function and add
8182 tests for it. Fix it to allow fix version upgrades (but not downgrades).
8183 Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
8184 ok djm@ chl@
8185
8186commit af665bb7b092a59104db1e65577851cf35b86e32
8187Author: Darren Tucker <dtucker@zip.com.au>
8188Date: Mon Jun 16 22:50:55 2014 +1000
8189
8190 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via
8191 OpenSMTPD and chl@
8192
8193commit f9696566fb41320820f3b257ab564fa321bb3751
8194Author: Darren Tucker <dtucker@zip.com.au>
8195Date: Fri Jun 13 11:06:04 2014 +1000
8196
8197 - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
8198 been removed from sshd.c.
8199
8200commit 5e2b8894b0b24af4ad0a2f7aa33ebf255df7a8bc
8201Author: Tim Rice <tim@multitalents.net>
8202Date: Wed Jun 11 18:31:10 2014 -0700
8203
8204 - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for
8205 u_intXX_t types.
8206
8207commit 985ee2cbc3e43bc65827c3c0d4df3faa99160c37
8208Author: Darren Tucker <dtucker@zip.com.au>
8209Date: Thu Jun 12 05:32:29 2014 +1000
8210
8211 - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]
8212 Wrap stdlib.h include an ifdef for platforms that don't have it.
8213
8214commit cf5392c2db2bb1dbef9818511d34056404436109
8215Author: Darren Tucker <dtucker@zip.com.au>
8216Date: Thu Jun 12 05:22:49 2014 +1000
8217
8218 - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
8219 openbsd-compat/bsd-asprintf.c.
8220
8221commit 58538d795e0b662f2f4e5a7193f1204bbe992ddd
8222Author: Darren Tucker <dtucker@zip.com.au>
8223Date: Wed Jun 11 13:39:24 2014 +1000
8224
8225 - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for
8226 compat stuff, specifically whether or not OpenSSL has ECC.
8227
8228commit eb012ac581fd0abc16ee86ee3a68cf07c8ce4d08
8229Author: Darren Tucker <dtucker@zip.com.au>
8230Date: Wed Jun 11 13:10:00 2014 +1000
8231
8232 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an
8233 assigment that might get optimized out. ok djm@
8234
8235commit b9609fd86c623d6d440e630f5f9a63295f7aea20
8236Author: Darren Tucker <dtucker@zip.com.au>
8237Date: Wed Jun 11 08:04:02 2014 +1000
8238
8239 - (dtucker) [sshbuf.h] Only declare ECC functions if building without
8240 OpenSSL or if OpenSSL has ECC.
8241
8242commit a54a040f66944c6e8913df8635a01a2327219be9
8243Author: Darren Tucker <dtucker@zip.com.au>
8244Date: Wed Jun 11 07:58:35 2014 +1000
8245
8246 - dtucker@cvs.openbsd.org 2014/06/10 21:46:11
8247 [sshbuf.h]
8248 Group ECC functions together to make things a little easier in -portable.
8249 "doesn't bother me" deraadt@
8250
8251commit 9f92c53bad04a89067756be8198d4ec2d8a08875
8252Author: Darren Tucker <dtucker@zip.com.au>
8253Date: Wed Jun 11 07:57:58 2014 +1000
8254
8255 - djm@cvs.openbsd.org 2014/06/05 22:17:50
8256 [sshconnect2.c]
8257 fix inverted test that caused PKCS#11 keys that were explicitly listed
8258 not to be preferred. Reported by Dirk-Willem van Gulik
8259
8260commit 15c254a25394f96643da2ad0f674acdc51e89856
8261Author: Darren Tucker <dtucker@zip.com.au>
8262Date: Wed Jun 11 07:38:49 2014 +1000
8263
8264 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef
8265 ECC variable too.
8266
8267commit d7af0cc5bf273eeed0897a99420bc26841d07d8f
8268Author: Darren Tucker <dtucker@zip.com.au>
8269Date: Wed Jun 11 07:37:25 2014 +1000
8270
8271 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
8272 the proposal if the version of OpenSSL we're using doesn't support ECC.
8273
8274commit 67508ac2563c33d582be181a3e777c65f549d22f
8275Author: Darren Tucker <dtucker@zip.com.au>
8276Date: Wed Jun 11 06:27:16 2014 +1000
8277
8278 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
8279 regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
8280 curve tests if OpenSSL has them.
8281
8282commit 6482d90a65459a88c18c925368525855832272b3
8283Author: Damien Miller <djm@mindrot.org>
8284Date: Tue May 27 14:34:42 2014 +1000
8285
8286 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
8287 [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
8288 separation user at runtime, since it may need to be a domain account.
8289 Patch from Corinna Vinschen.
8290
8291commit f9eb5e0734f7a7f6e975809eb54684d2a06a7ffc
8292Author: Damien Miller <djm@mindrot.org>
8293Date: Tue May 27 14:31:58 2014 +1000
8294
8295 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config
8296 from Corinna Vinschen, fixing a number of bugs and preparing for
8297 Cygwin 1.7.30.
8298
8299commit eae88744662e6b149f43ef071657727f1a157d95
8300Author: Damien Miller <djm@mindrot.org>
8301Date: Tue May 27 14:27:02 2014 +1000
8302
8303 - (djm) [cipher.c] Fix merge botch.
8304
8305commit 564b5e253c1d95c26a00e8288f0089a2571661c3
8306Author: Damien Miller <djm@mindrot.org>
8307Date: Thu May 22 08:23:59 2014 +1000
8308
8309 - (djm) [Makefile.in] typo in path
8310
8311commit e84d10302aeaf7a1acb05c451f8718143656856a
8312Author: Damien Miller <djm@mindrot.org>
8313Date: Wed May 21 17:13:36 2014 +1000
8314
8315 revert a diff I didn't mean to commit
8316
8317commit 795b86313f1f1aab9691666c4f2d5dae6e4acd50
8318Author: Damien Miller <djm@mindrot.org>
8319Date: Wed May 21 17:12:53 2014 +1000
8320
8321 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC
8322 when it is available. It takes into account time spent suspended,
8323 thereby ensuring timeouts (e.g. for expiring agent keys) fire
8324 correctly. bz#2228 reported by John Haxby
8325
8326commit 18912775cb97c0b1e75e838d3c7d4b56648137b5
8327Author: Damien Miller <djm@mindrot.org>
8328Date: Wed May 21 17:06:46 2014 +1000
8329
8330 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
8331 vhangup on Linux. It doens't work for non-root users, and for them
8332 it just messes up the tty settings.
8333
8334commit 7f1c264d3049cd95234e91970ccb5406e1d15b27
8335Author: Damien Miller <djm@mindrot.org>
8336Date: Thu May 15 18:01:52 2014 +1000
8337
8338 - (djm) [sshbuf.c] need __predict_false
8339
8340commit e7429f2be8643e1100380a8a7389d85cc286c8fe
8341Author: Damien Miller <djm@mindrot.org>
8342Date: Thu May 15 18:01:01 2014 +1000
8343
8344 - (djm) [regress/Makefile Makefile.in]
8345 [regress/unittests/sshbuf/test_sshbuf.c
8346 [regress/unittests/sshbuf/test_sshbuf_fixed.c]
8347 [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
8348 [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
8349 [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
8350 [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
8351 [regress/unittests/sshbuf/test_sshbuf_misc.c]
8352 [regress/unittests/sshbuf/tests.c]
8353 [regress/unittests/test_helper/fuzz.c]
8354 [regress/unittests/test_helper/test_helper.c]
8355 Hook new unit tests into the build and "make tests"
8356
8357commit def1de086707b0e6b046fe7e115c60aca0227a99
8358Author: Damien Miller <djm@mindrot.org>
8359Date: Thu May 15 15:17:15 2014 +1000
8360
8361 - (djm) [regress/unittests/Makefile]
8362 [regress/unittests/Makefile.inc]
8363 [regress/unittests/sshbuf/Makefile]
8364 [regress/unittests/sshbuf/test_sshbuf.c]
8365 [regress/unittests/sshbuf/test_sshbuf_fixed.c]
8366 [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
8367 [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
8368 [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
8369 [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
8370 [regress/unittests/sshbuf/test_sshbuf_misc.c]
8371 [regress/unittests/sshbuf/tests.c]
8372 [regress/unittests/test_helper/Makefile]
8373 [regress/unittests/test_helper/fuzz.c]
8374 [regress/unittests/test_helper/test_helper.c]
8375 [regress/unittests/test_helper/test_helper.h]
8376 Import new unit tests from OpenBSD; not yet hooked up to build.
8377
8378commit 167685756fde8bc213a8df2c8e1848e312db0f46
8379Author: Damien Miller <djm@mindrot.org>
8380Date: Thu May 15 15:08:40 2014 +1000
8381
8382 - logan@cvs.openbsd.org 2014/05/04 10:40:59
8383 [connect-privsep.sh]
8384 Remove the Z flag from the list of malloc options as it
8385 was removed from malloc.c 10 days ago.
8386
8387 OK from miod@
8388
8389commit d0b69fe90466920d69c96069312e24b581771bd7
8390Author: Damien Miller <djm@mindrot.org>
8391Date: Thu May 15 15:08:19 2014 +1000
8392
8393 - dtucker@cvs.openbsd.org 2014/05/03 18:46:14
8394 [proxy-connect.sh]
8395 Add tests for with and without compression, with and without privsep.
8396
8397commit edb1af50441d19fb2dd9ccb4d75bf14473fca584
8398Author: Damien Miller <djm@mindrot.org>
8399Date: Thu May 15 15:07:53 2014 +1000
8400
8401 - djm@cvs.openbsd.org 2014/04/21 22:15:37
8402 [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
8403 repair regress tests broken by server-side default cipher/kex/mac changes
8404 by ensuring that the option under test is included in the server's
8405 algorithm list
8406
8407commit 54343e95c70994695f8842fb22836321350198d3
8408Author: Damien Miller <djm@mindrot.org>
8409Date: Thu May 15 15:07:33 2014 +1000
8410
8411 - djm@cvs.openbsd.org 2014/03/13 20:44:49
8412 [login-timeout.sh]
8413 this test is a sorry mess of race conditions; add another sleep
8414 to avoid a failure on slow machines (at least until I find a
8415 better way)
8416
8417commit e5b9f0f2ee6e133894307e44e862b66426990733
8418Author: Damien Miller <djm@mindrot.org>
8419Date: Thu May 15 14:58:07 2014 +1000
8420
8421 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
8422 [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
8423
8424commit b9c566788a9ebd6a9d466f47a532124f111f0542
8425Author: Damien Miller <djm@mindrot.org>
8426Date: Thu May 15 14:43:37 2014 +1000
8427
8428 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
8429 portability glue to support building without libcrypto
8430
8431commit 3dc27178b42234b653a32f7a87292d7994045ee3
8432Author: Damien Miller <djm@mindrot.org>
8433Date: Thu May 15 14:37:59 2014 +1000
8434
8435 - logan@cvs.openbsd.org 2014/05/05 07:02:30
8436 [sftp.c]
8437 Zap extra whitespace.
8438
8439 OK from djm@ and dtucker@
8440
8441commit c31a0cd5b31961f01c5b731f62a6cb9d4f767472
8442Author: Damien Miller <djm@mindrot.org>
8443Date: Thu May 15 14:37:39 2014 +1000
8444
8445 - markus@cvs.openbsd.org 2014/05/03 17:20:34
8446 [monitor.c packet.c packet.h]
8447 unbreak compression, by re-init-ing the compression code in the
8448 post-auth child. the new buffer code is more strict, and requires
8449 buffer_init() while the old code was happy after a bzero();
8450 originally from djm@
8451
8452commit 686c7d9ee6f44b2be4128d7860b6b37adaeba733
8453Author: Damien Miller <djm@mindrot.org>
8454Date: Thu May 15 14:37:03 2014 +1000
8455
8456 - djm@cvs.openbsd.org 2014/05/02 03:27:54
8457 [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
8458 [misc.h poly1305.h ssh-pkcs11.c defines.h]
8459 revert __bounded change; it causes way more problems for portable than
8460 it solves; pointed out by dtucker@
8461
8462commit 294c58a007cfb2f3bddc4fc3217e255857ffb9bf
8463Author: Damien Miller <djm@mindrot.org>
8464Date: Thu May 15 14:35:03 2014 +1000
8465
8466 - naddy@cvs.openbsd.org 2014/04/30 19:07:48
8467 [mac.c myproposal.h umac.c]
8468 UMAC can use our local fallback implementation of AES when OpenSSL isn't
8469 available. Glue code straight from Ted Krovetz's original umac.c.
8470 ok markus@
8471
8472commit 05e82c3b963c33048128baf72a6f6b3a1c10b4c1
8473Author: Damien Miller <djm@mindrot.org>
8474Date: Thu May 15 14:33:43 2014 +1000
8475
8476 - djm@cvs.openbsd.org 2014/04/30 05:29:56
8477 [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c]
8478 [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c]
8479 [ssherr.h]
8480 New buffer API; the first installment of the conversion/replacement
8481 of OpenSSH's internals to make them usable as a standalone library.
8482
8483 This includes a set of wrappers to make it compatible with the
8484 existing buffer API so replacement can occur incrementally.
8485
8486 With and ok markus@
8487
8488 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
8489 Dempsky and Ron Bowes for a detailed review.
8490
8491commit 380948180f847a26f2d0c85b4dad3dca2ed2fd8b
8492Author: Damien Miller <djm@mindrot.org>
8493Date: Thu May 15 14:25:18 2014 +1000
8494
8495 - dtucker@cvs.openbsd.org 2014/04/29 20:36:51
8496 [sftp.c]
8497 Don't attempt to append a nul quote char to the filename. Should prevent
8498 fatal'ing with "el_insertstr failed" when there's a single quote char
8499 somewhere in the string. bz#2238, ok markus@
8500
8501commit d7fd8bedd4619a2ec7fd02aae4c4e1db4431ad9f
8502Author: Damien Miller <djm@mindrot.org>
8503Date: Thu May 15 14:24:59 2014 +1000
8504
8505 - dtucker@cvs.openbsd.org 2014/04/29 19:58:50
8506 [sftp.c]
8507 Move nulling of variable next to where it's freed. ok markus@
8508
8509commit 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14
8510Author: Damien Miller <djm@mindrot.org>
8511Date: Thu May 15 14:24:09 2014 +1000
8512
8513 - markus@cvs.openbsd.org 2014/04/29 18:01:49
8514 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
8515 [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
8516 [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
8517 [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
8518 make compiling against OpenSSL optional (make OPENSSL=no);
8519 reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
8520 allows us to explore further options; with and ok djm
8521
8522commit c5893785564498cea73cb60d2cf199490483e080
8523Author: Damien Miller <djm@mindrot.org>
8524Date: Thu May 15 13:48:49 2014 +1000
8525
8526 - djm@cvs.openbsd.org 2014/04/29 13:10:30
8527 [clientloop.c serverloop.c]
8528 bz#1818 - don't send channel success/failre replies on channels that
8529 have sent a close already; analysis and patch from Simon Tatham;
8530 ok markus@
8531
8532commit 633de33b192d808d87537834c316dc8b75fe1880
8533Author: Damien Miller <djm@mindrot.org>
8534Date: Thu May 15 13:48:26 2014 +1000
8535
8536 - djm@cvs.openbsd.org 2014/04/28 03:09:18
8537 [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
8538 [ssh-keygen.c]
8539 buffer_get_string_ptr's return should be const to remind
8540 callers that futzing with it will futz with the actual buffer
8541 contents
8542
8543commit 15271907843e4ae50dcfc83b3594014cf5e9607b
8544Author: Damien Miller <djm@mindrot.org>
8545Date: Thu May 15 13:47:56 2014 +1000
8546
8547 - djm@cvs.openbsd.org 2014/04/23 12:42:34
8548 [readconf.c]
8549 don't record duplicate IdentityFiles
8550
8551commit 798a02568b13a2e46efebd81f08c8f4bb33a6dc7
8552Author: Damien Miller <djm@mindrot.org>
8553Date: Thu May 15 13:47:37 2014 +1000
8554
8555 - jmc@cvs.openbsd.org 2014/04/22 14:16:30
8556 [sftp.1]
8557 zap eol whitespace;
8558
8559commit d875ff78d2b8436807381051de112f0ebf9b9ae1
8560Author: Damien Miller <djm@mindrot.org>
8561Date: Thu May 15 13:47:15 2014 +1000
8562
8563 - logan@cvs.openbsd.org 2014/04/22 12:42:04
8564 [sftp.1]
8565 Document sftp upload resume.
8566 OK from djm@, with feedback from okan@.
8567
8568commit b15cd7bb097fd80dc99520f45290ef775da1ef19
8569Author: Damien Miller <djm@mindrot.org>
8570Date: Thu May 15 13:46:52 2014 +1000
8571
8572 - logan@cvs.openbsd.org 2014/04/22 10:07:12
8573 [sftp.c]
8574 Sort the sftp command list.
8575 OK from djm@
8576
8577commit d8accc0aa72656ba63d50937165c5ae49db1dcd6
8578Author: Damien Miller <djm@mindrot.org>
8579Date: Thu May 15 13:46:25 2014 +1000
8580
8581 - logan@cvs.openbsd.org 2014/04/21 14:36:16
8582 [sftp-client.c sftp-client.h sftp.c]
8583 Implement sftp upload resume support.
8584 OK from djm@, with input from guenther@, mlarkin@ and
8585 okan@
8586
8587commit 16cd3928a87d20c77b13592a74b60b08621d3ce6
8588Author: Damien Miller <djm@mindrot.org>
8589Date: Thu May 15 13:45:58 2014 +1000
8590
8591 - logan@cvs.openbsd.org 2014/04/20 09:24:26
8592 [dns.c dns.h ssh-keygen.c]
8593 Add support for SSHFP DNS records for ED25519 key types.
8594 OK from djm@
8595
8596commit ec0b67eb3b4e12f296ced1fafa01860c374f7eea
8597Author: Damien Miller <djm@mindrot.org>
8598Date: Thu May 15 13:45:26 2014 +1000
8599
8600 - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
8601 OpenBSD
8602
8603commit f028460d0b2e5a584355321015cde69bf6fd933e
8604Author: Darren Tucker <dtucker@zip.com.au>
8605Date: Thu May 1 02:24:35 2014 +1000
8606
8607 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
8608 have it. Only attempt to use __attribute__(__bounded__) for gcc.
8609
8610commit b628cc4c3e4a842bab5e4584d18c2bc5fa4d0edf
8611Author: Damien Miller <djm@mindrot.org>
8612Date: Sun Apr 20 13:33:58 2014 +1000
8613
8614 - djm@cvs.openbsd.org 2014/04/20 02:49:32
8615 [compat.c]
8616 add a canonical 6.6 + curve25519 bignum fix fake version that I can
8617 recommend people use ahead of the openssh-6.7 release
8618
8619commit 888566913933a802f3a329ace123ebcb7154cf78
8620Author: Damien Miller <djm@mindrot.org>
8621Date: Sun Apr 20 13:33:19 2014 +1000
8622
8623 - djm@cvs.openbsd.org 2014/04/20 02:30:25
8624 [misc.c misc.h umac.c]
8625 use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
8626 strict-alignment architectures; reported by and ok stsp@
8627
8628commit 16f85cbc7e5139950e6a38317e7c8b368beafa5d
8629Author: Damien Miller <djm@mindrot.org>
8630Date: Sun Apr 20 13:29:28 2014 +1000
8631
8632 - tedu@cvs.openbsd.org 2014/04/19 18:42:19
8633 [ssh.1]
8634 delete .xr to hosts.equiv. there's still an unfortunate amount of
8635 documentation referring to rhosts equivalency in here.
8636
8637commit 69cb24b7356ec3f0fc5ff04a68f98f2c55c766f4
8638Author: Damien Miller <djm@mindrot.org>
8639Date: Sun Apr 20 13:29:06 2014 +1000
8640
8641 - tedu@cvs.openbsd.org 2014/04/19 18:15:16
8642 [sshd.8]
8643 remove some really old rsh references
8644
8645commit 84c1e7bca8c4ceaccf4d5557e39a833585a3c77e
8646Author: Damien Miller <djm@mindrot.org>
8647Date: Sun Apr 20 13:27:53 2014 +1000
8648
8649 - tedu@cvs.openbsd.org 2014/04/19 14:53:48
8650 [ssh-keysign.c sshd.c]
8651 Delete futile calls to RAND_seed. ok djm
8652 NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
8653
8654commit 0e6b67423b8662f9ca4c92750309e144fd637ef1
8655Author: Damien Miller <djm@mindrot.org>
8656Date: Sun Apr 20 13:27:01 2014 +1000
8657
8658 - djm@cvs.openbsd.org 2014/04/19 05:54:59
8659 [compat.c]
8660 missing wildcard; pointed out by naddy@
8661
8662commit 9395b28223334826837c15e8c1bb4dfb3b0d2ca5
8663Author: Damien Miller <djm@mindrot.org>
8664Date: Sun Apr 20 13:25:30 2014 +1000
8665
8666 - djm@cvs.openbsd.org 2014/04/18 23:52:25
8667 [compat.c compat.h sshconnect2.c sshd.c version.h]
8668 OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
8669 using the curve25519-sha256@libssh.org KEX exchange method to fail
8670 when connecting with something that implements the spec properly.
8671
8672 Disable this KEX method when speaking to one of the affected
8673 versions.
8674
8675 reported by Aris Adamantiadis; ok markus@
8676
8677commit 8c492da58f8ceb85cf5f7066f23e26fb813a963d
8678Author: Damien Miller <djm@mindrot.org>
8679Date: Sun Apr 20 13:25:09 2014 +1000
8680
8681 - djm@cvs.openbsd.org 2014/04/16 23:28:12
8682 [ssh-agent.1]
8683 remove the identity files from this manpage - ssh-agent doesn't deal
8684 with them at all and the same information is duplicated in ssh-add.1
8685 (which does deal with them); prodded by deraadt@
8686
8687commit adbfdbbdccc70c9bd70d81ae096db115445c6e26
8688Author: Damien Miller <djm@mindrot.org>
8689Date: Sun Apr 20 13:24:49 2014 +1000
8690
8691 - djm@cvs.openbsd.org 2014/04/16 23:22:45
8692 [bufaux.c]
8693 skip leading zero bytes in buffer_put_bignum2_from_string();
8694 reported by jan AT mojzis.com; ok markus@
8695
8696commit 75c62728dc87af6805696eeb520b9748faa136c8
8697Author: Damien Miller <djm@mindrot.org>
8698Date: Sun Apr 20 13:24:31 2014 +1000
8699
8700 - djm@cvs.openbsd.org 2014/04/12 04:55:53
8701 [sshd.c]
8702 avoid crash at exit: check that pmonitor!=NULL before dereferencing;
8703 bz#2225, patch from kavi AT juniper.net
8704
8705commit 2a328437fb1b0976f2f4522d8645803d5a5d0967
8706Author: Damien Miller <djm@mindrot.org>
8707Date: Sun Apr 20 13:24:01 2014 +1000
8708
8709 - djm@cvs.openbsd.org 2014/04/01 05:32:57
8710 [packet.c]
8711 demote a debug3 to PACKET_DEBUG; ok markus@
8712
8713commit 7d6a9fb660c808882d064e152d6070ffc3844c3f
8714Author: Damien Miller <djm@mindrot.org>
8715Date: Sun Apr 20 13:23:43 2014 +1000
8716
8717 - djm@cvs.openbsd.org 2014/04/01 03:34:10
8718 [sshconnect.c]
8719 When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
8720 certificate keys to plain keys and attempt SSHFP resolution.
8721
8722 Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
8723 dialog by offering only certificate keys.
8724
8725 Reported by mcv21 AT cam.ac.uk
8726
8727commit fcd62c0b66b8415405ed0af29c236329eb88cc0f
8728Author: Damien Miller <djm@mindrot.org>
8729Date: Sun Apr 20 13:23:21 2014 +1000
8730
8731 - djm@cvs.openbsd.org 2014/04/01 02:05:27
8732 [ssh-keysign.c]
8733 include fingerprint of key not found
8734 use arc4random_buf() instead of loop+arc4random()
8735
8736commit 43b156cf72f900f88065b0a1c1ebd09ab733ca46
8737Author: Damien Miller <djm@mindrot.org>
8738Date: Sun Apr 20 13:23:03 2014 +1000
8739
8740 - jmc@cvs.openbsd.org 2014/03/31 13:39:34
8741 [ssh-keygen.1]
8742 the text for the -K option was inserted in the wrong place in -r1.108;
8743 fix From: Matthew Clarke
8744
8745commit c1621c84f2dc1279065ab9fde2aa9327af418900
8746Author: Damien Miller <djm@mindrot.org>
8747Date: Sun Apr 20 13:22:46 2014 +1000
8748
8749 - naddy@cvs.openbsd.org 2014/03/28 05:17:11
8750 [ssh_config.5 sshd_config.5]
8751 sync available and default algorithms, improve algorithm list formatting
8752 help from jmc@ and schwarze@, ok deraadt@
8753
8754commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
8755Author: Damien Miller <djm@mindrot.org>
8756Date: Sun Apr 20 13:22:18 2014 +1000
8757
8758 - tedu@cvs.openbsd.org 2014/03/26 19:58:37
8759 [sshd.8 sshd.c]
8760 remove libwrap support. ok deraadt djm mfriedl
8761
8762commit 4f40209aa4060b9c066a2f0d9332ace7b8dfb391
8763Author: Damien Miller <djm@mindrot.org>
8764Date: Sun Apr 20 13:21:22 2014 +1000
8765
8766 - djm@cvs.openbsd.org 2014/03/26 04:55:35
8767 [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
8768 [misc.h poly1305.h ssh-pkcs11.c]
8769 use __bounded(...) attribute recently added to sys/cdefs.h instead of
8770 longform __attribute__(__bounded(...));
8771
8772 for brevity and a warning free compilation with llvm/clang
8773
8774commit 9235a030ad1b16903fb495d81544e0f7c7449523
8775Author: Damien Miller <djm@mindrot.org>
8776Date: Sun Apr 20 13:17:20 2014 +1000
8777
8778 Three commits in one (since they touch the same heavily-diverged file
8779 repeatedly):
8780
8781 - markus@cvs.openbsd.org 2014/03/25 09:40:03
8782 [myproposal.h]
8783 trimm default proposals.
8784
8785 This commit removes the weaker pre-SHA2 hashes, the broken ciphers
8786 (arcfour), and the broken modes (CBC) from the default configuration
8787 (the patch only changes the default, all the modes are still available
8788 for the config files).
8789
8790 ok djm@, reminded by tedu@ & naddy@ and discussed with many
8791 - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
8792 [myproposal.h]
8793 The current sharing of myproposal[] between both client and server code
8794 makes the previous diff highly unpallatable. We want to go in that
8795 direction for the server, but not for the client. Sigh.
8796 Brought up by naddy.
8797 - markus@cvs.openbsd.org 2014/03/27 23:01:27
8798 [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
8799 disable weak proposals in sshd, but keep them in ssh; ok djm@
8800
8801commit 6e1777f592f15f4559728c78204617537b1ac076
8802Author: Damien Miller <djm@mindrot.org>
8803Date: Sun Apr 20 13:02:58 2014 +1000
8804
8805 - tedu@cvs.openbsd.org 2014/03/19 14:42:44
8806 [scp.1]
8807 there is no need for rcp anymore
8808 ok deraadt millert
8809
8810commit eb1b7c514d2a7b1802ccee8cd50e565a4d419887
8811Author: Damien Miller <djm@mindrot.org>
8812Date: Sun Apr 20 13:02:26 2014 +1000
8813
8814 - tedu@cvs.openbsd.org 2014/03/17 19:44:10
8815 [ssh.1]
8816 old descriptions of des and blowfish are old. maybe ok deraadt
8817
8818commit f0858de6e1324ec730752387074b111b8551081e
8819Author: Damien Miller <djm@mindrot.org>
8820Date: Sun Apr 20 13:01:30 2014 +1000
8821
8822 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
8823 [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
8824 Improve usage() and documentation towards the standard form.
8825 In particular, this line saves a lot of man page reading time.
8826 usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
8827 [-N new_passphrase] [-C comment] [-f output_keyfile]
8828 ok schwarze jmc
8829
8830commit 94bfe0fbd6e91a56b5b0ab94ac955d2a67d101aa
8831Author: Damien Miller <djm@mindrot.org>
8832Date: Sun Apr 20 13:00:51 2014 +1000
8833
8834 - naddy@cvs.openbsd.org 2014/03/12 13:06:59
8835 [ssh-keyscan.1]
8836 scan for Ed25519 keys by default too
8837
8838commit 3819519288b2b3928c6882f5883b0f55148f4fc0
8839Author: Damien Miller <djm@mindrot.org>
8840Date: Sun Apr 20 13:00:28 2014 +1000
8841
8842 - djm@cvs.openbsd.org 2014/03/12 04:51:12
8843 [authfile.c]
8844 correct test that kdf name is not "none" or "bcrypt"
8845
8846commit 8f9cd709c7cf0655d414306a0ed28306b33802be
8847Author: Damien Miller <djm@mindrot.org>
8848Date: Sun Apr 20 13:00:11 2014 +1000
8849
8850 - djm@cvs.openbsd.org 2014/03/12 04:50:32
8851 [auth-bsdauth.c ssh-keygen.c]
8852 don't count on things that accept arguments by reference to clear
8853 things for us on error; most things do, but it's unsafe form.
8854
8855commit 1c7ef4be83f6dec84509a312518b9df00ab491d9
8856Author: Damien Miller <djm@mindrot.org>
8857Date: Sun Apr 20 12:59:46 2014 +1000
8858
8859 - djm@cvs.openbsd.org 2014/03/12 04:44:58
8860 [ssh-keyscan.c]
8861 scan for Ed25519 keys by default too
8862
8863commit c10bf4d051c97939b30a1616c0499310057d07da
8864Author: Damien Miller <djm@mindrot.org>
8865Date: Sun Apr 20 12:58:04 2014 +1000
8866
8867 - djm@cvs.openbsd.org 2014/03/03 22:22:30
8868 [session.c]
8869 ignore enviornment variables with embedded '=' or '\0' characters;
8870 spotted by Jann Horn; ok deraadt@
8871 Id sync only - portable already has this.
8872
8873commit c2e49062faccbcd7135c40d1c78c5c329c58fc2e
8874Author: Damien Miller <djm@mindrot.org>
8875Date: Tue Apr 1 14:42:46 2014 +1100
8876
8877 - (djm) Use full release (e.g. 6.5p1) in debug output rather than just
8878 version. From des@des.no
8879
8880commit 14928b7492abec82afa4c2b778fc03f78cd419b6
8881Author: Damien Miller <djm@mindrot.org>
8882Date: Tue Apr 1 14:38:07 2014 +1100
8883
8884 - (djm) On platforms that support it, use prctl() to prevent sftp-server
8885 from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
8886
8887commit 48abc47e60048461fe9117e108a7e99ea1ac2bb8
8888Author: Damien Miller <djm@mindrot.org>
8889Date: Mon Mar 17 14:45:56 2014 +1100
8890
8891 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to
8892 remind myself to add sandbox violation logging via the log socket.
8893
8894commit 9c36698ca2f554ec221dc7ef29c7a89e97c88705
8895Author: Tim Rice <tim@multitalents.net>
8896Date: Fri Mar 14 12:45:01 2014 -0700
8897
8898 20140314
8899 - (tim) [opensshd.init.in] Add support for ed25519
8900
8901commit 19158b2447e35838d69b2b735fb640d1e86061ea
8902Author: Damien Miller <djm@mindrot.org>
8903Date: Thu Mar 13 13:14:21 2014 +1100
8904
8905 - (djm) Release OpenSSH 6.6
diff --git a/INSTALL b/INSTALL
index cbbb2df59..582eef8ef 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,14 +7,15 @@ OpenSSL)
7Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): 7Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
8http://www.gzip.org/zlib/ 8http://www.gzip.org/zlib/
9 9
10libcrypto (LibreSSL or OpenSSL >= 0.9.8f) 10libcrypto (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0)
11LibreSSL http://www.libressl.org/ ; or 11LibreSSL http://www.libressl.org/ ; or
12OpenSSL http://www.openssl.org/ 12OpenSSL http://www.openssl.org/
13 13
14LibreSSL/OpenSSL should be compiled as a position-independent library 14LibreSSL/OpenSSL should be compiled as a position-independent library
15(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. 15(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
16If you must use a non-position-independent libcrypto, then you may need 16If you must use a non-position-independent libcrypto, then you may need
17to configure OpenSSH --without-pie. 17to configure OpenSSH --without-pie. Note that because of API changes,
18OpenSSL 1.1.x is not currently supported.
18 19
19The remaining items are optional. 20The remaining items are optional.
20 21
diff --git a/Makefile.in b/Makefile.in
index d401787db..12991cd9f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -82,7 +82,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
82 compat.o crc32.o deattack.o fatal.o hostfile.o \ 82 compat.o crc32.o deattack.o fatal.o hostfile.o \
83 log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \ 83 log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
84 readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ 84 readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
85 atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \ 85 atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
86 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ 86 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
87 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ 87 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
88 ssh-pkcs11.o smult_curve25519_ref.o \ 88 ssh-pkcs11.o smult_curve25519_ref.o \
@@ -92,7 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
92 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ 92 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
93 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ 93 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
94 kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ 94 kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
95 platform-pledge.o 95 platform-pledge.o platform-tracing.o
96 96
97SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ 97SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
98 sshconnect.o sshconnect1.o sshconnect2.o mux.o 98 sshconnect.o sshconnect1.o sshconnect2.o mux.o
@@ -223,7 +223,7 @@ umac128.o: umac.c
223 $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \ 223 $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \
224 -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \ 224 -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \
225 -Dumac_update=umac128_update -Dumac_final=umac128_final \ 225 -Dumac_update=umac128_update -Dumac_final=umac128_final \
226 -Dumac_delete=umac128_delete 226 -Dumac_delete=umac128_delete -Dumac_ctx=umac128_ctx
227 227
228clean: regressclean 228clean: regressclean
229 rm -f *.o *.a $(TARGETS) logintest config.cache config.log 229 rm -f *.o *.a $(TARGETS) logintest config.cache config.log
@@ -240,6 +240,8 @@ clean: regressclean
240 rm -f regress/unittests/hostkeys/test_hostkeys 240 rm -f regress/unittests/hostkeys/test_hostkeys
241 rm -f regress/unittests/kex/*.o 241 rm -f regress/unittests/kex/*.o
242 rm -f regress/unittests/kex/test_kex 242 rm -f regress/unittests/kex/test_kex
243 rm -f regress/misc/kexfuzz/*.o
244 rm -f regress/misc/kexfuzz/kexfuzz
243 (cd openbsd-compat && $(MAKE) clean) 245 (cd openbsd-compat && $(MAKE) clean)
244 246
245distclean: regressclean 247distclean: regressclean
@@ -260,6 +262,7 @@ distclean: regressclean
260 rm -f regress/unittests/hostkeys/test_hostkeys 262 rm -f regress/unittests/hostkeys/test_hostkeys
261 rm -f regress/unittests/kex/*.o 263 rm -f regress/unittests/kex/*.o
262 rm -f regress/unittests/kex/test_kex 264 rm -f regress/unittests/kex/test_kex
265 rm -f regress/unittests/misc/kexfuzz
263 (cd openbsd-compat && $(MAKE) distclean) 266 (cd openbsd-compat && $(MAKE) distclean)
264 if test -d pkg ; then \ 267 if test -d pkg ; then \
265 rm -fr pkg ; \ 268 rm -fr pkg ; \
@@ -419,23 +422,27 @@ regress-prep:
419 mkdir -p `pwd`/regress/unittests/hostkeys 422 mkdir -p `pwd`/regress/unittests/hostkeys
420 [ -d `pwd`/regress/unittests/kex ] || \ 423 [ -d `pwd`/regress/unittests/kex ] || \
421 mkdir -p `pwd`/regress/unittests/kex 424 mkdir -p `pwd`/regress/unittests/kex
425 [ -d `pwd`/regress/misc/kexfuzz ] || \
426 mkdir -p `pwd`/regress/misc/kexfuzz
422 [ -f `pwd`/regress/Makefile ] || \ 427 [ -f `pwd`/regress/Makefile ] || \
423 ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile 428 ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
424 429
425regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c 430REGRESSLIBS=libssh.a $(LIBCOMPAT)
426 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ 431
432regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
433 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
427 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 434 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
428 435
429regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c 436regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS)
430 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ 437 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
431 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 438 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
432 439
433regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c 440regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c $(REGRESSLIBS)
434 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ 441 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/netcat.c \
435 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 442 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
436 443
437regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c 444regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS)
438 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ 445 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \
439 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 446 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
440 447
441UNITTESTS_TEST_HELPER_OBJS=\ 448UNITTESTS_TEST_HELPER_OBJS=\
@@ -505,8 +512,14 @@ regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
505 regress/unittests/test_helper/libtest_helper.a \ 512 regress/unittests/test_helper/libtest_helper.a \
506 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 513 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
507 514
508REGRESS_BINARIES=\ 515MISC_KEX_FUZZ_OBJS=\
509 regress/modpipe$(EXEEXT) \ 516 regress/misc/kexfuzz/kexfuzz.o
517
518regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
519 $(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
520 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
521
522regress-binaries: regress/modpipe$(EXEEXT) \
510 regress/setuid-allowed$(EXEEXT) \ 523 regress/setuid-allowed$(EXEEXT) \
511 regress/netcat$(EXEEXT) \ 524 regress/netcat$(EXEEXT) \
512 regress/check-perm$(EXEEXT) \ 525 regress/check-perm$(EXEEXT) \
@@ -514,9 +527,10 @@ REGRESS_BINARIES=\
514 regress/unittests/sshkey/test_sshkey$(EXEEXT) \ 527 regress/unittests/sshkey/test_sshkey$(EXEEXT) \
515 regress/unittests/bitmap/test_bitmap$(EXEEXT) \ 528 regress/unittests/bitmap/test_bitmap$(EXEEXT) \
516 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ 529 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
517 regress/unittests/kex/test_kex$(EXEEXT) 530 regress/unittests/kex/test_kex$(EXEEXT) \
531 regress/misc/kexfuzz/kexfuzz$(EXEEXT)
518 532
519tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES) 533tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS)
520 BUILDDIR=`pwd`; \ 534 BUILDDIR=`pwd`; \
521 TEST_SSH_SCP="$${BUILDDIR}/scp"; \ 535 TEST_SSH_SCP="$${BUILDDIR}/scp"; \
522 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ 536 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
@@ -541,6 +555,7 @@ tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES)
541 OBJ="$${BUILDDIR}/regress/" \ 555 OBJ="$${BUILDDIR}/regress/" \
542 PATH="$${BUILDDIR}:$${PATH}" \ 556 PATH="$${BUILDDIR}:$${PATH}" \
543 TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ 557 TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
558 TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
544 TEST_SSH_SCP="$${TEST_SSH_SCP}" \ 559 TEST_SSH_SCP="$${TEST_SSH_SCP}" \
545 TEST_SSH_SSH="$${TEST_SSH_SSH}" \ 560 TEST_SSH_SSH="$${TEST_SSH_SSH}" \
546 TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \ 561 TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
diff --git a/PROTOCOL b/PROTOCOL
index 131adfefe..c6f99a31a 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -247,6 +247,8 @@ to request that the server make a connection to a Unix domain socket.
247 uint32 initial window size 247 uint32 initial window size
248 uint32 maximum packet size 248 uint32 maximum packet size
249 string socket path 249 string socket path
250 string reserved
251 uint32 reserved
250 252
251Similar to forwarded-tcpip, forwarded-streamlocal is sent by the 253Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
252server when the client has previously send the server a streamlocal-forward 254server when the client has previously send the server a streamlocal-forward
@@ -452,4 +454,4 @@ respond with a SSH_FXP_STATUS message.
452This extension is advertised in the SSH_FXP_VERSION hello with version 454This extension is advertised in the SSH_FXP_VERSION hello with version
453"1". 455"1".
454 456
455$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $ 457$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $
diff --git a/PROTOCOL.agent b/PROTOCOL.agent
index 27ec0c1de..60d36f912 100644
--- a/PROTOCOL.agent
+++ b/PROTOCOL.agent
@@ -206,6 +206,28 @@ ECDSA certificates may be added with:
206 string key_comment 206 string key_comment
207 constraint[] key_constraints 207 constraint[] key_constraints
208 208
209ED25519 keys may be added using the following request
210 byte SSH2_AGENTC_ADD_IDENTITY or
211 SSH2_AGENTC_ADD_ID_CONSTRAINED
212 string "ssh-ed25519"
213 string ed25519_public_key
214 string ed25519_private_key || ed25519_public_key
215 string key_comment
216 constraint[] key_constraints
217
218ED25519 certificates may be added with:
219 byte SSH2_AGENTC_ADD_IDENTITY or
220 SSH2_AGENTC_ADD_ID_CONSTRAINED
221 string "ssh-ed25519-cert-v01@openssh.com"
222 string certificate
223 string ed25519_public_key
224 string ed25519_private_key || ed25519_public_key
225 string key_comment
226 constraint[] key_constraints
227
228For both ssh-ed25519 and ssh-ed25519-cert-v01@openssh.com keys, the private
229key has the public key appended (for historical reasons).
230
209RSA keys may be added with this request: 231RSA keys may be added with this request:
210 232
211 byte SSH2_AGENTC_ADD_IDENTITY or 233 byte SSH2_AGENTC_ADD_IDENTITY or
@@ -557,4 +579,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys.
557 SSH_AGENT_CONSTRAIN_LIFETIME 1 579 SSH_AGENT_CONSTRAIN_LIFETIME 1
558 SSH_AGENT_CONSTRAIN_CONFIRM 2 580 SSH_AGENT_CONSTRAIN_CONFIRM 2
559 581
560$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $ 582$OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index c98591093..aa6f5ae4c 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -100,9 +100,9 @@ DSA certificate
100 100
101ECDSA certificate 101ECDSA certificate
102 102
103 string "ecdsa-sha2-nistp256@openssh.com" | 103 string "ecdsa-sha2-nistp256-v01@openssh.com" |
104 "ecdsa-sha2-nistp384@openssh.com" | 104 "ecdsa-sha2-nistp384-v01@openssh.com" |
105 "ecdsa-sha2-nistp521@openssh.com" 105 "ecdsa-sha2-nistp521-v01@openssh.com"
106 string nonce 106 string nonce
107 string curve 107 string curve
108 string public_key 108 string public_key
@@ -118,6 +118,23 @@ ECDSA certificate
118 string signature key 118 string signature key
119 string signature 119 string signature
120 120
121ED25519 certificate
122
123 string "ssh-ed25519-cert-v01@openssh.com"
124 string nonce
125 string pk
126 uint64 serial
127 uint32 type
128 string key id
129 string valid principals
130 uint64 valid after
131 uint64 valid before
132 string critical options
133 string extensions
134 string reserved
135 string signature key
136 string signature
137
121The nonce field is a CA-provided random bitstring of arbitrary length 138The nonce field is a CA-provided random bitstring of arbitrary length
122(but typically 16 or 32 bytes) included to make attacks that depend on 139(but typically 16 or 32 bytes) included to make attacks that depend on
123inducing collisions in the signature hash infeasible. 140inducing collisions in the signature hash infeasible.
@@ -129,6 +146,9 @@ p, q, g, y are the DSA parameters as described in FIPS-186-2.
129curve and public key are respectively the ECDSA "[identifier]" and "Q" 146curve and public key are respectively the ECDSA "[identifier]" and "Q"
130defined in section 3.1 of RFC5656. 147defined in section 3.1 of RFC5656.
131 148
149pk is the encoded Ed25519 public key as defined by
150draft-josefsson-eddsa-ed25519-03.
151
132serial is an optional certificate serial number set by the CA to 152serial is an optional certificate serial number set by the CA to
133provide an abbreviated way to refer to certificates from that CA. 153provide an abbreviated way to refer to certificates from that CA.
134If a CA does not wish to number its certificates it must set this 154If a CA does not wish to number its certificates it must set this
@@ -146,7 +166,7 @@ strings packed inside it. These principals list the names for which this
146certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and 166certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
147usernames for SSH_CERT_TYPE_USER certificates. As a special case, a 167usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
148zero-length "valid principals" field means the certificate is valid for 168zero-length "valid principals" field means the certificate is valid for
149any principal of the specified type. XXX DNS wildcards? 169any principal of the specified type.
150 170
151"valid after" and "valid before" specify a validity period for the 171"valid after" and "valid before" specify a validity period for the
152certificate. Each represents a time in seconds since 1970-01-01 172certificate. Each represents a time in seconds since 1970-01-01
@@ -183,7 +203,7 @@ signature is computed over all preceding fields from the initial string
183up to, and including the signature key. Signatures are computed and 203up to, and including the signature key. Signatures are computed and
184encoded according to the rules defined for the CA's public key algorithm 204encoded according to the rules defined for the CA's public key algorithm
185(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA 205(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
186types). 206types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
187 207
188Critical options 208Critical options
189---------------- 209----------------
@@ -203,8 +223,9 @@ option-specific information (see below). All options are
203"critical", if an implementation does not recognise a option 223"critical", if an implementation does not recognise a option
204then the validating party should refuse to accept the certificate. 224then the validating party should refuse to accept the certificate.
205 225
206The supported options and the contents and structure of their 226No critical options are defined for host certificates at present. The
207data fields are: 227supported user certificate options and the contents and structure of
228their data fields are:
208 229
209Name Format Description 230Name Format Description
210----------------------------------------------------------------------------- 231-----------------------------------------------------------------------------
@@ -233,8 +254,9 @@ as is the requirement that each name appear only once.
233If an implementation does not recognise an extension, then it should 254If an implementation does not recognise an extension, then it should
234ignore it. 255ignore it.
235 256
236The supported extensions and the contents and structure of their data 257No extensions are defined for host certificates at present. The
237fields are: 258supported user certificate extensions and the contents and structure of
259their data fields are:
238 260
239Name Format Description 261Name Format Description
240----------------------------------------------------------------------------- 262-----------------------------------------------------------------------------
@@ -262,4 +284,4 @@ permit-user-rc empty Flag indicating that execution of
262 of this script will not be permitted if 284 of this script will not be permitted if
263 this option is not present. 285 this option is not present.
264 286
265$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ 287$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305
index 9cf73a926..4857d3853 100644
--- a/PROTOCOL.chacha20poly1305
+++ b/PROTOCOL.chacha20poly1305
@@ -34,6 +34,8 @@ Detailed Construction
34The chacha20-poly1305@openssh.com cipher requires 512 bits of key 34The chacha20-poly1305@openssh.com cipher requires 512 bits of key
35material as output from the SSH key exchange. This forms two 256 bit 35material as output from the SSH key exchange. This forms two 256 bit
36keys (K_1 and K_2), used by two separate instances of chacha20. 36keys (K_1 and K_2), used by two separate instances of chacha20.
37The first 256 bits consitute K_2 and the second 256 bits become
38K_1.
37 39
38The instance keyed by K_1 is a stream cipher that is used only 40The instance keyed by K_1 is a stream cipher that is used only
39to encrypt the 4 byte packet length field. The second instance, 41to encrypt the 4 byte packet length field. The second instance,
@@ -101,5 +103,5 @@ References
101[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley 103[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
102 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 104 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
103 105
104$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ 106$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $
105 107
diff --git a/README b/README
index 86c55a554..4b6c3423f 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-7.2p2 for the release notes. 1See http://www.openssh.com/txt/release-7.3p1 for the release notes.
2 2
3Please read http://www.openssh.com/report.html for bug reporting 3Please read http://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or 4instructions and note that we do not use Github for bug reporting or
diff --git a/audit-linux.c b/audit-linux.c
index b3ee2f4da..d3524f7e1 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -36,17 +36,17 @@
36#include "log.h" 36#include "log.h"
37#include "audit.h" 37#include "audit.h"
38#include "canohost.h" 38#include "canohost.h"
39#include "packet.h"
39 40
40const char* audit_username(void); 41const char *audit_username(void);
41 42
42int 43int
43linux_audit_record_event(int uid, const char *username, 44linux_audit_record_event(int uid, const char *username, const char *hostname,
44 const char *hostname, const char *ip, const char *ttyn, int success) 45 const char *ip, const char *ttyn, int success)
45{ 46{
46 int audit_fd, rc, saved_errno; 47 int audit_fd, rc, saved_errno;
47 48
48 audit_fd = audit_open(); 49 if ((audit_fd = audit_open()) < 0) {
49 if (audit_fd < 0) {
50 if (errno == EINVAL || errno == EPROTONOSUPPORT || 50 if (errno == EINVAL || errno == EPROTONOSUPPORT ||
51 errno == EAFNOSUPPORT) 51 errno == EAFNOSUPPORT)
52 return 1; /* No audit support in kernel */ 52 return 1; /* No audit support in kernel */
@@ -58,6 +58,7 @@ linux_audit_record_event(int uid, const char *username,
58 username == NULL ? uid : -1, hostname, ip, ttyn, success); 58 username == NULL ? uid : -1, hostname, ip, ttyn, success);
59 saved_errno = errno; 59 saved_errno = errno;
60 close(audit_fd); 60 close(audit_fd);
61
61 /* 62 /*
62 * Do not report error if the error is EPERM and sshd is run as non 63 * Do not report error if the error is EPERM and sshd is run as non
63 * root user. 64 * root user.
@@ -65,7 +66,8 @@ linux_audit_record_event(int uid, const char *username,
65 if ((rc == -EPERM) && (geteuid() != 0)) 66 if ((rc == -EPERM) && (geteuid() != 0))
66 rc = 0; 67 rc = 0;
67 errno = saved_errno; 68 errno = saved_errno;
68 return (rc >= 0); 69
70 return rc >= 0;
69} 71}
70 72
71/* Below is the sshd audit API code */ 73/* Below is the sshd audit API code */
@@ -73,8 +75,8 @@ linux_audit_record_event(int uid, const char *username,
73void 75void
74audit_connection_from(const char *host, int port) 76audit_connection_from(const char *host, int port)
75{ 77{
76}
77 /* not implemented */ 78 /* not implemented */
79}
78 80
79void 81void
80audit_run_command(const char *command) 82audit_run_command(const char *command)
@@ -85,8 +87,8 @@ audit_run_command(const char *command)
85void 87void
86audit_session_open(struct logininfo *li) 88audit_session_open(struct logininfo *li)
87{ 89{
88 if (linux_audit_record_event(li->uid, NULL, li->hostname, 90 if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL,
89 NULL, li->line, 1) == 0) 91 li->line, 1) == 0)
90 fatal("linux_audit_write_entry failed: %s", strerror(errno)); 92 fatal("linux_audit_write_entry failed: %s", strerror(errno));
91} 93}
92 94
@@ -99,6 +101,8 @@ audit_session_close(struct logininfo *li)
99void 101void
100audit_event(ssh_audit_event_t event) 102audit_event(ssh_audit_event_t event)
101{ 103{
104 struct ssh *ssh = active_state; /* XXX */
105
102 switch(event) { 106 switch(event) {
103 case SSH_AUTH_SUCCESS: 107 case SSH_AUTH_SUCCESS:
104 case SSH_CONNECTION_CLOSE: 108 case SSH_CONNECTION_CLOSE:
@@ -106,7 +110,6 @@ audit_event(ssh_audit_event_t event)
106 case SSH_LOGIN_EXCEED_MAXTRIES: 110 case SSH_LOGIN_EXCEED_MAXTRIES:
107 case SSH_LOGIN_ROOT_DENIED: 111 case SSH_LOGIN_ROOT_DENIED:
108 break; 112 break;
109
110 case SSH_AUTH_FAIL_NONE: 113 case SSH_AUTH_FAIL_NONE:
111 case SSH_AUTH_FAIL_PASSWD: 114 case SSH_AUTH_FAIL_PASSWD:
112 case SSH_AUTH_FAIL_KBDINT: 115 case SSH_AUTH_FAIL_KBDINT:
@@ -115,12 +118,11 @@ audit_event(ssh_audit_event_t event)
115 case SSH_AUTH_FAIL_GSSAPI: 118 case SSH_AUTH_FAIL_GSSAPI:
116 case SSH_INVALID_USER: 119 case SSH_INVALID_USER:
117 linux_audit_record_event(-1, audit_username(), NULL, 120 linux_audit_record_event(-1, audit_username(), NULL,
118 get_remote_ipaddr(), "sshd", 0); 121 ssh_remote_ipaddr(ssh), "sshd", 0);
119 break; 122 break;
120
121 default: 123 default:
122 debug("%s: unhandled event %d", __func__, event); 124 debug("%s: unhandled event %d", __func__, event);
125 break;
123 } 126 }
124} 127}
125
126#endif /* USE_LINUX_AUDIT */ 128#endif /* USE_LINUX_AUDIT */
diff --git a/auth-krb5.c b/auth-krb5.c
index d1c5a2f32..a5a81ed2e 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-krb5.c,v 1.21 2016/01/27 06:44:58 djm Exp $ */ 1/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
2/* 2/*
3 * Kerberos v5 authentication and ticket-passing routines. 3 * Kerberos v5 authentication and ticket-passing routines.
4 * 4 *
@@ -36,7 +36,6 @@
36 36
37#include "xmalloc.h" 37#include "xmalloc.h"
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h"
40#include "packet.h" 39#include "packet.h"
41#include "log.h" 40#include "log.h"
42#include "buffer.h" 41#include "buffer.h"
diff --git a/auth-options.c b/auth-options.c
index edbaf80bb..b399b91e3 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.70 2015/12/10 17:08:40 mmcc Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.71 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -29,6 +29,7 @@
29#include "ssherr.h" 29#include "ssherr.h"
30#include "log.h" 30#include "log.h"
31#include "canohost.h" 31#include "canohost.h"
32#include "packet.h"
32#include "sshbuf.h" 33#include "sshbuf.h"
33#include "misc.h" 34#include "misc.h"
34#include "channels.h" 35#include "channels.h"
@@ -120,6 +121,7 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg)
120int 121int
121auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) 122auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
122{ 123{
124 struct ssh *ssh = active_state; /* XXX */
123 const char *cp; 125 const char *cp;
124 int i, r; 126 int i, r;
125 127
@@ -273,9 +275,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
273 } 275 }
274 cp = "from=\""; 276 cp = "from=\"";
275 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 277 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
276 const char *remote_ip = get_remote_ipaddr(); 278 const char *remote_ip = ssh_remote_ipaddr(ssh);
277 const char *remote_host = get_canonical_hostname( 279 const char *remote_host = auth_get_canonical_hostname(
278 options.use_dns); 280 ssh, options.use_dns);
279 char *patterns = xmalloc(strlen(opts) + 1); 281 char *patterns = xmalloc(strlen(opts) + 1);
280 282
281 opts += strlen(cp); 283 opts += strlen(cp);
@@ -457,6 +459,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
457 char **cert_forced_command, 459 char **cert_forced_command,
458 int *cert_source_address_done) 460 int *cert_source_address_done)
459{ 461{
462 struct ssh *ssh = active_state; /* XXX */
460 char *command, *allowed; 463 char *command, *allowed;
461 const char *remote_ip; 464 const char *remote_ip;
462 char *name = NULL; 465 char *name = NULL;
@@ -530,7 +533,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
530 free(allowed); 533 free(allowed);
531 goto out; 534 goto out;
532 } 535 }
533 remote_ip = get_remote_ipaddr(); 536 remote_ip = ssh_remote_ipaddr(ssh);
534 result = addr_match_cidr_list(remote_ip, 537 result = addr_match_cidr_list(remote_ip,
535 allowed); 538 allowed);
536 free(allowed); 539 free(allowed);
diff --git a/auth-pam.c b/auth-pam.c
index 8425af1ea..348fe370a 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -68,9 +68,9 @@
68 68
69/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */ 69/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
70#ifdef PAM_SUN_CODEBASE 70#ifdef PAM_SUN_CODEBASE
71# define sshpam_const /* Solaris, HP-UX, AIX */ 71# define sshpam_const /* Solaris, HP-UX, SunOS */
72#else 72#else
73# define sshpam_const const /* LinuxPAM, OpenPAM */ 73# define sshpam_const const /* LinuxPAM, OpenPAM, AIX */
74#endif 74#endif
75 75
76/* Ambiguity in spec: is it an array of pointers or a pointer to an array? */ 76/* Ambiguity in spec: is it an array of pointers or a pointer to an array? */
@@ -154,9 +154,12 @@ sshpam_sigchld_handler(int sig)
154 <= 0) { 154 <= 0) {
155 /* PAM thread has not exitted, privsep slave must have */ 155 /* PAM thread has not exitted, privsep slave must have */
156 kill(cleanup_ctxt->pam_thread, SIGTERM); 156 kill(cleanup_ctxt->pam_thread, SIGTERM);
157 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) 157 while (waitpid(cleanup_ctxt->pam_thread,
158 <= 0) 158 &sshpam_thread_status, 0) == -1) {
159 return; /* could not wait */ 159 if (errno == EINTR)
160 continue;
161 return;
162 }
160 } 163 }
161 if (WIFSIGNALED(sshpam_thread_status) && 164 if (WIFSIGNALED(sshpam_thread_status) &&
162 WTERMSIG(sshpam_thread_status) == SIGTERM) 165 WTERMSIG(sshpam_thread_status) == SIGTERM)
@@ -217,7 +220,11 @@ pthread_join(sp_pthread_t thread, void **value)
217 if (sshpam_thread_status != -1) 220 if (sshpam_thread_status != -1)
218 return (sshpam_thread_status); 221 return (sshpam_thread_status);
219 signal(SIGCHLD, sshpam_oldsig); 222 signal(SIGCHLD, sshpam_oldsig);
220 waitpid(thread, &status, 0); 223 while (waitpid(thread, &status, 0) == -1) {
224 if (errno == EINTR)
225 continue;
226 fatal("%s: waitpid: %s", __func__, strerror(errno));
227 }
221 return (status); 228 return (status);
222} 229}
223#endif 230#endif
@@ -229,10 +236,10 @@ static int sshpam_authenticated = 0;
229static int sshpam_session_open = 0; 236static int sshpam_session_open = 0;
230static int sshpam_cred_established = 0; 237static int sshpam_cred_established = 0;
231static int sshpam_account_status = -1; 238static int sshpam_account_status = -1;
239static int sshpam_maxtries_reached = 0;
232static char **sshpam_env = NULL; 240static char **sshpam_env = NULL;
233static Authctxt *sshpam_authctxt = NULL; 241static Authctxt *sshpam_authctxt = NULL;
234static const char *sshpam_password = NULL; 242static const char *sshpam_password = NULL;
235static char badpw[] = "\b\n\r\177INCORRECT";
236 243
237/* Some PAM implementations don't implement this */ 244/* Some PAM implementations don't implement this */
238#ifndef HAVE_PAM_GETENVLIST 245#ifndef HAVE_PAM_GETENVLIST
@@ -365,17 +372,6 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
365 for (i = 0; i < n; ++i) { 372 for (i = 0; i < n; ++i) {
366 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 373 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
367 case PAM_PROMPT_ECHO_OFF: 374 case PAM_PROMPT_ECHO_OFF:
368 buffer_put_cstring(&buffer,
369 PAM_MSG_MEMBER(msg, i, msg));
370 if (ssh_msg_send(ctxt->pam_csock,
371 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
372 goto fail;
373 if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
374 goto fail;
375 if (buffer_get_char(&buffer) != PAM_AUTHTOK)
376 goto fail;
377 reply[i].resp = buffer_get_string(&buffer, NULL);
378 break;
379 case PAM_PROMPT_ECHO_ON: 375 case PAM_PROMPT_ECHO_ON:
380 buffer_put_cstring(&buffer, 376 buffer_put_cstring(&buffer,
381 PAM_MSG_MEMBER(msg, i, msg)); 377 PAM_MSG_MEMBER(msg, i, msg));
@@ -389,12 +385,6 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
389 reply[i].resp = buffer_get_string(&buffer, NULL); 385 reply[i].resp = buffer_get_string(&buffer, NULL);
390 break; 386 break;
391 case PAM_ERROR_MSG: 387 case PAM_ERROR_MSG:
392 buffer_put_cstring(&buffer,
393 PAM_MSG_MEMBER(msg, i, msg));
394 if (ssh_msg_send(ctxt->pam_csock,
395 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
396 goto fail;
397 break;
398 case PAM_TEXT_INFO: 388 case PAM_TEXT_INFO:
399 buffer_put_cstring(&buffer, 389 buffer_put_cstring(&buffer,
400 PAM_MSG_MEMBER(msg, i, msg)); 390 PAM_MSG_MEMBER(msg, i, msg));
@@ -468,6 +458,8 @@ sshpam_thread(void *ctxtp)
468 if (sshpam_err != PAM_SUCCESS) 458 if (sshpam_err != PAM_SUCCESS)
469 goto auth_fail; 459 goto auth_fail;
470 sshpam_err = pam_authenticate(sshpam_handle, flags); 460 sshpam_err = pam_authenticate(sshpam_handle, flags);
461 if (sshpam_err == PAM_MAXTRIES)
462 sshpam_set_maxtries_reached(1);
471 if (sshpam_err != PAM_SUCCESS) 463 if (sshpam_err != PAM_SUCCESS)
472 goto auth_fail; 464 goto auth_fail;
473 465
@@ -519,6 +511,8 @@ sshpam_thread(void *ctxtp)
519 /* XXX - can't do much about an error here */ 511 /* XXX - can't do much about an error here */
520 if (sshpam_err == PAM_ACCT_EXPIRED) 512 if (sshpam_err == PAM_ACCT_EXPIRED)
521 ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); 513 ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer);
514 else if (sshpam_maxtries_reached)
515 ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
522 else 516 else
523 ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); 517 ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
524 buffer_free(&buffer); 518 buffer_free(&buffer);
@@ -624,6 +618,7 @@ sshpam_init(Authctxt *authctxt)
624 extern char *__progname; 618 extern char *__progname;
625 const char *pam_rhost, *pam_user, *user = authctxt->user; 619 const char *pam_rhost, *pam_user, *user = authctxt->user;
626 const char **ptr_pam_user = &pam_user; 620 const char **ptr_pam_user = &pam_user;
621 struct ssh *ssh = active_state; /* XXX */
627 622
628 if (sshpam_handle != NULL) { 623 if (sshpam_handle != NULL) {
629 /* We already have a PAM context; check if the user matches */ 624 /* We already have a PAM context; check if the user matches */
@@ -644,7 +639,7 @@ sshpam_init(Authctxt *authctxt)
644 sshpam_handle = NULL; 639 sshpam_handle = NULL;
645 return (-1); 640 return (-1);
646 } 641 }
647 pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns); 642 pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
648 debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); 643 debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
649 sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); 644 sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
650 if (sshpam_err != PAM_SUCCESS) { 645 if (sshpam_err != PAM_SUCCESS) {
@@ -715,6 +710,7 @@ static int
715sshpam_query(void *ctx, char **name, char **info, 710sshpam_query(void *ctx, char **name, char **info,
716 u_int *num, char ***prompts, u_int **echo_on) 711 u_int *num, char ***prompts, u_int **echo_on)
717{ 712{
713 struct ssh *ssh = active_state; /* XXX */
718 Buffer buffer; 714 Buffer buffer;
719 struct pam_ctxt *ctxt = ctx; 715 struct pam_ctxt *ctxt = ctx;
720 size_t plen; 716 size_t plen;
@@ -757,7 +753,11 @@ sshpam_query(void *ctx, char **name, char **info,
757 free(msg); 753 free(msg);
758 break; 754 break;
759 case PAM_ACCT_EXPIRED: 755 case PAM_ACCT_EXPIRED:
760 sshpam_account_status = 0; 756 case PAM_MAXTRIES:
757 if (type == PAM_ACCT_EXPIRED)
758 sshpam_account_status = 0;
759 if (type == PAM_MAXTRIES)
760 sshpam_set_maxtries_reached(1);
761 /* FALLTHROUGH */ 761 /* FALLTHROUGH */
762 case PAM_AUTH_ERR: 762 case PAM_AUTH_ERR:
763 debug3("PAM: %s", pam_strerror(sshpam_handle, type)); 763 debug3("PAM: %s", pam_strerror(sshpam_handle, type));
@@ -797,7 +797,7 @@ sshpam_query(void *ctx, char **name, char **info,
797 error("PAM: %s for %s%.100s from %.100s", msg, 797 error("PAM: %s for %s%.100s from %.100s", msg,
798 sshpam_authctxt->valid ? "" : "illegal user ", 798 sshpam_authctxt->valid ? "" : "illegal user ",
799 sshpam_authctxt->user, 799 sshpam_authctxt->user,
800 get_remote_name_or_ip(utmp_len, options.use_dns)); 800 auth_get_canonical_hostname(ssh, options.use_dns));
801 /* FALLTHROUGH */ 801 /* FALLTHROUGH */
802 default: 802 default:
803 *num = 0; 803 *num = 0;
@@ -810,12 +810,35 @@ sshpam_query(void *ctx, char **name, char **info,
810 return (-1); 810 return (-1);
811} 811}
812 812
813/*
814 * Returns a junk password of identical length to that the user supplied.
815 * Used to mitigate timing attacks against crypt(3)/PAM stacks that
816 * vary processing time in proportion to password length.
817 */
818static char *
819fake_password(const char *wire_password)
820{
821 const char junk[] = "\b\n\r\177INCORRECT";
822 char *ret = NULL;
823 size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
824
825 if (l >= INT_MAX)
826 fatal("%s: password length too long: %zu", __func__, l);
827
828 ret = malloc(l + 1);
829 for (i = 0; i < l; i++)
830 ret[i] = junk[i % (sizeof(junk) - 1)];
831 ret[i] = '\0';
832 return ret;
833}
834
813/* XXX - see also comment in auth-chall.c:verify_response */ 835/* XXX - see also comment in auth-chall.c:verify_response */
814static int 836static int
815sshpam_respond(void *ctx, u_int num, char **resp) 837sshpam_respond(void *ctx, u_int num, char **resp)
816{ 838{
817 Buffer buffer; 839 Buffer buffer;
818 struct pam_ctxt *ctxt = ctx; 840 struct pam_ctxt *ctxt = ctx;
841 char *fake;
819 842
820 debug2("PAM: %s entering, %u responses", __func__, num); 843 debug2("PAM: %s entering, %u responses", __func__, num);
821 switch (ctxt->pam_done) { 844 switch (ctxt->pam_done) {
@@ -836,8 +859,11 @@ sshpam_respond(void *ctx, u_int num, char **resp)
836 (sshpam_authctxt->pw->pw_uid != 0 || 859 (sshpam_authctxt->pw->pw_uid != 0 ||
837 options.permit_root_login == PERMIT_YES)) 860 options.permit_root_login == PERMIT_YES))
838 buffer_put_cstring(&buffer, *resp); 861 buffer_put_cstring(&buffer, *resp);
839 else 862 else {
840 buffer_put_cstring(&buffer, badpw); 863 fake = fake_password(*resp);
864 buffer_put_cstring(&buffer, fake);
865 free(fake);
866 }
841 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { 867 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
842 buffer_free(&buffer); 868 buffer_free(&buffer);
843 return (-1); 869 return (-1);
@@ -1181,6 +1207,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1181{ 1207{
1182 int flags = (options.permit_empty_passwd == 0 ? 1208 int flags = (options.permit_empty_passwd == 0 ?
1183 PAM_DISALLOW_NULL_AUTHTOK : 0); 1209 PAM_DISALLOW_NULL_AUTHTOK : 0);
1210 char *fake = NULL;
1184 1211
1185 if (!options.use_pam || sshpam_handle == NULL) 1212 if (!options.use_pam || sshpam_handle == NULL)
1186 fatal("PAM: %s called when PAM disabled or failed to " 1213 fatal("PAM: %s called when PAM disabled or failed to "
@@ -1196,7 +1223,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1196 */ 1223 */
1197 if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && 1224 if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
1198 options.permit_root_login != PERMIT_YES)) 1225 options.permit_root_login != PERMIT_YES))
1199 sshpam_password = badpw; 1226 sshpam_password = fake = fake_password(password);
1200 1227
1201 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, 1228 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
1202 (const void *)&passwd_conv); 1229 (const void *)&passwd_conv);
@@ -1206,6 +1233,9 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1206 1233
1207 sshpam_err = pam_authenticate(sshpam_handle, flags); 1234 sshpam_err = pam_authenticate(sshpam_handle, flags);
1208 sshpam_password = NULL; 1235 sshpam_password = NULL;
1236 free(fake);
1237 if (sshpam_err == PAM_MAXTRIES)
1238 sshpam_set_maxtries_reached(1);
1209 if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 1239 if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
1210 debug("PAM: password authentication accepted for %.100s", 1240 debug("PAM: password authentication accepted for %.100s",
1211 authctxt->user); 1241 authctxt->user);
@@ -1217,4 +1247,21 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1217 return 0; 1247 return 0;
1218 } 1248 }
1219} 1249}
1250
1251int
1252sshpam_get_maxtries_reached(void)
1253{
1254 return sshpam_maxtries_reached;
1255}
1256
1257void
1258sshpam_set_maxtries_reached(int reached)
1259{
1260 if (reached == 0 || sshpam_maxtries_reached)
1261 return;
1262 sshpam_maxtries_reached = 1;
1263 options.password_authentication = 0;
1264 options.kbd_interactive_authentication = 0;
1265 options.challenge_response_authentication = 0;
1266}
1220#endif /* USE_PAM */ 1267#endif /* USE_PAM */
diff --git a/auth-pam.h b/auth-pam.h
index a1a2b52d8..2e9a0c0a3 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -45,6 +45,8 @@ void free_pam_environment(char **);
45void sshpam_thread_cleanup(void); 45void sshpam_thread_cleanup(void);
46void sshpam_cleanup(void); 46void sshpam_cleanup(void);
47int sshpam_auth_passwd(Authctxt *, const char *); 47int sshpam_auth_passwd(Authctxt *, const char *);
48int sshpam_get_maxtries_reached(void);
49void sshpam_set_maxtries_reached(int);
48int is_pam_session_open(void); 50int is_pam_session_open(void);
49 51
50#endif /* USE_PAM */ 52#endif /* USE_PAM */
diff --git a/auth-passwd.c b/auth-passwd.c
index 63ccf3cab..996c2cf71 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -66,6 +66,8 @@ extern login_cap_t *lc;
66#define DAY (24L * 60 * 60) /* 1 day in seconds */ 66#define DAY (24L * 60 * 60) /* 1 day in seconds */
67#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ 67#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
68 68
69#define MAX_PASSWORD_LEN 1024
70
69void 71void
70disable_forwarding(void) 72disable_forwarding(void)
71{ 73{
@@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password)
87 static int expire_checked = 0; 89 static int expire_checked = 0;
88#endif 90#endif
89 91
92 if (strlen(password) > MAX_PASSWORD_LEN)
93 return 0;
94
90#ifndef HAVE_CYGWIN 95#ifndef HAVE_CYGWIN
91 if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 96 if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
92 ok = 0; 97 ok = 0;
@@ -193,7 +198,7 @@ int
193sys_auth_passwd(Authctxt *authctxt, const char *password) 198sys_auth_passwd(Authctxt *authctxt, const char *password)
194{ 199{
195 struct passwd *pw = authctxt->pw; 200 struct passwd *pw = authctxt->pw;
196 char *encrypted_password; 201 char *encrypted_password, *salt = NULL;
197 202
198 /* Just use the supplied fake password if authctxt is invalid */ 203 /* Just use the supplied fake password if authctxt is invalid */
199 char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; 204 char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
@@ -202,9 +207,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
202 if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) 207 if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
203 return (1); 208 return (1);
204 209
205 /* Encrypt the candidate password using the proper salt. */ 210 /*
206 encrypted_password = xcrypt(password, 211 * Encrypt the candidate password using the proper salt, or pass a
207 (pw_password[0] && pw_password[1]) ? pw_password : "xx"); 212 * NULL and let xcrypt pick one.
213 */
214 if (authctxt->valid && pw_password[0] && pw_password[1])
215 salt = pw_password;
216 encrypted_password = xcrypt(password, salt);
208 217
209 /* 218 /*
210 * Authentication is accepted if the encrypted passwords 219 * Authentication is accepted if the encrypted passwords
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 2e20396ea..057335ba4 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: auth-rh-rsa.c,v 1.45 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,8 +42,8 @@
42extern ServerOptions options; 42extern ServerOptions options;
43 43
44int 44int
45auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, 45auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *cuser,
46 Key *client_host_key) 46 const char *chost, Key *client_host_key)
47{ 47{
48 HostStatus host_status; 48 HostStatus host_status;
49 49
@@ -68,7 +68,8 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
68int 68int
69auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) 69auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
70{ 70{
71 char *chost; 71 struct ssh *ssh = active_state; /* XXX */
72 const char *chost;
72 struct passwd *pw = authctxt->pw; 73 struct passwd *pw = authctxt->pw;
73 74
74 debug("Trying rhosts with RSA host authentication for client user %.100s", 75 debug("Trying rhosts with RSA host authentication for client user %.100s",
@@ -78,7 +79,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
78 client_host_key->rsa == NULL) 79 client_host_key->rsa == NULL)
79 return 0; 80 return 0;
80 81
81 chost = (char *)get_canonical_hostname(options.use_dns); 82 chost = auth_get_canonical_hostname(ssh, options.use_dns);
82 debug("Rhosts RSA authentication: canonical host %.900s", chost); 83 debug("Rhosts RSA authentication: canonical host %.900s", chost);
83 84
84 if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { 85 if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ee9e827af..0ef344712 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */ 1/* $OpenBSD: auth-rhosts.c,v 1.47 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -30,14 +30,15 @@
30#include <unistd.h> 30#include <unistd.h>
31 31
32#include "packet.h" 32#include "packet.h"
33#include "buffer.h"
34#include "uidswap.h" 33#include "uidswap.h"
35#include "pathnames.h" 34#include "pathnames.h"
36#include "log.h" 35#include "log.h"
37#include "misc.h" 36#include "misc.h"
37#include "buffer.h" /* XXX */
38#include "key.h" /* XXX */
38#include "servconf.h" 39#include "servconf.h"
39#include "canohost.h" 40#include "canohost.h"
40#include "key.h" 41#include "sshkey.h"
41#include "hostfile.h" 42#include "hostfile.h"
42#include "auth.h" 43#include "auth.h"
43 44
@@ -189,10 +190,11 @@ check_rhosts_file(const char *filename, const char *hostname,
189int 190int
190auth_rhosts(struct passwd *pw, const char *client_user) 191auth_rhosts(struct passwd *pw, const char *client_user)
191{ 192{
193 struct ssh *ssh = active_state; /* XXX */
192 const char *hostname, *ipaddr; 194 const char *hostname, *ipaddr;
193 195
194 hostname = get_canonical_hostname(options.use_dns); 196 hostname = auth_get_canonical_hostname(ssh, options.use_dns);
195 ipaddr = get_remote_ipaddr(); 197 ipaddr = ssh_remote_ipaddr(ssh);
196 return auth_rhosts2(pw, client_user, hostname, ipaddr); 198 return auth_rhosts2(pw, client_user, hostname, ipaddr);
197} 199}
198 200
diff --git a/auth.c b/auth.c
index 214c2c708..24527dd7c 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.115 2016/06/15 00:40:40 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -27,6 +27,7 @@
27 27
28#include <sys/types.h> 28#include <sys/types.h>
29#include <sys/stat.h> 29#include <sys/stat.h>
30#include <sys/socket.h>
30 31
31#include <netinet/in.h> 32#include <netinet/in.h>
32 33
@@ -50,6 +51,7 @@
50#include <string.h> 51#include <string.h>
51#include <unistd.h> 52#include <unistd.h>
52#include <limits.h> 53#include <limits.h>
54#include <netdb.h>
53 55
54#include "xmalloc.h" 56#include "xmalloc.h"
55#include "match.h" 57#include "match.h"
@@ -97,6 +99,7 @@ int auth_debug_init;
97int 99int
98allowed_user(struct passwd * pw) 100allowed_user(struct passwd * pw)
99{ 101{
102 struct ssh *ssh = active_state; /* XXX */
100 struct stat st; 103 struct stat st;
101 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 104 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
102 u_int i; 105 u_int i;
@@ -182,8 +185,8 @@ allowed_user(struct passwd * pw)
182 185
183 if (options.num_deny_users > 0 || options.num_allow_users > 0 || 186 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
184 options.num_deny_groups > 0 || options.num_allow_groups > 0) { 187 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
185 hostname = get_canonical_hostname(options.use_dns); 188 hostname = auth_get_canonical_hostname(ssh, options.use_dns);
186 ipaddr = get_remote_ipaddr(); 189 ipaddr = ssh_remote_ipaddr(ssh);
187 } 190 }
188 191
189 /* Return false if user is listed in DenyUsers */ 192 /* Return false if user is listed in DenyUsers */
@@ -274,6 +277,7 @@ void
274auth_log(Authctxt *authctxt, int authenticated, int partial, 277auth_log(Authctxt *authctxt, int authenticated, int partial,
275 const char *method, const char *submethod) 278 const char *method, const char *submethod)
276{ 279{
280 struct ssh *ssh = active_state; /* XXX */
277 void (*authlog) (const char *fmt,...) = verbose; 281 void (*authlog) (const char *fmt,...) = verbose;
278 char *authmsg; 282 char *authmsg;
279 283
@@ -300,8 +304,8 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
300 submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, 304 submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
301 authctxt->valid ? "" : "invalid user ", 305 authctxt->valid ? "" : "invalid user ",
302 authctxt->user, 306 authctxt->user,
303 get_remote_ipaddr(), 307 ssh_remote_ipaddr(ssh),
304 get_remote_port(), 308 ssh_remote_port(ssh),
305 compat20 ? "ssh2" : "ssh1", 309 compat20 ? "ssh2" : "ssh1",
306 authctxt->info != NULL ? ": " : "", 310 authctxt->info != NULL ? ": " : "",
307 authctxt->info != NULL ? authctxt->info : ""); 311 authctxt->info != NULL ? authctxt->info : "");
@@ -314,11 +318,12 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
314 strncmp(method, "keyboard-interactive", 20) == 0 || 318 strncmp(method, "keyboard-interactive", 20) == 0 ||
315 strcmp(method, "challenge-response") == 0)) 319 strcmp(method, "challenge-response") == 0))
316 record_failed_login(authctxt->user, 320 record_failed_login(authctxt->user,
317 get_canonical_hostname(options.use_dns), "ssh"); 321 auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
318# ifdef WITH_AIXAUTHENTICATE 322# ifdef WITH_AIXAUTHENTICATE
319 if (authenticated) 323 if (authenticated)
320 sys_auth_record_login(authctxt->user, 324 sys_auth_record_login(authctxt->user,
321 get_canonical_hostname(options.use_dns), "ssh", &loginmsg); 325 auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
326 &loginmsg);
322# endif 327# endif
323#endif 328#endif
324#ifdef SSH_AUDIT_EVENTS 329#ifdef SSH_AUDIT_EVENTS
@@ -331,12 +336,14 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
331void 336void
332auth_maxtries_exceeded(Authctxt *authctxt) 337auth_maxtries_exceeded(Authctxt *authctxt)
333{ 338{
339 struct ssh *ssh = active_state; /* XXX */
340
334 error("maximum authentication attempts exceeded for " 341 error("maximum authentication attempts exceeded for "
335 "%s%.100s from %.200s port %d %s", 342 "%s%.100s from %.200s port %d %s",
336 authctxt->valid ? "" : "invalid user ", 343 authctxt->valid ? "" : "invalid user ",
337 authctxt->user, 344 authctxt->user,
338 get_remote_ipaddr(), 345 ssh_remote_ipaddr(ssh),
339 get_remote_port(), 346 ssh_remote_port(ssh),
340 compat20 ? "ssh2" : "ssh1"); 347 compat20 ? "ssh2" : "ssh1");
341 packet_disconnect("Too many authentication failures"); 348 packet_disconnect("Too many authentication failures");
342 /* NOTREACHED */ 349 /* NOTREACHED */
@@ -348,6 +355,8 @@ auth_maxtries_exceeded(Authctxt *authctxt)
348int 355int
349auth_root_allowed(const char *method) 356auth_root_allowed(const char *method)
350{ 357{
358 struct ssh *ssh = active_state; /* XXX */
359
351 switch (options.permit_root_login) { 360 switch (options.permit_root_login) {
352 case PERMIT_YES: 361 case PERMIT_YES:
353 return 1; 362 return 1;
@@ -364,7 +373,8 @@ auth_root_allowed(const char *method)
364 } 373 }
365 break; 374 break;
366 } 375 }
367 logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); 376 logit("ROOT LOGIN REFUSED FROM %.200s port %d",
377 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
368 return 0; 378 return 0;
369} 379}
370 380
@@ -604,6 +614,7 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
604struct passwd * 614struct passwd *
605getpwnamallow(const char *user) 615getpwnamallow(const char *user)
606{ 616{
617 struct ssh *ssh = active_state; /* XXX */
607#ifdef HAVE_LOGIN_CAP 618#ifdef HAVE_LOGIN_CAP
608 extern login_cap_t *lc; 619 extern login_cap_t *lc;
609#ifdef BSD_AUTH 620#ifdef BSD_AUTH
@@ -639,11 +650,11 @@ getpwnamallow(const char *user)
639 } 650 }
640#endif 651#endif
641 if (pw == NULL) { 652 if (pw == NULL) {
642 logit("Invalid user %.100s from %.100s", 653 logit("Invalid user %.100s from %.100s port %d",
643 user, get_remote_ipaddr()); 654 user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
644#ifdef CUSTOM_FAILED_LOGIN 655#ifdef CUSTOM_FAILED_LOGIN
645 record_failed_login(user, 656 record_failed_login(user,
646 get_canonical_hostname(options.use_dns), "ssh"); 657 auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
647#endif 658#endif
648#ifdef SSH_AUDIT_EVENTS 659#ifdef SSH_AUDIT_EVENTS
649 audit_event(SSH_INVALID_USER); 660 audit_event(SSH_INVALID_USER);
@@ -773,3 +784,117 @@ fakepw(void)
773 784
774 return (&fake); 785 return (&fake);
775} 786}
787
788/*
789 * Returns the remote DNS hostname as a string. The returned string must not
790 * be freed. NB. this will usually trigger a DNS query the first time it is
791 * called.
792 * This function does additional checks on the hostname to mitigate some
793 * attacks on legacy rhosts-style authentication.
794 * XXX is RhostsRSAAuthentication vulnerable to these?
795 * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
796 */
797
798static char *
799remote_hostname(struct ssh *ssh)
800{
801 struct sockaddr_storage from;
802 socklen_t fromlen;
803 struct addrinfo hints, *ai, *aitop;
804 char name[NI_MAXHOST], ntop2[NI_MAXHOST];
805 const char *ntop = ssh_remote_ipaddr(ssh);
806
807 /* Get IP address of client. */
808 fromlen = sizeof(from);
809 memset(&from, 0, sizeof(from));
810 if (getpeername(ssh_packet_get_connection_in(ssh),
811 (struct sockaddr *)&from, &fromlen) < 0) {
812 debug("getpeername failed: %.100s", strerror(errno));
813 return strdup(ntop);
814 }
815
816 ipv64_normalise_mapped(&from, &fromlen);
817 if (from.ss_family == AF_INET6)
818 fromlen = sizeof(struct sockaddr_in6);
819
820 debug3("Trying to reverse map address %.100s.", ntop);
821 /* Map the IP address to a host name. */
822 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
823 NULL, 0, NI_NAMEREQD) != 0) {
824 /* Host name not found. Use ip address. */
825 return strdup(ntop);
826 }
827
828 /*
829 * if reverse lookup result looks like a numeric hostname,
830 * someone is trying to trick us by PTR record like following:
831 * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
832 */
833 memset(&hints, 0, sizeof(hints));
834 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
835 hints.ai_flags = AI_NUMERICHOST;
836 if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
837 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
838 name, ntop);
839 freeaddrinfo(ai);
840 return strdup(ntop);
841 }
842
843 /* Names are stored in lowercase. */
844 lowercase(name);
845
846 /*
847 * Map it back to an IP address and check that the given
848 * address actually is an address of this host. This is
849 * necessary because anyone with access to a name server can
850 * define arbitrary names for an IP address. Mapping from
851 * name to IP address can be trusted better (but can still be
852 * fooled if the intruder has access to the name server of
853 * the domain).
854 */
855 memset(&hints, 0, sizeof(hints));
856 hints.ai_family = from.ss_family;
857 hints.ai_socktype = SOCK_STREAM;
858 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
859 logit("reverse mapping checking getaddrinfo for %.700s "
860 "[%s] failed.", name, ntop);
861 return strdup(ntop);
862 }
863 /* Look for the address from the list of addresses. */
864 for (ai = aitop; ai; ai = ai->ai_next) {
865 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
866 sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
867 (strcmp(ntop, ntop2) == 0))
868 break;
869 }
870 freeaddrinfo(aitop);
871 /* If we reached the end of the list, the address was not there. */
872 if (ai == NULL) {
873 /* Address not found for the host name. */
874 logit("Address %.100s maps to %.600s, but this does not "
875 "map back to the address.", ntop, name);
876 return strdup(ntop);
877 }
878 return strdup(name);
879}
880
881/*
882 * Return the canonical name of the host in the other side of the current
883 * connection. The host name is cached, so it is efficient to call this
884 * several times.
885 */
886
887const char *
888auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
889{
890 static char *dnsname;
891
892 if (!use_dns)
893 return ssh_remote_ipaddr(ssh);
894 else if (dnsname != NULL)
895 return dnsname;
896 else {
897 dnsname = remote_hostname(ssh);
898 return dnsname;
899 }
900}
diff --git a/auth.h b/auth.h
index 2160154f4..55170af50 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.86 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: auth.h,v 1.88 2016/05/04 14:04:40 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -124,7 +124,8 @@ BIGNUM *auth_rsa_generate_challenge(Key *);
124int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); 124int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
125int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); 125int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
126 126
127int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); 127int auth_rhosts_rsa_key_allowed(struct passwd *, const char *,
128 const char *, Key *);
128int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); 129int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
129int user_key_allowed(struct passwd *, Key *, int); 130int user_key_allowed(struct passwd *, Key *, int);
130void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) 131void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
@@ -197,6 +198,8 @@ FILE *auth_openkeyfile(const char *, struct passwd *, int);
197FILE *auth_openprincipals(const char *, struct passwd *, int); 198FILE *auth_openprincipals(const char *, struct passwd *, int);
198int auth_key_is_revoked(Key *); 199int auth_key_is_revoked(Key *);
199 200
201const char *auth_get_canonical_hostname(struct ssh *, int);
202
200HostStatus 203HostStatus
201check_key_in_hostfiles(struct passwd *, Key *, const char *, 204check_key_in_hostfiles(struct passwd *, Key *, const char *,
202 const char *, const char *); 205 const char *, const char *);
diff --git a/auth2-chall.c b/auth2-chall.c
index 4aff09d80..ead480318 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -122,8 +122,8 @@ kbdint_alloc(const char *devs)
122 buffer_append(&b, devices[i]->name, 122 buffer_append(&b, devices[i]->name,
123 strlen(devices[i]->name)); 123 strlen(devices[i]->name));
124 } 124 }
125 buffer_append(&b, "\0", 1); 125 if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL)
126 kbdintctxt->devices = xstrdup(buffer_ptr(&b)); 126 fatal("%s: sshbuf_dup_string failed", __func__);
127 buffer_free(&b); 127 buffer_free(&b);
128 } else { 128 } else {
129 kbdintctxt->devices = xstrdup(devs); 129 kbdintctxt->devices = xstrdup(devs);
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index e2327cf77..1b3c3b202 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -160,6 +160,7 @@ int
160hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, 160hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
161 Key *key) 161 Key *key)
162{ 162{
163 struct ssh *ssh = active_state; /* XXX */
163 const char *resolvedname, *ipaddr, *lookup, *reason; 164 const char *resolvedname, *ipaddr, *lookup, *reason;
164 HostStatus host_status; 165 HostStatus host_status;
165 int len; 166 int len;
@@ -168,8 +169,8 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
168 if (auth_key_is_revoked(key)) 169 if (auth_key_is_revoked(key))
169 return 0; 170 return 0;
170 171
171 resolvedname = get_canonical_hostname(options.use_dns); 172 resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
172 ipaddr = get_remote_ipaddr(); 173 ipaddr = ssh_remote_ipaddr(ssh);
173 174
174 debug2("%s: chost %s resolvedname %s ipaddr %s", __func__, 175 debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
175 chost, resolvedname, ipaddr); 176 chost, resolvedname, ipaddr);
diff --git a/auth2.c b/auth2.c
index 717796228..9108b8612 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ 1/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -424,8 +424,8 @@ authmethods_get(Authctxt *authctxt)
424 buffer_append(&b, authmethods[i]->name, 424 buffer_append(&b, authmethods[i]->name,
425 strlen(authmethods[i]->name)); 425 strlen(authmethods[i]->name));
426 } 426 }
427 buffer_append(&b, "\0", 1); 427 if ((list = sshbuf_dup_string(&b)) == NULL)
428 list = xstrdup(buffer_ptr(&b)); 428 fatal("%s: sshbuf_dup_string failed", __func__);
429 buffer_free(&b); 429 buffer_free(&b);
430 return list; 430 return list;
431} 431}
diff --git a/authfile.c b/authfile.c
index d67042411..f46b4e37f 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.120 2015/12/11 04:21:11 mmcc Exp $ */ 1/* $OpenBSD: authfile.c,v 1.121 2016/04/09 12:39:30 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -147,7 +147,8 @@ sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
147 struct sshbuf *b = NULL; 147 struct sshbuf *b = NULL;
148 int r; 148 int r;
149 149
150 *keyp = NULL; 150 if (keyp != NULL)
151 *keyp = NULL;
151 if (commentp != NULL) 152 if (commentp != NULL)
152 *commentp = NULL; 153 *commentp = NULL;
153 154
@@ -200,7 +201,8 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
200{ 201{
201 int fd, r; 202 int fd, r;
202 203
203 *keyp = NULL; 204 if (keyp != NULL)
205 *keyp = NULL;
204 if (commentp != NULL) 206 if (commentp != NULL)
205 *commentp = NULL; 207 *commentp = NULL;
206 208
@@ -231,6 +233,8 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
231 struct sshbuf *buffer = NULL; 233 struct sshbuf *buffer = NULL;
232 int r; 234 int r;
233 235
236 if (keyp != NULL)
237 *keyp = NULL;
234 if ((buffer = sshbuf_new()) == NULL) { 238 if ((buffer = sshbuf_new()) == NULL) {
235 r = SSH_ERR_ALLOC_FAIL; 239 r = SSH_ERR_ALLOC_FAIL;
236 goto out; 240 goto out;
@@ -255,7 +259,8 @@ sshkey_load_private(const char *filename, const char *passphrase,
255 struct sshbuf *buffer = NULL; 259 struct sshbuf *buffer = NULL;
256 int r, fd; 260 int r, fd;
257 261
258 *keyp = NULL; 262 if (keyp != NULL)
263 *keyp = NULL;
259 if (commentp != NULL) 264 if (commentp != NULL)
260 *commentp = NULL; 265 *commentp = NULL;
261 266
@@ -408,7 +413,8 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
408 char *file = NULL; 413 char *file = NULL;
409 int r = SSH_ERR_INTERNAL_ERROR; 414 int r = SSH_ERR_INTERNAL_ERROR;
410 415
411 *keyp = NULL; 416 if (keyp != NULL)
417 *keyp = NULL;
412 418
413 if (asprintf(&file, "%s-cert.pub", filename) == -1) 419 if (asprintf(&file, "%s-cert.pub", filename) == -1)
414 return SSH_ERR_ALLOC_FAIL; 420 return SSH_ERR_ALLOC_FAIL;
@@ -418,11 +424,12 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
418 } 424 }
419 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) 425 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
420 goto out; 426 goto out;
421 427 /* success */
422 *keyp = pub; 428 if (keyp != NULL) {
423 pub = NULL; 429 *keyp = pub;
430 pub = NULL;
431 }
424 r = 0; 432 r = 0;
425
426 out: 433 out:
427 free(file); 434 free(file);
428 sshkey_free(pub); 435 sshkey_free(pub);
@@ -437,7 +444,8 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
437 struct sshkey *key = NULL, *cert = NULL; 444 struct sshkey *key = NULL, *cert = NULL;
438 int r; 445 int r;
439 446
440 *keyp = NULL; 447 if (keyp != NULL)
448 *keyp = NULL;
441 449
442 switch (type) { 450 switch (type) {
443#ifdef WITH_OPENSSL 451#ifdef WITH_OPENSSL
@@ -467,8 +475,10 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
467 (r = sshkey_cert_copy(cert, key)) != 0) 475 (r = sshkey_cert_copy(cert, key)) != 0)
468 goto out; 476 goto out;
469 r = 0; 477 r = 0;
470 *keyp = key; 478 if (keyp != NULL) {
471 key = NULL; 479 *keyp = key;
480 key = NULL;
481 }
472 out: 482 out:
473 sshkey_free(key); 483 sshkey_free(key);
474 sshkey_free(cert); 484 sshkey_free(cert);
diff --git a/canohost.c b/canohost.c
index 223964ea3..f71a08568 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.c,v 1.72 2015/03/01 15:44:40 millert Exp $ */ 1/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,147 +35,6 @@
35#include "canohost.h" 35#include "canohost.h"
36#include "misc.h" 36#include "misc.h"
37 37
38static void check_ip_options(int, char *);
39static char *canonical_host_ip = NULL;
40static int cached_port = -1;
41
42/*
43 * Return the canonical name of the host at the other end of the socket. The
44 * caller should free the returned string.
45 */
46
47static char *
48get_remote_hostname(int sock, int use_dns)
49{
50 struct sockaddr_storage from;
51 socklen_t fromlen;
52 struct addrinfo hints, *ai, *aitop;
53 char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
54
55 /* Get IP address of client. */
56 fromlen = sizeof(from);
57 memset(&from, 0, sizeof(from));
58 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
59 debug("getpeername failed: %.100s", strerror(errno));
60 cleanup_exit(255);
61 }
62
63 if (from.ss_family == AF_INET)
64 check_ip_options(sock, ntop);
65
66 ipv64_normalise_mapped(&from, &fromlen);
67
68 if (from.ss_family == AF_INET6)
69 fromlen = sizeof(struct sockaddr_in6);
70
71 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
72 NULL, 0, NI_NUMERICHOST) != 0)
73 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
74
75 if (!use_dns)
76 return xstrdup(ntop);
77
78 debug3("Trying to reverse map address %.100s.", ntop);
79 /* Map the IP address to a host name. */
80 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
81 NULL, 0, NI_NAMEREQD) != 0) {
82 /* Host name not found. Use ip address. */
83 return xstrdup(ntop);
84 }
85
86 /*
87 * if reverse lookup result looks like a numeric hostname,
88 * someone is trying to trick us by PTR record like following:
89 * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
90 */
91 memset(&hints, 0, sizeof(hints));
92 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
93 hints.ai_flags = AI_NUMERICHOST;
94 if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
95 logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
96 name, ntop);
97 freeaddrinfo(ai);
98 return xstrdup(ntop);
99 }
100
101 /* Names are stores in lowercase. */
102 lowercase(name);
103
104 /*
105 * Map it back to an IP address and check that the given
106 * address actually is an address of this host. This is
107 * necessary because anyone with access to a name server can
108 * define arbitrary names for an IP address. Mapping from
109 * name to IP address can be trusted better (but can still be
110 * fooled if the intruder has access to the name server of
111 * the domain).
112 */
113 memset(&hints, 0, sizeof(hints));
114 hints.ai_family = from.ss_family;
115 hints.ai_socktype = SOCK_STREAM;
116 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
117 logit("reverse mapping checking getaddrinfo for %.700s "
118 "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
119 return xstrdup(ntop);
120 }
121 /* Look for the address from the list of addresses. */
122 for (ai = aitop; ai; ai = ai->ai_next) {
123 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
124 sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
125 (strcmp(ntop, ntop2) == 0))
126 break;
127 }
128 freeaddrinfo(aitop);
129 /* If we reached the end of the list, the address was not there. */
130 if (!ai) {
131 /* Address not found for the host name. */
132 logit("Address %.100s maps to %.600s, but this does not "
133 "map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
134 ntop, name);
135 return xstrdup(ntop);
136 }
137 return xstrdup(name);
138}
139
140/*
141 * If IP options are supported, make sure there are none (log and
142 * disconnect them if any are found). Basically we are worried about
143 * source routing; it can be used to pretend you are somebody
144 * (ip-address) you are not. That itself may be "almost acceptable"
145 * under certain circumstances, but rhosts autentication is useless
146 * if source routing is accepted. Notice also that if we just dropped
147 * source routing here, the other side could use IP spoofing to do
148 * rest of the interaction and could still bypass security. So we
149 * exit here if we detect any IP options.
150 */
151/* IPv4 only */
152static void
153check_ip_options(int sock, char *ipaddr)
154{
155#ifdef IP_OPTIONS
156 u_char options[200];
157 char text[sizeof(options) * 3 + 1];
158 socklen_t option_size, i;
159 int ipproto;
160 struct protoent *ip;
161
162 if ((ip = getprotobyname("ip")) != NULL)
163 ipproto = ip->p_proto;
164 else
165 ipproto = IPPROTO_IP;
166 option_size = sizeof(options);
167 if (getsockopt(sock, ipproto, IP_OPTIONS, options,
168 &option_size) >= 0 && option_size != 0) {
169 text[0] = '\0';
170 for (i = 0; i < option_size; i++)
171 snprintf(text + i*3, sizeof(text) - i*3,
172 " %2.2x", options[i]);
173 fatal("Connection from %.100s with IP options:%.800s",
174 ipaddr, text);
175 }
176#endif /* IP_OPTIONS */
177}
178
179void 38void
180ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) 39ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
181{ 40{
@@ -202,38 +61,6 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
202} 61}
203 62
204/* 63/*
205 * Return the canonical name of the host in the other side of the current
206 * connection. The host name is cached, so it is efficient to call this
207 * several times.
208 */
209
210const char *
211get_canonical_hostname(int use_dns)
212{
213 char *host;
214 static char *canonical_host_name = NULL;
215 static char *remote_ip = NULL;
216
217 /* Check if we have previously retrieved name with same option. */
218 if (use_dns && canonical_host_name != NULL)
219 return canonical_host_name;
220 if (!use_dns && remote_ip != NULL)
221 return remote_ip;
222
223 /* Get the real hostname if socket; otherwise return UNKNOWN. */
224 if (packet_connection_is_on_socket())
225 host = get_remote_hostname(packet_get_connection_in(), use_dns);
226 else
227 host = "UNKNOWN";
228
229 if (use_dns)
230 canonical_host_name = host;
231 else
232 remote_ip = host;
233 return host;
234}
235
236/*
237 * Returns the local/remote IP-address/hostname of socket as a string. 64 * Returns the local/remote IP-address/hostname of socket as a string.
238 * The returned string must be freed. 65 * The returned string must be freed.
239 */ 66 */
@@ -250,12 +77,10 @@ get_socket_address(int sock, int remote, int flags)
250 memset(&addr, 0, sizeof(addr)); 77 memset(&addr, 0, sizeof(addr));
251 78
252 if (remote) { 79 if (remote) {
253 if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) 80 if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) != 0)
254 < 0)
255 return NULL; 81 return NULL;
256 } else { 82 } else {
257 if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) 83 if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) != 0)
258 < 0)
259 return NULL; 84 return NULL;
260 } 85 }
261 86
@@ -271,7 +96,7 @@ get_socket_address(int sock, int remote, int flags)
271 /* Get the address in ascii. */ 96 /* Get the address in ascii. */
272 if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, 97 if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
273 sizeof(ntop), NULL, 0, flags)) != 0) { 98 sizeof(ntop), NULL, 0, flags)) != 0) {
274 error("get_socket_address: getnameinfo %d failed: %s", 99 error("%s: getnameinfo %d failed: %s", __func__,
275 flags, ssh_gai_strerror(r)); 100 flags, ssh_gai_strerror(r));
276 return NULL; 101 return NULL;
277 } 102 }
@@ -316,7 +141,8 @@ get_local_name(int fd)
316 141
317 /* Handle the case where we were passed a pipe */ 142 /* Handle the case where we were passed a pipe */
318 if (gethostname(myname, sizeof(myname)) == -1) { 143 if (gethostname(myname, sizeof(myname)) == -1) {
319 verbose("get_local_name: gethostname: %s", strerror(errno)); 144 verbose("%s: gethostname: %s", __func__, strerror(errno));
145 host = xstrdup("UNKNOWN");
320 } else { 146 } else {
321 host = xstrdup(myname); 147 host = xstrdup(myname);
322 } 148 }
@@ -324,51 +150,9 @@ get_local_name(int fd)
324 return host; 150 return host;
325} 151}
326 152
327void
328clear_cached_addr(void)
329{
330 free(canonical_host_ip);
331 canonical_host_ip = NULL;
332 cached_port = -1;
333}
334
335/*
336 * Returns the IP-address of the remote host as a string. The returned
337 * string must not be freed.
338 */
339
340const char *
341get_remote_ipaddr(void)
342{
343 /* Check whether we have cached the ipaddr. */
344 if (canonical_host_ip == NULL) {
345 if (packet_connection_is_on_socket()) {
346 canonical_host_ip =
347 get_peer_ipaddr(packet_get_connection_in());
348 if (canonical_host_ip == NULL)
349 cleanup_exit(255);
350 } else {
351 /* If not on socket, return UNKNOWN. */
352 canonical_host_ip = xstrdup("UNKNOWN");
353 }
354 }
355 return canonical_host_ip;
356}
357
358const char *
359get_remote_name_or_ip(u_int utmp_len, int use_dns)
360{
361 static const char *remote = "";
362 if (utmp_len > 0)
363 remote = get_canonical_hostname(use_dns);
364 if (utmp_len == 0 || strlen(remote) > utmp_len)
365 remote = get_remote_ipaddr();
366 return remote;
367}
368
369/* Returns the local/remote port for the socket. */ 153/* Returns the local/remote port for the socket. */
370 154
371int 155static int
372get_sock_port(int sock, int local) 156get_sock_port(int sock, int local)
373{ 157{
374 struct sockaddr_storage from; 158 struct sockaddr_storage from;
@@ -402,27 +186,11 @@ get_sock_port(int sock, int local)
402 /* Return port number. */ 186 /* Return port number. */
403 if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, 187 if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
404 strport, sizeof(strport), NI_NUMERICSERV)) != 0) 188 strport, sizeof(strport), NI_NUMERICSERV)) != 0)
405 fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s", 189 fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__,
406 ssh_gai_strerror(r)); 190 ssh_gai_strerror(r));
407 return atoi(strport); 191 return atoi(strport);
408} 192}
409 193
410/* Returns remote/local port number for the current connection. */
411
412static int
413get_port(int local)
414{
415 /*
416 * If the connection is not a socket, return 65535. This is
417 * intentionally chosen to be an unprivileged port number.
418 */
419 if (!packet_connection_is_on_socket())
420 return 65535;
421
422 /* Get socket and return the port number. */
423 return get_sock_port(packet_get_connection_in(), local);
424}
425
426int 194int
427get_peer_port(int sock) 195get_peer_port(int sock)
428{ 196{
@@ -430,17 +198,7 @@ get_peer_port(int sock)
430} 198}
431 199
432int 200int
433get_remote_port(void) 201get_local_port(int sock)
434{
435 /* Cache to avoid getpeername() on a dead connection */
436 if (cached_port == -1)
437 cached_port = get_port(0);
438
439 return cached_port;
440}
441
442int
443get_local_port(void)
444{ 202{
445 return get_port(1); 203 return get_sock_port(sock, 1);
446} 204}
diff --git a/canohost.h b/canohost.h
index 4c8636f42..26d62855a 100644
--- a/canohost.h
+++ b/canohost.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */ 1/* $OpenBSD: canohost.h,v 1.12 2016/03/07 19:02:43 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,18 +12,15 @@
12 * called by a name other than "ssh" or "Secure Shell". 12 * called by a name other than "ssh" or "Secure Shell".
13 */ 13 */
14 14
15const char *get_canonical_hostname(int); 15#ifndef _CANOHOST_H
16const char *get_remote_ipaddr(void); 16#define _CANOHOST_H
17const char *get_remote_name_or_ip(u_int, int);
18 17
19char *get_peer_ipaddr(int); 18char *get_peer_ipaddr(int);
20int get_peer_port(int); 19int get_peer_port(int);
21char *get_local_ipaddr(int); 20char *get_local_ipaddr(int);
22char *get_local_name(int); 21char *get_local_name(int);
22int get_local_port(int);
23 23
24int get_remote_port(void); 24#endif /* _CANOHOST_H */
25int get_local_port(void);
26int get_sock_port(int, int);
27void clear_cached_addr(void);
28 25
29void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); 26void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
diff --git a/channels.c b/channels.c
index c9d2015ee..9f9e972f4 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.349 2016/02/05 13:28:19 naddy Exp $ */ 1/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0;
138/* special-case port number meaning allow any port */ 138/* special-case port number meaning allow any port */
139#define FWD_PERMIT_ANY_PORT 0 139#define FWD_PERMIT_ANY_PORT 0
140 140
141/* special-case wildcard meaning allow any host */
142#define FWD_PERMIT_ANY_HOST "*"
143
141/* 144/*
142 * If this is true, all opens are permitted. This is the case on the server 145 * If this is true, all opens are permitted. This is the case on the server
143 * on which we have to trust the client anyway, and the user could do 146 * on which we have to trust the client anyway, and the user could do
@@ -1416,7 +1419,7 @@ port_open_helper(Channel *c, char *rtype)
1416{ 1419{
1417 char buf[1024]; 1420 char buf[1024];
1418 char *local_ipaddr = get_local_ipaddr(c->sock); 1421 char *local_ipaddr = get_local_ipaddr(c->sock);
1419 int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1); 1422 int local_port = c->sock == -1 ? 65536 : get_local_port(c->sock);
1420 char *remote_ipaddr = get_peer_ipaddr(c->sock); 1423 char *remote_ipaddr = get_peer_ipaddr(c->sock);
1421 int remote_port = get_peer_port(c->sock); 1424 int remote_port = get_peer_port(c->sock);
1422 1425
@@ -2935,7 +2938,7 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
2935 if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 && 2938 if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 &&
2936 allocated_listen_port != NULL && 2939 allocated_listen_port != NULL &&
2937 *allocated_listen_port == 0) { 2940 *allocated_listen_port == 0) {
2938 *allocated_listen_port = get_sock_port(sock, 1); 2941 *allocated_listen_port = get_local_port(sock);
2939 debug("Allocated listen port %d", 2942 debug("Allocated listen port %d",
2940 *allocated_listen_port); 2943 *allocated_listen_port);
2941 } 2944 }
@@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost,
3298 if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && 3301 if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
3299 allowed_open->port_to_connect != requestedport) 3302 allowed_open->port_to_connect != requestedport)
3300 return 0; 3303 return 0;
3301 if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) 3304 if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
3305 strcmp(allowed_open->host_to_connect, requestedhost) != 0)
3302 return 0; 3306 return 0;
3303 return 1; 3307 return 1;
3304} 3308}
diff --git a/cipher-bf1.c b/cipher-bf1.c
index ee72ac085..7d51f5198 100644
--- a/cipher-bf1.c
+++ b/cipher-bf1.c
@@ -20,7 +20,7 @@
20 20
21#include "includes.h" 21#include "includes.h"
22 22
23#ifdef WITH_OPENSSL 23#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF)
24 24
25#include <sys/types.h> 25#include <sys/types.h>
26 26
@@ -100,4 +100,4 @@ evp_ssh1_bf(void)
100 ssh1_bf.key_len = 32; 100 ssh1_bf.key_len = 32;
101 return (&ssh1_bf); 101 return (&ssh1_bf);
102} 102}
103#endif /* WITH_OPENSSL */ 103#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */
diff --git a/cipher.c b/cipher.c
index 13847e5bd..031bda9ec 100644
--- a/cipher.c
+++ b/cipher.c
@@ -81,18 +81,26 @@ static const struct sshcipher ciphers[] = {
81#ifdef WITH_SSH1 81#ifdef WITH_SSH1
82 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, 82 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
83 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, 83 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
84# ifndef OPENSSL_NO_BF
84 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, 85 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
86# endif /* OPENSSL_NO_BF */
85#endif /* WITH_SSH1 */ 87#endif /* WITH_SSH1 */
86#ifdef WITH_OPENSSL 88#ifdef WITH_OPENSSL
87 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, 89 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
88 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, 90 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
91# ifndef OPENSSL_NO_BF
89 { "blowfish-cbc", 92 { "blowfish-cbc",
90 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, 93 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
94# endif /* OPENSSL_NO_BF */
95# ifndef OPENSSL_NO_CAST
91 { "cast128-cbc", 96 { "cast128-cbc",
92 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, 97 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
98# endif /* OPENSSL_NO_CAST */
99# ifndef OPENSSL_NO_RC4
93 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, 100 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
94 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, 101 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
95 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, 102 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
103# endif /* OPENSSL_NO_RC4 */
96 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, 104 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
97 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, 105 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
98 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, 106 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
@@ -625,7 +633,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
625int 633int
626cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) 634cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
627{ 635{
628#ifdef WITH_OPENSSL 636#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
629 const struct sshcipher *c = cc->cipher; 637 const struct sshcipher *c = cc->cipher;
630 int plen = 0; 638 int plen = 0;
631 639
@@ -644,7 +652,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
644void 652void
645cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) 653cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
646{ 654{
647#ifdef WITH_OPENSSL 655#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
648 const struct sshcipher *c = cc->cipher; 656 const struct sshcipher *c = cc->cipher;
649 int plen; 657 int plen;
650 658
diff --git a/clientloop.c b/clientloop.c
index 9820455c4..2c44f5d19 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.284 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,6 +123,9 @@ extern int stdin_null_flag;
123/* Flag indicating that no shell has been requested */ 123/* Flag indicating that no shell has been requested */
124extern int no_shell_flag; 124extern int no_shell_flag;
125 125
126/* Flag indicating that ssh should daemonise after authentication is complete */
127extern int fork_after_authentication_flag;
128
126/* Control socket */ 129/* Control socket */
127extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ 130extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
128 131
@@ -1510,9 +1513,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1510 debug("Entering interactive session."); 1513 debug("Entering interactive session.");
1511 1514
1512 if (options.control_master && 1515 if (options.control_master &&
1513 ! option_clear_or_none(options.control_path)) { 1516 !option_clear_or_none(options.control_path)) {
1514 debug("pledge: id"); 1517 debug("pledge: id");
1515 if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty", 1518 if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
1516 NULL) == -1) 1519 NULL) == -1)
1517 fatal("%s pledge(): %s", __func__, strerror(errno)); 1520 fatal("%s pledge(): %s", __func__, strerror(errno));
1518 1521
@@ -1528,7 +1531,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1528 NULL) == -1) 1531 NULL) == -1)
1529 fatal("%s pledge(): %s", __func__, strerror(errno)); 1532 fatal("%s pledge(): %s", __func__, strerror(errno));
1530 1533
1531 } else if (! option_clear_or_none(options.proxy_command)) { 1534 } else if (!option_clear_or_none(options.proxy_command) ||
1535 fork_after_authentication_flag) {
1532 debug("pledge: proc"); 1536 debug("pledge: proc");
1533 if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) 1537 if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
1534 fatal("%s pledge(): %s", __func__, strerror(errno)); 1538 fatal("%s pledge(): %s", __func__, strerror(errno));
diff --git a/compat.c b/compat.c
index 55838044c..69a104fbf 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */ 1/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
diff --git a/config.h.in b/config.h.in
index 89bf1b0ff..39d018f4c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -75,7 +75,7 @@
75/* Define if your snprintf is busted */ 75/* Define if your snprintf is busted */
76#undef BROKEN_SNPRINTF 76#undef BROKEN_SNPRINTF
77 77
78/* FreeBSD strnvis argument order is swapped compared to OpenBSD */ 78/* missing VIS_ALL */
79#undef BROKEN_STRNVIS 79#undef BROKEN_STRNVIS
80 80
81/* tcgetattr with ICANON may hang */ 81/* tcgetattr with ICANON may hang */
@@ -400,6 +400,15 @@
400/* Define to 1 if you have the `endutxent' function. */ 400/* Define to 1 if you have the `endutxent' function. */
401#undef HAVE_ENDUTXENT 401#undef HAVE_ENDUTXENT
402 402
403/* Define to 1 if you have the `err' function. */
404#undef HAVE_ERR
405
406/* Define to 1 if you have the `errx' function. */
407#undef HAVE_ERRX
408
409/* Define to 1 if you have the <err.h> header file. */
410#undef HAVE_ERR_H
411
403/* Define if your system has /etc/default/login */ 412/* Define if your system has /etc/default/login */
404#undef HAVE_ETC_DEFAULT_LOGIN 413#undef HAVE_ETC_DEFAULT_LOGIN
405 414
@@ -667,6 +676,9 @@
667/* Define to 1 if you have the `krb5_get_error_message' function. */ 676/* Define to 1 if you have the `krb5_get_error_message' function. */
668#undef HAVE_KRB5_GET_ERROR_MESSAGE 677#undef HAVE_KRB5_GET_ERROR_MESSAGE
669 678
679/* Define to 1 if you have the <langinfo.h> header file. */
680#undef HAVE_LANGINFO_H
681
670/* Define to 1 if you have the <lastlog.h> header file. */ 682/* Define to 1 if you have the <lastlog.h> header file. */
671#undef HAVE_LASTLOG_H 683#undef HAVE_LASTLOG_H
672 684
@@ -757,6 +769,9 @@
757/* Define to 1 if you have the `mblen' function. */ 769/* Define to 1 if you have the `mblen' function. */
758#undef HAVE_MBLEN 770#undef HAVE_MBLEN
759 771
772/* Define to 1 if you have the `mbtowc' function. */
773#undef HAVE_MBTOWC
774
760/* Define to 1 if you have the `md5_crypt' function. */ 775/* Define to 1 if you have the `md5_crypt' function. */
761#undef HAVE_MD5_CRYPT 776#undef HAVE_MD5_CRYPT
762 777
@@ -802,6 +817,9 @@
802/* Define to 1 if you have the `ngetaddrinfo' function. */ 817/* Define to 1 if you have the `ngetaddrinfo' function. */
803#undef HAVE_NGETADDRINFO 818#undef HAVE_NGETADDRINFO
804 819
820/* Define to 1 if you have the `nl_langinfo' function. */
821#undef HAVE_NL_LANGINFO
822
805/* Define to 1 if you have the `nsleep' function. */ 823/* Define to 1 if you have the `nsleep' function. */
806#undef HAVE_NSLEEP 824#undef HAVE_NSLEEP
807 825
@@ -962,6 +980,9 @@
962/* Define to 1 if you have the `setpcred' function. */ 980/* Define to 1 if you have the `setpcred' function. */
963#undef HAVE_SETPCRED 981#undef HAVE_SETPCRED
964 982
983/* Define to 1 if you have the `setpflags' function. */
984#undef HAVE_SETPFLAGS
985
965/* Define to 1 if you have the `setppriv' function. */ 986/* Define to 1 if you have the `setppriv' function. */
966#undef HAVE_SETPPRIV 987#undef HAVE_SETPPRIV
967 988
@@ -1352,6 +1373,15 @@
1352/* Define to 1 if you have the `waitpid' function. */ 1373/* Define to 1 if you have the `waitpid' function. */
1353#undef HAVE_WAITPID 1374#undef HAVE_WAITPID
1354 1375
1376/* Define to 1 if you have the `warn' function. */
1377#undef HAVE_WARN
1378
1379/* Define to 1 if you have the <wchar.h> header file. */
1380#undef HAVE_WCHAR_H
1381
1382/* Define to 1 if you have the `wcwidth' function. */
1383#undef HAVE_WCWIDTH
1384
1355/* Define to 1 if you have the `_getlong' function. */ 1385/* Define to 1 if you have the `_getlong' function. */
1356#undef HAVE__GETLONG 1386#undef HAVE__GETLONG
1357 1387
@@ -1447,9 +1477,6 @@
1447/* compiler does not accept __attribute__ on return types */ 1477/* compiler does not accept __attribute__ on return types */
1448#undef NO_ATTRIBUTE_ON_RETURN_TYPE 1478#undef NO_ATTRIBUTE_ON_RETURN_TYPE
1449 1479
1450/* Define if the concept of ports only accessible to superusers isn't known */
1451#undef NO_IPPORT_RESERVED_CONCEPT
1452
1453/* Define if you don't want to use lastlog in session.c */ 1480/* Define if you don't want to use lastlog in session.c */
1454#undef NO_SSH_LASTLOG 1481#undef NO_SSH_LASTLOG
1455 1482
diff --git a/configure b/configure
index 2a46ba966..c836ee546 100755
--- a/configure
+++ b/configure
@@ -1305,6 +1305,7 @@ Optional Features:
1305 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) 1305 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
1306 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 1306 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1307 --disable-largefile omit support for large files 1307 --disable-largefile omit support for large files
1308 --disable-pkcs11 disable PKCS#11 support code [no]
1308 --disable-strip Disable calling strip(1) on install 1309 --disable-strip Disable calling strip(1) on install
1309 --disable-etc-default-login Disable using PATH from /etc/default/login no 1310 --disable-etc-default-login Disable using PATH from /etc/default/login no
1310 --disable-lastlog disable use of lastlog even if detected no 1311 --disable-lastlog disable use of lastlog even if detected no
@@ -7441,6 +7442,9 @@ fi
7441 7442
7442 7443
7443 7444
7445
7446
7447
7444for ac_header in \ 7448for ac_header in \
7445 blf.h \ 7449 blf.h \
7446 bstring.h \ 7450 bstring.h \
@@ -7449,6 +7453,7 @@ for ac_header in \
7449 dirent.h \ 7453 dirent.h \
7450 endian.h \ 7454 endian.h \
7451 elf.h \ 7455 elf.h \
7456 err.h \
7452 features.h \ 7457 features.h \
7453 fcntl.h \ 7458 fcntl.h \
7454 floatingpoint.h \ 7459 floatingpoint.h \
@@ -7457,6 +7462,7 @@ for ac_header in \
7457 ia.h \ 7462 ia.h \
7458 iaf.h \ 7463 iaf.h \
7459 inttypes.h \ 7464 inttypes.h \
7465 langinfo.h \
7460 limits.h \ 7466 limits.h \
7461 locale.h \ 7467 locale.h \
7462 login.h \ 7468 login.h \
@@ -7509,6 +7515,7 @@ for ac_header in \
7509 utmp.h \ 7515 utmp.h \
7510 utmpx.h \ 7516 utmpx.h \
7511 vis.h \ 7517 vis.h \
7518 wchar.h \
7512 7519
7513do 7520do
7514as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` 7521as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
@@ -8981,11 +8988,6 @@ _ACEOF
8981 8988
8982 8989
8983cat >>confdefs.h <<\_ACEOF 8990cat >>confdefs.h <<\_ACEOF
8984#define NO_IPPORT_RESERVED_CONCEPT 1
8985_ACEOF
8986
8987
8988cat >>confdefs.h <<\_ACEOF
8989#define DISABLE_FD_PASSING 1 8991#define DISABLE_FD_PASSING 1
8990_ACEOF 8992_ACEOF
8991 8993
@@ -10374,6 +10376,30 @@ echo $ECHO_N "checking for seccomp architecture... $ECHO_C" >&6; }
10374 aarch64*-*) 10376 aarch64*-*)
10375 seccomp_audit_arch=AUDIT_ARCH_AARCH64 10377 seccomp_audit_arch=AUDIT_ARCH_AARCH64
10376 ;; 10378 ;;
10379 s390x-*)
10380 seccomp_audit_arch=AUDIT_ARCH_S390X
10381 ;;
10382 s390-*)
10383 seccomp_audit_arch=AUDIT_ARCH_S390
10384 ;;
10385 powerpc64-*)
10386 seccomp_audit_arch=AUDIT_ARCH_PPC64
10387 ;;
10388 powerpc64le-*)
10389 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
10390 ;;
10391 mips-*)
10392 seccomp_audit_arch=AUDIT_ARCH_MIPS
10393 ;;
10394 mipsel-*)
10395 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
10396 ;;
10397 mips64-*)
10398 seccomp_audit_arch=AUDIT_ARCH_MIPS64
10399 ;;
10400 mips64el-*)
10401 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
10402 ;;
10377 esac 10403 esac
10378 if test "x$seccomp_audit_arch" != "x" ; then 10404 if test "x$seccomp_audit_arch" != "x" ; then
10379 { echo "$as_me:$LINENO: result: \"$seccomp_audit_arch\"" >&5 10405 { echo "$as_me:$LINENO: result: \"$seccomp_audit_arch\"" >&5
@@ -10401,6 +10427,7 @@ _ACEOF
10401 if test "x$withval" != "xno" ; then 10427 if test "x$withval" != "xno" ; then
10402 need_dash_r=1 10428 need_dash_r=1
10403 fi 10429 fi
10430 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
10404 10431
10405cat >>confdefs.h <<\_ACEOF 10432cat >>confdefs.h <<\_ACEOF
10406#define SSH_TUN_FREEBSD 1 10433#define SSH_TUN_FREEBSD 1
@@ -10867,6 +10894,100 @@ _ACEOF
10867echo "${ECHO_T}no" >&6; } 10894echo "${ECHO_T}no" >&6; }
10868 fi 10895 fi
10869 10896
10897for ac_func in setpflags
10898do
10899as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
10900{ echo "$as_me:$LINENO: checking for $ac_func" >&5
10901echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
10902if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
10903 echo $ECHO_N "(cached) $ECHO_C" >&6
10904else
10905 cat >conftest.$ac_ext <<_ACEOF
10906/* confdefs.h. */
10907_ACEOF
10908cat confdefs.h >>conftest.$ac_ext
10909cat >>conftest.$ac_ext <<_ACEOF
10910/* end confdefs.h. */
10911/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
10912 For example, HP-UX 11i <limits.h> declares gettimeofday. */
10913#define $ac_func innocuous_$ac_func
10914
10915/* System header to define __stub macros and hopefully few prototypes,
10916 which can conflict with char $ac_func (); below.
10917 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
10918 <limits.h> exists even on freestanding compilers. */
10919
10920#ifdef __STDC__
10921# include <limits.h>
10922#else
10923# include <assert.h>
10924#endif
10925
10926#undef $ac_func
10927
10928/* Override any GCC internal prototype to avoid an error.
10929 Use char because int might match the return type of a GCC
10930 builtin and then its argument prototype would still apply. */
10931#ifdef __cplusplus
10932extern "C"
10933#endif
10934char $ac_func ();
10935/* The GNU C library defines this for functions which it implements
10936 to always fail with ENOSYS. Some functions are actually named
10937 something starting with __ and the normal name is an alias. */
10938#if defined __stub_$ac_func || defined __stub___$ac_func
10939choke me
10940#endif
10941
10942int
10943main ()
10944{
10945return $ac_func ();
10946 ;
10947 return 0;
10948}
10949_ACEOF
10950rm -f conftest.$ac_objext conftest$ac_exeext
10951if { (ac_try="$ac_link"
10952case "(($ac_try" in
10953 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
10954 *) ac_try_echo=$ac_try;;
10955esac
10956eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
10957 (eval "$ac_link") 2>conftest.er1
10958 ac_status=$?
10959 grep -v '^ *+' conftest.er1 >conftest.err
10960 rm -f conftest.er1
10961 cat conftest.err >&5
10962 echo "$as_me:$LINENO: \$? = $ac_status" >&5
10963 (exit $ac_status); } && {
10964 test -z "$ac_c_werror_flag" ||
10965 test ! -s conftest.err
10966 } && test -s conftest$ac_exeext &&
10967 $as_test_x conftest$ac_exeext; then
10968 eval "$as_ac_var=yes"
10969else
10970 echo "$as_me: failed program was:" >&5
10971sed 's/^/| /' conftest.$ac_ext >&5
10972
10973 eval "$as_ac_var=no"
10974fi
10975
10976rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
10977 conftest$ac_exeext conftest.$ac_ext
10978fi
10979ac_res=`eval echo '${'$as_ac_var'}'`
10980 { echo "$as_me:$LINENO: result: $ac_res" >&5
10981echo "${ECHO_T}$ac_res" >&6; }
10982if test `eval echo '${'$as_ac_var'}'` = yes; then
10983 cat >>confdefs.h <<_ACEOF
10984#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
10985_ACEOF
10986
10987fi
10988done
10989
10990
10870for ac_func in setppriv 10991for ac_func in setppriv
10871do 10992do
10872as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 10993as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -15446,6 +15567,70 @@ fi
15446 15567
15447 15568
15448 15569
15570{ echo "$as_me:$LINENO: checking whether VIS_ALL is declared" >&5
15571echo $ECHO_N "checking whether VIS_ALL is declared... $ECHO_C" >&6; }
15572if test "${ac_cv_have_decl_VIS_ALL+set}" = set; then
15573 echo $ECHO_N "(cached) $ECHO_C" >&6
15574else
15575 cat >conftest.$ac_ext <<_ACEOF
15576/* confdefs.h. */
15577_ACEOF
15578cat confdefs.h >>conftest.$ac_ext
15579cat >>conftest.$ac_ext <<_ACEOF
15580/* end confdefs.h. */
15581#include <vis.h>
15582
15583int
15584main ()
15585{
15586#ifndef VIS_ALL
15587 (void) VIS_ALL;
15588#endif
15589
15590 ;
15591 return 0;
15592}
15593_ACEOF
15594rm -f conftest.$ac_objext
15595if { (ac_try="$ac_compile"
15596case "(($ac_try" in
15597 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
15598 *) ac_try_echo=$ac_try;;
15599esac
15600eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
15601 (eval "$ac_compile") 2>conftest.er1
15602 ac_status=$?
15603 grep -v '^ *+' conftest.er1 >conftest.err
15604 rm -f conftest.er1
15605 cat conftest.err >&5
15606 echo "$as_me:$LINENO: \$? = $ac_status" >&5
15607 (exit $ac_status); } && {
15608 test -z "$ac_c_werror_flag" ||
15609 test ! -s conftest.err
15610 } && test -s conftest.$ac_objext; then
15611 ac_cv_have_decl_VIS_ALL=yes
15612else
15613 echo "$as_me: failed program was:" >&5
15614sed 's/^/| /' conftest.$ac_ext >&5
15615
15616 ac_cv_have_decl_VIS_ALL=no
15617fi
15618
15619rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15620fi
15621{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_VIS_ALL" >&5
15622echo "${ECHO_T}$ac_cv_have_decl_VIS_ALL" >&6; }
15623if test $ac_cv_have_decl_VIS_ALL = yes; then
15624 :
15625else
15626
15627cat >>confdefs.h <<\_ACEOF
15628#define BROKEN_STRNVIS 1
15629_ACEOF
15630
15631fi
15632
15633
15449{ echo "$as_me:$LINENO: checking whether struct dirent allocates space for d_name" >&5 15634{ echo "$as_me:$LINENO: checking whether struct dirent allocates space for d_name" >&5
15450echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6; } 15635echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6; }
15451if test "$cross_compiling" = yes; then 15636if test "$cross_compiling" = yes; then
@@ -15616,7 +15801,7 @@ fi
15616 15801
15617rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ 15802rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
15618 conftest$ac_exeext conftest.$ac_ext 15803 conftest$ac_exeext conftest.$ac_ext
15619 { echo "$as_me:$LINENO: checking if skeychallenge takes 4 arguments" >&5 15804 { echo "$as_me:$LINENO: checking if skeychallenge takes 4 arguments" >&5
15620echo $ECHO_N "checking if skeychallenge takes 4 arguments... $ECHO_C" >&6; } 15805echo $ECHO_N "checking if skeychallenge takes 4 arguments... $ECHO_C" >&6; }
15621 cat >conftest.$ac_ext <<_ACEOF 15806 cat >conftest.$ac_ext <<_ACEOF
15622/* confdefs.h. */ 15807/* confdefs.h. */
@@ -15871,7 +16056,7 @@ fi
15871 if test "x$PKGCONFIG" != "xno"; then 16056 if test "x$PKGCONFIG" != "xno"; then
15872 { echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5 16057 { echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5
15873echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; } 16058echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; }
15874 if "$PKGCONFIG" libedit; then 16059 if "$PKGCONFIG" libedit; then
15875 { echo "$as_me:$LINENO: result: yes" >&5 16060 { echo "$as_me:$LINENO: result: yes" >&5
15876echo "${ECHO_T}yes" >&6; } 16061echo "${ECHO_T}yes" >&6; }
15877 use_pkgconfig_for_libedit=yes 16062 use_pkgconfig_for_libedit=yes
@@ -16384,7 +16569,7 @@ cat >>confdefs.h <<\_ACEOF
16384_ACEOF 16569_ACEOF
16385 16570
16386 if test "$sol2ver" -ge 11; then 16571 if test "$sol2ver" -ge 11; then
16387 SSHDLIBS="$SSHDLIBS -lscf" 16572 SSHDLIBS="$SSHDLIBS -lscf"
16388 16573
16389cat >>confdefs.h <<\_ACEOF 16574cat >>confdefs.h <<\_ACEOF
16390#define BROKEN_BSM_API 1 16575#define BROKEN_BSM_API 1
@@ -16895,6 +17080,8 @@ fi
16895 17080
16896 17081
16897 17082
17083
17084
16898for ac_func in \ 17085for ac_func in \
16899 Blowfish_initstate \ 17086 Blowfish_initstate \
16900 Blowfish_expandstate \ 17087 Blowfish_expandstate \
@@ -16914,6 +17101,8 @@ for ac_func in \
16914 closefrom \ 17101 closefrom \
16915 dirfd \ 17102 dirfd \
16916 endgrent \ 17103 endgrent \
17104 err \
17105 errx \
16917 explicit_bzero \ 17106 explicit_bzero \
16918 fchmod \ 17107 fchmod \
16919 fchown \ 17108 fchown \
@@ -16940,7 +17129,6 @@ for ac_func in \
16940 inet_ntop \ 17129 inet_ntop \
16941 innetgr \ 17130 innetgr \
16942 login_getcapbool \ 17131 login_getcapbool \
16943 mblen \
16944 md5_crypt \ 17132 md5_crypt \
16945 memmove \ 17133 memmove \
16946 memset_s \ 17134 memset_s \
@@ -17005,6 +17193,7 @@ for ac_func in \
17005 vasprintf \ 17193 vasprintf \
17006 vsnprintf \ 17194 vsnprintf \
17007 waitpid \ 17195 waitpid \
17196 warn \
17008 17197
17009do 17198do
17010as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 17199as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -17099,6 +17288,107 @@ fi
17099done 17288done
17100 17289
17101 17290
17291saved_CFLAGS="$CFLAGS"
17292CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
17293
17294
17295
17296
17297for ac_func in mblen mbtowc nl_langinfo wcwidth
17298do
17299as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
17300{ echo "$as_me:$LINENO: checking for $ac_func" >&5
17301echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
17302if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
17303 echo $ECHO_N "(cached) $ECHO_C" >&6
17304else
17305 cat >conftest.$ac_ext <<_ACEOF
17306/* confdefs.h. */
17307_ACEOF
17308cat confdefs.h >>conftest.$ac_ext
17309cat >>conftest.$ac_ext <<_ACEOF
17310/* end confdefs.h. */
17311/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
17312 For example, HP-UX 11i <limits.h> declares gettimeofday. */
17313#define $ac_func innocuous_$ac_func
17314
17315/* System header to define __stub macros and hopefully few prototypes,
17316 which can conflict with char $ac_func (); below.
17317 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
17318 <limits.h> exists even on freestanding compilers. */
17319
17320#ifdef __STDC__
17321# include <limits.h>
17322#else
17323# include <assert.h>
17324#endif
17325
17326#undef $ac_func
17327
17328/* Override any GCC internal prototype to avoid an error.
17329 Use char because int might match the return type of a GCC
17330 builtin and then its argument prototype would still apply. */
17331#ifdef __cplusplus
17332extern "C"
17333#endif
17334char $ac_func ();
17335/* The GNU C library defines this for functions which it implements
17336 to always fail with ENOSYS. Some functions are actually named
17337 something starting with __ and the normal name is an alias. */
17338#if defined __stub_$ac_func || defined __stub___$ac_func
17339choke me
17340#endif
17341
17342int
17343main ()
17344{
17345return $ac_func ();
17346 ;
17347 return 0;
17348}
17349_ACEOF
17350rm -f conftest.$ac_objext conftest$ac_exeext
17351if { (ac_try="$ac_link"
17352case "(($ac_try" in
17353 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
17354 *) ac_try_echo=$ac_try;;
17355esac
17356eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
17357 (eval "$ac_link") 2>conftest.er1
17358 ac_status=$?
17359 grep -v '^ *+' conftest.er1 >conftest.err
17360 rm -f conftest.er1
17361 cat conftest.err >&5
17362 echo "$as_me:$LINENO: \$? = $ac_status" >&5
17363 (exit $ac_status); } && {
17364 test -z "$ac_c_werror_flag" ||
17365 test ! -s conftest.err
17366 } && test -s conftest$ac_exeext &&
17367 $as_test_x conftest$ac_exeext; then
17368 eval "$as_ac_var=yes"
17369else
17370 echo "$as_me: failed program was:" >&5
17371sed 's/^/| /' conftest.$ac_ext >&5
17372
17373 eval "$as_ac_var=no"
17374fi
17375
17376rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
17377 conftest$ac_exeext conftest.$ac_ext
17378fi
17379ac_res=`eval echo '${'$as_ac_var'}'`
17380 { echo "$as_me:$LINENO: result: $ac_res" >&5
17381echo "${ECHO_T}$ac_res" >&6; }
17382if test `eval echo '${'$as_ac_var'}'` = yes; then
17383 cat >>confdefs.h <<_ACEOF
17384#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
17385_ACEOF
17386
17387fi
17388done
17389
17390CFLAGS="$saved_CFLAGS"
17391
17102cat >conftest.$ac_ext <<_ACEOF 17392cat >conftest.$ac_ext <<_ACEOF
17103/* confdefs.h. */ 17393/* confdefs.h. */
17104_ACEOF 17394_ACEOF
@@ -17148,8 +17438,20 @@ fi
17148rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ 17438rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
17149 conftest$ac_exeext conftest.$ac_ext 17439 conftest$ac_exeext conftest.$ac_ext
17150 17440
17441disable_pkcs11=
17442# Check whether --enable-pkcs11 was given.
17443if test "${enable_pkcs11+set}" = set; then
17444 enableval=$enable_pkcs11;
17445 if test "x$enableval" = "xno" ; then
17446 disable_pkcs11=1
17447 fi
17448
17449
17450fi
17451
17452
17151# PKCS11 depends on OpenSSL. 17453# PKCS11 depends on OpenSSL.
17152if test "x$openssl" = "xyes" ; then 17454if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
17153 # PKCS#11 support requires dlopen() and co 17455 # PKCS#11 support requires dlopen() and co
17154 { echo "$as_me:$LINENO: checking for library containing dlopen" >&5 17456 { echo "$as_me:$LINENO: checking for library containing dlopen" >&5
17155echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; } 17457echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; }
@@ -21388,8 +21690,9 @@ main ()
21388 if(fd == NULL) 21690 if(fd == NULL)
21389 exit(1); 21691 exit(1);
21390 21692
21391 if ((rc = fprintf(fd ,"%08lx (%s)\n", 21693 if ((rc = fprintf(fd, "%08lx (%s)\n",
21392 (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 21694 (unsigned long)OPENSSL_VERSION_NUMBER,
21695 OPENSSL_VERSION_TEXT)) < 0)
21393 exit(1); 21696 exit(1);
21394 21697
21395 exit(0); 21698 exit(0);
@@ -21476,8 +21779,8 @@ main ()
21476 if(fd == NULL) 21779 if(fd == NULL)
21477 exit(1); 21780 exit(1);
21478 21781
21479 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 21782 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
21480 SSLeay_version(SSLEAY_VERSION))) <0) 21783 SSLeay_version(SSLEAY_VERSION))) < 0)
21481 exit(1); 21784 exit(1);
21482 21785
21483 exit(0); 21786 exit(0);
@@ -22110,7 +22413,8 @@ sed 's/^/| /' conftest.$ac_ext >&5
22110 { echo "$as_me:$LINENO: result: no" >&5 22413 { echo "$as_me:$LINENO: result: no" >&5
22111echo "${ECHO_T}no" >&6; } 22414echo "${ECHO_T}no" >&6; }
22112 unsupported_algorithms="$unsupported_cipers \ 22415 unsupported_algorithms="$unsupported_cipers \
22113 aes128-gcm@openssh.com aes256-gcm@openssh.com" 22416 aes128-gcm@openssh.com \
22417 aes256-gcm@openssh.com"
22114 22418
22115 22419
22116fi 22420fi
@@ -22606,9 +22910,11 @@ _ACEOF
22606 22910
22607else 22911else
22608 unsupported_algorithms="$unsupported_algorithms \ 22912 unsupported_algorithms="$unsupported_algorithms \
22609 hmac-sha2-256 hmac-sha2-512 \ 22913 hmac-sha2-256 \
22914 hmac-sha2-512 \
22610 diffie-hellman-group-exchange-sha256 \ 22915 diffie-hellman-group-exchange-sha256 \
22611 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 22916 hmac-sha2-256-etm@openssh.com \
22917 hmac-sha2-512-etm@openssh.com"
22612 22918
22613 22919
22614fi 22920fi
@@ -22708,8 +23014,8 @@ _ACEOF
22708 23014
22709else 23015else
22710 unsupported_algorithms="$unsupported_algorithms \ 23016 unsupported_algorithms="$unsupported_algorithms \
22711 hmac-ripemd160 23017 hmac-ripemd160 \
22712 hmac-ripemd160@openssh.com 23018 hmac-ripemd160@openssh.com \
22713 hmac-ripemd160-etm@openssh.com" 23019 hmac-ripemd160-etm@openssh.com"
22714 23020
22715 23021
@@ -22996,8 +23302,10 @@ _ACEOF
22996 TEST_SSH_ECC=yes 23302 TEST_SSH_ECC=yes
22997 COMMENT_OUT_ECC="" 23303 COMMENT_OUT_ECC=""
22998 else 23304 else
22999 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 23305 unsupported_algorithms="$unsupported_algorithms \
23000 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 23306 ecdsa-sha2-nistp256 \
23307 ecdh-sha2-nistp256 \
23308 ecdsa-sha2-nistp256-cert-v01@openssh.com"
23001 fi 23309 fi
23002 if test x$enable_nistp384 = x1; then 23310 if test x$enable_nistp384 = x1; then
23003 23311
@@ -23008,8 +23316,10 @@ _ACEOF
23008 TEST_SSH_ECC=yes 23316 TEST_SSH_ECC=yes
23009 COMMENT_OUT_ECC="" 23317 COMMENT_OUT_ECC=""
23010 else 23318 else
23011 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 23319 unsupported_algorithms="$unsupported_algorithms \
23012 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 23320 ecdsa-sha2-nistp384 \
23321 ecdh-sha2-nistp384 \
23322 ecdsa-sha2-nistp384-cert-v01@openssh.com"
23013 fi 23323 fi
23014 if test x$enable_nistp521 = x1; then 23324 if test x$enable_nistp521 = x1; then
23015 23325
@@ -23020,8 +23330,10 @@ _ACEOF
23020 TEST_SSH_ECC=yes 23330 TEST_SSH_ECC=yes
23021 COMMENT_OUT_ECC="" 23331 COMMENT_OUT_ECC=""
23022 else 23332 else
23023 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 23333 unsupported_algorithms="$unsupported_algorithms \
23024 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 23334 ecdh-sha2-nistp521 \
23335 ecdsa-sha2-nistp521 \
23336 ecdsa-sha2-nistp521-cert-v01@openssh.com"
23025 fi 23337 fi
23026 23338
23027 23339
@@ -32808,7 +33120,6 @@ sed 's/^/| /' conftest.$ac_ext >&5
32808echo "${ECHO_T}no" >&6; } 33120echo "${ECHO_T}no" >&6; }
32809 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 33121 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
32810 33122
32811
32812fi 33123fi
32813 33124
32814rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext 33125rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
@@ -34471,7 +34782,7 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
34471 echo "$as_me:$LINENO: \$? = $ac_status" >&5 34782 echo "$as_me:$LINENO: \$? = $ac_status" >&5
34472 (exit $ac_status); }; }; then 34783 (exit $ac_status); }; }; then
34473 34784
34474 maildir_what=`awk -F: '{print $1}' conftest.maildir` 34785 maildir_what=`awk -F: '{print $1}' conftest.maildir`
34475 maildir=`awk -F: '{print $2}' conftest.maildir \ 34786 maildir=`awk -F: '{print $2}' conftest.maildir \
34476 | sed 's|/$||'` 34787 | sed 's|/$||'`
34477 { echo "$as_me:$LINENO: result: Using: $maildir from $maildir_what" >&5 34788 { echo "$as_me:$LINENO: result: Using: $maildir from $maildir_what" >&5
diff --git a/configure.ac b/configure.ac
index 7258cc0e5..373d21b34 100644
--- a/configure.ac
+++ b/configure.ac
@@ -373,6 +373,7 @@ AC_CHECK_HEADERS([ \
373 dirent.h \ 373 dirent.h \
374 endian.h \ 374 endian.h \
375 elf.h \ 375 elf.h \
376 err.h \
376 features.h \ 377 features.h \
377 fcntl.h \ 378 fcntl.h \
378 floatingpoint.h \ 379 floatingpoint.h \
@@ -381,6 +382,7 @@ AC_CHECK_HEADERS([ \
381 ia.h \ 382 ia.h \
382 iaf.h \ 383 iaf.h \
383 inttypes.h \ 384 inttypes.h \
385 langinfo.h \
384 limits.h \ 386 limits.h \
385 locale.h \ 387 locale.h \
386 login.h \ 388 login.h \
@@ -433,6 +435,7 @@ AC_CHECK_HEADERS([ \
433 utmp.h \ 435 utmp.h \
434 utmpx.h \ 436 utmpx.h \
435 vis.h \ 437 vis.h \
438 wchar.h \
436]) 439])
437 440
438# lastlog.h requires sys/time.h to be included first on Solaris 441# lastlog.h requires sys/time.h to be included first on Solaris
@@ -586,9 +589,6 @@ case "$host" in
586 [Define if you want to disable shadow passwords]) 589 [Define if you want to disable shadow passwords])
587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 590 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
588 [Define if X11 doesn't support AF_UNIX sockets on that system]) 591 [Define if X11 doesn't support AF_UNIX sockets on that system])
589 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
590 [Define if the concept of ports only accessible to
591 superusers isn't known])
592 AC_DEFINE([DISABLE_FD_PASSING], [1], 592 AC_DEFINE([DISABLE_FD_PASSING], [1],
593 [Define if your platform needs to skip post auth 593 [Define if your platform needs to skip post auth
594 file descriptor passing]) 594 file descriptor passing])
@@ -633,7 +633,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
633 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 633 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
634 [Prepend the address family to IP tunnel traffic]) 634 [Prepend the address family to IP tunnel traffic])
635 m4_pattern_allow([AU_IPv]) 635 m4_pattern_allow([AU_IPv])
636 AC_CHECK_DECL([AU_IPv4], [], 636 AC_CHECK_DECL([AU_IPv4], [],
637 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 637 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
638 [#include <bsm/audit.h>] 638 [#include <bsm/audit.h>]
639 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 639 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
@@ -652,12 +652,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
652 SSHDLIBS="$SSHDLIBS -lcrypt" 652 SSHDLIBS="$SSHDLIBS -lcrypt"
653 TEST_MALLOC_OPTIONS="AFGJPRX" 653 TEST_MALLOC_OPTIONS="AFGJPRX"
654 ;; 654 ;;
655*-*-haiku*) 655*-*-haiku*)
656 LIBS="$LIBS -lbsd " 656 LIBS="$LIBS -lbsd "
657 AC_CHECK_LIB([network], [socket]) 657 AC_CHECK_LIB([network], [socket])
658 AC_DEFINE([HAVE_U_INT64_T]) 658 AC_DEFINE([HAVE_U_INT64_T])
659 MANTYPE=man 659 MANTYPE=man
660 ;; 660 ;;
661*-*-hpux*) 661*-*-hpux*)
662 # first we define all of the options common to all HP-UX releases 662 # first we define all of the options common to all HP-UX releases
663 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 663 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
@@ -797,6 +797,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
797 aarch64*-*) 797 aarch64*-*)
798 seccomp_audit_arch=AUDIT_ARCH_AARCH64 798 seccomp_audit_arch=AUDIT_ARCH_AARCH64
799 ;; 799 ;;
800 s390x-*)
801 seccomp_audit_arch=AUDIT_ARCH_S390X
802 ;;
803 s390-*)
804 seccomp_audit_arch=AUDIT_ARCH_S390
805 ;;
806 powerpc64-*)
807 seccomp_audit_arch=AUDIT_ARCH_PPC64
808 ;;
809 powerpc64le-*)
810 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
811 ;;
812 mips-*)
813 seccomp_audit_arch=AUDIT_ARCH_MIPS
814 ;;
815 mipsel-*)
816 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
817 ;;
818 mips64-*)
819 seccomp_audit_arch=AUDIT_ARCH_MIPS64
820 ;;
821 mips64el-*)
822 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
823 ;;
800 esac 824 esac
801 if test "x$seccomp_audit_arch" != "x" ; then 825 if test "x$seccomp_audit_arch" != "x" ; then
802 AC_MSG_RESULT(["$seccomp_audit_arch"]) 826 AC_MSG_RESULT(["$seccomp_audit_arch"])
@@ -815,6 +839,7 @@ mips-sony-bsd|mips-sony-newsos4)
815 if test "x$withval" != "xno" ; then 839 if test "x$withval" != "xno" ; then
816 need_dash_r=1 840 need_dash_r=1
817 fi 841 fi
842 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
818 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 843 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
819 AC_CHECK_HEADER([net/if_tap.h], , 844 AC_CHECK_HEADER([net/if_tap.h], ,
820 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 845 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
@@ -899,6 +924,7 @@ mips-sony-bsd|mips-sony-newsos4)
899 else 924 else
900 AC_MSG_RESULT([no]) 925 AC_MSG_RESULT([no])
901 fi 926 fi
927 AC_CHECK_FUNCS([setpflags])
902 AC_CHECK_FUNCS([setppriv]) 928 AC_CHECK_FUNCS([setppriv])
903 AC_CHECK_FUNCS([priv_basicset]) 929 AC_CHECK_FUNCS([priv_basicset])
904 AC_CHECK_HEADERS([priv.h]) 930 AC_CHECK_HEADERS([priv.h])
@@ -1378,6 +1404,9 @@ g.gl_statv = NULL;
1378 1404
1379AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1405AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1380 1406
1407AC_CHECK_DECL([VIS_ALL], ,
1408 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1409
1381AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1410AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1382AC_RUN_IFELSE( 1411AC_RUN_IFELSE(
1383 [AC_LANG_PROGRAM([[ 1412 [AC_LANG_PROGRAM([[
@@ -1438,7 +1467,7 @@ AC_ARG_WITH([skey],
1438 AC_MSG_RESULT([no]) 1467 AC_MSG_RESULT([no])
1439 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1468 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1440 ]) 1469 ])
1441 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1470 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1442 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1443#include <stdio.h> 1472#include <stdio.h>
1444#include <skey.h> 1473#include <skey.h>
@@ -1501,7 +1530,7 @@ AC_ARG_WITH([libedit],
1501 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1530 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1502 if test "x$PKGCONFIG" != "xno"; then 1531 if test "x$PKGCONFIG" != "xno"; then
1503 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1532 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1504 if "$PKGCONFIG" libedit; then 1533 if "$PKGCONFIG" libedit; then
1505 AC_MSG_RESULT([yes]) 1534 AC_MSG_RESULT([yes])
1506 use_pkgconfig_for_libedit=yes 1535 use_pkgconfig_for_libedit=yes
1507 else 1536 else
@@ -1572,9 +1601,9 @@ AC_ARG_WITH([audit],
1572 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1601 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1573 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1602 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1574 if test "$sol2ver" -ge 11; then 1603 if test "$sol2ver" -ge 11; then
1575 SSHDLIBS="$SSHDLIBS -lscf" 1604 SSHDLIBS="$SSHDLIBS -lscf"
1576 AC_DEFINE([BROKEN_BSM_API], [1], 1605 AC_DEFINE([BROKEN_BSM_API], [1],
1577 [The system has incomplete BSM API]) 1606 [The system has incomplete BSM API])
1578 fi 1607 fi
1579 ;; 1608 ;;
1580 linux) 1609 linux)
@@ -1666,6 +1695,8 @@ AC_CHECK_FUNCS([ \
1666 closefrom \ 1695 closefrom \
1667 dirfd \ 1696 dirfd \
1668 endgrent \ 1697 endgrent \
1698 err \
1699 errx \
1669 explicit_bzero \ 1700 explicit_bzero \
1670 fchmod \ 1701 fchmod \
1671 fchown \ 1702 fchown \
@@ -1692,7 +1723,6 @@ AC_CHECK_FUNCS([ \
1692 inet_ntop \ 1723 inet_ntop \
1693 innetgr \ 1724 innetgr \
1694 login_getcapbool \ 1725 login_getcapbool \
1695 mblen \
1696 md5_crypt \ 1726 md5_crypt \
1697 memmove \ 1727 memmove \
1698 memset_s \ 1728 memset_s \
@@ -1757,8 +1787,15 @@ AC_CHECK_FUNCS([ \
1757 vasprintf \ 1787 vasprintf \
1758 vsnprintf \ 1788 vsnprintf \
1759 waitpid \ 1789 waitpid \
1790 warn \
1760]) 1791])
1761 1792
1793dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE.
1794saved_CFLAGS="$CFLAGS"
1795CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1796AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1797CFLAGS="$saved_CFLAGS"
1798
1762AC_LINK_IFELSE( 1799AC_LINK_IFELSE(
1763 [AC_LANG_PROGRAM( 1800 [AC_LANG_PROGRAM(
1764 [[ #include <ctype.h> ]], 1801 [[ #include <ctype.h> ]],
@@ -1766,8 +1803,18 @@ AC_LINK_IFELSE(
1766 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1803 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1767]) 1804])
1768 1805
1806disable_pkcs11=
1807AC_ARG_ENABLE([pkcs11],
1808 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1809 [
1810 if test "x$enableval" = "xno" ; then
1811 disable_pkcs11=1
1812 fi
1813 ]
1814)
1815
1769# PKCS11 depends on OpenSSL. 1816# PKCS11 depends on OpenSSL.
1770if test "x$openssl" = "xyes" ; then 1817if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1771 # PKCS#11 support requires dlopen() and co 1818 # PKCS#11 support requires dlopen() and co
1772 AC_SEARCH_LIBS([dlopen], [dl], 1819 AC_SEARCH_LIBS([dlopen], [dl],
1773 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1820 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
@@ -1982,7 +2029,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
1982 [[ 2029 [[
1983 char b[5]; 2030 char b[5];
1984 snprintf(b,5,"123456789"); 2031 snprintf(b,5,"123456789");
1985 exit(b[4]!='\0'); 2032 exit(b[4]!='\0');
1986 ]])], 2033 ]])],
1987 [AC_MSG_RESULT([yes])], 2034 [AC_MSG_RESULT([yes])],
1988 [ 2035 [
@@ -2392,8 +2439,9 @@ if test "x$openssl" = "xyes" ; then
2392 if(fd == NULL) 2439 if(fd == NULL)
2393 exit(1); 2440 exit(1);
2394 2441
2395 if ((rc = fprintf(fd ,"%08lx (%s)\n", 2442 if ((rc = fprintf(fd, "%08lx (%s)\n",
2396 (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2443 (unsigned long)OPENSSL_VERSION_NUMBER,
2444 OPENSSL_VERSION_TEXT)) < 0)
2397 exit(1); 2445 exit(1);
2398 2446
2399 exit(0); 2447 exit(0);
@@ -2428,8 +2476,8 @@ if test "x$openssl" = "xyes" ; then
2428 if(fd == NULL) 2476 if(fd == NULL)
2429 exit(1); 2477 exit(1);
2430 2478
2431 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 2479 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2432 SSLeay_version(SSLEAY_VERSION))) <0) 2480 SSLeay_version(SSLEAY_VERSION))) < 0)
2433 exit(1); 2481 exit(1);
2434 2482
2435 exit(0); 2483 exit(0);
@@ -2604,7 +2652,8 @@ if test "x$openssl" = "xyes" ; then
2604 [ 2652 [
2605 AC_MSG_RESULT([no]) 2653 AC_MSG_RESULT([no])
2606 unsupported_algorithms="$unsupported_cipers \ 2654 unsupported_algorithms="$unsupported_cipers \
2607 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2655 aes128-gcm@openssh.com \
2656 aes256-gcm@openssh.com"
2608 ] 2657 ]
2609 ) 2658 )
2610 2659
@@ -2647,16 +2696,18 @@ if test "x$openssl" = "xyes" ; then
2647 # Search for SHA256 support in libc and/or OpenSSL 2696 # Search for SHA256 support in libc and/or OpenSSL
2648 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2697 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2649 [unsupported_algorithms="$unsupported_algorithms \ 2698 [unsupported_algorithms="$unsupported_algorithms \
2650 hmac-sha2-256 hmac-sha2-512 \ 2699 hmac-sha2-256 \
2700 hmac-sha2-512 \
2651 diffie-hellman-group-exchange-sha256 \ 2701 diffie-hellman-group-exchange-sha256 \
2652 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2702 hmac-sha2-256-etm@openssh.com \
2703 hmac-sha2-512-etm@openssh.com"
2653 ] 2704 ]
2654 ) 2705 )
2655 # Search for RIPE-MD support in OpenSSL 2706 # Search for RIPE-MD support in OpenSSL
2656 AC_CHECK_FUNCS([EVP_ripemd160], , 2707 AC_CHECK_FUNCS([EVP_ripemd160], ,
2657 [unsupported_algorithms="$unsupported_algorithms \ 2708 [unsupported_algorithms="$unsupported_algorithms \
2658 hmac-ripemd160 2709 hmac-ripemd160 \
2659 hmac-ripemd160@openssh.com 2710 hmac-ripemd160@openssh.com \
2660 hmac-ripemd160-etm@openssh.com" 2711 hmac-ripemd160-etm@openssh.com"
2661 ] 2712 ]
2662 ) 2713 )
@@ -2757,24 +2808,30 @@ if test "x$openssl" = "xyes" ; then
2757 TEST_SSH_ECC=yes 2808 TEST_SSH_ECC=yes
2758 COMMENT_OUT_ECC="" 2809 COMMENT_OUT_ECC=""
2759 else 2810 else
2760 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2811 unsupported_algorithms="$unsupported_algorithms \
2761 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2812 ecdsa-sha2-nistp256 \
2813 ecdh-sha2-nistp256 \
2814 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2762 fi 2815 fi
2763 if test x$enable_nistp384 = x1; then 2816 if test x$enable_nistp384 = x1; then
2764 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2817 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2765 TEST_SSH_ECC=yes 2818 TEST_SSH_ECC=yes
2766 COMMENT_OUT_ECC="" 2819 COMMENT_OUT_ECC=""
2767 else 2820 else
2768 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2821 unsupported_algorithms="$unsupported_algorithms \
2769 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2822 ecdsa-sha2-nistp384 \
2823 ecdh-sha2-nistp384 \
2824 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2770 fi 2825 fi
2771 if test x$enable_nistp521 = x1; then 2826 if test x$enable_nistp521 = x1; then
2772 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2827 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2773 TEST_SSH_ECC=yes 2828 TEST_SSH_ECC=yes
2774 COMMENT_OUT_ECC="" 2829 COMMENT_OUT_ECC=""
2775 else 2830 else
2776 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2831 unsupported_algorithms="$unsupported_algorithms \
2777 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2832 ecdh-sha2-nistp521 \
2833 ecdsa-sha2-nistp521 \
2834 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2778 fi 2835 fi
2779 2836
2780 AC_SUBST([TEST_SSH_ECC]) 2837 AC_SUBST([TEST_SSH_ECC])
@@ -2796,7 +2853,7 @@ AC_CHECK_LIB([iaf], [ia_openinfo], [
2796 LIBS="$LIBS -liaf" 2853 LIBS="$LIBS -liaf"
2797 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2854 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2798 AC_DEFINE([HAVE_LIBIAF], [1], 2855 AC_DEFINE([HAVE_LIBIAF], [1],
2799 [Define if system has libiaf that supports set_id]) 2856 [Define if system has libiaf that supports set_id])
2800 ]) 2857 ])
2801]) 2858])
2802LIBS="$saved_LIBS" 2859LIBS="$saved_LIBS"
@@ -3322,7 +3379,7 @@ fi
3322AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3379AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3323 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3380 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3324 [[ u_int a; a = 1;]])], 3381 [[ u_int a; a = 1;]])],
3325 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3382 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3326 ]) 3383 ])
3327]) 3384])
3328if test "x$ac_cv_have_u_int" = "xyes" ; then 3385if test "x$ac_cv_have_u_int" = "xyes" ; then
@@ -3333,7 +3390,7 @@ fi
3333AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3390AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3334 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3391 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3335 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3392 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3336 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3393 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3337 ]) 3394 ])
3338]) 3395])
3339if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3396if test "x$ac_cv_have_intxx_t" = "xyes" ; then
@@ -3350,7 +3407,7 @@ then
3350 [ 3407 [
3351 AC_DEFINE([HAVE_INTXX_T]) 3408 AC_DEFINE([HAVE_INTXX_T])
3352 AC_MSG_RESULT([yes]) 3409 AC_MSG_RESULT([yes])
3353 ], [ AC_MSG_RESULT([no]) 3410 ], [ AC_MSG_RESULT([no])
3354 ]) 3411 ])
3355fi 3412fi
3356 3413
@@ -3367,7 +3424,7 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3367 ]], [[ 3424 ]], [[
3368int64_t a; a = 1; 3425int64_t a; a = 1;
3369 ]])], 3426 ]])],
3370 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3427 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3371 ]) 3428 ])
3372]) 3429])
3373if test "x$ac_cv_have_int64_t" = "xyes" ; then 3430if test "x$ac_cv_have_int64_t" = "xyes" ; then
@@ -3377,7 +3434,7 @@ fi
3377AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3434AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3378 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3379 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3436 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3380 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3437 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3381 ]) 3438 ])
3382]) 3439])
3383if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3440if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
@@ -3392,14 +3449,14 @@ if test -z "$have_u_intxx_t" ; then
3392 [ 3449 [
3393 AC_DEFINE([HAVE_U_INTXX_T]) 3450 AC_DEFINE([HAVE_U_INTXX_T])
3394 AC_MSG_RESULT([yes]) 3451 AC_MSG_RESULT([yes])
3395 ], [ AC_MSG_RESULT([no]) 3452 ], [ AC_MSG_RESULT([no])
3396 ]) 3453 ])
3397fi 3454fi
3398 3455
3399AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3456AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3401 [[ u_int64_t a; a = 1;]])], 3458 [[ u_int64_t a; a = 1;]])],
3402 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3459 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3403 ]) 3460 ])
3404]) 3461])
3405if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3462if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
@@ -3416,7 +3473,7 @@ then
3416 [ 3473 [
3417 AC_DEFINE([HAVE_U_INT64_T]) 3474 AC_DEFINE([HAVE_U_INT64_T])
3418 AC_MSG_RESULT([yes]) 3475 AC_MSG_RESULT([yes])
3419 ], [ AC_MSG_RESULT([no]) 3476 ], [ AC_MSG_RESULT([no])
3420 ]) 3477 ])
3421fi 3478fi
3422 3479
@@ -3430,7 +3487,7 @@ if test -z "$have_u_intxx_t" ; then
3430 uint32_t c; 3487 uint32_t c;
3431 a = b = c = 1; 3488 a = b = c = 1;
3432 ]])], 3489 ]])],
3433 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3490 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3434 ]) 3491 ])
3435 ]) 3492 ])
3436 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3493 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
@@ -3448,7 +3505,7 @@ then
3448 [ 3505 [
3449 AC_DEFINE([HAVE_UINTXX_T]) 3506 AC_DEFINE([HAVE_UINTXX_T])
3450 AC_MSG_RESULT([yes]) 3507 AC_MSG_RESULT([yes])
3451 ], [ AC_MSG_RESULT([no]) 3508 ], [ AC_MSG_RESULT([no])
3452 ]) 3509 ])
3453fi 3510fi
3454 3511
@@ -3461,7 +3518,7 @@ then
3461 [ 3518 [
3462 AC_DEFINE([HAVE_UINTXX_T]) 3519 AC_DEFINE([HAVE_UINTXX_T])
3463 AC_MSG_RESULT([yes]) 3520 AC_MSG_RESULT([yes])
3464 ], [ AC_MSG_RESULT([no]) 3521 ], [ AC_MSG_RESULT([no])
3465 ]) 3522 ])
3466fi 3523fi
3467 3524
@@ -3488,7 +3545,7 @@ fi
3488AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3545AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3489 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3546 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3490 [[ u_char foo; foo = 125; ]])], 3547 [[ u_char foo; foo = 125; ]])],
3491 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3548 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3492 ]) 3549 ])
3493]) 3550])
3494if test "x$ac_cv_have_u_char" = "xyes" ; then 3551if test "x$ac_cv_have_u_char" = "xyes" ; then
@@ -3523,7 +3580,7 @@ AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3523AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3580AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3581 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3525 [[ size_t foo; foo = 1235; ]])], 3582 [[ size_t foo; foo = 1235; ]])],
3526 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3583 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3527 ]) 3584 ])
3528]) 3585])
3529if test "x$ac_cv_have_size_t" = "xyes" ; then 3586if test "x$ac_cv_have_size_t" = "xyes" ; then
@@ -3533,7 +3590,7 @@ fi
3533AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3590AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3591 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3535 [[ ssize_t foo; foo = 1235; ]])], 3592 [[ ssize_t foo; foo = 1235; ]])],
3536 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3593 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3537 ]) 3594 ])
3538]) 3595])
3539if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3596if test "x$ac_cv_have_ssize_t" = "xyes" ; then
@@ -3543,7 +3600,7 @@ fi
3543AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3600AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3544 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3545 [[ clock_t foo; foo = 1235; ]])], 3602 [[ clock_t foo; foo = 1235; ]])],
3546 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3603 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3547 ]) 3604 ])
3548]) 3605])
3549if test "x$ac_cv_have_clock_t" = "xyes" ; then 3606if test "x$ac_cv_have_clock_t" = "xyes" ; then
@@ -3574,7 +3631,7 @@ fi
3574AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3631AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3632 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3576 [[ pid_t foo; foo = 1235; ]])], 3633 [[ pid_t foo; foo = 1235; ]])],
3577 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3634 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3578 ]) 3635 ])
3579]) 3636])
3580if test "x$ac_cv_have_pid_t" = "xyes" ; then 3637if test "x$ac_cv_have_pid_t" = "xyes" ; then
@@ -3584,7 +3641,7 @@ fi
3584AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3641AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3642 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3586 [[ mode_t foo; foo = 1235; ]])], 3643 [[ mode_t foo; foo = 1235; ]])],
3587 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3644 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3588 ]) 3645 ])
3589]) 3646])
3590if test "x$ac_cv_have_mode_t" = "xyes" ; then 3647if test "x$ac_cv_have_mode_t" = "xyes" ; then
@@ -3598,7 +3655,7 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage
3598#include <sys/socket.h> 3655#include <sys/socket.h>
3599 ]], [[ struct sockaddr_storage s; ]])], 3656 ]], [[ struct sockaddr_storage s; ]])],
3600 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3657 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3601 [ ac_cv_have_struct_sockaddr_storage="no" 3658 [ ac_cv_have_struct_sockaddr_storage="no"
3602 ]) 3659 ])
3603]) 3660])
3604if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3661if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
@@ -3612,7 +3669,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3612#include <netinet/in.h> 3669#include <netinet/in.h>
3613 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3670 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3614 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3671 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3615 [ ac_cv_have_struct_sockaddr_in6="no" 3672 [ ac_cv_have_struct_sockaddr_in6="no"
3616 ]) 3673 ])
3617]) 3674])
3618if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3675if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
@@ -3626,7 +3683,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3626#include <netinet/in.h> 3683#include <netinet/in.h>
3627 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3684 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3628 [ ac_cv_have_struct_in6_addr="yes" ], 3685 [ ac_cv_have_struct_in6_addr="yes" ],
3629 [ ac_cv_have_struct_in6_addr="no" 3686 [ ac_cv_have_struct_in6_addr="no"
3630 ]) 3687 ])
3631]) 3688])
3632if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3689if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
@@ -3650,7 +3707,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3650#include <netdb.h> 3707#include <netdb.h>
3651 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3708 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3652 [ ac_cv_have_struct_addrinfo="yes" ], 3709 [ ac_cv_have_struct_addrinfo="yes" ],
3653 [ ac_cv_have_struct_addrinfo="no" 3710 [ ac_cv_have_struct_addrinfo="no"
3654 ]) 3711 ])
3655]) 3712])
3656if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3713if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
@@ -3662,7 +3719,7 @@ AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3662 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3719 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3663 [[ struct timeval tv; tv.tv_sec = 1;]])], 3720 [[ struct timeval tv; tv.tv_sec = 1;]])],
3664 [ ac_cv_have_struct_timeval="yes" ], 3721 [ ac_cv_have_struct_timeval="yes" ],
3665 [ ac_cv_have_struct_timeval="no" 3722 [ ac_cv_have_struct_timeval="no"
3666 ]) 3723 ])
3667]) 3724])
3668if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3725if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
@@ -3770,7 +3827,7 @@ AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3770#include <sys/socket.h> 3827#include <sys/socket.h>
3771 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3828 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3772 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3829 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3773 [ ac_cv_have___ss_family_in_struct_ss="no" 3830 [ ac_cv_have___ss_family_in_struct_ss="no"
3774 ]) 3831 ])
3775]) 3832])
3776if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3833if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
@@ -3869,7 +3926,7 @@ AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3869 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3926 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3870 [[ extern char *__progname; printf("%s", __progname); ]])], 3927 [[ extern char *__progname; printf("%s", __progname); ]])],
3871 [ ac_cv_libc_defines___progname="yes" ], 3928 [ ac_cv_libc_defines___progname="yes" ],
3872 [ ac_cv_libc_defines___progname="no" 3929 [ ac_cv_libc_defines___progname="no"
3873 ]) 3930 ])
3874]) 3931])
3875if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3932if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
@@ -3880,7 +3937,7 @@ AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNC
3880 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3937 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3881 [[ printf("%s", __FUNCTION__); ]])], 3938 [[ printf("%s", __FUNCTION__); ]])],
3882 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3939 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3883 [ ac_cv_cc_implements___FUNCTION__="no" 3940 [ ac_cv_cc_implements___FUNCTION__="no"
3884 ]) 3941 ])
3885]) 3942])
3886if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3943if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
@@ -3892,7 +3949,7 @@ AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__,
3892 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3949 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3893 [[ printf("%s", __func__); ]])], 3950 [[ printf("%s", __func__); ]])],
3894 [ ac_cv_cc_implements___func__="yes" ], 3951 [ ac_cv_cc_implements___func__="yes" ],
3895 [ ac_cv_cc_implements___func__="no" 3952 [ ac_cv_cc_implements___func__="no"
3896 ]) 3953 ])
3897]) 3954])
3898if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3955if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
@@ -3905,7 +3962,7 @@ AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3905va_list x,y; 3962va_list x,y;
3906 ]], [[ va_copy(x,y); ]])], 3963 ]], [[ va_copy(x,y); ]])],
3907 [ ac_cv_have_va_copy="yes" ], 3964 [ ac_cv_have_va_copy="yes" ],
3908 [ ac_cv_have_va_copy="no" 3965 [ ac_cv_have_va_copy="no"
3909 ]) 3966 ])
3910]) 3967])
3911if test "x$ac_cv_have_va_copy" = "xyes" ; then 3968if test "x$ac_cv_have_va_copy" = "xyes" ; then
@@ -3917,7 +3974,7 @@ AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3917#include <stdarg.h> 3974#include <stdarg.h>
3918va_list x,y; 3975va_list x,y;
3919 ]], [[ __va_copy(x,y); ]])], 3976 ]], [[ __va_copy(x,y); ]])],
3920 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3977 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3921 ]) 3978 ])
3922]) 3979])
3923if test "x$ac_cv_have___va_copy" = "xyes" ; then 3980if test "x$ac_cv_have___va_copy" = "xyes" ; then
@@ -3929,7 +3986,7 @@ AC_CACHE_CHECK([whether getopt has optreset support],
3929 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3986 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3930 [[ extern int optreset; optreset = 0; ]])], 3987 [[ extern int optreset; optreset = 0; ]])],
3931 [ ac_cv_have_getopt_optreset="yes" ], 3988 [ ac_cv_have_getopt_optreset="yes" ],
3932 [ ac_cv_have_getopt_optreset="no" 3989 [ ac_cv_have_getopt_optreset="no"
3933 ]) 3990 ])
3934]) 3991])
3935if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3992if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
@@ -3941,7 +3998,7 @@ AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3941 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3998 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3942[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3999[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3943 [ ac_cv_libc_defines_sys_errlist="yes" ], 4000 [ ac_cv_libc_defines_sys_errlist="yes" ],
3944 [ ac_cv_libc_defines_sys_errlist="no" 4001 [ ac_cv_libc_defines_sys_errlist="no"
3945 ]) 4002 ])
3946]) 4003])
3947if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4004if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
@@ -3954,7 +4011,7 @@ AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3954 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4011 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3955[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4012[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3956 [ ac_cv_libc_defines_sys_nerr="yes" ], 4013 [ ac_cv_libc_defines_sys_nerr="yes" ],
3957 [ ac_cv_libc_defines_sys_nerr="no" 4014 [ ac_cv_libc_defines_sys_nerr="no"
3958 ]) 4015 ])
3959]) 4016])
3960if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4017if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
@@ -4113,7 +4170,6 @@ AC_ARG_WITH([kerberos5],
4113 [K5LIBS="$K5LIBS -ldes"]) 4170 [K5LIBS="$K5LIBS -ldes"])
4114 ], [ AC_MSG_RESULT([no]) 4171 ], [ AC_MSG_RESULT([no])
4115 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4172 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4116
4117 ]) 4173 ])
4118 AC_SEARCH_LIBS([dn_expand], [resolv]) 4174 AC_SEARCH_LIBS([dn_expand], [resolv])
4119 4175
@@ -4296,7 +4352,7 @@ AC_ARG_WITH([maildir],
4296 exit(0); 4352 exit(0);
4297 ]])], 4353 ]])],
4298 [ 4354 [
4299 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4355 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4300 maildir=`awk -F: '{print $2}' conftest.maildir \ 4356 maildir=`awk -F: '{print $2}' conftest.maildir \
4301 | sed 's|/$||'` 4357 | sed 's|/$||'`
4302 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4358 AC_MSG_RESULT([Using: $maildir from $maildir_what])
@@ -4641,7 +4697,7 @@ AC_ARG_WITH([pid-dir],
4641 ] 4697 ]
4642) 4698)
4643 4699
4644AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4700AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4645 [Specify location of ssh.pid]) 4701 [Specify location of ssh.pid])
4646AC_SUBST([piddir]) 4702AC_SUBST([piddir])
4647 4703
@@ -4799,7 +4855,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4799 ]], [[ char *utmp = UTMP_FILE; ]])], 4855 ]], [[ char *utmp = UTMP_FILE; ]])],
4800 [ AC_MSG_RESULT([yes]) ], 4856 [ AC_MSG_RESULT([yes]) ],
4801 [ AC_MSG_RESULT([no]) 4857 [ AC_MSG_RESULT([no])
4802 system_utmp_path=no 4858 system_utmp_path=no
4803]) 4859])
4804if test -z "$conf_utmp_location"; then 4860if test -z "$conf_utmp_location"; then
4805 if test x"$system_utmp_path" = x"no" ; then 4861 if test x"$system_utmp_path" = x"no" ; then
@@ -4829,7 +4885,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4829 ]], [[ char *wtmp = WTMP_FILE; ]])], 4885 ]], [[ char *wtmp = WTMP_FILE; ]])],
4830 [ AC_MSG_RESULT([yes]) ], 4886 [ AC_MSG_RESULT([yes]) ],
4831 [ AC_MSG_RESULT([no]) 4887 [ AC_MSG_RESULT([no])
4832 system_wtmp_path=no 4888 system_wtmp_path=no
4833]) 4889])
4834if test -z "$conf_wtmp_location"; then 4890if test -z "$conf_wtmp_location"; then
4835 if test x"$system_wtmp_path" = x"no" ; then 4891 if test x"$system_wtmp_path" = x"no" ; then
@@ -4862,7 +4918,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4862 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4918 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4863 [ AC_MSG_RESULT([yes]) ], 4919 [ AC_MSG_RESULT([yes]) ],
4864 [ AC_MSG_RESULT([no]) 4920 [ AC_MSG_RESULT([no])
4865 system_wtmpx_path=no 4921 system_wtmpx_path=no
4866]) 4922])
4867if test -z "$conf_wtmpx_location"; then 4923if test -z "$conf_wtmpx_location"; then
4868 if test x"$system_wtmpx_path" = x"no" ; then 4924 if test x"$system_wtmpx_path" = x"no" ; then
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index 1396d99cd..a73a0f657 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -25,6 +25,7 @@ Options:
25 --yes -y Answer all questions with "yes" automatically. 25 --yes -y Answer all questions with "yes" automatically.
26 --no -n Answer all questions with "no" automatically. 26 --no -n Answer all questions with "no" automatically.
27 --cygwin -c <options> Use "options" as value for CYGWIN environment var. 27 --cygwin -c <options> Use "options" as value for CYGWIN environment var.
28 --name -N <name> sshd windows service name.
28 --port -p <n> sshd listens on port n. 29 --port -p <n> sshd listens on port n.
29 --user -u <account> privileged user for service, default 'cyg_server'. 30 --user -u <account> privileged user for service, default 'cyg_server'.
30 --pwd -w <passwd> Use "pwd" as password for privileged user. 31 --pwd -w <passwd> Use "pwd" as password for privileged user.
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index eefe82df0..fd8678f12 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 7.2p2 1%define ver 7.3p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
@@ -358,8 +358,6 @@ fi
358%attr(0644,root,root) %{_mandir}/man1/ssh.1* 358%attr(0644,root,root) %{_mandir}/man1/ssh.1*
359%attr(0644,root,root) %{_mandir}/man5/ssh_config.5* 359%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
360%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config 360%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
361%attr(-,root,root) %{_bindir}/slogin
362%attr(-,root,root) %{_mandir}/man1/slogin.1*
363%if ! %{rescue} 361%if ! %{rescue}
364%attr(2755,root,nobody) %{_bindir}/ssh-agent 362%attr(2755,root,nobody) %{_bindir}/ssh-agent
365%attr(0755,root,root) %{_bindir}/ssh-add 363%attr(0755,root,root) %{_bindir}/ssh-add
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index afde8b170..bef5c95d9 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -233,17 +233,17 @@ populate_new_ids() {
233 -o ControlPath=none \ 233 -o ControlPath=none \
234 -o LogLevel=INFO \ 234 -o LogLevel=INFO \
235 -o PreferredAuthentications=publickey \ 235 -o PreferredAuthentications=publickey \
236 -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null 236 -o IdentitiesOnly=yes "$@" exit 2>"$L_TMP_ID_FILE.stderr" </dev/null
237 if [ "$?" = "$L_SUCCESS" ] ; then 237 if [ "$?" = "$L_SUCCESS" ] ; then
238 : > $L_TMP_ID_FILE 238 : > "$L_TMP_ID_FILE"
239 else 239 else
240 grep 'Permission denied' $L_TMP_ID_FILE.stderr >/dev/null || { 240 grep 'Permission denied' "$L_TMP_ID_FILE.stderr" >/dev/null || {
241 sed -e 's/^/ERROR: /' <$L_TMP_ID_FILE.stderr >$L_TMP_ID_FILE 241 sed -e 's/^/ERROR: /' <"$L_TMP_ID_FILE.stderr" >"$L_TMP_ID_FILE"
242 cat >/dev/null #consume the other keys, causing loop to end 242 cat >/dev/null #consume the other keys, causing loop to end
243 } 243 }
244 fi 244 fi
245 245
246 cat $L_TMP_ID_FILE 246 cat "$L_TMP_ID_FILE"
247 done 247 done
248 } 248 }
249 ) 249 )
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index f20a78656..d2b2728d5 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 7.2p2 16Version: 7.3p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
@@ -202,7 +202,6 @@ rm -rf $RPM_BUILD_ROOT
202%attr(0755,root,root) %{_bindir}/ssh-keygen 202%attr(0755,root,root) %{_bindir}/ssh-keygen
203%attr(0755,root,root) %{_bindir}/scp 203%attr(0755,root,root) %{_bindir}/scp
204%attr(0755,root,root) %{_bindir}/ssh 204%attr(0755,root,root) %{_bindir}/ssh
205%attr(-,root,root) %{_bindir}/slogin
206%attr(0755,root,root) %{_bindir}/ssh-agent 205%attr(0755,root,root) %{_bindir}/ssh-agent
207%attr(0755,root,root) %{_bindir}/ssh-add 206%attr(0755,root,root) %{_bindir}/ssh-add
208%attr(0755,root,root) %{_bindir}/ssh-keyscan 207%attr(0755,root,root) %{_bindir}/ssh-keyscan
@@ -214,7 +213,6 @@ rm -rf $RPM_BUILD_ROOT
214%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper 213%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
215%attr(0644,root,root) %doc %{_mandir}/man1/scp.1* 214%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
216%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* 215%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
217%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
218%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* 216%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
219%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1* 217%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
220%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1* 218%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
diff --git a/defines.h b/defines.h
index a438ddd74..1b71d3e01 100644
--- a/defines.h
+++ b/defines.h
@@ -43,6 +43,19 @@ enum
43#endif 43#endif
44 44
45/* 45/*
46 * Cygwin doesn't really have a notion of reserved ports. It is still
47 * is useful on the client side so for compatibility it defines as 1024 via
48 * netinet/in.h inside an enum. We * don't actually want that restriction
49 * so we want to set that to zero, but we can't do it direct in config.h
50 * because it'll cause a conflicting definition the first time we include
51 * netinet/in.h.
52 */
53
54#ifdef HAVE_CYGWIN
55#define IPPORT_RESERVED 0
56#endif
57
58/*
46 * Definitions for IP type of service (ip_tos) 59 * Definitions for IP type of service (ip_tos)
47 */ 60 */
48#include <netinet/in_systm.h> 61#include <netinet/in_systm.h>
diff --git a/dh.c b/dh.c
index 4c639acc3..167d3714e 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */ 1/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -30,6 +30,7 @@
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
32 32
33#include <errno.h>
33#include <stdarg.h> 34#include <stdarg.h>
34#include <stdio.h> 35#include <stdio.h>
35#include <stdlib.h> 36#include <stdlib.h>
@@ -151,10 +152,9 @@ choose_dh(int min, int wantbits, int max)
151 int linenum; 152 int linenum;
152 struct dhgroup dhg; 153 struct dhgroup dhg;
153 154
154 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && 155 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
155 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { 156 logit("WARNING: could open open %s (%s), using fixed modulus",
156 logit("WARNING: %s does not exist, using fixed modulus", 157 _PATH_DH_MODULI, strerror(errno));
157 _PATH_DH_MODULI);
158 return (dh_new_group_fallback(max)); 158 return (dh_new_group_fallback(max));
159 } 159 }
160 160
@@ -182,7 +182,7 @@ choose_dh(int min, int wantbits, int max)
182 182
183 if (bestcount == 0) { 183 if (bestcount == 0) {
184 fclose(f); 184 fclose(f);
185 logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); 185 logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
186 return (dh_new_group_fallback(max)); 186 return (dh_new_group_fallback(max));
187 } 187 }
188 188
@@ -203,7 +203,7 @@ choose_dh(int min, int wantbits, int max)
203 fclose(f); 203 fclose(f);
204 if (linenum != which+1) { 204 if (linenum != which+1) {
205 logit("WARNING: line %d disappeared in %s, giving up", 205 logit("WARNING: line %d disappeared in %s, giving up",
206 which, _PATH_DH_PRIMES); 206 which, _PATH_DH_MODULI);
207 return (dh_new_group_fallback(max)); 207 return (dh_new_group_fallback(max));
208 } 208 }
209 209
@@ -246,12 +246,15 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
246 bits_set++; 246 bits_set++;
247 debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); 247 debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
248 248
249 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ 249 /*
250 if (bits_set > 1) 250 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
251 return 1; 251 */
252 252 if (bits_set < 4) {
253 logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); 253 logit("invalid public DH value (%d/%d)",
254 return 0; 254 bits_set, BN_num_bits(dh->p));
255 return 0;
256 }
257 return 1;
255} 258}
256 259
257int 260int
@@ -263,6 +266,12 @@ dh_gen_key(DH *dh, int need)
263 (pbits = BN_num_bits(dh->p)) <= 0 || 266 (pbits = BN_num_bits(dh->p)) <= 0 ||
264 need > INT_MAX / 2 || 2 * need > pbits) 267 need > INT_MAX / 2 || 2 * need > pbits)
265 return SSH_ERR_INVALID_ARGUMENT; 268 return SSH_ERR_INVALID_ARGUMENT;
269 if (need < 256)
270 need = 256;
271 /*
272 * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
273 * so double requested need here.
274 */
266 dh->length = MIN(need * 2, pbits - 1); 275 dh->length = MIN(need * 2, pbits - 1);
267 if (DH_generate_key(dh) == 0 || 276 if (DH_generate_key(dh) == 0 ||
268 !dh_pub_is_valid(dh, dh->pub_key)) { 277 !dh_pub_is_valid(dh, dh->pub_key)) {
@@ -305,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
305 return (dh); 314 return (dh);
306} 315}
307 316
317/* rfc2409 "Second Oakley Group" (1024 bits) */
308DH * 318DH *
309dh_new_group1(void) 319dh_new_group1(void)
310{ 320{
@@ -319,6 +329,7 @@ dh_new_group1(void)
319 return (dh_new_group_asc(gen, group1)); 329 return (dh_new_group_asc(gen, group1));
320} 330}
321 331
332/* rfc3526 group 14 "2048-bit MODP Group" */
322DH * 333DH *
323dh_new_group14(void) 334dh_new_group14(void)
324{ 335{
@@ -338,12 +349,9 @@ dh_new_group14(void)
338 return (dh_new_group_asc(gen, group14)); 349 return (dh_new_group_asc(gen, group14));
339} 350}
340 351
341/* 352/* rfc3526 group 16 "4096-bit MODP Group" */
342 * 4k bit fallback group used by DH-GEX if moduli file cannot be read.
343 * Source: MODP group 16 from RFC3526.
344 */
345DH * 353DH *
346dh_new_group_fallback(int max) 354dh_new_group16(void)
347{ 355{
348 static char *gen = "2", *group16 = 356 static char *gen = "2", *group16 =
349 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" 357 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
@@ -369,12 +377,75 @@ dh_new_group_fallback(int max)
369 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" 377 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
370 "FFFFFFFF" "FFFFFFFF"; 378 "FFFFFFFF" "FFFFFFFF";
371 379
372 if (max < 4096) { 380 return (dh_new_group_asc(gen, group16));
373 debug3("requested max size %d, using 2k bit group 14", max); 381}
382
383/* rfc3526 group 18 "8192-bit MODP Group" */
384DH *
385dh_new_group18(void)
386{
387 static char *gen = "2", *group16 =
388 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
389 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
390 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
391 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
392 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
393 "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
394 "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
395 "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
396 "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
397 "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
398 "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
399 "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
400 "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
401 "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
402 "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
403 "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
404 "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
405 "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
406 "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
407 "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
408 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
409 "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
410 "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
411 "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
412 "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
413 "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
414 "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
415 "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
416 "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
417 "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
418 "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
419 "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
420 "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
421 "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
422 "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
423 "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
424 "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
425 "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
426 "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
427 "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
428 "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
429 "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
430 "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
431
432 return (dh_new_group_asc(gen, group16));
433}
434
435/* Select fallback group used by DH-GEX if moduli file cannot be read. */
436DH *
437dh_new_group_fallback(int max)
438{
439 debug3("%s: requested max size %d", __func__, max);
440 if (max < 3072) {
441 debug3("using 2k bit group 14");
374 return dh_new_group14(); 442 return dh_new_group14();
443 } else if (max < 6144) {
444 debug3("using 4k bit group 16");
445 return dh_new_group16();
375 } 446 }
376 debug3("using 4k bit group 16"); 447 debug3("using 8k bit group 18");
377 return (dh_new_group_asc(gen, group16)); 448 return dh_new_group18();
378} 449}
379 450
380/* 451/*
@@ -384,7 +455,6 @@ dh_new_group_fallback(int max)
384 * Management Part 1 (rev 3) limited by the recommended maximum value 455 * Management Part 1 (rev 3) limited by the recommended maximum value
385 * from RFC4419 section 3. 456 * from RFC4419 section 3.
386 */ 457 */
387
388u_int 458u_int
389dh_estimate(int bits) 459dh_estimate(int bits)
390{ 460{
diff --git a/dh.h b/dh.h
index e191cfd8a..bcd485cf9 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ 1/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -37,6 +37,8 @@ DH *dh_new_group_asc(const char *, const char *);
37DH *dh_new_group(BIGNUM *, BIGNUM *); 37DH *dh_new_group(BIGNUM *, BIGNUM *);
38DH *dh_new_group1(void); 38DH *dh_new_group1(void);
39DH *dh_new_group14(void); 39DH *dh_new_group14(void);
40DH *dh_new_group16(void);
41DH *dh_new_group18(void);
40DH *dh_new_group_fallback(int); 42DH *dh_new_group_fallback(int);
41 43
42int dh_gen_key(DH *, int); 44int dh_gen_key(DH *, int);
diff --git a/kex.c b/kex.c
index d371f47c4..50c7a0f9b 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -35,6 +35,7 @@
35 35
36#ifdef WITH_OPENSSL 36#ifdef WITH_OPENSSL
37#include <openssl/crypto.h> 37#include <openssl/crypto.h>
38#include <openssl/dh.h>
38#endif 39#endif
39 40
40#include "ssh2.h" 41#include "ssh2.h"
@@ -88,7 +89,10 @@ struct kexalg {
88static const struct kexalg kexalgs[] = { 89static const struct kexalg kexalgs[] = {
89#ifdef WITH_OPENSSL 90#ifdef WITH_OPENSSL
90 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, 91 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
91 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, 92 { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
93 { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
94 { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
95 { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
92 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, 96 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
93#ifdef HAVE_EVP_SHA256 97#ifdef HAVE_EVP_SHA256
94 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, 98 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
diff --git a/kex.h b/kex.h
index 1c5896605..c35195568 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -51,7 +51,10 @@
51#define KEX_COOKIE_LEN 16 51#define KEX_COOKIE_LEN 16
52 52
53#define KEX_DH1 "diffie-hellman-group1-sha1" 53#define KEX_DH1 "diffie-hellman-group1-sha1"
54#define KEX_DH14 "diffie-hellman-group14-sha1" 54#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
55#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
56#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
57#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
55#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" 58#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
56#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" 59#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
57#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" 60#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
@@ -88,6 +91,9 @@ enum kex_modes {
88enum kex_exchange { 91enum kex_exchange {
89 KEX_DH_GRP1_SHA1, 92 KEX_DH_GRP1_SHA1,
90 KEX_DH_GRP14_SHA1, 93 KEX_DH_GRP14_SHA1,
94 KEX_DH_GRP14_SHA256,
95 KEX_DH_GRP16_SHA512,
96 KEX_DH_GRP18_SHA512,
91 KEX_DH_GEX_SHA1, 97 KEX_DH_GEX_SHA1,
92 KEX_DH_GEX_SHA256, 98 KEX_DH_GEX_SHA256,
93 KEX_ECDH_SHA2, 99 KEX_ECDH_SHA2,
@@ -190,7 +196,7 @@ int kexecdh_server(struct ssh *);
190int kexc25519_client(struct ssh *); 196int kexc25519_client(struct ssh *);
191int kexc25519_server(struct ssh *); 197int kexc25519_server(struct ssh *);
192 198
193int kex_dh_hash(const char *, const char *, 199int kex_dh_hash(int, const char *, const char *,
194 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, 200 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
195 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); 201 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
196 202
@@ -205,8 +211,9 @@ int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
205 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, 211 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
206 const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); 212 const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
207 213
208int kex_c25519_hash(int, const char *, const char *, const char *, size_t, 214int kex_c25519_hash(int, const char *, const char *,
209 const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, 215 const u_char *, size_t, const u_char *, size_t,
216 const u_char *, size_t, const u_char *, const u_char *,
210 const u_char *, size_t, u_char *, size_t *); 217 const u_char *, size_t, u_char *, size_t *);
211 218
212void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) 219void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
diff --git a/kexc25519.c b/kexc25519.c
index 8d8cd4a2b..0897b8c51 100644
--- a/kexc25519.c
+++ b/kexc25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ 1/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -86,8 +86,8 @@ kex_c25519_hash(
86 int hash_alg, 86 int hash_alg,
87 const char *client_version_string, 87 const char *client_version_string,
88 const char *server_version_string, 88 const char *server_version_string,
89 const char *ckexinit, size_t ckexinitlen, 89 const u_char *ckexinit, size_t ckexinitlen,
90 const char *skexinit, size_t skexinitlen, 90 const u_char *skexinit, size_t skexinitlen,
91 const u_char *serverhostkeyblob, size_t sbloblen, 91 const u_char *serverhostkeyblob, size_t sbloblen,
92 const u_char client_dh_pub[CURVE25519_SIZE], 92 const u_char client_dh_pub[CURVE25519_SIZE],
93 const u_char server_dh_pub[CURVE25519_SIZE], 93 const u_char server_dh_pub[CURVE25519_SIZE],
diff --git a/kexdh.c b/kexdh.c
index feea6697d..0bf0dc138 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ 1/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -43,6 +43,7 @@
43 43
44int 44int
45kex_dh_hash( 45kex_dh_hash(
46 int hash_alg,
46 const char *client_version_string, 47 const char *client_version_string,
47 const char *server_version_string, 48 const char *server_version_string,
48 const u_char *ckexinit, size_t ckexinitlen, 49 const u_char *ckexinit, size_t ckexinitlen,
@@ -56,7 +57,7 @@ kex_dh_hash(
56 struct sshbuf *b; 57 struct sshbuf *b;
57 int r; 58 int r;
58 59
59 if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) 60 if (*hashlen < ssh_digest_bytes(hash_alg))
60 return SSH_ERR_INVALID_ARGUMENT; 61 return SSH_ERR_INVALID_ARGUMENT;
61 if ((b = sshbuf_new()) == NULL) 62 if ((b = sshbuf_new()) == NULL)
62 return SSH_ERR_ALLOC_FAIL; 63 return SSH_ERR_ALLOC_FAIL;
@@ -79,12 +80,12 @@ kex_dh_hash(
79#ifdef DEBUG_KEX 80#ifdef DEBUG_KEX
80 sshbuf_dump(b, stderr); 81 sshbuf_dump(b, stderr);
81#endif 82#endif
82 if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { 83 if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
83 sshbuf_free(b); 84 sshbuf_free(b);
84 return SSH_ERR_LIBCRYPTO_ERROR; 85 return SSH_ERR_LIBCRYPTO_ERROR;
85 } 86 }
86 sshbuf_free(b); 87 sshbuf_free(b);
87 *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); 88 *hashlen = ssh_digest_bytes(hash_alg);
88#ifdef DEBUG_KEX 89#ifdef DEBUG_KEX
89 dump_digest("hash", hash, *hashlen); 90 dump_digest("hash", hash, *hashlen);
90#endif 91#endif
diff --git a/kexdhc.c b/kexdhc.c
index af259f16a..ad3975f09 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -63,8 +63,15 @@ kexdh_client(struct ssh *ssh)
63 kex->dh = dh_new_group1(); 63 kex->dh = dh_new_group1();
64 break; 64 break;
65 case KEX_DH_GRP14_SHA1: 65 case KEX_DH_GRP14_SHA1:
66 case KEX_DH_GRP14_SHA256:
66 kex->dh = dh_new_group14(); 67 kex->dh = dh_new_group14();
67 break; 68 break;
69 case KEX_DH_GRP16_SHA512:
70 kex->dh = dh_new_group16();
71 break;
72 case KEX_DH_GRP18_SHA512:
73 kex->dh = dh_new_group18();
74 break;
68 default: 75 default:
69 r = SSH_ERR_INVALID_ARGUMENT; 76 r = SSH_ERR_INVALID_ARGUMENT;
70 goto out; 77 goto out;
@@ -164,6 +171,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt)
164 /* calc and verify H */ 171 /* calc and verify H */
165 hashlen = sizeof(hash); 172 hashlen = sizeof(hash);
166 if ((r = kex_dh_hash( 173 if ((r = kex_dh_hash(
174 kex->hash_alg,
167 kex->client_version_string, 175 kex->client_version_string,
168 kex->server_version_string, 176 kex->server_version_string,
169 sshbuf_ptr(kex->my), sshbuf_len(kex->my), 177 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
diff --git a/kexdhs.c b/kexdhs.c
index bf933e4c9..108f66427 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -63,8 +63,15 @@ kexdh_server(struct ssh *ssh)
63 kex->dh = dh_new_group1(); 63 kex->dh = dh_new_group1();
64 break; 64 break;
65 case KEX_DH_GRP14_SHA1: 65 case KEX_DH_GRP14_SHA1:
66 case KEX_DH_GRP14_SHA256:
66 kex->dh = dh_new_group14(); 67 kex->dh = dh_new_group14();
67 break; 68 break;
69 case KEX_DH_GRP16_SHA512:
70 kex->dh = dh_new_group16();
71 break;
72 case KEX_DH_GRP18_SHA512:
73 kex->dh = dh_new_group18();
74 break;
68 default: 75 default:
69 r = SSH_ERR_INVALID_ARGUMENT; 76 r = SSH_ERR_INVALID_ARGUMENT;
70 goto out; 77 goto out;
@@ -158,6 +165,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt)
158 /* calc H */ 165 /* calc H */
159 hashlen = sizeof(hash); 166 hashlen = sizeof(hash);
160 if ((r = kex_dh_hash( 167 if ((r = kex_dh_hash(
168 kex->hash_alg,
161 kex->client_version_string, 169 kex->client_version_string,
162 kex->server_version_string, 170 kex->server_version_string,
163 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), 171 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
diff --git a/kexgexs.c b/kexgexs.c
index 8c5adf7e4..f4400dcbe 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.29 2016/06/08 02:13:01 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -89,7 +89,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
89 nbits = MIN(DH_GRP_MAX, nbits); 89 nbits = MIN(DH_GRP_MAX, nbits);
90 90
91 if (kex->max < kex->min || kex->nbits < kex->min || 91 if (kex->max < kex->min || kex->nbits < kex->min ||
92 kex->max < kex->nbits) { 92 kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
93 r = SSH_ERR_DH_GEX_OUT_OF_RANGE; 93 r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
94 goto out; 94 goto out;
95 } 95 }
diff --git a/key.c b/key.c
index 28d7c6207..93f4ccb24 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.129 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */
2/* 2/*
3 * placed in the public domain 3 * placed in the public domain
4 */ 4 */
@@ -214,7 +214,7 @@ key_certify(Key *k, Key *ca)
214{ 214{
215 int r; 215 int r;
216 216
217 if ((r = sshkey_certify(k, ca)) != 0) { 217 if ((r = sshkey_certify(k, ca, NULL)) != 0) {
218 fatal_on_fatal_errors(r, __func__, 0); 218 fatal_on_fatal_errors(r, __func__, 0);
219 error("%s: %s", __func__, ssh_err(r)); 219 error("%s: %s", __func__, ssh_err(r));
220 return -1; 220 return -1;
diff --git a/log.c b/log.c
index ad12930e1..2b59c4274 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: log.c,v 1.46 2015/07/08 19:04:21 markus Exp $ */ 1/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,6 +176,16 @@ sigdie(const char *fmt,...)
176 _exit(1); 176 _exit(1);
177} 177}
178 178
179void
180logdie(const char *fmt,...)
181{
182 va_list args;
183
184 va_start(args, fmt);
185 do_log(SYSLOG_LEVEL_INFO, fmt, args);
186 va_end(args);
187 cleanup_exit(255);
188}
179 189
180/* Log this message (information that usually should go to the log). */ 190/* Log this message (information that usually should go to the log). */
181 191
@@ -342,7 +352,7 @@ log_change_level(LogLevel new_log_level)
342int 352int
343log_is_on_stderr(void) 353log_is_on_stderr(void)
344{ 354{
345 return log_on_stderr; 355 return log_on_stderr && log_stderr_fd == STDERR_FILENO;
346} 356}
347 357
348/* redirect what would usually get written to stderr to specified file */ 358/* redirect what would usually get written to stderr to specified file */
diff --git a/log.h b/log.h
index ae7df25d3..434b7c81a 100644
--- a/log.h
+++ b/log.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ 1/* $OpenBSD: log.h,v 1.21 2016/07/15 05:01:58 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -63,6 +63,8 @@ void fatal(const char *, ...) __attribute__((noreturn))
63void error(const char *, ...) __attribute__((format(printf, 1, 2))); 63void error(const char *, ...) __attribute__((format(printf, 1, 2)));
64void sigdie(const char *, ...) __attribute__((noreturn)) 64void sigdie(const char *, ...) __attribute__((noreturn))
65 __attribute__((format(printf, 1, 2))); 65 __attribute__((format(printf, 1, 2)));
66void logdie(const char *, ...) __attribute__((noreturn))
67 __attribute__((format(printf, 1, 2)));
66void logit(const char *, ...) __attribute__((format(printf, 1, 2))); 68void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
67void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); 69void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
68void debug(const char *, ...) __attribute__((format(printf, 1, 2))); 70void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
diff --git a/mac.c b/mac.c
index f63fbff09..6b12cd197 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.c,v 1.32 2015/01/15 18:32:54 naddy Exp $ */ 1/* $OpenBSD: mac.c,v 1.33 2016/07/08 03:44:42 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -167,7 +167,8 @@ mac_init(struct sshmac *mac)
167} 167}
168 168
169int 169int
170mac_compute(struct sshmac *mac, u_int32_t seqno, const u_char *data, int datalen, 170mac_compute(struct sshmac *mac, u_int32_t seqno,
171 const u_char *data, int datalen,
171 u_char *digest, size_t dlen) 172 u_char *digest, size_t dlen)
172{ 173{
173 static union { 174 static union {
@@ -211,6 +212,24 @@ mac_compute(struct sshmac *mac, u_int32_t seqno, const u_char *data, int datalen
211 return 0; 212 return 0;
212} 213}
213 214
215int
216mac_check(struct sshmac *mac, u_int32_t seqno,
217 const u_char *data, size_t dlen,
218 const u_char *theirmac, size_t mlen)
219{
220 u_char ourmac[SSH_DIGEST_MAX_LENGTH];
221 int r;
222
223 if (mac->mac_len > mlen)
224 return SSH_ERR_INVALID_ARGUMENT;
225 if ((r = mac_compute(mac, seqno, data, dlen,
226 ourmac, sizeof(ourmac))) != 0)
227 return r;
228 if (timingsafe_bcmp(ourmac, theirmac, mac->mac_len) != 0)
229 return SSH_ERR_MAC_INVALID;
230 return 0;
231}
232
214void 233void
215mac_clear(struct sshmac *mac) 234mac_clear(struct sshmac *mac)
216{ 235{
diff --git a/mac.h b/mac.h
index e5f6b84d9..0b119d7a1 100644
--- a/mac.h
+++ b/mac.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: mac.h,v 1.9 2015/01/13 19:31:40 markus Exp $ */ 1/* $OpenBSD: mac.h,v 1.10 2016/07/08 03:44:42 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -46,6 +46,8 @@ int mac_setup(struct sshmac *, char *);
46int mac_init(struct sshmac *); 46int mac_init(struct sshmac *);
47int mac_compute(struct sshmac *, u_int32_t, const u_char *, int, 47int mac_compute(struct sshmac *, u_int32_t, const u_char *, int,
48 u_char *, size_t); 48 u_char *, size_t);
49int mac_check(struct sshmac *, u_int32_t, const u_char *, size_t,
50 const u_char *, size_t);
49void mac_clear(struct sshmac *); 51void mac_clear(struct sshmac *);
50 52
51#endif /* SSHMAC_H */ 53#endif /* SSHMAC_H */
diff --git a/misc.c b/misc.c
index de7e1facd..9421b4d39 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.101 2016/01/20 09:22:39 dtucker Exp $ */ 1/* $OpenBSD: misc.c,v 1.105 2016/07/15 00:24:30 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -84,9 +84,9 @@ set_nonblock(int fd)
84{ 84{
85 int val; 85 int val;
86 86
87 val = fcntl(fd, F_GETFL, 0); 87 val = fcntl(fd, F_GETFL);
88 if (val < 0) { 88 if (val < 0) {
89 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); 89 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
90 return (-1); 90 return (-1);
91 } 91 }
92 if (val & O_NONBLOCK) { 92 if (val & O_NONBLOCK) {
@@ -108,9 +108,9 @@ unset_nonblock(int fd)
108{ 108{
109 int val; 109 int val;
110 110
111 val = fcntl(fd, F_GETFL, 0); 111 val = fcntl(fd, F_GETFL);
112 if (val < 0) { 112 if (val < 0) {
113 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); 113 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
114 return (-1); 114 return (-1);
115 } 115 }
116 if (!(val & O_NONBLOCK)) { 116 if (!(val & O_NONBLOCK)) {
@@ -451,6 +451,67 @@ colon(char *cp)
451 return NULL; 451 return NULL;
452} 452}
453 453
454/*
455 * Parse a [user@]host[:port] string.
456 * Caller must free returned user and host.
457 * Any of the pointer return arguments may be NULL (useful for syntax checking).
458 * If user was not specified then *userp will be set to NULL.
459 * If port was not specified then *portp will be -1.
460 * Returns 0 on success, -1 on failure.
461 */
462int
463parse_user_host_port(const char *s, char **userp, char **hostp, int *portp)
464{
465 char *sdup, *cp, *tmp;
466 char *user = NULL, *host = NULL;
467 int port = -1, ret = -1;
468
469 if (userp != NULL)
470 *userp = NULL;
471 if (hostp != NULL)
472 *hostp = NULL;
473 if (portp != NULL)
474 *portp = -1;
475
476 if ((sdup = tmp = strdup(s)) == NULL)
477 return -1;
478 /* Extract optional username */
479 if ((cp = strchr(tmp, '@')) != NULL) {
480 *cp = '\0';
481 if (*tmp == '\0')
482 goto out;
483 if ((user = strdup(tmp)) == NULL)
484 goto out;
485 tmp = cp + 1;
486 }
487 /* Extract mandatory hostname */
488 if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0')
489 goto out;
490 host = xstrdup(cleanhostname(cp));
491 /* Convert and verify optional port */
492 if (tmp != NULL && *tmp != '\0') {
493 if ((port = a2port(tmp)) <= 0)
494 goto out;
495 }
496 /* Success */
497 if (userp != NULL) {
498 *userp = user;
499 user = NULL;
500 }
501 if (hostp != NULL) {
502 *hostp = host;
503 host = NULL;
504 }
505 if (portp != NULL)
506 *portp = port;
507 ret = 0;
508 out:
509 free(sdup);
510 free(user);
511 free(host);
512 return ret;
513}
514
454/* function to assist building execv() arguments */ 515/* function to assist building execv() arguments */
455void 516void
456addargs(arglist *args, char *fmt, ...) 517addargs(arglist *args, char *fmt, ...)
@@ -729,16 +790,16 @@ sanitise_stdfd(void)
729 strerror(errno)); 790 strerror(errno));
730 exit(1); 791 exit(1);
731 } 792 }
732 while (++dupfd <= 2) { 793 while (++dupfd <= STDERR_FILENO) {
733 /* Only clobber closed fds */ 794 /* Only populate closed fds. */
734 if (fcntl(dupfd, F_GETFL, 0) >= 0) 795 if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
735 continue; 796 if (dup2(nullfd, dupfd) == -1) {
736 if (dup2(nullfd, dupfd) == -1) { 797 fprintf(stderr, "dup2: %s\n", strerror(errno));
737 fprintf(stderr, "dup2: %s\n", strerror(errno)); 798 exit(1);
738 exit(1); 799 }
739 } 800 }
740 } 801 }
741 if (nullfd > 2) 802 if (nullfd > STDERR_FILENO)
742 close(nullfd); 803 close(nullfd);
743} 804}
744 805
@@ -909,6 +970,31 @@ monotime(void)
909 return time(NULL); 970 return time(NULL);
910} 971}
911 972
973double
974monotime_double(void)
975{
976#if defined(HAVE_CLOCK_GETTIME) && \
977 (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
978 struct timespec ts;
979 static int gettime_failed = 0;
980
981 if (!gettime_failed) {
982#if defined(CLOCK_BOOTTIME)
983 if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
984 return (ts.tv_sec + (double)ts.tv_nsec / 1000000000);
985#endif
986#if defined(CLOCK_MONOTONIC)
987 if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
988 return (ts.tv_sec + (double)ts.tv_nsec / 1000000000);
989#endif
990 debug3("clock_gettime: %s", strerror(errno));
991 gettime_failed = 1;
992 }
993#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
994
995 return (double)time(NULL);
996}
997
912void 998void
913bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) 999bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
914{ 1000{
@@ -1119,3 +1205,41 @@ sock_set_v6only(int s)
1119 error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); 1205 error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
1120#endif 1206#endif
1121} 1207}
1208
1209/*
1210 * Compares two strings that maybe be NULL. Returns non-zero if strings
1211 * are both NULL or are identical, returns zero otherwise.
1212 */
1213static int
1214strcmp_maybe_null(const char *a, const char *b)
1215{
1216 if ((a == NULL && b != NULL) || (a != NULL && b == NULL))
1217 return 0;
1218 if (a != NULL && strcmp(a, b) != 0)
1219 return 0;
1220 return 1;
1221}
1222
1223/*
1224 * Compare two forwards, returning non-zero if they are identical or
1225 * zero otherwise.
1226 */
1227int
1228forward_equals(const struct Forward *a, const struct Forward *b)
1229{
1230 if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0)
1231 return 0;
1232 if (a->listen_port != b->listen_port)
1233 return 0;
1234 if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0)
1235 return 0;
1236 if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0)
1237 return 0;
1238 if (a->connect_port != b->connect_port)
1239 return 0;
1240 if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0)
1241 return 0;
1242 /* allocated_port and handle are not checked */
1243 return 1;
1244}
1245
diff --git a/misc.h b/misc.h
index 374c33ce1..7c76a6a72 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.54 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: misc.h,v 1.57 2016/07/15 00:24:30 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,8 @@ struct Forward {
27 int handle; /* Handle for dynamic listen ports */ 27 int handle; /* Handle for dynamic listen ports */
28}; 28};
29 29
30int forward_equals(const struct Forward *, const struct Forward *);
31
30/* Common server and client forwarding options. */ 32/* Common server and client forwarding options. */
31struct ForwardOptions { 33struct ForwardOptions {
32 int gateway_ports; /* Allow remote connects to forwarded ports. */ 34 int gateway_ports; /* Allow remote connects to forwarded ports. */
@@ -47,6 +49,7 @@ char *put_host_port(const char *, u_short);
47char *hpdelim(char **); 49char *hpdelim(char **);
48char *cleanhostname(char *); 50char *cleanhostname(char *);
49char *colon(char *); 51char *colon(char *);
52int parse_user_host_port(const char *, char **, char **, int *);
50long convtime(const char *); 53long convtime(const char *);
51char *tilde_expand_filename(const char *, uid_t); 54char *tilde_expand_filename(const char *, uid_t);
52char *percent_expand(const char *, ...) __attribute__((__sentinel__)); 55char *percent_expand(const char *, ...) __attribute__((__sentinel__));
@@ -55,6 +58,7 @@ void sanitise_stdfd(void);
55void ms_subtract_diff(struct timeval *, int *); 58void ms_subtract_diff(struct timeval *, int *);
56void ms_to_timeval(struct timeval *, int); 59void ms_to_timeval(struct timeval *, int);
57time_t monotime(void); 60time_t monotime(void);
61double monotime_double(void);
58void lowercase(char *s); 62void lowercase(char *s);
59int unix_listener(const char *, int, int); 63int unix_listener(const char *, int, int);
60 64
diff --git a/moduli b/moduli
index 426a58f4f..d4c9a70ec 100644
--- a/moduli
+++ b/moduli
@@ -1,268 +1,208 @@
1# $OpenBSD: moduli,v 1.14 2015/07/22 02:34:59 dtucker Exp $ 1# $OpenBSD: moduli,v 1.17 2016/03/01 04:23:08 dtucker Exp $
2# Time Type Tests Tries Size Generator Modulus 2# Time Type Tests Tries Size Generator Modulus
320150522025931 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD18DA1F 320150520235007 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031E9A9C5F7
420150522025936 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD3763B3 420150520235015 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031E9CBB21F
520150522025942 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD702B8B 520150520235039 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA2E9623
620150522025943 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD77C283 620150520235043 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA33E3DF
720150522025947 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD96C25B 720150520235057 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA68038B
820150522025953 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADD9B3DB 820150520235114 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAAB0717
920150522025956 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADE84F07 920150520235122 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAC2A7FB
1020150522025957 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADEC1DB3 1020150520235125 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAC82DD3
1120150522030001 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE0E297F 1120150520235154 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB40583F
1220150522030004 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2A1E23 1220150520235214 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB94F247
1320150522030005 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2ADE53 1320150520235218 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB9DF49F
1420150522030008 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE47B9F7 1420150520235239 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EBF7BE27
1520150522030009 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE4E1343 1520150520235244 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC0B4F4F
1620150522030014 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE715CBB 1620150520235250 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC21070F
1720150522030016 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE7BC9EF 1720150520235256 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC36541F
1820150522030018 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE84579B 1820150520235307 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC5FE22B
1920150522030019 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE8A564B 1920150520235322 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ECA1FB57
2020150522030023 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEAF7AD7 2020150520235331 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ECC3C823
2120150522030025 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEB9DC53 2120150520235349 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED035187
2220150522030027 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAECD976F 2220150520235400 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED2F07DB
2320150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF07F063 2320150520235407 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED4620CF
2420150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF08ACBB 2420150520235422 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED86D39F
2520150522030037 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF192C07 2520150520235424 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED86E683
2620150522030039 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF241333 2620150520235427 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED8C3073
2720150522030040 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF255B3B 2720150520235443 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDCB1F63
2820150522030044 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF3DEC37 2820150520235450 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDE00B77
2920150522030048 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF60F05B 2920150520235452 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDE42247
3020150522030049 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF6255DF 3020150520235458 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDF8F493
3120150522030055 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF8EE01F 3120150520235503 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE04D69F
3220150522030059 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFAD237B 3220150520235508 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE14B92B
3320150522030104 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD13587 3320150520235510 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE167933
3420150522030105 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD2BE6F 3420150520235517 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE2DC63B
3520150522030108 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFECF32F 3520150520235527 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE52259F
3620150522030112 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFFDEED7 3620150520235539 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE829247
3720150522030115 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01CAA63 3720150520235557 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EED044BF
3820150522030116 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01F3647 3820150520235608 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EEFD34CF
3920150522030119 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB034B30F 3920150520235614 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF0F709F
4020150522030122 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB04822EF 4020150520235616 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF12110B
4120150522030124 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0528867 4120150520235622 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF25FE1F
4220150522030131 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB08D3CAB 4220150520235637 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF6BF4D3
4320150522030136 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0B10C6F 4320150520235654 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFAF28BF
4420150522030138 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0C688A7 4420150520235701 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFBFB8BB
4520150522030140 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CCDF9B 4520150520235704 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFC7A62F
4620150522030141 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CFD81B 4620150520235710 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFD79323
4720150522030145 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0F59763 4720150520235725 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0158F1F
4820150522030148 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10339FB 4820150520235728 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F01A9E6B
4920150522030149 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10E3ACB 4920150520235743 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F055798B
5020150522030150 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB11127F3 5020150520235752 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0730BC3
5120150522030159 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB15B8BDB 5120150520235757 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F08283FF
5220150522030634 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8ADB54257 5220150520235825 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0F451E3
5320150522030715 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AE6EF847 5320150520235830 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0FDEFB7
5420150522030737 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AEC5D76B 5420150520235901 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F1828ECF
5520150522030739 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECB604F 5520150521000008 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F185D7BF
5620150522030742 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECF538B 5620150521000011 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F18C58FB
5720150522030756 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF04851B 5720150521000014 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F191F757
5820150522030828 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF867683 5820150521000841 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CC7F06BB
5920150522030905 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B01F7E27 5920150521001025 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CD1057AB
6020150522030909 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B02AFB8F 6020150521001131 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CD717D6F
6120150522030918 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B048739F 6120150521001248 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CDDA85F7
6220150522030930 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B07661CB 6220150521001453 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CE8959BF
6320150522030938 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B091EC43 6320150521001510 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CE98227B
6420150522030955 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B0D50D0F 6420150521001623 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CEF967BF
6520150522031007 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1023673 6520150521001651 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CF18156B
6620150522031015 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B119500F 6620150521001758 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CF717197
6720150522031036 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B177EE9F 6720150521001924 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CFE1507B
6820150522031056 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1D0030B 6820150521002244 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D0F75427
6920150522031103 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1ECC193 6920150521002509 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D1BD2823
7020150522031125 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B24C9CF7 7020150521002808 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D2B4950F
7120150522031136 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2774773 7120150521002846 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D2E6D6D7
7220150522031208 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2FC9617 7220150521003203 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D3F5D0D3
7320150522031220 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B32FE6CF 7320150521003322 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D45851E3
7420150522031228 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B345AC93 7420150521003430 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D4AEE517
7520150522031248 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B392E18F 7520150521003629 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5538E0B
7620150522031256 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3B32FCF 7620150521003714 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D58BAFCF
7720150522031300 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3BF5B2B 7720150521003722 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5916FC7
7820150522031311 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3E840CB 7820150521003739 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5A378F7
7920150522031316 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3F5F9D7 7920150521004506 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D82B5113
8020150522031334 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B439F28B 8020150521004613 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D880CB43
8120150522031337 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B44025D3 8120150521004753 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D909305B
8220150522031339 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B442AC0B 8220150521004802 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D90DBDC3
8320150522031353 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4788613 8320150521005025 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D9CBF44F
8420150522031356 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B47F8FDB 8420150521005051 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D9E89DA7
8520150522031401 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B48EAEFB 8520150521005252 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DA8BA403
8620150522031407 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4A1CE0B 8620150521005347 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DAD07F73
8720150522031420 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4D73D93 8720150521005825 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DC5CE5A3
8820150522031425 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4E9937F 8820150521005858 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DC84A597
8920150522031428 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4EFD4BF 8920150521010014 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DCE62957
9020150522031436 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B507149B 9020150521010219 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DD9517D7
9120150522031452 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B54A3243 9120150521011229 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F951FEB83
9220150522032348 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98368C951B 9220150521011834 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F960399B7
9320150522033023 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9838C4B4F7 9320150521012438 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F96EE7973
9420150522033224 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839729F67 9420150521014010 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F99453213
9520150522033330 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839CF938B 9520150521015607 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9B549727
9620150522033506 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A5AA27B 9620150521015640 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9B600A7B
9720150522033539 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A849987 9720150521020946 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9D5299DF
9820150522033610 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983AAC8A5F 9820150521021536 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9E2793D3
9920150522033839 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983B7F9067 9920150521022706 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9FE131CB
10020150522033952 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BE385D7 10020150521023922 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA1BAC073
10120150522034001 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BEA4367 10120150521025234 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA3BC9483
10220150522034055 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C305BC3 10220150521025424 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA3FB3513
10320150522034123 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C516EB3 10320150521032445 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA87E0FAB
10420150522034146 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C6D1017 10420150521032932 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA929F00F
10520150522034241 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983CB6A553 10520150521032947 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA92B272B
10620150522034528 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DA8F54F 10620150521033245 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA9953D0B
10720150522034544 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DB92AEB 10720150521034828 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FABDD4AEF
10820150522034719 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E32A87B 10820150521035044 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAC298C7F
10920150522034748 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E589F5B 10920150521035111 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAC31F17B
11020150522035227 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983FE4EA2B 11020150521035749 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAD250357
11120150522035328 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840340683 11120150521040009 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAD788A73
11220150522035522 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840D77183 11220150521040220 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FADC5F173
11320150522035721 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98417632BF 11320150521040316 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FADDFFC03
11420150522035808 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841B795AB 11420150521041042 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAEEBDEB3
11520150522035847 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841E9F357 11520150521041443 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAF7AD7BB
11620150522040046 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842863803 11620150521041831 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB007D653
11720150522040057 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98428F98CF 11720150521041928 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB025C91B
11820150522040128 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842B68EA3 11820150521042301 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB0A4C143
11920150522040136 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842BA209B 11920150521042631 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB12009F7
12020150522040232 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984303E883 12020150521042740 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB145360F
12120150522040546 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844117EF3 12120150521043358 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB22FAE93
12220150522040607 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844276407 12220150521044013 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB31527AF
12320150522040733 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984499981B 12320150521044543 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB3DDFBB7
12420150522040850 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984502ECCF 12420150521004745 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F52665F2B
12520150522041059 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845BB3AD7 12520150521003352 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F57C7B577
12620150522041141 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845F34747 12620150521005557 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F591BBC57
12720150522041538 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98473F522B 12720150521014228 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5BDF5CE7
12820150522041645 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98479B35EB 12820150521015455 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5C9CFD1F
12920150522043157 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379177A90103 12920150521001701 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5CF6FF9B
13020150522044043 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379178F7604B 13020150521002558 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5D7C4FE3
13120150522044434 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917986809B 13120150521003319 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5DE41DFB
13220150522044641 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379179D34D9F 13220150521003721 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5E1B5FAF
13320150522045152 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917A93F48B 13320150521010943 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F600B866F
13420150522045648 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917B4FEA03 13420150521014141 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F61F01EC3
13520150522051224 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917DA8111B 13520150521010312 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F65EAB753
13620150522051844 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917E9226DB 13620150521002914 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F69FD9357
13720150522052054 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917EDC16FB 13720150521011058 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6C6B8513
13820150522052204 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F0058A7 13820150521013628 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6DE7D9EF
13920150522052248 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F16842F 13920150521015040 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6EB0C897
14020150522052650 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FA2234F 14020150521001307 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6F15473B
14120150522052821 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FD2EA1B 14120150521012712 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7377044B
14220150522054416 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791823EE827 14220150521005218 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7767DEA3
14320150522054652 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182978693 14320150521003512 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7C5546F7
14420150522054912 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182E6E57B 14420150521005420 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7D68EDC3
14520150522054941 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182F0448B 14520150521011347 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7E859CF3
14620150522055008 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182FA0E27 14620150521002429 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F819A93E7
14720150522060835 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379185801F93 14720150521004826 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F88D91A57
14820150522062202 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379187943813 14820150521010541 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F89D29B9F
14920150522062512 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791880945B7 14920150521012418 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8ADC38F7
15020150522063933 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A32FF83 15020150521015506 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8C91980B
15120150522064222 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A910AB3 15120150521004000 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8E369B97
15220150522064452 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918AE83E73 15220150521005659 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8F2B1BEB
15320150522065035 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918BBA1623 15320150521010328 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8F7DD1D3
15420150522065634 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918C920633 15420150521011152 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8FF052BB
15520150522070134 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D471AAB 15520150521001457 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F92940463
15620150522070306 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D7B1063 15620150521011129 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F95C47DCB
15720150522070332 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D838D0B 15720150521013515 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F9710A103
15820150522070807 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918E2B8B67 15820150521013841 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F9733A497
15920150522071420 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F0C3653 15920150521041810 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BE934407F
16020150522071508 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F1EFFFB 16020150521070624 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BEEB1E407
16120150522071555 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F35E697 16120150521051555 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BF50EEEC3
16220150522071903 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918FA47DEB 16220150521061258 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C00AF225F
16320150522074443 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37919363872B 16320150521034225 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C058D5963
16420150522075339 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379194BA4383 16420150521035956 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C0616723F
16520150522080128 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379195DB3C5F 16520150521054248 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C12F16C3F
16620150522080506 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791965094C7 16620150521060112 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C1379EA23
16720150522083733 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C514C4F88F 16720150521023340 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C165F2773
16820150522093608 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517A26827 16820150521043505 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C1A3EC717
16920150522094040 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517D03757 16920150521024626 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C202ABED3
17020150522095314 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C518686A8B 17020150521064303 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C27790087
17120150522101845 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C519A641F3 17120150521060604 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C2F9DF583
17220150522103233 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51A4A87B7 17220150521062143 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3003EEAB
17320150522111208 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51C3A7B9B 17320150521044311 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C363D0A77
17420150522120305 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51EB16CF7 17420150521053731 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C37D6EFCF
17520150522122813 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51FE5C353 17520150521065640 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3A20A2DF
17620150522132032 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5226F04CB 17620150521044717 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3F622E8B
17720150522141054 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C524EBC207 17720150521065426 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C430ED7CB
17820150522153656 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529553A9F 17820150521023632 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C445E575B
17920150522154114 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5298632F7 17920150521032945 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C45EEE643
18020150522154826 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529DCC5D7 18020150521054538 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C49FB77CB
18120150522163842 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52C78C8C3 18120150521024620 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C4D86D0FB
18220150522165625 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52D5A1C27 18220150521042108 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C505E524B
18320150522172408 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52EBD88E3 18320150521041835 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD3703FA7
18420150522173745 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52F69630B 18420150521051726 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD4CEF96F
18520150522184340 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5327AFF1B 18520150521074626 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD86439C3
18620150522190348 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5336CDC63 18620150521082439 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD947F7F3
18720150522200705 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5366C1207 18720150521012012 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CE0694343
18820150522201200 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5369D0A6B 18820150521073153 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CE93D436F
18920150522202855 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5375B287F 18920150521094433 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CEC4EE993
19020150522204401 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5380EDB4B 19020150521074128 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CFA190CE3
19120150522205115 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5385D084B 19120150521014004 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D0235296F
19220150522210056 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C538CEBB3B 19220150521014736 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D025961EB
19320150522212110 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C539B27FE3 19320150521065737 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D0961218F
19420150522215602 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53B4E825B 19420150521043653 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D163706C7
19520150522222840 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53CD37713 19520150521085322 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1BC6858F
19620150522224719 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53DAAAE07 19620150521093922 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1CC27FE3
19720150523005800 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C543D2802B 19720150521120407 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1FE2874F
19820150523110456 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C549CAF02F 19820150521124157 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D20A8A19B
19920150523111755 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C54A5BCB0B 19920150521035417 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D24E0665B
20020150523135850 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551C0E2B7 20020150521062806 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D2828F7AB
20120150523140345 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551F4D6B3 20120150521074218 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D29B42017
20220150523153045 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5561141EB 20220150521114937 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D2F027D3F
20320150523170349 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C55A59DCDF 20320150521073847 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D3905A9FF
20420150523191201 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB470CDA3203 20420150521024512 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D41DB2FFB
20520150523215157 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4711A72AAB 20520150521024827 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D41E2852F
20620150523231527 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47141BE273 20620150521042402 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D43D9B0E3
20720150523235422 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47153C4A8F 20720150521083756 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D491D852F
20820150524010823 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47174C4663 20820150521113241 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D4CAD7D8B
20920150524013736 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471810100B
21020150524040115 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471BEA9823
21120150524051719 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471DEF42C3
21220150524055417 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471EE81B27
21320150524104925 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726B43323
21420150524105636 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726DBBBDF
21520150524130121 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472A1294AB
21620150524163025 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FBAE453
21720150524163715 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FE1144B
21820150524173410 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47315B458F
21920150524181655 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473268D4BB
22020150524223625 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473917D17B
22120150525001303 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473B95BAC3
22220150525011252 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473D16F0B3
22320150525020522 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473E60DDB7
22420150525061910 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4744D20B9F
22520150525092924 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47499CAF77
22620150525124039 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474E6A2CEB
22720150525132602 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474F854D7B
22820150525170642 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4755495933
22920150525201019 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4759D07FB7
23020150525223942 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475D6E1C07
23120150525230547 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475E0B3487
23220150525234905 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475F115D93
23320150526002510 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475FE94D13
23420150526014857 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4761E82A83
23520150526045853 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47667CBC4F
23620150605090211 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB476DA5F0B7
23720150605145212 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4776229827
23820150605174343 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477A770453
23920150605182015 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477B32F0B3
24020150526114135 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C238093
24120150526114600 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C32EEF7
24220150526134901 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95F067BA3
24320150526153127 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96179B9CB
24420150526164245 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96332D5AF
24520150526174513 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9649A719B
24620150527035812 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97262B7F7
24720150527075726 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE977B43343
24820150527112120 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97C1F6EA7
24920150528010450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98E4FBCCB
25020150528020450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98F884B93
25120150528024708 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE990692277
25220150605205801 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE994DC793F
25320150606012116 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE99A681C6B
25420150606055158 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A0264EE7
25520150606071549 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A1DB0223
25620150606132241 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A644DC6B
25720150606164856 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9AAAAEE73
25820150606183208 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9ACEEACDB
25920150607015742 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B6ADF38F
26020150607022317 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B733A2AB
26120150607051100 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BAB79D47
26220150607064815 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BCBC8A17
26320150607120629 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C355FA5B
26420150607121012 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3600A83
26520150607123508 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3DCB093
26620150607144400 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C680E5AB
26720150607145646 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C6BC5BC3
26820150607201140 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9CD3C4A03
diff --git a/moduli.0 b/moduli.0
index a74279b21..dd762af85 100644
--- a/moduli.0
+++ b/moduli.0
@@ -71,4 +71,4 @@ STANDARDS
71 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, 71 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
72 2006. 72 2006.
73 73
74OpenBSD 5.9 September 26, 2012 OpenBSD 5.9 74OpenBSD 6.0 September 26, 2012 OpenBSD 6.0
diff --git a/monitor.c b/monitor.c
index ac7dd3099..cb57bd066 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.157 2016/02/15 23:32:37 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -34,6 +34,7 @@
34 34
35#include <errno.h> 35#include <errno.h>
36#include <fcntl.h> 36#include <fcntl.h>
37#include <limits.h>
37#ifdef HAVE_PATHS_H 38#ifdef HAVE_PATHS_H
38#include <paths.h> 39#include <paths.h>
39#endif 40#endif
@@ -74,6 +75,7 @@
74#include "cipher.h" 75#include "cipher.h"
75#include "kex.h" 76#include "kex.h"
76#include "dh.h" 77#include "dh.h"
78#include "auth-pam.h"
77#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ 79#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
78#undef TARGET_OS_MAC 80#undef TARGET_OS_MAC
79#include "zlib.h" 81#include "zlib.h"
@@ -688,7 +690,8 @@ mm_answer_sign(int sock, Buffer *m)
688 u_char *p = NULL, *signature = NULL; 690 u_char *p = NULL, *signature = NULL;
689 char *alg = NULL; 691 char *alg = NULL;
690 size_t datlen, siglen, alglen; 692 size_t datlen, siglen, alglen;
691 int r, keyid, is_proof = 0; 693 int r, is_proof = 0;
694 u_int keyid;
692 const char proof_req[] = "hostkeys-prove-00@openssh.com"; 695 const char proof_req[] = "hostkeys-prove-00@openssh.com";
693 696
694 debug3("%s", __func__); 697 debug3("%s", __func__);
@@ -697,6 +700,8 @@ mm_answer_sign(int sock, Buffer *m)
697 (r = sshbuf_get_string(m, &p, &datlen)) != 0 || 700 (r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
698 (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) 701 (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0)
699 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 702 fatal("%s: buffer error: %s", __func__, ssh_err(r));
703 if (keyid > INT_MAX)
704 fatal("%s: invalid key ID", __func__);
700 705
701 /* 706 /*
702 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 707 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
@@ -916,6 +921,9 @@ mm_answer_authpassword(int sock, Buffer *m)
916 921
917 buffer_clear(m); 922 buffer_clear(m);
918 buffer_put_int(m, authenticated); 923 buffer_put_int(m, authenticated);
924#ifdef USE_PAM
925 buffer_put_int(m, sshpam_get_maxtries_reached());
926#endif
919 927
920 debug3("%s: sending result %d", __func__, authenticated); 928 debug3("%s: sending result %d", __func__, authenticated);
921 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); 929 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
@@ -1115,6 +1123,7 @@ mm_answer_pam_query(int sock, Buffer *m)
1115 free(name); 1123 free(name);
1116 buffer_put_cstring(m, info); 1124 buffer_put_cstring(m, info);
1117 free(info); 1125 free(info);
1126 buffer_put_int(m, sshpam_get_maxtries_reached());
1118 buffer_put_int(m, num); 1127 buffer_put_int(m, num);
1119 for (i = 0; i < num; ++i) { 1128 for (i = 0; i < num; ++i) {
1120 buffer_put_cstring(m, prompts[i]); 1129 buffer_put_cstring(m, prompts[i]);
@@ -1249,6 +1258,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
1249 break; 1258 break;
1250 } 1259 }
1251 } 1260 }
1261
1262 debug3("%s: key %p is %s",
1263 __func__, key, allowed ? "allowed" : "not allowed");
1264
1252 if (key != NULL) 1265 if (key != NULL)
1253 key_free(key); 1266 key_free(key);
1254 1267
@@ -1270,9 +1283,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
1270 free(chost); 1283 free(chost);
1271 } 1284 }
1272 1285
1273 debug3("%s: key %p is %s",
1274 __func__, key, allowed ? "allowed" : "not allowed");
1275
1276 buffer_clear(m); 1286 buffer_clear(m);
1277 buffer_put_int(m, allowed); 1287 buffer_put_int(m, allowed);
1278 buffer_put_int(m, forced_command != NULL); 1288 buffer_put_int(m, forced_command != NULL);
@@ -1289,7 +1299,8 @@ static int
1289monitor_valid_userblob(u_char *data, u_int datalen) 1299monitor_valid_userblob(u_char *data, u_int datalen)
1290{ 1300{
1291 Buffer b; 1301 Buffer b;
1292 char *p, *userstyle; 1302 u_char *p;
1303 char *userstyle, *cp;
1293 u_int len; 1304 u_int len;
1294 int fail = 0; 1305 int fail = 0;
1295 1306
@@ -1314,26 +1325,26 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1314 } 1325 }
1315 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1326 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1316 fail++; 1327 fail++;
1317 p = buffer_get_cstring(&b, NULL); 1328 cp = buffer_get_cstring(&b, NULL);
1318 xasprintf(&userstyle, "%s%s%s", authctxt->user, 1329 xasprintf(&userstyle, "%s%s%s", authctxt->user,
1319 authctxt->style ? ":" : "", 1330 authctxt->style ? ":" : "",
1320 authctxt->style ? authctxt->style : ""); 1331 authctxt->style ? authctxt->style : "");
1321 if (strcmp(userstyle, p) != 0) { 1332 if (strcmp(userstyle, cp) != 0) {
1322 logit("wrong user name passed to monitor: expected %s != %.100s", 1333 logit("wrong user name passed to monitor: "
1323 userstyle, p); 1334 "expected %s != %.100s", userstyle, cp);
1324 fail++; 1335 fail++;
1325 } 1336 }
1326 free(userstyle); 1337 free(userstyle);
1327 free(p); 1338 free(cp);
1328 buffer_skip_string(&b); 1339 buffer_skip_string(&b);
1329 if (datafellows & SSH_BUG_PKAUTH) { 1340 if (datafellows & SSH_BUG_PKAUTH) {
1330 if (!buffer_get_char(&b)) 1341 if (!buffer_get_char(&b))
1331 fail++; 1342 fail++;
1332 } else { 1343 } else {
1333 p = buffer_get_cstring(&b, NULL); 1344 cp = buffer_get_cstring(&b, NULL);
1334 if (strcmp("publickey", p) != 0) 1345 if (strcmp("publickey", cp) != 0)
1335 fail++; 1346 fail++;
1336 free(p); 1347 free(cp);
1337 if (!buffer_get_char(&b)) 1348 if (!buffer_get_char(&b))
1338 fail++; 1349 fail++;
1339 buffer_skip_string(&b); 1350 buffer_skip_string(&b);
@@ -1469,6 +1480,7 @@ mm_answer_keyverify(int sock, Buffer *m)
1469static void 1480static void
1470mm_record_login(Session *s, struct passwd *pw) 1481mm_record_login(Session *s, struct passwd *pw)
1471{ 1482{
1483 struct ssh *ssh = active_state; /* XXX */
1472 socklen_t fromlen; 1484 socklen_t fromlen;
1473 struct sockaddr_storage from; 1485 struct sockaddr_storage from;
1474 1486
@@ -1490,7 +1502,7 @@ mm_record_login(Session *s, struct passwd *pw)
1490 } 1502 }
1491 /* Record that there was a login on that tty from the remote host. */ 1503 /* Record that there was a login on that tty from the remote host. */
1492 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1504 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1493 get_remote_name_or_ip(utmp_len, options.use_dns), 1505 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
1494 (struct sockaddr *)&from, fromlen); 1506 (struct sockaddr *)&from, fromlen);
1495} 1507}
1496 1508
@@ -1854,6 +1866,9 @@ monitor_apply_keystate(struct monitor *pmonitor)
1854#ifdef WITH_OPENSSL 1866#ifdef WITH_OPENSSL
1855 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1867 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1856 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1868 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1869 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
1870 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
1871 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
1857 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1872 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1858 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1873 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1859# ifdef OPENSSL_HAS_ECC 1874# ifdef OPENSSL_HAS_ECC
diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index 2ddd80732..d766edcf1 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_fdpass.c,v 1.20 2015/02/25 23:05:47 djm Exp $ */ 1/* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */
2/* 2/*
3 * Copyright 2001 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2001 Niels Provos <provos@citi.umich.edu>
4 * All rights reserved. 4 * All rights reserved.
@@ -99,8 +99,7 @@ mm_send_fd(int sock, int fd)
99 } 99 }
100 100
101 if (n != 1) { 101 if (n != 1) {
102 error("%s: sendmsg: expected sent 1 got %ld", 102 error("%s: sendmsg: expected sent 1 got %zd", __func__, n);
103 __func__, (long)n);
104 return -1; 103 return -1;
105 } 104 }
106 return 0; 105 return 0;
@@ -155,8 +154,7 @@ mm_receive_fd(int sock)
155 } 154 }
156 155
157 if (n != 1) { 156 if (n != 1) {
158 error("%s: recvmsg: expected received 1 got %ld", 157 error("%s: recvmsg: expected received 1 got %zd", __func__, n);
159 __func__, (long)n);
160 return -1; 158 return -1;
161 } 159 }
162 160
diff --git a/monitor_wrap.c b/monitor_wrap.c
index c5db6df48..99dc13b61 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -60,6 +60,7 @@
60#include "packet.h" 60#include "packet.h"
61#include "mac.h" 61#include "mac.h"
62#include "log.h" 62#include "log.h"
63#include "auth-pam.h"
63#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ 64#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
64#undef TARGET_OS_MAC 65#undef TARGET_OS_MAC
65#include "zlib.h" 66#include "zlib.h"
@@ -362,6 +363,9 @@ mm_auth_password(Authctxt *authctxt, char *password)
362 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); 363 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
363 364
364 authenticated = buffer_get_int(&m); 365 authenticated = buffer_get_int(&m);
366#ifdef USE_PAM
367 sshpam_set_maxtries_reached(buffer_get_int(&m));
368#endif
365 369
366 buffer_free(&m); 370 buffer_free(&m);
367 371
@@ -378,15 +382,15 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
378} 382}
379 383
380int 384int
381mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, 385mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
382 Key *key) 386 Key *key)
383{ 387{
384 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); 388 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
385} 389}
386 390
387int 391int
388mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, 392mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *user,
389 char *host, Key *key) 393 const char *host, Key *key)
390{ 394{
391 int ret; 395 int ret;
392 396
@@ -397,8 +401,8 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
397} 401}
398 402
399int 403int
400mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, 404mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
401 int pubkey_auth_attempt) 405 Key *key, int pubkey_auth_attempt)
402{ 406{
403 Buffer m; 407 Buffer m;
404 u_char *blob; 408 u_char *blob;
@@ -644,6 +648,7 @@ mm_sshpam_query(void *ctx, char **name, char **info,
644 debug3("%s: pam_query returned %d", __func__, ret); 648 debug3("%s: pam_query returned %d", __func__, ret);
645 *name = buffer_get_string(&m, NULL); 649 *name = buffer_get_string(&m, NULL);
646 *info = buffer_get_string(&m, NULL); 650 *info = buffer_get_string(&m, NULL);
651 sshpam_set_maxtries_reached(buffer_get_int(&m));
647 *num = buffer_get_int(&m); 652 *num = buffer_get_int(&m);
648 if (*num > PAM_MAX_NUM_MSG) 653 if (*num > PAM_MAX_NUM_MSG)
649 fatal("%s: recieved %u PAM messages, expected <= %u", 654 fatal("%s: recieved %u PAM messages, expected <= %u",
diff --git a/monitor_wrap.h b/monitor_wrap.h
index eb820aeea..9fd02b30c 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.h,v 1.29 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.h,v 1.30 2016/03/07 19:02:43 djm Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -45,10 +45,12 @@ void mm_inform_authserv(char *, char *);
45struct passwd *mm_getpwnamallow(const char *); 45struct passwd *mm_getpwnamallow(const char *);
46char *mm_auth2_read_banner(void); 46char *mm_auth2_read_banner(void);
47int mm_auth_password(struct Authctxt *, char *); 47int mm_auth_password(struct Authctxt *, char *);
48int mm_key_allowed(enum mm_keytype, char *, char *, Key *, int); 48int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int);
49int mm_user_key_allowed(struct passwd *, Key *, int); 49int mm_user_key_allowed(struct passwd *, Key *, int);
50int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); 50int mm_hostbased_key_allowed(struct passwd *, const char *,
51int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); 51 const char *, Key *);
52int mm_auth_rhosts_rsa_key_allowed(struct passwd *, const char *,
53 const char *, Key *);
52int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); 54int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
53int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); 55int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
54int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); 56int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
diff --git a/mux.c b/mux.c
index 6bf53ebd9..98e3c0068 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */ 1/* $OpenBSD: mux.c,v 1.60 2016/06/03 03:14:41 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -88,8 +88,6 @@ extern char *host;
88extern int subsystem_flag; 88extern int subsystem_flag;
89extern Buffer command; 89extern Buffer command;
90extern volatile sig_atomic_t quit_pending; 90extern volatile sig_atomic_t quit_pending;
91extern char *stdio_forward_host;
92extern int stdio_forward_port;
93 91
94/* Context for session open confirmation callback */ 92/* Context for session open confirmation callback */
95struct mux_session_confirm_ctx { 93struct mux_session_confirm_ctx {
@@ -1297,7 +1295,7 @@ muxserver_listen(void)
1297 /* Now atomically "move" the mux socket into position */ 1295 /* Now atomically "move" the mux socket into position */
1298 if (link(options.control_path, orig_control_path) != 0) { 1296 if (link(options.control_path, orig_control_path) != 0) {
1299 if (errno != EEXIST) { 1297 if (errno != EEXIST) {
1300 fatal("%s: link mux listener %s => %s: %s", __func__, 1298 fatal("%s: link mux listener %s => %s: %s", __func__,
1301 options.control_path, orig_control_path, 1299 options.control_path, orig_control_path,
1302 strerror(errno)); 1300 strerror(errno));
1303 } 1301 }
@@ -1991,8 +1989,8 @@ mux_client_request_stdio_fwd(int fd)
1991 buffer_put_int(&m, MUX_C_NEW_STDIO_FWD); 1989 buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1992 buffer_put_int(&m, muxclient_request_id); 1990 buffer_put_int(&m, muxclient_request_id);
1993 buffer_put_cstring(&m, ""); /* reserved */ 1991 buffer_put_cstring(&m, ""); /* reserved */
1994 buffer_put_cstring(&m, stdio_forward_host); 1992 buffer_put_cstring(&m, options.stdio_forward_host);
1995 buffer_put_int(&m, stdio_forward_port); 1993 buffer_put_int(&m, options.stdio_forward_port);
1996 1994
1997 if (mux_client_write_packet(fd, &m) != 0) 1995 if (mux_client_write_packet(fd, &m) != 0)
1998 fatal("%s: write packet: %s", __func__, strerror(errno)); 1996 fatal("%s: write packet: %s", __func__, strerror(errno));
@@ -2116,7 +2114,7 @@ muxclient(const char *path)
2116 u_int pid; 2114 u_int pid;
2117 2115
2118 if (muxclient_command == 0) { 2116 if (muxclient_command == 0) {
2119 if (stdio_forward_host != NULL) 2117 if (options.stdio_forward_host != NULL)
2120 muxclient_command = SSHMUX_COMMAND_STDIO_FWD; 2118 muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
2121 else 2119 else
2122 muxclient_command = SSHMUX_COMMAND_OPEN; 2120 muxclient_command = SSHMUX_COMMAND_OPEN;
diff --git a/myproposal.h b/myproposal.h
index bdd05966f..597090164 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -67,13 +67,18 @@
67#endif 67#endif
68 68
69#ifdef HAVE_EVP_SHA256 69#ifdef HAVE_EVP_SHA256
70# define KEX_SHA256_METHODS \ 70# define KEX_SHA2_METHODS \
71 "diffie-hellman-group-exchange-sha256," 71 "diffie-hellman-group-exchange-sha256," \
72 "diffie-hellman-group16-sha512," \
73 "diffie-hellman-group18-sha512,"
74# define KEX_SHA2_GROUP14 \
75 "diffie-hellman-group14-sha256,"
72#define SHA2_HMAC_MODES \ 76#define SHA2_HMAC_MODES \
73 "hmac-sha2-256," \ 77 "hmac-sha2-256," \
74 "hmac-sha2-512," 78 "hmac-sha2-512,"
75#else 79#else
76# define KEX_SHA256_METHODS 80# define KEX_SHA2_METHODS
81# define KEX_SHA2_GROUP14
77# define SHA2_HMAC_MODES 82# define SHA2_HMAC_MODES
78#endif 83#endif
79 84
@@ -86,13 +91,15 @@
86#define KEX_COMMON_KEX \ 91#define KEX_COMMON_KEX \
87 KEX_CURVE25519_METHODS \ 92 KEX_CURVE25519_METHODS \
88 KEX_ECDH_METHODS \ 93 KEX_ECDH_METHODS \
89 KEX_SHA256_METHODS 94 KEX_SHA2_METHODS
90 95
91#define KEX_SERVER_KEX KEX_COMMON_KEX \ 96#define KEX_SERVER_KEX KEX_COMMON_KEX \
97 KEX_SHA2_GROUP14 \
92 "diffie-hellman-group14-sha1" \ 98 "diffie-hellman-group14-sha1" \
93 99
94#define KEX_CLIENT_KEX KEX_COMMON_KEX \ 100#define KEX_CLIENT_KEX KEX_COMMON_KEX \
95 "diffie-hellman-group-exchange-sha1," \ 101 "diffie-hellman-group-exchange-sha1," \
102 KEX_SHA2_GROUP14 \
96 "diffie-hellman-group14-sha1" 103 "diffie-hellman-group14-sha1"
97 104
98#define KEX_DEFAULT_PK_ALG \ 105#define KEX_DEFAULT_PK_ALG \
diff --git a/opacket.h b/opacket.h
index c26ade44c..16322ec6f 100644
--- a/opacket.h
+++ b/opacket.h
@@ -144,10 +144,6 @@ void packet_disconnect(const char *, ...)
144 ssh_packet_get_state(active_state, m) 144 ssh_packet_get_state(active_state, m)
145#define packet_set_state(m) \ 145#define packet_set_state(m) \
146 ssh_packet_set_state(active_state, m) 146 ssh_packet_set_state(active_state, m)
147#if 0
148#define get_remote_ipaddr() \
149 ssh_remote_ipaddr(active_state)
150#endif
151#define packet_get_raw(lenp) \ 147#define packet_get_raw(lenp) \
152 sshpkt_ptr(active_state, lenp) 148 sshpkt_ptr(active_state, lenp)
153#define packet_get_ecpoint(c,p) \ 149#define packet_get_ecpoint(c,p) \
diff --git a/openbsd-compat/.cvsignore b/openbsd-compat/.cvsignore
deleted file mode 100644
index f3c7a7c5d..000000000
--- a/openbsd-compat/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
1Makefile
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 3c5e3b7f7..aca9eba75 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o 19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
20 20
21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o 21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
22 22
23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o 23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
24 24
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 046f57e61..b6256b4f8 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -110,8 +110,8 @@ _rs_stir(void)
110 110
111#ifdef WITH_OPENSSL 111#ifdef WITH_OPENSSL
112 if (RAND_bytes(rnd, sizeof(rnd)) <= 0) 112 if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
113 fatal("Couldn't obtain random bytes (error %ld)", 113 fatal("Couldn't obtain random bytes (error 0x%lx)",
114 ERR_get_error()); 114 (unsigned long)ERR_get_error());
115#else 115#else
116 getrnd(rnd, sizeof(rnd)); 116 getrnd(rnd, sizeof(rnd));
117#endif 117#endif
diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c
index c89f21403..eeb269d59 100644
--- a/openbsd-compat/bindresvport.c
+++ b/openbsd-compat/bindresvport.c
@@ -64,6 +64,7 @@ bindresvport_sa(int sd, struct sockaddr *sa)
64 if (sa == NULL) { 64 if (sa == NULL) {
65 memset(&myaddr, 0, sizeof(myaddr)); 65 memset(&myaddr, 0, sizeof(myaddr));
66 sa = (struct sockaddr *)&myaddr; 66 sa = (struct sockaddr *)&myaddr;
67 salen = sizeof(myaddr);
67 68
68 if (getsockname(sd, sa, &salen) == -1) 69 if (getsockname(sd, sa, &salen) == -1)
69 return -1; /* errno is correctly set */ 70 return -1; /* errno is correctly set */
diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c
index 3368195d4..7b83448ca 100644
--- a/openbsd-compat/bsd-asprintf.c
+++ b/openbsd-compat/bsd-asprintf.c
@@ -25,18 +25,6 @@
25#include <stdarg.h> 25#include <stdarg.h>
26#include <stdlib.h> 26#include <stdlib.h>
27 27
28#ifndef VA_COPY
29# ifdef HAVE_VA_COPY
30# define VA_COPY(dest, src) va_copy(dest, src)
31# else
32# ifdef HAVE___VA_COPY
33# define VA_COPY(dest, src) __va_copy(dest, src)
34# else
35# define VA_COPY(dest, src) (dest) = (src)
36# endif
37# endif
38#endif
39
40#define INIT_SZ 128 28#define INIT_SZ 128
41 29
42int 30int
diff --git a/openbsd-compat/bsd-err.c b/openbsd-compat/bsd-err.c
new file mode 100644
index 000000000..ab10646f0
--- /dev/null
+++ b/openbsd-compat/bsd-err.c
@@ -0,0 +1,71 @@
1/*
2 * Copyright (c) 2015 Tim Rice <tim@multitalents.net>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#include "includes.h"
29
30#ifndef HAVE_ERR
31void
32err(int r, const char *fmt, ...)
33{
34 va_list args;
35
36 va_start(args, fmt);
37 fprintf(stderr, "%s: ", strerror(errno));
38 vfprintf(stderr, fmt, args);
39 fputc('\n', stderr);
40 va_end(args);
41 exit(r);
42}
43#endif
44
45#ifndef HAVE_ERRX
46void
47errx(int r, const char *fmt, ...)
48{
49 va_list args;
50
51 va_start(args, fmt);
52 vfprintf(stderr, fmt, args);
53 fputc('\n', stderr);
54 va_end(args);
55 exit(r);
56}
57#endif
58
59#ifndef HAVE_WARN
60void
61warn(const char *fmt, ...)
62{
63 va_list args;
64
65 va_start(args, fmt);
66 fprintf(stderr, "%s: ", strerror(errno));
67 vfprintf(stderr, fmt, args);
68 fputc('\n', stderr);
69 va_end(args);
70}
71#endif
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 2a788e47f..18bf62dd8 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -284,3 +284,20 @@ pledge(const char *promises, const char *paths[])
284 return 0; 284 return 0;
285} 285}
286#endif 286#endif
287
288#ifndef HAVE_MBTOWC
289/* a mbtowc that only supports ASCII */
290int
291mbtowc(wchar_t *pwc, const char *s, size_t n)
292{
293 if (s == NULL || *s == '\0')
294 return 0; /* ASCII is not state-dependent */
295 if (*s < 0 || *s > 0x7f || n < 1) {
296 errno = EOPNOTSUPP;
297 return -1;
298 }
299 if (pwc != NULL)
300 *pwc = *s;
301 return 1;
302}
303#endif
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 0d81d1735..27abb2e92 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -126,4 +126,15 @@ pid_t getpgid(pid_t);
126int pledge(const char *promises, const char *paths[]); 126int pledge(const char *promises, const char *paths[]);
127#endif 127#endif
128 128
129/* bsd-err.h */
130#ifndef HAVE_ERR
131void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
132#endif
133#ifndef HAVE_ERRX
134void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
135#endif
136#ifndef HAVE_WARN
137void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
138#endif
139
129#endif /* _BSD_MISC_H */ 140#endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index 23a635989..d95b6a401 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -99,18 +99,6 @@
99# undef HAVE_VSNPRINTF 99# undef HAVE_VSNPRINTF
100#endif 100#endif
101 101
102#ifndef VA_COPY
103# ifdef HAVE_VA_COPY
104# define VA_COPY(dest, src) va_copy(dest, src)
105# else
106# ifdef HAVE___VA_COPY
107# define VA_COPY(dest, src) __va_copy(dest, src)
108# else
109# define VA_COPY(dest, src) (dest) = (src)
110# endif
111# endif
112#endif
113
114#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) 102#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
115 103
116#include <ctype.h> 104#include <ctype.h>
diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c
index 130597e14..093a17203 100644
--- a/openbsd-compat/inet_aton.c
+++ b/openbsd-compat/inet_aton.c
@@ -3,7 +3,7 @@
3/* 3/*
4 * Copyright (c) 1983, 1990, 1993 4 * Copyright (c) 1983, 1990, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
@@ -15,7 +15,7 @@
15 * 3. Neither the name of the University nor the names of its contributors 15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software 16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission. 17 * without specific prior written permission.
18 * 18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -29,14 +29,14 @@
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 * - 30 * -
31 * Portions Copyright (c) 1993 by Digital Equipment Corporation. 31 * Portions Copyright (c) 1993 by Digital Equipment Corporation.
32 * 32 *
33 * Permission to use, copy, modify, and distribute this software for any 33 * Permission to use, copy, modify, and distribute this software for any
34 * purpose with or without fee is hereby granted, provided that the above 34 * purpose with or without fee is hereby granted, provided that the above
35 * copyright notice and this permission notice appear in all copies, and that 35 * copyright notice and this permission notice appear in all copies, and that
36 * the name of Digital Equipment Corporation not be used in advertising or 36 * the name of Digital Equipment Corporation not be used in advertising or
37 * publicity pertaining to distribution of the document or software without 37 * publicity pertaining to distribution of the document or software without
38 * specific, written prior permission. 38 * specific, written prior permission.
39 * 39 *
40 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL 40 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
41 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES 41 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
42 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT 42 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
@@ -77,7 +77,7 @@ inet_addr(const char *cp)
77} 77}
78#endif 78#endif
79 79
80/* 80/*
81 * Check whether "cp" is a valid ascii representation 81 * Check whether "cp" is a valid ascii representation
82 * of an Internet address and convert to a binary address. 82 * of an Internet address and convert to a binary address.
83 * Returns 1 if the address is valid, 0 if not. 83 * Returns 1 if the address is valid, 0 if not.
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 8cc8a11b7..37d2064cd 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -36,6 +36,8 @@
36 36
37#include <sys/socket.h> 37#include <sys/socket.h>
38 38
39#include <stddef.h> /* for wchar_t */
40
39/* OpenBSD function replacements */ 41/* OpenBSD function replacements */
40#include "base64.h" 42#include "base64.h"
41#include "sigact.h" 43#include "sigact.h"
@@ -231,10 +233,43 @@ long long strtonum(const char *, long long, long long, const char **);
231# define mblen(x, y) (1) 233# define mblen(x, y) (1)
232#endif 234#endif
233 235
236#ifndef HAVE_WCWIDTH
237# define wcwidth(x) (((x) >= 0x20 && (x) <= 0x7e) ? 1 : -1)
238/* force our no-op nl_langinfo and mbtowc */
239# undef HAVE_NL_LANGINFO
240# undef HAVE_MBTOWC
241# undef HAVE_LANGINFO_H
242#endif
243
244#ifndef HAVE_NL_LANGINFO
245# define nl_langinfo(x) ""
246#endif
247
248#ifndef HAVE_MBTOWC
249int mbtowc(wchar_t *, const char*, size_t);
250#endif
251
234#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) 252#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF)
235# include <stdarg.h> 253# include <stdarg.h>
236#endif 254#endif
237 255
256/*
257 * Some platforms unconditionally undefine va_copy() so we define VA_COPY()
258 * instead. This is known to be the case on at least some configurations of
259 * AIX with the xlc compiler.
260 */
261#ifndef VA_COPY
262# ifdef HAVE_VA_COPY
263# define VA_COPY(dest, src) va_copy(dest, src)
264# else
265# ifdef HAVE___VA_COPY
266# define VA_COPY(dest, src) __va_copy(dest, src)
267# else
268# define VA_COPY(dest, src) (dest) = (src)
269# endif
270# endif
271#endif
272
238#ifndef HAVE_VASPRINTF 273#ifndef HAVE_VASPRINTF
239int vasprintf(char **, const char *, va_list); 274int vasprintf(char **, const char *, va_list);
240#endif 275#endif
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h
index 3a41ea8cd..a7cb5eb30 100644
--- a/openbsd-compat/port-solaris.h
+++ b/openbsd-compat/port-solaris.h
@@ -27,6 +27,7 @@ void solaris_contract_post_fork_child(void);
27void solaris_contract_post_fork_parent(pid_t pid); 27void solaris_contract_post_fork_parent(pid_t pid);
28void solaris_set_default_project(struct passwd *); 28void solaris_set_default_project(struct passwd *);
29# ifdef USE_SOLARIS_PRIVS 29# ifdef USE_SOLARIS_PRIVS
30#include <priv.h>
30priv_set_t *solaris_basic_privset(void); 31priv_set_t *solaris_basic_privset(void);
31void solaris_drop_privs_pinfo_net_fork_exec(void); 32void solaris_drop_privs_pinfo_net_fork_exec(void);
32void solaris_drop_privs_root_pinfo_net(void); 33void solaris_drop_privs_root_pinfo_net(void);
diff --git a/openbsd-compat/regress/.cvsignore b/openbsd-compat/regress/.cvsignore
deleted file mode 100644
index 33074f4a3..000000000
--- a/openbsd-compat/regress/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
1Makefile
2snprintftest
3strduptest
4strtonumtest
5closefromtest
6opensslvertest
diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
index f6f5665c1..3cef6bafd 100644
--- a/openbsd-compat/vis.c
+++ b/openbsd-compat/vis.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */ 1/* $OpenBSD: vis.c,v 1.25 2015/09/13 11:32:51 guenther Exp $ */
2/*- 2/*-
3 * Copyright (c) 1989, 1993 3 * Copyright (c) 1989, 1993
4 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -33,13 +33,24 @@
33#include "includes.h" 33#include "includes.h"
34#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) 34#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS)
35 35
36/*
37 * We want these to override in the BROKEN_STRNVIS case. TO avoid future sync
38 * problems no-op out the weak symbol definition rather than remove it.
39 */
40#define DEF_WEAK(x)
41
42#include <sys/types.h>
43#include <errno.h>
36#include <ctype.h> 44#include <ctype.h>
45#include <limits.h>
37#include <string.h> 46#include <string.h>
47#include <stdlib.h>
38 48
39#include "vis.h" 49#include "vis.h"
40 50
41#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') 51#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
42#define isvisible(c) \ 52#define isvisible(c,flag) \
53 (((c) == '\\' || (flag & VIS_ALL) == 0) && \
43 (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ 54 (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
44 (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \ 55 (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \
45 (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \ 56 (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \
@@ -48,7 +59,7 @@
48 ((flag & VIS_NL) == 0 && (c) == '\n') || \ 59 ((flag & VIS_NL) == 0 && (c) == '\n') || \
49 ((flag & VIS_SAFE) && ((c) == '\b' || \ 60 ((flag & VIS_SAFE) && ((c) == '\b' || \
50 (c) == '\007' || (c) == '\r' || \ 61 (c) == '\007' || (c) == '\r' || \
51 isgraph((u_char)(c))))) 62 isgraph((u_char)(c))))))
52 63
53/* 64/*
54 * vis - visually encode characters 65 * vis - visually encode characters
@@ -56,10 +67,11 @@
56char * 67char *
57vis(char *dst, int c, int flag, int nextc) 68vis(char *dst, int c, int flag, int nextc)
58{ 69{
59 if (isvisible(c)) { 70 if (isvisible(c, flag)) {
60 *dst++ = c; 71 if ((c == '"' && (flag & VIS_DQ) != 0) ||
61 if (c == '\\' && (flag & VIS_NOSLASH) == 0) 72 (c == '\\' && (flag & VIS_NOSLASH) == 0))
62 *dst++ = '\\'; 73 *dst++ = '\\';
74 *dst++ = c;
63 *dst = '\0'; 75 *dst = '\0';
64 return (dst); 76 return (dst);
65 } 77 }
@@ -136,6 +148,7 @@ done:
136 *dst = '\0'; 148 *dst = '\0';
137 return (dst); 149 return (dst);
138} 150}
151DEF_WEAK(vis);
139 152
140/* 153/*
141 * strvis, strnvis, strvisx - visually encode characters from src into dst 154 * strvis, strnvis, strvisx - visually encode characters from src into dst
@@ -161,6 +174,7 @@ strvis(char *dst, const char *src, int flag)
161 *dst = '\0'; 174 *dst = '\0';
162 return (dst - start); 175 return (dst - start);
163} 176}
177DEF_WEAK(strvis);
164 178
165int 179int
166strnvis(char *dst, const char *src, size_t siz, int flag) 180strnvis(char *dst, const char *src, size_t siz, int flag)
@@ -171,19 +185,18 @@ strnvis(char *dst, const char *src, size_t siz, int flag)
171 185
172 i = 0; 186 i = 0;
173 for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { 187 for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
174 if (isvisible(c)) { 188 if (isvisible(c, flag)) {
175 i = 1; 189 if ((c == '"' && (flag & VIS_DQ) != 0) ||
176 *dst++ = c; 190 (c == '\\' && (flag & VIS_NOSLASH) == 0)) {
177 if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
178 /* need space for the extra '\\' */ 191 /* need space for the extra '\\' */
179 if (dst < end) 192 if (dst + 1 >= end) {
180 *dst++ = '\\';
181 else {
182 dst--;
183 i = 2; 193 i = 2;
184 break; 194 break;
185 } 195 }
196 *dst++ = '\\';
186 } 197 }
198 i = 1;
199 *dst++ = c;
187 src++; 200 src++;
188 } else { 201 } else {
189 i = vis(tbuf, c, flag, *++src) - tbuf; 202 i = vis(tbuf, c, flag, *++src) - tbuf;
@@ -207,6 +220,25 @@ strnvis(char *dst, const char *src, size_t siz, int flag)
207} 220}
208 221
209int 222int
223stravis(char **outp, const char *src, int flag)
224{
225 char *buf;
226 int len, serrno;
227
228 buf = reallocarray(NULL, 4, strlen(src) + 1);
229 if (buf == NULL)
230 return -1;
231 len = strvis(buf, src, flag);
232 serrno = errno;
233 *outp = realloc(buf, len + 1);
234 if (*outp == NULL) {
235 *outp = buf;
236 errno = serrno;
237 }
238 return (len);
239}
240
241int
210strvisx(char *dst, const char *src, size_t len, int flag) 242strvisx(char *dst, const char *src, size_t len, int flag)
211{ 243{
212 char c; 244 char c;
diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h
index d1286c99d..2cdfd364b 100644
--- a/openbsd-compat/vis.h
+++ b/openbsd-compat/vis.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */ 1/* $OpenBSD: vis.h,v 1.15 2015/07/20 01:52:27 millert Exp $ */
2/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ 2/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
3 3
4/*- 4/*-
@@ -58,6 +58,8 @@
58#define VIS_NL 0x10 /* also encode newline */ 58#define VIS_NL 0x10 /* also encode newline */
59#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) 59#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
60#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ 60#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
61#define VIS_DQ 0x200 /* backslash-escape double quotes */
62#define VIS_ALL 0x400 /* encode all characters */
61 63
62/* 64/*
63 * other 65 * other
@@ -81,6 +83,7 @@
81 83
82char *vis(char *, int, int, int); 84char *vis(char *, int, int, int);
83int strvis(char *, const char *, int); 85int strvis(char *, const char *, int);
86int stravis(char **, const char *, int);
84int strnvis(char *, const char *, size_t, int) 87int strnvis(char *, const char *, size_t, int)
85 __attribute__ ((__bounded__(__string__,1,3))); 88 __attribute__ ((__bounded__(__string__,1,3)));
86int strvisx(char *, const char *, size_t, int) 89int strvisx(char *, const char *, size_t, int)
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8577cbd8a..cf6a9b99f 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -25,6 +25,7 @@
25#include "includes.h" 25#include "includes.h"
26 26
27#include <sys/types.h> 27#include <sys/types.h>
28#include <string.h>
28#include <unistd.h> 29#include <unistd.h>
29#include <pwd.h> 30#include <pwd.h>
30 31
@@ -62,11 +63,50 @@
62# define crypt DES_crypt 63# define crypt DES_crypt
63# endif 64# endif
64 65
66/*
67 * Pick an appropriate password encryption type and salt for the running
68 * system by searching through accounts until we find one that has a valid
69 * salt. Usually this will be root unless the root account is locked out.
70 * If we don't find one we return a traditional DES-based salt.
71 */
72static const char *
73pick_salt(void)
74{
75 struct passwd *pw;
76 char *passwd, *p;
77 size_t typelen;
78 static char salt[32];
79
80 if (salt[0] != '\0')
81 return salt;
82 strlcpy(salt, "xx", sizeof(salt));
83 setpwent();
84 while ((pw = getpwent()) != NULL) {
85 passwd = shadow_pw(pw);
86 if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
87 typelen = p - passwd + 1;
88 strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
89 explicit_bzero(passwd, strlen(passwd));
90 goto out;
91 }
92 }
93 out:
94 endpwent();
95 return salt;
96}
97
65char * 98char *
66xcrypt(const char *password, const char *salt) 99xcrypt(const char *password, const char *salt)
67{ 100{
68 char *crypted; 101 char *crypted;
69 102
103 /*
104 * If we don't have a salt we are encrypting a fake password for
105 * for timing purposes. Pick an appropriate salt.
106 */
107 if (salt == NULL)
108 salt = pick_salt();
109
70# ifdef HAVE_MD5_PASSWORDS 110# ifdef HAVE_MD5_PASSWORDS
71 if (is_md5_salt(salt)) 111 if (is_md5_salt(salt))
72 crypted = md5_crypt(password, salt); 112 crypted = md5_crypt(password, salt);
diff --git a/packet.c b/packet.c
index f406c0755..d6dad2da6 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.229 2016/02/17 22:20:14 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.234 2016/07/18 11:35:33 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -52,6 +52,7 @@
52#include <arpa/inet.h> 52#include <arpa/inet.h>
53 53
54#include <errno.h> 54#include <errno.h>
55#include <netdb.h>
55#include <stdarg.h> 56#include <stdarg.h>
56#include <stdio.h> 57#include <stdio.h>
57#include <stdlib.h> 58#include <stdlib.h>
@@ -195,6 +196,7 @@ struct session_state {
195 196
196 /* XXX discard incoming data after MAC error */ 197 /* XXX discard incoming data after MAC error */
197 u_int packet_discard; 198 u_int packet_discard;
199 size_t packet_discard_mac_already;
198 struct sshmac *packet_discard_mac; 200 struct sshmac *packet_discard_mac;
199 201
200 /* Used in packet_read_poll2() */ 202 /* Used in packet_read_poll2() */
@@ -296,7 +298,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
296 (r = cipher_init(&state->receive_context, none, 298 (r = cipher_init(&state->receive_context, none,
297 (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) { 299 (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
298 error("%s: cipher_init failed: %s", __func__, ssh_err(r)); 300 error("%s: cipher_init failed: %s", __func__, ssh_err(r));
299 free(ssh); 301 free(ssh); /* XXX need ssh_free_session_state? */
300 return NULL; 302 return NULL;
301 } 303 }
302 state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL; 304 state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
@@ -332,16 +334,18 @@ ssh_packet_stop_discard(struct ssh *ssh)
332 334
333 if (state->packet_discard_mac) { 335 if (state->packet_discard_mac) {
334 char buf[1024]; 336 char buf[1024];
337 size_t dlen = PACKET_MAX_SIZE;
335 338
339 if (dlen > state->packet_discard_mac_already)
340 dlen -= state->packet_discard_mac_already;
336 memset(buf, 'a', sizeof(buf)); 341 memset(buf, 'a', sizeof(buf));
337 while (sshbuf_len(state->incoming_packet) < 342 while (sshbuf_len(state->incoming_packet) < dlen)
338 PACKET_MAX_SIZE)
339 if ((r = sshbuf_put(state->incoming_packet, buf, 343 if ((r = sshbuf_put(state->incoming_packet, buf,
340 sizeof(buf))) != 0) 344 sizeof(buf))) != 0)
341 return r; 345 return r;
342 (void) mac_compute(state->packet_discard_mac, 346 (void) mac_compute(state->packet_discard_mac,
343 state->p_read.seqnr, 347 state->p_read.seqnr,
344 sshbuf_ptr(state->incoming_packet), PACKET_MAX_SIZE, 348 sshbuf_ptr(state->incoming_packet), dlen,
345 NULL, 0); 349 NULL, 0);
346 } 350 }
347 logit("Finished discarding for %.200s port %d", 351 logit("Finished discarding for %.200s port %d",
@@ -351,7 +355,7 @@ ssh_packet_stop_discard(struct ssh *ssh)
351 355
352static int 356static int
353ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc, 357ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc,
354 struct sshmac *mac, u_int packet_length, u_int discard) 358 struct sshmac *mac, size_t mac_already, u_int discard)
355{ 359{
356 struct session_state *state = ssh->state; 360 struct session_state *state = ssh->state;
357 int r; 361 int r;
@@ -361,11 +365,16 @@ ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc,
361 return r; 365 return r;
362 return SSH_ERR_MAC_INVALID; 366 return SSH_ERR_MAC_INVALID;
363 } 367 }
364 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) 368 /*
369 * Record number of bytes over which the mac has already
370 * been computed in order to minimize timing attacks.
371 */
372 if (mac && mac->enabled) {
365 state->packet_discard_mac = mac; 373 state->packet_discard_mac = mac;
366 if (sshbuf_len(state->input) >= discard && 374 state->packet_discard_mac_already = mac_already;
367 (r = ssh_packet_stop_discard(ssh)) != 0) 375 }
368 return r; 376 if (sshbuf_len(state->input) >= discard)
377 return ssh_packet_stop_discard(ssh);
369 state->packet_discard = discard - sshbuf_len(state->input); 378 state->packet_discard = discard - sshbuf_len(state->input);
370 return 0; 379 return 0;
371} 380}
@@ -379,6 +388,9 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh)
379 struct sockaddr_storage from, to; 388 struct sockaddr_storage from, to;
380 socklen_t fromlen, tolen; 389 socklen_t fromlen, tolen;
381 390
391 if (state->connection_in == -1 || state->connection_out == -1)
392 return 0;
393
382 /* filedescriptors in and out are the same, so it's a socket */ 394 /* filedescriptors in and out are the same, so it's a socket */
383 if (state->connection_in == state->connection_out) 395 if (state->connection_in == state->connection_out)
384 return 1; 396 return 1;
@@ -468,10 +480,14 @@ ssh_remote_ipaddr(struct ssh *ssh)
468 if (ssh->remote_ipaddr == NULL) { 480 if (ssh->remote_ipaddr == NULL) {
469 if (ssh_packet_connection_is_on_socket(ssh)) { 481 if (ssh_packet_connection_is_on_socket(ssh)) {
470 ssh->remote_ipaddr = get_peer_ipaddr(sock); 482 ssh->remote_ipaddr = get_peer_ipaddr(sock);
471 ssh->remote_port = get_sock_port(sock, 0); 483 ssh->remote_port = get_peer_port(sock);
484 ssh->local_ipaddr = get_local_ipaddr(sock);
485 ssh->local_port = get_local_port(sock);
472 } else { 486 } else {
473 ssh->remote_ipaddr = strdup("UNKNOWN"); 487 ssh->remote_ipaddr = strdup("UNKNOWN");
474 ssh->remote_port = 0; 488 ssh->remote_port = 65535;
489 ssh->local_ipaddr = strdup("UNKNOWN");
490 ssh->local_port = 65535;
475 } 491 }
476 } 492 }
477 return ssh->remote_ipaddr; 493 return ssh->remote_ipaddr;
@@ -486,6 +502,27 @@ ssh_remote_port(struct ssh *ssh)
486 return ssh->remote_port; 502 return ssh->remote_port;
487} 503}
488 504
505/*
506 * Returns the IP-address of the local host as a string. The returned
507 * string must not be freed.
508 */
509
510const char *
511ssh_local_ipaddr(struct ssh *ssh)
512{
513 (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
514 return ssh->local_ipaddr;
515}
516
517/* Returns the port number of the local host. */
518
519int
520ssh_local_port(struct ssh *ssh)
521{
522 (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
523 return ssh->local_port;
524}
525
489/* Closes the connection and clears and frees internal data structures. */ 526/* Closes the connection and clears and frees internal data structures. */
490 527
491void 528void
@@ -1142,7 +1179,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
1142{ 1179{
1143 struct session_state *state = ssh->state; 1180 struct session_state *state = ssh->state;
1144 u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; 1181 u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH];
1145 u_char padlen, pad = 0; 1182 u_char tmp, padlen, pad = 0;
1146 u_int authlen = 0, aadlen = 0; 1183 u_int authlen = 0, aadlen = 0;
1147 u_int len; 1184 u_int len;
1148 struct sshenc *enc = NULL; 1185 struct sshenc *enc = NULL;
@@ -1200,14 +1237,24 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
1200 if (padlen < 4) 1237 if (padlen < 4)
1201 padlen += block_size; 1238 padlen += block_size;
1202 if (state->extra_pad) { 1239 if (state->extra_pad) {
1203 /* will wrap if extra_pad+padlen > 255 */ 1240 tmp = state->extra_pad;
1204 state->extra_pad = 1241 state->extra_pad =
1205 roundup(state->extra_pad, block_size); 1242 roundup(state->extra_pad, block_size);
1206 pad = state->extra_pad - 1243 /* check if roundup overflowed */
1207 ((len + padlen) % state->extra_pad); 1244 if (state->extra_pad < tmp)
1245 return SSH_ERR_INVALID_ARGUMENT;
1246 tmp = (len + padlen) % state->extra_pad;
1247 /* Check whether pad calculation below will underflow */
1248 if (tmp > state->extra_pad)
1249 return SSH_ERR_INVALID_ARGUMENT;
1250 pad = state->extra_pad - tmp;
1208 DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", 1251 DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)",
1209 __func__, pad, len, padlen, state->extra_pad)); 1252 __func__, pad, len, padlen, state->extra_pad));
1253 tmp = padlen;
1210 padlen += pad; 1254 padlen += pad;
1255 /* Check whether padlen calculation overflowed */
1256 if (padlen < tmp)
1257 return SSH_ERR_INVALID_ARGUMENT; /* overflow */
1211 state->extra_pad = 0; 1258 state->extra_pad = 0;
1212 } 1259 }
1213 if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) 1260 if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0)
@@ -1661,7 +1708,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1661{ 1708{
1662 struct session_state *state = ssh->state; 1709 struct session_state *state = ssh->state;
1663 u_int padlen, need; 1710 u_int padlen, need;
1664 u_char *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; 1711 u_char *cp;
1665 u_int maclen, aadlen = 0, authlen = 0, block_size; 1712 u_int maclen, aadlen = 0, authlen = 0, block_size;
1666 struct sshenc *enc = NULL; 1713 struct sshenc *enc = NULL;
1667 struct sshmac *mac = NULL; 1714 struct sshmac *mac = NULL;
@@ -1726,8 +1773,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1726 sshbuf_dump(state->incoming_packet, stderr); 1773 sshbuf_dump(state->incoming_packet, stderr);
1727#endif 1774#endif
1728 logit("Bad packet length %u.", state->packlen); 1775 logit("Bad packet length %u.", state->packlen);
1729 return ssh_packet_start_discard(ssh, enc, mac, 1776 return ssh_packet_start_discard(ssh, enc, mac, 0,
1730 state->packlen, PACKET_MAX_SIZE); 1777 PACKET_MAX_SIZE);
1731 } 1778 }
1732 if ((r = sshbuf_consume(state->input, block_size)) != 0) 1779 if ((r = sshbuf_consume(state->input, block_size)) != 0)
1733 goto out; 1780 goto out;
@@ -1749,8 +1796,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1749 if (need % block_size != 0) { 1796 if (need % block_size != 0) {
1750 logit("padding error: need %d block %d mod %d", 1797 logit("padding error: need %d block %d mod %d",
1751 need, block_size, need % block_size); 1798 need, block_size, need % block_size);
1752 return ssh_packet_start_discard(ssh, enc, mac, 1799 return ssh_packet_start_discard(ssh, enc, mac, 0,
1753 state->packlen, PACKET_MAX_SIZE - block_size); 1800 PACKET_MAX_SIZE - block_size);
1754 } 1801 }
1755 /* 1802 /*
1756 * check if the entire packet has been received and 1803 * check if the entire packet has been received and
@@ -1761,17 +1808,21 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1761 * 'maclen' bytes of message authentication code. 1808 * 'maclen' bytes of message authentication code.
1762 */ 1809 */
1763 if (sshbuf_len(state->input) < aadlen + need + authlen + maclen) 1810 if (sshbuf_len(state->input) < aadlen + need + authlen + maclen)
1764 return 0; 1811 return 0; /* packet is incomplete */
1765#ifdef PACKET_DEBUG 1812#ifdef PACKET_DEBUG
1766 fprintf(stderr, "read_poll enc/full: "); 1813 fprintf(stderr, "read_poll enc/full: ");
1767 sshbuf_dump(state->input, stderr); 1814 sshbuf_dump(state->input, stderr);
1768#endif 1815#endif
1769 /* EtM: compute mac over encrypted input */ 1816 /* EtM: check mac over encrypted input */
1770 if (mac && mac->enabled && mac->etm) { 1817 if (mac && mac->enabled && mac->etm) {
1771 if ((r = mac_compute(mac, state->p_read.seqnr, 1818 if ((r = mac_check(mac, state->p_read.seqnr,
1772 sshbuf_ptr(state->input), aadlen + need, 1819 sshbuf_ptr(state->input), aadlen + need,
1773 macbuf, sizeof(macbuf))) != 0) 1820 sshbuf_ptr(state->input) + aadlen + need + authlen,
1821 maclen)) != 0) {
1822 if (r == SSH_ERR_MAC_INVALID)
1823 logit("Corrupted MAC on input.");
1774 goto out; 1824 goto out;
1825 }
1775 } 1826 }
1776 if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need, 1827 if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need,
1777 &cp)) != 0) 1828 &cp)) != 0)
@@ -1781,26 +1832,22 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1781 goto out; 1832 goto out;
1782 if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0) 1833 if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0)
1783 goto out; 1834 goto out;
1784 /*
1785 * compute MAC over seqnr and packet,
1786 * increment sequence number for incoming packet
1787 */
1788 if (mac && mac->enabled) { 1835 if (mac && mac->enabled) {
1789 if (!mac->etm) 1836 /* Not EtM: check MAC over cleartext */
1790 if ((r = mac_compute(mac, state->p_read.seqnr, 1837 if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr,
1791 sshbuf_ptr(state->incoming_packet), 1838 sshbuf_ptr(state->incoming_packet),
1792 sshbuf_len(state->incoming_packet), 1839 sshbuf_len(state->incoming_packet),
1793 macbuf, sizeof(macbuf))) != 0) 1840 sshbuf_ptr(state->input), maclen)) != 0) {
1841 if (r != SSH_ERR_MAC_INVALID)
1794 goto out; 1842 goto out;
1795 if (timingsafe_bcmp(macbuf, sshbuf_ptr(state->input),
1796 mac->mac_len) != 0) {
1797 logit("Corrupted MAC on input."); 1843 logit("Corrupted MAC on input.");
1798 if (need > PACKET_MAX_SIZE) 1844 if (need > PACKET_MAX_SIZE)
1799 return SSH_ERR_INTERNAL_ERROR; 1845 return SSH_ERR_INTERNAL_ERROR;
1800 return ssh_packet_start_discard(ssh, enc, mac, 1846 return ssh_packet_start_discard(ssh, enc, mac,
1801 state->packlen, PACKET_MAX_SIZE - need); 1847 sshbuf_len(state->incoming_packet),
1848 PACKET_MAX_SIZE - need);
1802 } 1849 }
1803 1850 /* Remove MAC from input buffer */
1804 DBG(debug("MAC #%d ok", state->p_read.seqnr)); 1851 DBG(debug("MAC #%d ok", state->p_read.seqnr));
1805 if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) 1852 if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
1806 goto out; 1853 goto out;
@@ -2045,24 +2092,19 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2045{ 2092{
2046 switch (r) { 2093 switch (r) {
2047 case SSH_ERR_CONN_CLOSED: 2094 case SSH_ERR_CONN_CLOSED:
2048 logit("Connection closed by %.200s port %d", 2095 logdie("Connection closed by %.200s port %d",
2049 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); 2096 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2050 cleanup_exit(255);
2051 case SSH_ERR_CONN_TIMEOUT: 2097 case SSH_ERR_CONN_TIMEOUT:
2052 logit("Connection %s %.200s port %d timed out", 2098 logdie("Connection %s %.200s port %d timed out",
2053 ssh->state->server_side ? "from" : "to", 2099 ssh->state->server_side ? "from" : "to",
2054 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); 2100 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2055 cleanup_exit(255);
2056 case SSH_ERR_DISCONNECTED: 2101 case SSH_ERR_DISCONNECTED:
2057 logit("Disconnected from %.200s port %d", 2102 logdie("Disconnected from %.200s port %d",
2058 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); 2103 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2059 cleanup_exit(255);
2060 case SSH_ERR_SYSTEM_ERROR: 2104 case SSH_ERR_SYSTEM_ERROR:
2061 if (errno == ECONNRESET) { 2105 if (errno == ECONNRESET)
2062 logit("Connection reset by %.200s port %d", 2106 logdie("Connection reset by %.200s port %d",
2063 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); 2107 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2064 cleanup_exit(255);
2065 }
2066 /* FALLTHROUGH */ 2108 /* FALLTHROUGH */
2067 case SSH_ERR_NO_CIPHER_ALG_MATCH: 2109 case SSH_ERR_NO_CIPHER_ALG_MATCH:
2068 case SSH_ERR_NO_MAC_ALG_MATCH: 2110 case SSH_ERR_NO_MAC_ALG_MATCH:
@@ -2070,14 +2112,14 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2070 case SSH_ERR_NO_KEX_ALG_MATCH: 2112 case SSH_ERR_NO_KEX_ALG_MATCH:
2071 case SSH_ERR_NO_HOSTKEY_ALG_MATCH: 2113 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
2072 if (ssh && ssh->kex && ssh->kex->failed_choice) { 2114 if (ssh && ssh->kex && ssh->kex->failed_choice) {
2073 fatal("Unable to negotiate with %.200s port %d: %s. " 2115 logdie("Unable to negotiate with %.200s port %d: %s. "
2074 "Their offer: %s", ssh_remote_ipaddr(ssh), 2116 "Their offer: %s", ssh_remote_ipaddr(ssh),
2075 ssh_remote_port(ssh), ssh_err(r), 2117 ssh_remote_port(ssh), ssh_err(r),
2076 ssh->kex->failed_choice); 2118 ssh->kex->failed_choice);
2077 } 2119 }
2078 /* FALLTHROUGH */ 2120 /* FALLTHROUGH */
2079 default: 2121 default:
2080 fatal("%s%sConnection %s %.200s port %d: %s", 2122 logdie("%s%sConnection %s %.200s port %d: %s",
2081 tag != NULL ? tag : "", tag != NULL ? ": " : "", 2123 tag != NULL ? tag : "", tag != NULL ? ": " : "",
2082 ssh->state->server_side ? "from" : "to", 2124 ssh->state->server_side ? "from" : "to",
2083 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); 2125 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r));
diff --git a/packet.h b/packet.h
index 28516a553..464d83b1a 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.70 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: packet.h,v 1.71 2016/03/07 19:02:43 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -56,9 +56,11 @@ struct ssh {
56 /* Key exchange */ 56 /* Key exchange */
57 struct kex *kex; 57 struct kex *kex;
58 58
59 /* cached remote ip address and port*/ 59 /* cached local and remote ip addresses and ports */
60 char *remote_ipaddr; 60 char *remote_ipaddr;
61 int remote_port; 61 int remote_port;
62 char *local_ipaddr;
63 int local_port;
62 64
63 /* Dispatcher table */ 65 /* Dispatcher table */
64 dispatch_fn *dispatch[DISPATCH_MAX]; 66 dispatch_fn *dispatch[DISPATCH_MAX];
@@ -145,6 +147,8 @@ int ssh_packet_set_state(struct ssh *, struct sshbuf *);
145 147
146const char *ssh_remote_ipaddr(struct ssh *); 148const char *ssh_remote_ipaddr(struct ssh *);
147int ssh_remote_port(struct ssh *); 149int ssh_remote_port(struct ssh *);
150const char *ssh_local_ipaddr(struct ssh *);
151int ssh_local_port(struct ssh *);
148 152
149void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); 153void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);
150time_t ssh_packet_get_rekey_timeout(struct ssh *); 154time_t ssh_packet_get_rekey_timeout(struct ssh *);
diff --git a/pathnames.h b/pathnames.h
index ec89fc666..f5e11ab15 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ 1/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -42,8 +42,6 @@
42#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" 42#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
43#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" 43#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
44#define _PATH_DH_MODULI SSHDIR "/moduli" 44#define _PATH_DH_MODULI SSHDIR "/moduli"
45/* Backwards compatibility */
46#define _PATH_DH_PRIMES SSHDIR "/primes"
47 45
48#ifndef _PATH_SSH_PROGRAM 46#ifndef _PATH_SSH_PROGRAM
49#define _PATH_SSH_PROGRAM "/usr/bin/ssh" 47#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
diff --git a/platform-tracing.c b/platform-tracing.c
new file mode 100644
index 000000000..81020e7f7
--- /dev/null
+++ b/platform-tracing.c
@@ -0,0 +1,43 @@
1/*
2 * Copyright (c) 2016 Darren Tucker. All rights reserved.
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#include <sys/types.h>
20#if defined(HAVE_SYS_PRCTL_H)
21#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
22#endif
23#ifdef HAVE_PRIV_H
24#include <priv.h> /* For setpflags() and __PROC_PROTECT */
25#endif
26#include <stdarg.h>
27
28#include "log.h"
29
30void
31platform_disable_tracing(int strict)
32{
33#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
34 /* Disable ptrace on Linux without sgid bit */
35 if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
36 fatal("unable to make the process undumpable");
37#endif
38#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
39 /* On Solaris, we should make this process untraceable */
40 if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
41 fatal("unable to make the process untraceable");
42#endif
43}
diff --git a/platform.c b/platform.c
index ee313da55..acf8554cd 100644
--- a/platform.c
+++ b/platform.c
@@ -18,8 +18,6 @@
18 18
19#include "includes.h" 19#include "includes.h"
20 20
21#include <sys/types.h>
22
23#include <stdarg.h> 21#include <stdarg.h>
24#include <unistd.h> 22#include <unistd.h>
25 23
@@ -107,8 +105,12 @@ platform_setusercontext(struct passwd *pw)
107#endif 105#endif
108 106
109#ifdef USE_SOLARIS_PROJECTS 107#ifdef USE_SOLARIS_PROJECTS
110 /* if solaris projects were detected, set the default now */ 108 /*
111 if (getuid() == 0 || geteuid() == 0) 109 * If solaris projects were detected, set the default now, unless
110 * we are using PAM in which case it is the responsibility of the
111 * PAM stack.
112 */
113 if (!options.use_pam && (getuid() == 0 || geteuid() == 0))
112 solaris_set_default_project(pw); 114 solaris_set_default_project(pw);
113#endif 115#endif
114 116
diff --git a/platform.h b/platform.h
index e687c99b6..e97ecd909 100644
--- a/platform.h
+++ b/platform.h
@@ -31,6 +31,7 @@ void platform_setusercontext_post_groups(struct passwd *);
31char *platform_get_krb5_client(const char *); 31char *platform_get_krb5_client(const char *);
32char *platform_krb5_get_principal_name(const char *); 32char *platform_krb5_get_principal_name(const char *);
33int platform_sys_dir_uid(uid_t); 33int platform_sys_dir_uid(uid_t);
34void platform_disable_tracing(int);
34 35
35/* in platform-pledge.c */ 36/* in platform-pledge.c */
36void platform_pledge_agent(void); 37void platform_pledge_agent(void);
diff --git a/progressmeter.c b/progressmeter.c
index 319b7470a..fe9bf52e4 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: progressmeter.c,v 1.41 2015/01/14 13:54:13 djm Exp $ */ 1/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2003 Nils Nordman. All rights reserved. 3 * Copyright (c) 2003 Nils Nordman. All rights reserved.
4 * 4 *
@@ -63,8 +63,8 @@ void refresh_progress_meter(void);
63/* signal handler for updating the progress meter */ 63/* signal handler for updating the progress meter */
64static void update_progress_meter(int); 64static void update_progress_meter(int);
65 65
66static time_t start; /* start progress */ 66static double start; /* start progress */
67static time_t last_update; /* last progress update */ 67static double last_update; /* last progress update */
68static const char *file; /* name of the file being transferred */ 68static const char *file; /* name of the file being transferred */
69static off_t start_pos; /* initial position of transfer */ 69static off_t start_pos; /* initial position of transfer */
70static off_t end_pos; /* ending position of transfer */ 70static off_t end_pos; /* ending position of transfer */
@@ -120,9 +120,8 @@ void
120refresh_progress_meter(void) 120refresh_progress_meter(void)
121{ 121{
122 char buf[MAX_WINSIZE + 1]; 122 char buf[MAX_WINSIZE + 1];
123 time_t now;
124 off_t transferred; 123 off_t transferred;
125 double elapsed; 124 double elapsed, now;
126 int percent; 125 int percent;
127 off_t bytes_left; 126 off_t bytes_left;
128 int cur_speed; 127 int cur_speed;
@@ -132,7 +131,7 @@ refresh_progress_meter(void)
132 131
133 transferred = *counter - (cur_pos ? cur_pos : start_pos); 132 transferred = *counter - (cur_pos ? cur_pos : start_pos);
134 cur_pos = *counter; 133 cur_pos = *counter;
135 now = monotime(); 134 now = monotime_double();
136 bytes_left = end_pos - cur_pos; 135 bytes_left = end_pos - cur_pos;
137 136
138 if (bytes_left > 0) 137 if (bytes_left > 0)
@@ -172,10 +171,10 @@ refresh_progress_meter(void)
172 } 171 }
173 172
174 /* percent of transfer done */ 173 /* percent of transfer done */
175 if (end_pos != 0) 174 if (end_pos == 0 || cur_pos == end_pos)
176 percent = ((float)cur_pos / end_pos) * 100;
177 else
178 percent = 100; 175 percent = 100;
176 else
177 percent = ((float)cur_pos / end_pos) * 100;
179 snprintf(buf + strlen(buf), win_size - strlen(buf), 178 snprintf(buf + strlen(buf), win_size - strlen(buf),
180 " %3d%% ", percent); 179 " %3d%% ", percent);
181 180
@@ -250,7 +249,7 @@ update_progress_meter(int ignore)
250void 249void
251start_progress_meter(const char *f, off_t filesize, off_t *ctr) 250start_progress_meter(const char *f, off_t filesize, off_t *ctr)
252{ 251{
253 start = last_update = monotime(); 252 start = last_update = monotime_double();
254 file = f; 253 file = f;
255 start_pos = *ctr; 254 start_pos = *ctr;
256 end_pos = filesize; 255 end_pos = filesize;
diff --git a/readconf.c b/readconf.c
index 69d4553af..c177202b1 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.250 2016/02/08 23:40:12 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.259 2016/07/22 03:35:11 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,6 +39,11 @@
39#include <stdio.h> 39#include <stdio.h>
40#include <string.h> 40#include <string.h>
41#include <unistd.h> 41#include <unistd.h>
42#ifdef USE_SYSTEM_GLOB
43# include <glob.h>
44#else
45# include "openbsd-compat/glob.h"
46#endif
42#ifdef HAVE_UTIL_H 47#ifdef HAVE_UTIL_H
43#include <util.h> 48#include <util.h>
44#endif 49#endif
@@ -125,17 +130,24 @@
125 130
126*/ 131*/
127 132
133static int read_config_file_depth(const char *filename, struct passwd *pw,
134 const char *host, const char *original_host, Options *options,
135 int flags, int *activep, int depth);
136static int process_config_line_depth(Options *options, struct passwd *pw,
137 const char *host, const char *original_host, char *line,
138 const char *filename, int linenum, int *activep, int flags, int depth);
139
128/* Keyword tokens. */ 140/* Keyword tokens. */
129 141
130typedef enum { 142typedef enum {
131 oBadOption, 143 oBadOption,
132 oHost, oMatch, 144 oHost, oMatch, oInclude,
133 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, 145 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
134 oGatewayPorts, oExitOnForwardFailure, 146 oGatewayPorts, oExitOnForwardFailure,
135 oPasswordAuthentication, oRSAAuthentication, 147 oPasswordAuthentication, oRSAAuthentication,
136 oChallengeResponseAuthentication, oXAuthLocation, 148 oChallengeResponseAuthentication, oXAuthLocation,
137 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 149 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
138 oCertificateFile, oAddKeysToAgent, 150 oCertificateFile, oAddKeysToAgent, oIdentityAgent,
139 oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 151 oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
140 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
141 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
@@ -158,7 +170,7 @@ typedef enum {
158 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, 170 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
159 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 171 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
160 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 172 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
161 oPubkeyAcceptedKeyTypes, 173 oPubkeyAcceptedKeyTypes, oProxyJump,
162 oIgnoredUnknownOption, oDeprecated, oUnsupported 174 oIgnoredUnknownOption, oDeprecated, oUnsupported
163} OpCodes; 175} OpCodes;
164 176
@@ -205,6 +217,7 @@ static struct {
205 { "identitiesonly", oIdentitiesOnly }, 217 { "identitiesonly", oIdentitiesOnly },
206 { "certificatefile", oCertificateFile }, 218 { "certificatefile", oCertificateFile },
207 { "addkeystoagent", oAddKeysToAgent }, 219 { "addkeystoagent", oAddKeysToAgent },
220 { "identityagent", oIdentityAgent },
208 { "hostname", oHostName }, 221 { "hostname", oHostName },
209 { "hostkeyalias", oHostKeyAlias }, 222 { "hostkeyalias", oHostKeyAlias },
210 { "proxycommand", oProxyCommand }, 223 { "proxycommand", oProxyCommand },
@@ -258,6 +271,7 @@ static struct {
258 { "controlmaster", oControlMaster }, 271 { "controlmaster", oControlMaster },
259 { "controlpersist", oControlPersist }, 272 { "controlpersist", oControlPersist },
260 { "hashknownhosts", oHashKnownHosts }, 273 { "hashknownhosts", oHashKnownHosts },
274 { "include", oInclude },
261 { "tunnel", oTunnel }, 275 { "tunnel", oTunnel },
262 { "tunneldevice", oTunnelDevice }, 276 { "tunneldevice", oTunnelDevice },
263 { "localcommand", oLocalCommand }, 277 { "localcommand", oLocalCommand },
@@ -281,6 +295,7 @@ static struct {
281 { "hostbasedkeytypes", oHostbasedKeyTypes }, 295 { "hostbasedkeytypes", oHostbasedKeyTypes },
282 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 296 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
283 { "ignoreunknown", oIgnoreUnknown }, 297 { "ignoreunknown", oIgnoreUnknown },
298 { "proxyjump", oProxyJump },
284 299
285 { NULL, oBadOption } 300 { NULL, oBadOption }
286}; 301};
@@ -294,12 +309,17 @@ void
294add_local_forward(Options *options, const struct Forward *newfwd) 309add_local_forward(Options *options, const struct Forward *newfwd)
295{ 310{
296 struct Forward *fwd; 311 struct Forward *fwd;
297#ifndef NO_IPPORT_RESERVED_CONCEPT
298 extern uid_t original_real_uid; 312 extern uid_t original_real_uid;
313 int i;
314
299 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && 315 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
300 newfwd->listen_path == NULL) 316 newfwd->listen_path == NULL)
301 fatal("Privileged ports can only be forwarded by root."); 317 fatal("Privileged ports can only be forwarded by root.");
302#endif 318 /* Don't add duplicates */
319 for (i = 0; i < options->num_local_forwards; i++) {
320 if (forward_equals(newfwd, options->local_forwards + i))
321 return;
322 }
303 options->local_forwards = xreallocarray(options->local_forwards, 323 options->local_forwards = xreallocarray(options->local_forwards,
304 options->num_local_forwards + 1, 324 options->num_local_forwards + 1,
305 sizeof(*options->local_forwards)); 325 sizeof(*options->local_forwards));
@@ -322,7 +342,13 @@ void
322add_remote_forward(Options *options, const struct Forward *newfwd) 342add_remote_forward(Options *options, const struct Forward *newfwd)
323{ 343{
324 struct Forward *fwd; 344 struct Forward *fwd;
345 int i;
325 346
347 /* Don't add duplicates */
348 for (i = 0; i < options->num_remote_forwards; i++) {
349 if (forward_equals(newfwd, options->remote_forwards + i))
350 return;
351 }
326 options->remote_forwards = xreallocarray(options->remote_forwards, 352 options->remote_forwards = xreallocarray(options->remote_forwards,
327 options->num_remote_forwards + 1, 353 options->num_remote_forwards + 1,
328 sizeof(*options->remote_forwards)); 354 sizeof(*options->remote_forwards));
@@ -772,22 +798,32 @@ static const struct multistate multistate_canonicalizehostname[] = {
772 * Processes a single option line as used in the configuration files. This 798 * Processes a single option line as used in the configuration files. This
773 * only sets those values that have not already been set. 799 * only sets those values that have not already been set.
774 */ 800 */
775#define WHITESPACE " \t\r\n"
776int 801int
777process_config_line(Options *options, struct passwd *pw, const char *host, 802process_config_line(Options *options, struct passwd *pw, const char *host,
778 const char *original_host, char *line, const char *filename, 803 const char *original_host, char *line, const char *filename,
779 int linenum, int *activep, int flags) 804 int linenum, int *activep, int flags)
780{ 805{
806 return process_config_line_depth(options, pw, host, original_host,
807 line, filename, linenum, activep, flags, 0);
808}
809
810#define WHITESPACE " \t\r\n"
811static int
812process_config_line_depth(Options *options, struct passwd *pw, const char *host,
813 const char *original_host, char *line, const char *filename,
814 int linenum, int *activep, int flags, int depth)
815{
781 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; 816 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
782 char **cpptr, fwdarg[256]; 817 char **cpptr, fwdarg[256];
783 u_int i, *uintptr, max_entries = 0; 818 u_int i, *uintptr, max_entries = 0;
784 int negated, opcode, *intptr, value, value2, cmdline = 0; 819 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
785 LogLevel *log_level_ptr; 820 LogLevel *log_level_ptr;
786 long long val64; 821 long long val64;
787 size_t len; 822 size_t len;
788 struct Forward fwd; 823 struct Forward fwd;
789 const struct multistate *multistate_ptr; 824 const struct multistate *multistate_ptr;
790 struct allowed_cname *cname; 825 struct allowed_cname *cname;
826 glob_t gl;
791 827
792 if (activep == NULL) { /* We are processing a command line directive */ 828 if (activep == NULL) { /* We are processing a command line directive */
793 cmdline = 1; 829 cmdline = 1;
@@ -1086,6 +1122,9 @@ parse_char_array:
1086 1122
1087 case oProxyCommand: 1123 case oProxyCommand:
1088 charptr = &options->proxy_command; 1124 charptr = &options->proxy_command;
1125 /* Ignore ProxyCommand if ProxyJump already specified */
1126 if (options->jump_host != NULL)
1127 charptr = &options->jump_host; /* Skip below */
1089parse_command: 1128parse_command:
1090 if (s == NULL) 1129 if (s == NULL)
1091 fatal("%.200s line %d: Missing argument.", filename, linenum); 1130 fatal("%.200s line %d: Missing argument.", filename, linenum);
@@ -1094,6 +1133,18 @@ parse_command:
1094 *charptr = xstrdup(s + len); 1133 *charptr = xstrdup(s + len);
1095 return 0; 1134 return 0;
1096 1135
1136 case oProxyJump:
1137 if (s == NULL) {
1138 fatal("%.200s line %d: Missing argument.",
1139 filename, linenum);
1140 }
1141 len = strspn(s, WHITESPACE "=");
1142 if (parse_jump(s + len, options, *activep) == -1) {
1143 fatal("%.200s line %d: Invalid ProxyJump \"%s\"",
1144 filename, linenum, s + len);
1145 }
1146 return 0;
1147
1097 case oPort: 1148 case oPort:
1098 intptr = &options->port; 1149 intptr = &options->port;
1099parse_int: 1150parse_int:
@@ -1247,6 +1298,8 @@ parse_keytypes:
1247 *activep = 0; 1298 *activep = 0;
1248 arg2 = NULL; 1299 arg2 = NULL;
1249 while ((arg = strdelim(&s)) != NULL && *arg != '\0') { 1300 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1301 if ((flags & SSHCONF_NEVERMATCH) != 0)
1302 break;
1250 negated = *arg == '!'; 1303 negated = *arg == '!';
1251 if (negated) 1304 if (negated)
1252 arg++; 1305 arg++;
@@ -1279,7 +1332,7 @@ parse_keytypes:
1279 if (value < 0) 1332 if (value < 0)
1280 fatal("%.200s line %d: Bad Match condition", filename, 1333 fatal("%.200s line %d: Bad Match condition", filename,
1281 linenum); 1334 linenum);
1282 *activep = value; 1335 *activep = (flags & SSHCONF_NEVERMATCH) ? 0 : value;
1283 break; 1336 break;
1284 1337
1285 case oEscapeChar: 1338 case oEscapeChar:
@@ -1407,6 +1460,63 @@ parse_keytypes:
1407 intptr = &options->visual_host_key; 1460 intptr = &options->visual_host_key;
1408 goto parse_flag; 1461 goto parse_flag;
1409 1462
1463 case oInclude:
1464 if (cmdline)
1465 fatal("Include directive not supported as a "
1466 "command-line option");
1467 value = 0;
1468 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1469 /*
1470 * Ensure all paths are anchored. User configuration
1471 * files may begin with '~/' but system configurations
1472 * must not. If the path is relative, then treat it
1473 * as living in ~/.ssh for user configurations or
1474 * /etc/ssh for system ones.
1475 */
1476 if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
1477 fatal("%.200s line %d: bad include path %s.",
1478 filename, linenum, arg);
1479 if (*arg != '/' && *arg != '~') {
1480 xasprintf(&arg2, "%s/%s",
1481 (flags & SSHCONF_USERCONF) ?
1482 "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
1483 } else
1484 arg2 = xstrdup(arg);
1485 memset(&gl, 0, sizeof(gl));
1486 r = glob(arg2, GLOB_TILDE, NULL, &gl);
1487 if (r == GLOB_NOMATCH) {
1488 debug("%.200s line %d: include %s matched no "
1489 "files",filename, linenum, arg2);
1490 continue;
1491 } else if (r != 0 || gl.gl_pathc < 0)
1492 fatal("%.200s line %d: glob failed for %s.",
1493 filename, linenum, arg2);
1494 free(arg2);
1495 oactive = *activep;
1496 for (i = 0; i < (u_int)gl.gl_pathc; i++) {
1497 debug3("%.200s line %d: Including file %s "
1498 "depth %d%s", filename, linenum,
1499 gl.gl_pathv[i], depth,
1500 oactive ? "" : " (parse only)");
1501 r = read_config_file_depth(gl.gl_pathv[i],
1502 pw, host, original_host, options,
1503 flags | SSHCONF_CHECKPERM |
1504 (oactive ? 0 : SSHCONF_NEVERMATCH),
1505 activep, depth + 1);
1506 /*
1507 * don't let Match in includes clobber the
1508 * containing file's Match state.
1509 */
1510 *activep = oactive;
1511 if (r != 1)
1512 value = -1;
1513 }
1514 globfree(&gl);
1515 }
1516 if (value != 0)
1517 return value;
1518 break;
1519
1410 case oIPQoS: 1520 case oIPQoS:
1411 arg = strdelim(&s); 1521 arg = strdelim(&s);
1412 if ((value = parse_ipqos(arg)) == -1) 1522 if ((value = parse_ipqos(arg)) == -1)
@@ -1543,6 +1653,10 @@ parse_keytypes:
1543 multistate_ptr = multistate_yesnoaskconfirm; 1653 multistate_ptr = multistate_yesnoaskconfirm;
1544 goto parse_multistate; 1654 goto parse_multistate;
1545 1655
1656 case oIdentityAgent:
1657 charptr = &options->identity_agent;
1658 goto parse_string;
1659
1546 case oDeprecated: 1660 case oDeprecated:
1547 debug("%s line %d: Deprecated option \"%s\"", 1661 debug("%s line %d: Deprecated option \"%s\"",
1548 filename, linenum, keyword); 1662 filename, linenum, keyword);
@@ -1565,22 +1679,35 @@ parse_keytypes:
1565 return 0; 1679 return 0;
1566} 1680}
1567 1681
1568
1569/* 1682/*
1570 * Reads the config file and modifies the options accordingly. Options 1683 * Reads the config file and modifies the options accordingly. Options
1571 * should already be initialized before this call. This never returns if 1684 * should already be initialized before this call. This never returns if
1572 * there is an error. If the file does not exist, this returns 0. 1685 * there is an error. If the file does not exist, this returns 0.
1573 */ 1686 */
1574
1575int 1687int
1576read_config_file(const char *filename, struct passwd *pw, const char *host, 1688read_config_file(const char *filename, struct passwd *pw, const char *host,
1577 const char *original_host, Options *options, int flags) 1689 const char *original_host, Options *options, int flags)
1578{ 1690{
1691 int active = 1;
1692
1693 return read_config_file_depth(filename, pw, host, original_host,
1694 options, flags, &active, 0);
1695}
1696
1697#define READCONF_MAX_DEPTH 16
1698static int
1699read_config_file_depth(const char *filename, struct passwd *pw,
1700 const char *host, const char *original_host, Options *options,
1701 int flags, int *activep, int depth)
1702{
1579 FILE *f; 1703 FILE *f;
1580 char line[1024]; 1704 char line[1024];
1581 int active, linenum; 1705 int linenum;
1582 int bad_options = 0; 1706 int bad_options = 0;
1583 1707
1708 if (depth < 0 || depth > READCONF_MAX_DEPTH)
1709 fatal("Too many recursive configuration includes");
1710
1584 if ((f = fopen(filename, "r")) == NULL) 1711 if ((f = fopen(filename, "r")) == NULL)
1585 return 0; 1712 return 0;
1586 1713
@@ -1600,13 +1727,12 @@ read_config_file(const char *filename, struct passwd *pw, const char *host,
1600 * Mark that we are now processing the options. This flag is turned 1727 * Mark that we are now processing the options. This flag is turned
1601 * on/off by Host specifications. 1728 * on/off by Host specifications.
1602 */ 1729 */
1603 active = 1;
1604 linenum = 0; 1730 linenum = 0;
1605 while (fgets(line, sizeof(line), f)) { 1731 while (fgets(line, sizeof(line), f)) {
1606 /* Update line number counter. */ 1732 /* Update line number counter. */
1607 linenum++; 1733 linenum++;
1608 if (process_config_line(options, pw, host, original_host, 1734 if (process_config_line_depth(options, pw, host, original_host,
1609 line, filename, linenum, &active, flags) != 0) 1735 line, filename, linenum, activep, flags, depth) != 0)
1610 bad_options++; 1736 bad_options++;
1611 } 1737 }
1612 fclose(f); 1738 fclose(f);
@@ -1638,6 +1764,9 @@ initialize_options(Options * options)
1638 options->forward_x11 = -1; 1764 options->forward_x11 = -1;
1639 options->forward_x11_trusted = -1; 1765 options->forward_x11_trusted = -1;
1640 options->forward_x11_timeout = -1; 1766 options->forward_x11_timeout = -1;
1767 options->stdio_forward_host = NULL;
1768 options->stdio_forward_port = 0;
1769 options->clear_forwardings = -1;
1641 options->exit_on_forward_failure = -1; 1770 options->exit_on_forward_failure = -1;
1642 options->xauth_location = NULL; 1771 options->xauth_location = NULL;
1643 options->fwd_opts.gateway_ports = -1; 1772 options->fwd_opts.gateway_ports = -1;
@@ -1676,6 +1805,10 @@ initialize_options(Options * options)
1676 options->hostname = NULL; 1805 options->hostname = NULL;
1677 options->host_key_alias = NULL; 1806 options->host_key_alias = NULL;
1678 options->proxy_command = NULL; 1807 options->proxy_command = NULL;
1808 options->jump_user = NULL;
1809 options->jump_host = NULL;
1810 options->jump_port = -1;
1811 options->jump_extra = NULL;
1679 options->user = NULL; 1812 options->user = NULL;
1680 options->escape_char = -1; 1813 options->escape_char = -1;
1681 options->num_system_hostfiles = 0; 1814 options->num_system_hostfiles = 0;
@@ -1684,7 +1817,6 @@ initialize_options(Options * options)
1684 options->num_local_forwards = 0; 1817 options->num_local_forwards = 0;
1685 options->remote_forwards = NULL; 1818 options->remote_forwards = NULL;
1686 options->num_remote_forwards = 0; 1819 options->num_remote_forwards = 0;
1687 options->clear_forwardings = -1;
1688 options->log_level = SYSLOG_LEVEL_NOT_SET; 1820 options->log_level = SYSLOG_LEVEL_NOT_SET;
1689 options->preferred_authentications = NULL; 1821 options->preferred_authentications = NULL;
1690 options->bind_address = NULL; 1822 options->bind_address = NULL;
@@ -1709,6 +1841,7 @@ initialize_options(Options * options)
1709 options->local_command = NULL; 1841 options->local_command = NULL;
1710 options->permit_local_command = -1; 1842 options->permit_local_command = -1;
1711 options->add_keys_to_agent = -1; 1843 options->add_keys_to_agent = -1;
1844 options->identity_agent = NULL;
1712 options->visual_host_key = -1; 1845 options->visual_host_key = -1;
1713 options->ip_qos_interactive = -1; 1846 options->ip_qos_interactive = -1;
1714 options->ip_qos_bulk = -1; 1847 options->ip_qos_bulk = -1;
@@ -1757,8 +1890,19 @@ fill_default_options(Options * options)
1757 options->forward_x11_trusted = 0; 1890 options->forward_x11_trusted = 0;
1758 if (options->forward_x11_timeout == -1) 1891 if (options->forward_x11_timeout == -1)
1759 options->forward_x11_timeout = 1200; 1892 options->forward_x11_timeout = 1200;
1893 /*
1894 * stdio forwarding (-W) changes the default for these but we defer
1895 * setting the values so they can be overridden.
1896 */
1760 if (options->exit_on_forward_failure == -1) 1897 if (options->exit_on_forward_failure == -1)
1761 options->exit_on_forward_failure = 0; 1898 options->exit_on_forward_failure =
1899 options->stdio_forward_host != NULL ? 1 : 0;
1900 if (options->clear_forwardings == -1)
1901 options->clear_forwardings =
1902 options->stdio_forward_host != NULL ? 1 : 0;
1903 if (options->clear_forwardings == 1)
1904 clear_forwardings(options);
1905
1762 if (options->xauth_location == NULL) 1906 if (options->xauth_location == NULL)
1763 options->xauth_location = _PATH_XAUTH; 1907 options->xauth_location = _PATH_XAUTH;
1764 if (options->fwd_opts.gateway_ports == -1) 1908 if (options->fwd_opts.gateway_ports == -1)
@@ -1849,8 +1993,6 @@ fill_default_options(Options * options)
1849 } 1993 }
1850 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 1994 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1851 options->log_level = SYSLOG_LEVEL_INFO; 1995 options->log_level = SYSLOG_LEVEL_INFO;
1852 if (options->clear_forwardings == 1)
1853 clear_forwardings(options);
1854 if (options->no_host_authentication_for_localhost == - 1) 1996 if (options->no_host_authentication_for_localhost == - 1)
1855 options->no_host_authentication_for_localhost = 0; 1997 options->no_host_authentication_for_localhost = 0;
1856 if (options->identities_only == -1) 1998 if (options->identities_only == -1)
@@ -1923,6 +2065,7 @@ fill_default_options(Options * options)
1923 CLEAR_ON_NONE(options->proxy_command); 2065 CLEAR_ON_NONE(options->proxy_command);
1924 CLEAR_ON_NONE(options->control_path); 2066 CLEAR_ON_NONE(options->control_path);
1925 CLEAR_ON_NONE(options->revoked_host_keys); 2067 CLEAR_ON_NONE(options->revoked_host_keys);
2068 /* options->identity_agent distinguishes NULL from 'none' */
1926 /* options->user will be set in the main program if appropriate */ 2069 /* options->user will be set in the main program if appropriate */
1927 /* options->hostname will be set in the main program if appropriate */ 2070 /* options->hostname will be set in the main program if appropriate */
1928 /* options->host_key_alias should not be set by default */ 2071 /* options->host_key_alias should not be set by default */
@@ -2138,6 +2281,54 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo
2138 return (0); 2281 return (0);
2139} 2282}
2140 2283
2284int
2285parse_jump(const char *s, Options *o, int active)
2286{
2287 char *orig, *sdup, *cp;
2288 char *host = NULL, *user = NULL;
2289 int ret = -1, port = -1, first;
2290
2291 active &= o->proxy_command == NULL && o->jump_host == NULL;
2292
2293 orig = sdup = xstrdup(s);
2294 first = active;
2295 do {
2296 if ((cp = strrchr(sdup, ',')) == NULL)
2297 cp = sdup; /* last */
2298 else
2299 *cp++ = '\0';
2300
2301 if (first) {
2302 /* First argument and configuration is active */
2303 if (parse_user_host_port(cp, &user, &host, &port) != 0)
2304 goto out;
2305 } else {
2306 /* Subsequent argument or inactive configuration */
2307 if (parse_user_host_port(cp, NULL, NULL, NULL) != 0)
2308 goto out;
2309 }
2310 first = 0; /* only check syntax for subsequent hosts */
2311 } while (cp != sdup);
2312 /* success */
2313 if (active) {
2314 o->jump_user = user;
2315 o->jump_host = host;
2316 o->jump_port = port;
2317 o->proxy_command = xstrdup("none");
2318 user = host = NULL;
2319 if ((cp = strrchr(s, ',')) != NULL && cp != s) {
2320 o->jump_extra = xstrdup(s);
2321 o->jump_extra[cp - s] = '\0';
2322 }
2323 }
2324 ret = 0;
2325 out:
2326 free(orig);
2327 free(user);
2328 free(host);
2329 return ret;
2330}
2331
2141/* XXX the following is a near-vebatim copy from servconf.c; refactor */ 2332/* XXX the following is a near-vebatim copy from servconf.c; refactor */
2142static const char * 2333static const char *
2143fmt_multistate_int(int val, const struct multistate *m) 2334fmt_multistate_int(int val, const struct multistate *m)
@@ -2289,7 +2480,7 @@ void
2289dump_client_config(Options *o, const char *host) 2480dump_client_config(Options *o, const char *host)
2290{ 2481{
2291 int i; 2482 int i;
2292 char vbuf[5]; 2483 char buf[8];
2293 2484
2294 /* This is normally prepared in ssh_kex2 */ 2485 /* This is normally prepared in ssh_kex2 */
2295 if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) 2486 if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0)
@@ -2310,6 +2501,7 @@ dump_client_config(Options *o, const char *host)
2310 dump_cfg_fmtint(oCompression, o->compression); 2501 dump_cfg_fmtint(oCompression, o->compression);
2311 dump_cfg_fmtint(oControlMaster, o->control_master); 2502 dump_cfg_fmtint(oControlMaster, o->control_master);
2312 dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); 2503 dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
2504 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
2313 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); 2505 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
2314 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); 2506 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
2315 dump_cfg_fmtint(oForwardAgent, o->forward_agent); 2507 dump_cfg_fmtint(oForwardAgent, o->forward_agent);
@@ -2358,6 +2550,7 @@ dump_client_config(Options *o, const char *host)
2358 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); 2550 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
2359 dump_cfg_string(oHostKeyAlias, o->host_key_alias); 2551 dump_cfg_string(oHostKeyAlias, o->host_key_alias);
2360 dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); 2552 dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
2553 dump_cfg_string(oIdentityAgent, o->identity_agent);
2361 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2554 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2362 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2555 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
2363 dump_cfg_string(oLocalCommand, o->local_command); 2556 dump_cfg_string(oLocalCommand, o->local_command);
@@ -2365,7 +2558,6 @@ dump_client_config(Options *o, const char *host)
2365 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2558 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2366 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); 2559 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2367 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); 2560 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2368 dump_cfg_string(oProxyCommand, o->proxy_command);
2369 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2561 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2370 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); 2562 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
2371 dump_cfg_string(oXAuthLocation, o->xauth_location); 2563 dump_cfg_string(oXAuthLocation, o->xauth_location);
@@ -2426,8 +2618,8 @@ dump_client_config(Options *o, const char *host)
2426 if (o->escape_char == SSH_ESCAPECHAR_NONE) 2618 if (o->escape_char == SSH_ESCAPECHAR_NONE)
2427 printf("escapechar none\n"); 2619 printf("escapechar none\n");
2428 else { 2620 else {
2429 vis(vbuf, o->escape_char, VIS_WHITE, 0); 2621 vis(buf, o->escape_char, VIS_WHITE, 0);
2430 printf("escapechar %s\n", vbuf); 2622 printf("escapechar %s\n", buf);
2431 } 2623 }
2432 2624
2433 /* oIPQoS */ 2625 /* oIPQoS */
@@ -2441,4 +2633,30 @@ dump_client_config(Options *o, const char *host)
2441 /* oStreamLocalBindMask */ 2633 /* oStreamLocalBindMask */
2442 printf("streamlocalbindmask 0%o\n", 2634 printf("streamlocalbindmask 0%o\n",
2443 o->fwd_opts.streamlocal_bind_mask); 2635 o->fwd_opts.streamlocal_bind_mask);
2636
2637 /* oProxyCommand / oProxyJump */
2638 if (o->jump_host == NULL)
2639 dump_cfg_string(oProxyCommand, o->proxy_command);
2640 else {
2641 /* Check for numeric addresses */
2642 i = strchr(o->jump_host, ':') != NULL ||
2643 strspn(o->jump_host, "1234567890.") == strlen(o->jump_host);
2644 snprintf(buf, sizeof(buf), "%d", o->jump_port);
2645 printf("proxyjump %s%s%s%s%s%s%s%s%s\n",
2646 /* optional additional jump spec */
2647 o->jump_extra == NULL ? "" : o->jump_extra,
2648 o->jump_extra == NULL ? "" : ",",
2649 /* optional user */
2650 o->jump_user == NULL ? "" : o->jump_user,
2651 o->jump_user == NULL ? "" : "@",
2652 /* opening [ if hostname is numeric */
2653 i ? "[" : "",
2654 /* mandatory hostname */
2655 o->jump_host,
2656 /* closing ] if hostname is numeric */
2657 i ? "]" : "",
2658 /* optional port number */
2659 o->jump_port <= 0 ? "" : ":",
2660 o->jump_port <= 0 ? "" : buf);
2661 }
2444} 2662}
diff --git a/readconf.h b/readconf.h
index c84d068bd..cef55f71c 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */ 1/* $OpenBSD: readconf.h,v 1.117 2016/07/15 00:24:30 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -101,6 +101,7 @@ typedef struct {
101 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; 101 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
102 102
103 int add_keys_to_agent; 103 int add_keys_to_agent;
104 char *identity_agent; /* Optional path to ssh-agent socket */
104 105
105 /* Local TCP/IP forward requests. */ 106 /* Local TCP/IP forward requests. */
106 int num_local_forwards; 107 int num_local_forwards;
@@ -111,6 +112,10 @@ typedef struct {
111 struct Forward *remote_forwards; 112 struct Forward *remote_forwards;
112 int clear_forwardings; 113 int clear_forwardings;
113 114
115 /* stdio forwarding (-W) host and port */
116 char *stdio_forward_host;
117 int stdio_forward_port;
118
114 int enable_ssh_keysign; 119 int enable_ssh_keysign;
115 int64_t rekey_limit; 120 int64_t rekey_limit;
116 int rekey_interval; 121 int rekey_interval;
@@ -158,6 +163,11 @@ typedef struct {
158 char *hostbased_key_types; 163 char *hostbased_key_types;
159 char *pubkey_key_types; 164 char *pubkey_key_types;
160 165
166 char *jump_user;
167 char *jump_host;
168 int jump_port;
169 char *jump_extra;
170
161 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ 171 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
162} Options; 172} Options;
163 173
@@ -179,6 +189,7 @@ typedef struct {
179#define SSHCONF_CHECKPERM 1 /* check permissions on config file */ 189#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
180#define SSHCONF_USERCONF 2 /* user provided config file not system */ 190#define SSHCONF_USERCONF 2 /* user provided config file not system */
181#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ 191#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */
192#define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */
182 193
183#define SSH_UPDATE_HOSTKEYS_NO 0 194#define SSH_UPDATE_HOSTKEYS_NO 0
184#define SSH_UPDATE_HOSTKEYS_YES 1 195#define SSH_UPDATE_HOSTKEYS_YES 1
@@ -192,6 +203,7 @@ int process_config_line(Options *, struct passwd *, const char *,
192int read_config_file(const char *, struct passwd *, const char *, 203int read_config_file(const char *, struct passwd *, const char *,
193 const char *, Options *, int); 204 const char *, Options *, int);
194int parse_forward(struct Forward *, const char *, int, int); 205int parse_forward(struct Forward *, const char *, int, int);
206int parse_jump(const char *, Options *, int);
195int default_ssh_port(void); 207int default_ssh_port(void);
196int option_clear_or_none(const char *); 208int option_clear_or_none(const char *);
197void dump_client_config(Options *o, const char *host); 209void dump_client_config(Options *o, const char *host);
diff --git a/regress/.cvsignore b/regress/.cvsignore
deleted file mode 100644
index 3fd25b02e..000000000
--- a/regress/.cvsignore
+++ /dev/null
@@ -1,31 +0,0 @@
1*-agent
2*.copy
3*.log
4*.prv
5*.pub
6actual
7authorized_keys_*
8batch
9copy.dd*
10data
11expect
12host.rsa*
13key.*
14known_hosts
15krl-*
16modpipe
17remote_pid
18revoked-*
19revoked-ca
20revoked-keyid
21revoked-serials
22rsa
23rsa1
24sftp-server.sh
25ssh-log-wrapper.sh
26ssh_config
27ssh_proxy*
28sshd_config
29sshd_proxy*
30t*.out
31t*.out[0-9]
diff --git a/regress/Makefile b/regress/Makefile
index 451909c1a..08fd82dbf 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.82 2015/09/24 06:16:53 djm Exp $ 1# $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $
2 2
3REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec 3REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
4tests: prep $(REGRESS_TARGETS) 4tests: prep $(REGRESS_TARGETS)
@@ -54,6 +54,7 @@ LTESTS= connect \
54 multiplex \ 54 multiplex \
55 reexec \ 55 reexec \
56 brokenkeys \ 56 brokenkeys \
57 sshcfgparse \
57 cfgparse \ 58 cfgparse \
58 cfgmatch \ 59 cfgmatch \
59 addrmatch \ 60 addrmatch \
@@ -75,7 +76,8 @@ LTESTS= connect \
75 keygen-knownhosts \ 76 keygen-knownhosts \
76 hostkey-rotate \ 77 hostkey-rotate \
77 principals-command \ 78 principals-command \
78 cert-file 79 cert-file \
80 cfginclude
79 81
80 82
81# dhgex \ 83# dhgex \
@@ -86,27 +88,28 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
86#LTESTS= cipher-speed 88#LTESTS= cipher-speed
87 89
88USER!= id -un 90USER!= id -un
89CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ 91CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \
90 t8.out t8.out.pub t9.out t9.out.pub t10.out t10.out.pub \ 92 authorized_keys_${USER}.* authorized_principals_${USER} \
91 t12.out t12.out.pub \ 93 banner.in banner.out cert_host_key* cert_user_key* \
92 authorized_keys_${USER} known_hosts pidfile testdata \ 94 copy.1 copy.2 data ed25519-agent ed25519-agent* \
93 ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ 95 ed25519-agent.pub empty.in expect failed-regress.log \
94 rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ 96 failed-ssh.log failed-sshd.log hkr.* host.rsa host.rsa1 \
95 rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ 97 host_* host_ca_key* host_krl_* host_revoked_* key.* \
96 ls.copy banner.in banner.out empty.in \ 98 key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \
97 scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ 99 key.rsa-* keys-command-args kh.* known_hosts \
98 sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ 100 known_hosts-cert known_hosts.* krl-* ls.copy modpipe \
99 known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \ 101 netcat pidfile putty.rsa2 ready regress.log remote_pid \
100 putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ 102 revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa1 \
101 key.rsa-* key.dsa-* key.ecdsa-* \ 103 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
102 authorized_principals_${USER} expect actual ready \ 104 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
103 sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ 105 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
104 ssh.log failed-ssh.log sshd.log failed-sshd.log \ 106 sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
105 regress.log failed-regress.log ssh-log-wrapper.sh \ 107 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
106 sftp-server.sh sftp-server.log sftp.log setuid-allowed \ 108 ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \
107 data ed25519-agent ed25519-agent.pub key.ed25519-512 \ 109 sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \
108 key.ed25519-512.pub netcat host_krl_* host_revoked_* \ 110 t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \
109 kh.* user_*key* agent-key.* known_hosts.* hkr.* 111 t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \
112 t9.out t9.out.pub testdata user_*key* user_ca* user_key*
110 113
111SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} 114SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}
112 115
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index d5ae2d6e2..24b71f458 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
@@ -13,10 +13,16 @@ else
13 echo "skipped (not supported on this platform)" 13 echo "skipped (not supported on this platform)"
14 exit 0 14 exit 0
15fi 15fi
16if [ -z "$SUDO" ]; then 16case "x$SUDO" in
17 echo "skipped: need SUDO to switch to uid $UNPRIV" 17 xsudo) sudo=1;;
18 exit 0 18 xdoas) ;;
19fi 19 x)
20 echo "need SUDO to switch to uid $UNPRIV"
21 exit 0 ;;
22 *)
23 echo "unsupported $SUDO - "doas" and "sudo" are allowed"
24 exit 0 ;;
25esac
20 26
21trace "start agent" 27trace "start agent"
22eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null 28eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
@@ -31,8 +37,13 @@ else
31 if [ $r -ne 1 ]; then 37 if [ $r -ne 1 ]; then
32 fail "ssh-add failed with $r != 1" 38 fail "ssh-add failed with $r != 1"
33 fi 39 fi
34 40 if test -z "$sudo" ; then
35 < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null 41 # doas
42 ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null
43 else
44 # sudo
45 < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null
46 fi
36 r=$? 47 r=$?
37 if [ $r -lt 2 ]; then 48 if [ $r -lt 2 ]; then
38 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 49 fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 3f53922c8..62261cf8b 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-hostkey.sh,v 1.13 2015/07/10 06:23:25 markus Exp $ 1# $OpenBSD: cert-hostkey.sh,v 1.14 2016/05/02 09:52:00 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified host keys" 4tid="certified host keys"
@@ -30,34 +30,51 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
30 30
31HOSTS='localhost-with-alias,127.0.0.1,::1' 31HOSTS='localhost-with-alias,127.0.0.1,::1'
32 32
33# Create a CA key and add it to known hosts. Ed25519 chosed for speed. 33kh_ca() {
34 for k in "$@" ; do
35 printf "@cert-authority $HOSTS "
36 cat $OBJ/$k || fatal "couldn't cat $k"
37 done
38}
39kh_revoke() {
40 for k in "$@" ; do
41 printf "@revoked * "
42 cat $OBJ/$k || fatal "couldn't cat $k"
43 done
44}
45
46# Create a CA key and add it to known hosts. Ed25519 chosen for speed.
47# RSA for testing RSA/SHA2 signatures.
34${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\ 48${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\
35 fail "ssh-keygen of host_ca_key failed" 49 fail "ssh-keygen of host_ca_key failed"
36( 50${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key2 ||\
37 printf '@cert-authority ' 51 fail "ssh-keygen of host_ca_key failed"
38 printf "$HOSTS " 52
39 cat $OBJ/host_ca_key.pub 53kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
40) > $OBJ/known_hosts-cert.orig
41cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 54cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
42 55
43# Plain text revocation files 56# Plain text revocation files
44touch $OBJ/host_revoked_empty 57touch $OBJ/host_revoked_empty
45touch $OBJ/host_revoked_plain 58touch $OBJ/host_revoked_plain
46touch $OBJ/host_revoked_cert 59touch $OBJ/host_revoked_cert
47cp $OBJ/host_ca_key.pub $OBJ/host_revoked_ca 60cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
48 61
49PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` 62PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
50 63
64if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
65 PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
66fi
67
51# Prepare certificate, plain key and CA KRLs 68# Prepare certificate, plain key and CA KRLs
52${SSHKEYGEN} -kf $OBJ/host_krl_empty || fatal "KRL init failed" 69${SSHKEYGEN} -kf $OBJ/host_krl_empty || fatal "KRL init failed"
53${SSHKEYGEN} -kf $OBJ/host_krl_plain || fatal "KRL init failed" 70${SSHKEYGEN} -kf $OBJ/host_krl_plain || fatal "KRL init failed"
54${SSHKEYGEN} -kf $OBJ/host_krl_cert || fatal "KRL init failed" 71${SSHKEYGEN} -kf $OBJ/host_krl_cert || fatal "KRL init failed"
55${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub \ 72${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub \
56 || fatal "KRL init failed" 73 || fatal "KRL init failed"
57 74
58# Generate and sign host keys 75# Generate and sign host keys
59serial=1 76serial=1
60for ktype in $PLAIN_TYPES ; do 77for ktype in $PLAIN_TYPES ; do
61 verbose "$tid: sign host ${ktype} cert" 78 verbose "$tid: sign host ${ktype} cert"
62 # Generate and sign a host key 79 # Generate and sign a host key
63 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 80 ${SSHKEYGEN} -q -N '' -t ${ktype} \
@@ -66,7 +83,11 @@ for ktype in $PLAIN_TYPES ; do
66 ${SSHKEYGEN} -ukf $OBJ/host_krl_plain \ 83 ${SSHKEYGEN} -ukf $OBJ/host_krl_plain \
67 $OBJ/cert_host_key_${ktype}.pub || fatal "KRL update failed" 84 $OBJ/cert_host_key_${ktype}.pub || fatal "KRL update failed"
68 cat $OBJ/cert_host_key_${ktype}.pub >> $OBJ/host_revoked_plain 85 cat $OBJ/cert_host_key_${ktype}.pub >> $OBJ/host_revoked_plain
69 ${SSHKEYGEN} -h -q -s $OBJ/host_ca_key -z $serial \ 86 case $ktype in
87 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
88 *) tflag=""; ca="$OBJ/host_ca_key" ;;
89 esac
90 ${SSHKEYGEN} -h -q -s $ca -z $serial $tflag \
70 -I "regress host key for $USER" \ 91 -I "regress host key for $USER" \
71 -n $HOSTS $OBJ/cert_host_key_${ktype} || 92 -n $HOSTS $OBJ/cert_host_key_${ktype} ||
72 fatal "couldn't sign cert_host_key_${ktype}" 93 fatal "couldn't sign cert_host_key_${ktype}"
@@ -100,7 +121,7 @@ attempt_connect() {
100 121
101# Basic connect and revocation tests. 122# Basic connect and revocation tests.
102for privsep in yes no ; do 123for privsep in yes no ; do
103 for ktype in $PLAIN_TYPES ; do 124 for ktype in $PLAIN_TYPES ; do
104 verbose "$tid: host ${ktype} cert connect privsep $privsep" 125 verbose "$tid: host ${ktype} cert connect privsep $privsep"
105 ( 126 (
106 cat $OBJ/sshd_proxy_bak 127 cat $OBJ/sshd_proxy_bak
@@ -131,18 +152,14 @@ for privsep in yes no ; do
131done 152done
132 153
133# Revoked certificates with key present 154# Revoked certificates with key present
134( 155kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
135 printf '@cert-authority ' 156for ktype in $PLAIN_TYPES ; do
136 printf "$HOSTS " 157 test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey"
137 cat $OBJ/host_ca_key.pub 158 kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
138 for ktype in $PLAIN_TYPES ; do 159done
139 test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey"
140 printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n"
141 done
142) > $OBJ/known_hosts-cert.orig
143cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 160cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
144for privsep in yes no ; do 161for privsep in yes no ; do
145 for ktype in $PLAIN_TYPES ; do 162 for ktype in $PLAIN_TYPES ; do
146 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 163 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
147 ( 164 (
148 cat $OBJ/sshd_proxy_bak 165 cat $OBJ/sshd_proxy_bak
@@ -162,16 +179,10 @@ for privsep in yes no ; do
162done 179done
163 180
164# Revoked CA 181# Revoked CA
165( 182kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
166 printf '@cert-authority ' 183kh_revoke host_ca_key.pub host_ca_key2.pub >> $OBJ/known_hosts-cert.orig
167 printf "$HOSTS "
168 cat $OBJ/host_ca_key.pub
169 printf '@revoked '
170 printf "* "
171 cat $OBJ/host_ca_key.pub
172) > $OBJ/known_hosts-cert.orig
173cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 184cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
174for ktype in $PLAIN_TYPES ; do 185for ktype in $PLAIN_TYPES ; do
175 verbose "$tid: host ${ktype} revoked cert" 186 verbose "$tid: host ${ktype} revoked cert"
176 ( 187 (
177 cat $OBJ/sshd_proxy_bak 188 cat $OBJ/sshd_proxy_bak
@@ -188,11 +199,7 @@ for ktype in $PLAIN_TYPES ; do
188done 199done
189 200
190# Create a CA key and add it to known hosts 201# Create a CA key and add it to known hosts
191( 202kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
192 printf '@cert-authority '
193 printf "$HOSTS "
194 cat $OBJ/host_ca_key.pub
195) > $OBJ/known_hosts-cert.orig
196cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 203cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
197 204
198test_one() { 205test_one() {
@@ -201,16 +208,19 @@ test_one() {
201 sign_opts=$3 208 sign_opts=$3
202 209
203 for kt in rsa ed25519 ; do 210 for kt in rsa ed25519 ; do
204 ${SSHKEYGEN} -q -s $OBJ/host_ca_key \ 211 case $ktype in
205 -I "regress host key for $USER" \ 212 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
213 *) tflag=""; ca="$OBJ/host_ca_key" ;;
214 esac
215 ${SSHKEYGEN} -q -s $ca $tflag -I "regress host key for $USER" \
206 $sign_opts $OBJ/cert_host_key_${kt} || 216 $sign_opts $OBJ/cert_host_key_${kt} ||
207 fail "couldn't sign cert_host_key_${kt}" 217 fatal "couldn't sign cert_host_key_${kt}"
208 ( 218 (
209 cat $OBJ/sshd_proxy_bak 219 cat $OBJ/sshd_proxy_bak
210 echo HostKey $OBJ/cert_host_key_${kt} 220 echo HostKey $OBJ/cert_host_key_${kt}
211 echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub 221 echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub
212 ) > $OBJ/sshd_proxy 222 ) > $OBJ/sshd_proxy
213 223
214 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 224 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
215 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 225 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
216 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 226 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
@@ -237,17 +247,20 @@ test_one "cert valid interval" success "-h -V-1w:+2w"
237test_one "cert has constraints" failure "-h -Oforce-command=false" 247test_one "cert has constraints" failure "-h -Oforce-command=false"
238 248
239# Check downgrade of cert to raw key when no CA found 249# Check downgrade of cert to raw key when no CA found
240for ktype in $PLAIN_TYPES ; do 250for ktype in $PLAIN_TYPES ; do
241 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* 251 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
242 verbose "$tid: host ${ktype} ${v} cert downgrade to raw key" 252 verbose "$tid: host ${ktype} ${v} cert downgrade to raw key"
243 # Generate and sign a host key 253 # Generate and sign a host key
244 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 254 ${SSHKEYGEN} -q -N '' -t ${ktype} -f $OBJ/cert_host_key_${ktype} || \
245 -f $OBJ/cert_host_key_${ktype} || \
246 fail "ssh-keygen of cert_host_key_${ktype} failed" 255 fail "ssh-keygen of cert_host_key_${ktype} failed"
247 ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ 256 case $ktype in
257 rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
258 *) tflag=""; ca="$OBJ/host_ca_key" ;;
259 esac
260 ${SSHKEYGEN} -h -q $tflag -s $ca $tflag \
248 -I "regress host key for $USER" \ 261 -I "regress host key for $USER" \
249 -n $HOSTS $OBJ/cert_host_key_${ktype} || 262 -n $HOSTS $OBJ/cert_host_key_${ktype} ||
250 fail "couldn't sign cert_host_key_${ktype}" 263 fatal "couldn't sign cert_host_key_${ktype}"
251 ( 264 (
252 printf "$HOSTS " 265 printf "$HOSTS "
253 cat $OBJ/cert_host_key_${ktype}.pub 266 cat $OBJ/cert_host_key_${ktype}.pub
@@ -257,7 +270,7 @@ for ktype in $PLAIN_TYPES ; do
257 echo HostKey $OBJ/cert_host_key_${ktype} 270 echo HostKey $OBJ/cert_host_key_${ktype}
258 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub 271 echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
259 ) > $OBJ/sshd_proxy 272 ) > $OBJ/sshd_proxy
260 273
261 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ 274 ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
262 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ 275 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
263 -F $OBJ/ssh_proxy somehost true 276 -F $OBJ/ssh_proxy somehost true
@@ -267,23 +280,22 @@ for ktype in $PLAIN_TYPES ; do
267done 280done
268 281
269# Wrong certificate 282# Wrong certificate
270( 283kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
271 printf '@cert-authority '
272 printf "$HOSTS "
273 cat $OBJ/host_ca_key.pub
274) > $OBJ/known_hosts-cert.orig
275cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 284cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
276for kt in $PLAIN_TYPES ; do 285for kt in $PLAIN_TYPES ; do
286 verbose "$tid: host ${kt} connect wrong cert"
277 rm -f $OBJ/cert_host_key* 287 rm -f $OBJ/cert_host_key*
278 # Self-sign key 288 # Self-sign key
279 ${SSHKEYGEN} -q -N '' -t ${kt} \ 289 ${SSHKEYGEN} -q -N '' -t ${kt} -f $OBJ/cert_host_key_${kt} || \
280 -f $OBJ/cert_host_key_${kt} || \
281 fail "ssh-keygen of cert_host_key_${kt} failed" 290 fail "ssh-keygen of cert_host_key_${kt} failed"
282 ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/cert_host_key_${kt} \ 291 case $kt in
292 rsa-sha2-*) tflag="-t $kt" ;;
293 *) tflag="" ;;
294 esac
295 ${SSHKEYGEN} $tflag -h -q -s $OBJ/cert_host_key_${kt} \
283 -I "regress host key for $USER" \ 296 -I "regress host key for $USER" \
284 -n $HOSTS $OBJ/cert_host_key_${kt} || 297 -n $HOSTS $OBJ/cert_host_key_${kt} ||
285 fail "couldn't sign cert_host_key_${kt}" 298 fatal "couldn't sign cert_host_key_${kt}"
286 verbose "$tid: host ${kt} connect wrong cert"
287 ( 299 (
288 cat $OBJ/sshd_proxy_bak 300 cat $OBJ/sshd_proxy_bak
289 echo HostKey $OBJ/cert_host_key_${kt} 301 echo HostKey $OBJ/cert_host_key_${kt}
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index c38c00a02..319746395 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-userkey.sh,v 1.14 2015/07/10 06:23:25 markus Exp $ 1# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified user keys" 4tid="certified user keys"
@@ -9,8 +9,16 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
9 9
10PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` 10PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
11 11
12if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
13 PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
14fi
15
12kname() { 16kname() {
13 n=`echo "$1" | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/'` 17 case $ktype in
18 rsa-sha2-*) ;;
19 # subshell because some seds will add a newline
20 *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
21 esac
14 echo "$n*,ssh-rsa*,ssh-ed25519*" 22 echo "$n*,ssh-rsa*,ssh-ed25519*"
15} 23}
16 24
@@ -19,18 +27,24 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\
19 fail "ssh-keygen of user_ca_key failed" 27 fail "ssh-keygen of user_ca_key failed"
20 28
21# Generate and sign user keys 29# Generate and sign user keys
22for ktype in $PLAIN_TYPES ; do 30for ktype in $PLAIN_TYPES $EXTRA_TYPES ; do
23 verbose "$tid: sign user ${ktype} cert" 31 verbose "$tid: sign user ${ktype} cert"
24 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 32 ${SSHKEYGEN} -q -N '' -t ${ktype} \
25 -f $OBJ/cert_user_key_${ktype} || \ 33 -f $OBJ/cert_user_key_${ktype} || \
26 fail "ssh-keygen of cert_user_key_${ktype} failed" 34 fatal "ssh-keygen of cert_user_key_${ktype} failed"
27 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ 35 # Generate RSA/SHA2 certs for rsa-sha2* keys.
28 -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || 36 case $ktype in
29 fail "couldn't sign cert_user_key_${ktype}" 37 rsa-sha2-*) tflag="-t $ktype" ;;
38 *) tflag="" ;;
39 esac
40 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -z $$ \
41 -I "regress user key for $USER" \
42 -n ${USER},mekmitasdigoat $tflag $OBJ/cert_user_key_${ktype} || \
43 fatal "couldn't sign cert_user_key_${ktype}"
30done 44done
31 45
32# Test explicitly-specified principals 46# Test explicitly-specified principals
33for ktype in $PLAIN_TYPES ; do 47for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
34 t=$(kname $ktype) 48 t=$(kname $ktype)
35 for privsep in yes no ; do 49 for privsep in yes no ; do
36 _prefix="${ktype} privsep $privsep" 50 _prefix="${ktype} privsep $privsep"
@@ -67,7 +81,7 @@ for ktype in $PLAIN_TYPES ; do
67 if [ $? -eq 0 ]; then 81 if [ $? -eq 0 ]; then
68 fail "ssh cert connect succeeded unexpectedly" 82 fail "ssh cert connect succeeded unexpectedly"
69 fi 83 fi
70 84
71 # Wrong authorized_principals 85 # Wrong authorized_principals
72 verbose "$tid: ${_prefix} wrong authorized_principals" 86 verbose "$tid: ${_prefix} wrong authorized_principals"
73 echo gregorsamsa > $OBJ/authorized_principals_$USER 87 echo gregorsamsa > $OBJ/authorized_principals_$USER
@@ -166,8 +180,8 @@ basic_tests() {
166 echo > $OBJ/authorized_keys_$USER 180 echo > $OBJ/authorized_keys_$USER
167 extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" 181 extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub"
168 fi 182 fi
169 183
170 for ktype in $PLAIN_TYPES ; do 184 for ktype in $PLAIN_TYPES ; do
171 t=$(kname $ktype) 185 t=$(kname $ktype)
172 for privsep in yes no ; do 186 for privsep in yes no ; do
173 _prefix="${ktype} privsep $privsep $auth" 187 _prefix="${ktype} privsep $privsep $auth"
@@ -183,7 +197,7 @@ basic_tests() {
183 cat $OBJ/ssh_proxy_bak 197 cat $OBJ/ssh_proxy_bak
184 echo "PubkeyAcceptedKeyTypes ${t}" 198 echo "PubkeyAcceptedKeyTypes ${t}"
185 ) > $OBJ/ssh_proxy 199 ) > $OBJ/ssh_proxy
186 200
187 ${SSH} -2i $OBJ/cert_user_key_${ktype} \ 201 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
188 -F $OBJ/ssh_proxy somehost true 202 -F $OBJ/ssh_proxy somehost true
189 if [ $? -ne 0 ]; then 203 if [ $? -ne 0 ]; then
@@ -223,7 +237,7 @@ basic_tests() {
223 fail "ssh cert connect failed" 237 fail "ssh cert connect failed"
224 fi 238 fi
225 done 239 done
226 240
227 # Revoked CA 241 # Revoked CA
228 verbose "$tid: ${ktype} $auth revoked CA key" 242 verbose "$tid: ${ktype} $auth revoked CA key"
229 ( 243 (
@@ -238,7 +252,7 @@ basic_tests() {
238 fail "ssh cert connect succeeded unexpecedly" 252 fail "ssh cert connect succeeded unexpecedly"
239 fi 253 fi
240 done 254 done
241 255
242 verbose "$tid: $auth CA does not authenticate" 256 verbose "$tid: $auth CA does not authenticate"
243 ( 257 (
244 cat $OBJ/sshd_proxy_bak 258 cat $OBJ/sshd_proxy_bak
@@ -286,7 +300,7 @@ test_one() {
286 echo $auth_opt >> $OBJ/sshd_proxy 300 echo $auth_opt >> $OBJ/sshd_proxy
287 fi 301 fi
288 fi 302 fi
289 303
290 verbose "$tid: $ident auth $auth expect $result $ktype" 304 verbose "$tid: $ident auth $auth expect $result $ktype"
291 ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ 305 ${SSHKEYGEN} -q -s $OBJ/user_ca_key \
292 -I "regress user key for $USER" \ 306 -I "regress user key for $USER" \
@@ -342,13 +356,13 @@ test_one "principals key option no principals" failure "" \
342 356
343# Wrong certificate 357# Wrong certificate
344cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy 358cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
345for ktype in $PLAIN_TYPES ; do 359for ktype in $PLAIN_TYPES ; do
346 t=$(kname $ktype) 360 t=$(kname $ktype)
347 # Self-sign 361 # Self-sign
348 ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \ 362 ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \
349 "regress user key for $USER" \ 363 "regress user key for $USER" \
350 -n $USER $OBJ/cert_user_key_${ktype} || 364 -n $USER $OBJ/cert_user_key_${ktype} ||
351 fail "couldn't sign cert_user_key_${ktype}" 365 fatal "couldn't sign cert_user_key_${ktype}"
352 verbose "$tid: user ${ktype} connect wrong cert" 366 verbose "$tid: user ${ktype} connect wrong cert"
353 ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ 367 ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
354 somehost true >/dev/null 2>&1 368 somehost true >/dev/null 2>&1
diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh
new file mode 100644
index 000000000..2fc39ce45
--- /dev/null
+++ b/regress/cfginclude.sh
@@ -0,0 +1,293 @@
1# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $
2# Placed in the Public Domain.
3
4tid="config include"
5
6# to appease StrictModes
7umask 022
8
9cat > $OBJ/ssh_config.i << _EOF
10Match host a
11 Hostname aa
12
13Match host b
14 Hostname bb
15 Include $OBJ/ssh_config.i.*
16
17Match host c
18 Include $OBJ/ssh_config.i.*
19 Hostname cc
20
21Match host m
22 Include $OBJ/ssh_config.i.*
23
24Host d
25 Hostname dd
26
27Host e
28 Hostname ee
29 Include $OBJ/ssh_config.i.*
30
31Host f
32 Include $OBJ/ssh_config.i.*
33 Hostname ff
34
35Host n
36 Include $OBJ/ssh_config.i.*
37_EOF
38
39cat > $OBJ/ssh_config.i.0 << _EOF
40Match host xxxxxx
41_EOF
42
43cat > $OBJ/ssh_config.i.1 << _EOF
44Match host a
45 Hostname aaa
46
47Match host b
48 Hostname bbb
49
50Match host c
51 Hostname ccc
52
53Host d
54 Hostname ddd
55
56Host e
57 Hostname eee
58
59Host f
60 Hostname fff
61_EOF
62
63cat > $OBJ/ssh_config.i.2 << _EOF
64Match host a
65 Hostname aaaa
66
67Match host b
68 Hostname bbbb
69
70Match host c
71 Hostname cccc
72
73Host d
74 Hostname dddd
75
76Host e
77 Hostname eeee
78
79Host f
80 Hostname ffff
81
82Match all
83 Hostname xxxx
84_EOF
85
86trial() {
87 _host="$1"
88 _exp="$2"
89 ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out ||
90 fatal "ssh config parse failed"
91 _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'`
92 if test "x$_exp" != "x$_got" ; then
93 fail "host $_host include fail: expected $_exp got $_got"
94 fi
95}
96
97trial a aa
98trial b bb
99trial c ccc
100trial d dd
101trial e ee
102trial f fff
103trial m xxxx
104trial n xxxx
105trial x x
106
107# Prepare an included config with an error.
108
109cat > $OBJ/ssh_config.i.3 << _EOF
110Hostname xxxx
111 Junk
112_EOF
113
114${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
115 fail "ssh include allowed invalid config"
116
117${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
118 fail "ssh include allowed invalid config"
119
120rm -f $OBJ/ssh_config.i.*
121
122# Ensure that a missing include is not fatal.
123cat > $OBJ/ssh_config.i << _EOF
124Include $OBJ/ssh_config.i.*
125Hostname aa
126_EOF
127
128trial a aa
129
130# Ensure that Match/Host in an included config does not affect parent.
131cat > $OBJ/ssh_config.i.x << _EOF
132Match host x
133_EOF
134
135trial a aa
136
137cat > $OBJ/ssh_config.i.x << _EOF
138Host x
139_EOF
140
141trial a aa
142
143# cleanup
144rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
145# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $
146# Placed in the Public Domain.
147
148tid="config include"
149
150cat > $OBJ/ssh_config.i << _EOF
151Match host a
152 Hostname aa
153
154Match host b
155 Hostname bb
156 Include $OBJ/ssh_config.i.*
157
158Match host c
159 Include $OBJ/ssh_config.i.*
160 Hostname cc
161
162Match host m
163 Include $OBJ/ssh_config.i.*
164
165Host d
166 Hostname dd
167
168Host e
169 Hostname ee
170 Include $OBJ/ssh_config.i.*
171
172Host f
173 Include $OBJ/ssh_config.i.*
174 Hostname ff
175
176Host n
177 Include $OBJ/ssh_config.i.*
178_EOF
179
180cat > $OBJ/ssh_config.i.0 << _EOF
181Match host xxxxxx
182_EOF
183
184cat > $OBJ/ssh_config.i.1 << _EOF
185Match host a
186 Hostname aaa
187
188Match host b
189 Hostname bbb
190
191Match host c
192 Hostname ccc
193
194Host d
195 Hostname ddd
196
197Host e
198 Hostname eee
199
200Host f
201 Hostname fff
202_EOF
203
204cat > $OBJ/ssh_config.i.2 << _EOF
205Match host a
206 Hostname aaaa
207
208Match host b
209 Hostname bbbb
210
211Match host c
212 Hostname cccc
213
214Host d
215 Hostname dddd
216
217Host e
218 Hostname eeee
219
220Host f
221 Hostname ffff
222
223Match all
224 Hostname xxxx
225_EOF
226
227trial() {
228 _host="$1"
229 _exp="$2"
230 ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out ||
231 fatal "ssh config parse failed"
232 _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'`
233 if test "x$_exp" != "x$_got" ; then
234 fail "host $_host include fail: expected $_exp got $_got"
235 fi
236}
237
238trial a aa
239trial b bb
240trial c ccc
241trial d dd
242trial e ee
243trial f fff
244trial m xxxx
245trial n xxxx
246trial x x
247
248# Prepare an included config with an error.
249
250cat > $OBJ/ssh_config.i.3 << _EOF
251Hostname xxxx
252 Junk
253_EOF
254
255${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
256 fail "ssh include allowed invalid config"
257
258${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \
259 fail "ssh include allowed invalid config"
260
261rm -f $OBJ/ssh_config.i.*
262
263# Ensure that a missing include is not fatal.
264cat > $OBJ/ssh_config.i << _EOF
265Include $OBJ/ssh_config.i.*
266Hostname aa
267_EOF
268
269trial a aa
270
271# Ensure that Match/Host in an included config does not affect parent.
272cat > $OBJ/ssh_config.i.x << _EOF
273Match host x
274_EOF
275
276trial a aa
277
278cat > $OBJ/ssh_config.i.x << _EOF
279Host x
280_EOF
281
282trial a aa
283
284# Ensure that recursive includes are bounded.
285cat > $OBJ/ssh_config.i << _EOF
286Include $OBJ/ssh_config.i
287_EOF
288
289${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \
290 fail "ssh include allowed infinite recursion?" # or hang...
291
292# cleanup
293rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh
index 736f38976..ccf511f6b 100644
--- a/regress/cfgparse.sh
+++ b/regress/cfgparse.sh
@@ -1,7 +1,7 @@
1# $OpenBSD: cfgparse.sh,v 1.5 2015/05/29 03:05:13 djm Exp $ 1# $OpenBSD: cfgparse.sh,v 1.6 2016/06/03 03:47:59 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="config parse" 4tid="sshd config parse"
5 5
6# This is a reasonable proxy for IPv6 support. 6# This is a reasonable proxy for IPv6 support.
7if ! config_defined HAVE_STRUCT_IN6_ADDR ; then 7if ! config_defined HAVE_STRUCT_IN6_ADDR ; then
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh
index 9a51f5690..ea739f614 100644
--- a/regress/connect-privsep.sh
+++ b/regress/connect-privsep.sh
@@ -26,7 +26,12 @@ done
26 26
27# Because sandbox is sensitive to changes in libc, especially malloc, retest 27# Because sandbox is sensitive to changes in libc, especially malloc, retest
28# with every malloc.conf option (and none). 28# with every malloc.conf option (and none).
29for m in '' A F G H J P R S X '<' '>'; do 29if [ -z "TEST_MALLOC_OPTIONS" ]; then
30 mopts="A F G H J P R S X < >"
31else
32 mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'`
33fi
34for m in '' $mopts ; do
30 for p in ${SSH_PROTOCOLS}; do 35 for p in ${SSH_PROTOCOLS}; do
31 env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 36 env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
32 if [ $? -ne 0 ]; then 37 if [ $? -ne 0 ]; then
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index fb4f35aff..2539db9b7 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: forwarding.sh,v 1.15 2015/03/03 22:35:19 markus Exp $ 1# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="local and remote forwarding" 4tid="local and remote forwarding"
@@ -59,7 +59,7 @@ for d in L R; do
59 -$d ${base}01:127.0.0.1:$PORT \ 59 -$d ${base}01:127.0.0.1:$PORT \
60 -$d ${base}02:127.0.0.1:$PORT \ 60 -$d ${base}02:127.0.0.1:$PORT \
61 -$d ${base}03:127.0.0.1:$PORT \ 61 -$d ${base}03:127.0.0.1:$PORT \
62 -$d ${base}01:127.0.0.1:$PORT \ 62 -$d ${base}01:localhost:$PORT \
63 -$d ${base}04:127.0.0.1:$PORT \ 63 -$d ${base}04:127.0.0.1:$PORT \
64 -oExitOnForwardFailure=yes somehost true 64 -oExitOnForwardFailure=yes somehost true
65 r=$? 65 r=$?
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 1d4976771..bfadc6b48 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: integrity.sh,v 1.16 2015/03/24 20:22:17 markus Exp $ 1# $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
@@ -54,7 +54,7 @@ for m in $macs; do
54 fail "ssh -m $m succeeds with bit-flip at $off" 54 fail "ssh -m $m succeeds with bit-flip at $off"
55 fi 55 fi
56 ecnt=`expr $ecnt + 1` 56 ecnt=`expr $ecnt + 1`
57 out=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ 57 out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \
58 tr -s '\r\n' '.') 58 tr -s '\r\n' '.')
59 case "$out" in 59 case "$out" in
60 Bad?packet*) elen=`expr $elen + 1`; skip=3;; 60 Bad?packet*) elen=`expr $elen + 1`; skip=3;;
diff --git a/regress/misc/Makefile b/regress/misc/Makefile
new file mode 100644
index 000000000..14c0c279f
--- /dev/null
+++ b/regress/misc/Makefile
@@ -0,0 +1,3 @@
1SUBDIR= kexfuzz
2
3.include <bsd.subdir.mk>
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
new file mode 100644
index 000000000..3018b632f
--- /dev/null
+++ b/regress/misc/kexfuzz/Makefile
@@ -0,0 +1,78 @@
1# $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $
2
3.include <bsd.own.mk>
4.include <bsd.obj.mk>
5
6# XXX detect from ssh binary?
7SSH1?= no
8OPENSSL?= yes
9
10PROG= kexfuzz
11SRCS= kexfuzz.c
12NOMAN= 1
13
14.if (${OPENSSL:L} == "yes")
15CFLAGS+= -DWITH_OPENSSL
16.else
17# SSH v.1 requires OpenSSL.
18SSH1= no
19.endif
20
21.if (${SSH1:L} == "yes")
22CFLAGS+= -DWITH_SSH1
23.endif
24
25# enable warnings
26WARNINGS=Yes
27
28DEBUG=-g
29CFLAGS+= -fstack-protector-all
30CDIAGFLAGS= -Wall
31CDIAGFLAGS+= -Wextra
32CDIAGFLAGS+= -Werror
33CDIAGFLAGS+= -Wchar-subscripts
34CDIAGFLAGS+= -Wcomment
35CDIAGFLAGS+= -Wformat
36CDIAGFLAGS+= -Wformat-security
37CDIAGFLAGS+= -Wimplicit
38CDIAGFLAGS+= -Winline
39CDIAGFLAGS+= -Wmissing-declarations
40CDIAGFLAGS+= -Wmissing-prototypes
41CDIAGFLAGS+= -Wparentheses
42CDIAGFLAGS+= -Wpointer-arith
43CDIAGFLAGS+= -Wreturn-type
44CDIAGFLAGS+= -Wshadow
45CDIAGFLAGS+= -Wsign-compare
46CDIAGFLAGS+= -Wstrict-aliasing
47CDIAGFLAGS+= -Wstrict-prototypes
48CDIAGFLAGS+= -Wswitch
49CDIAGFLAGS+= -Wtrigraphs
50CDIAGFLAGS+= -Wuninitialized
51CDIAGFLAGS+= -Wunused
52.if ${COMPILER_VERSION} == "gcc4"
53CDIAGFLAGS+= -Wpointer-sign
54CDIAGFLAGS+= -Wold-style-definition
55.endif
56
57SSHREL=../../../../../usr.bin/ssh
58
59CFLAGS+=-I${.CURDIR}/${SSHREL}
60
61.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir})
62LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh
63DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a
64.else
65LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh
66DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a
67.endif
68
69LDADD+= -lutil -lz
70DPADD+= ${LIBUTIL} ${LIBZ}
71
72.if (${OPENSSL:L} == "yes")
73LDADD+= -lcrypto
74DPADD+= ${LIBCRYPTO}
75.endif
76
77.include <bsd.prog.mk>
78
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README
new file mode 100644
index 000000000..8b215b5bf
--- /dev/null
+++ b/regress/misc/kexfuzz/README
@@ -0,0 +1,28 @@
1This is a harness to help with fuzzing KEX.
2
3To use it, you first set it to count packets in each direction:
4
5./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
6S2C: 29
7C2S: 31
8
9Then get it to record a particular packet (in this case the 4th
10packet from client->server):
11
12./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
13 -d -D C2S -i 3 -f packet_3
14
15Fuzz the packet somehow:
16
17dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
18
19Then re-run the key exchange substituting the modified packet in
20its original sequence:
21
22./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
23 -r -D C2S -i 3 -f packet_3
24
25A comprehensive KEX fuzz run would fuzz every packet in both
26directions for each key exchange type and every hostkey type.
27This will take some time.
28
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
new file mode 100644
index 000000000..2894d3a1e
--- /dev/null
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -0,0 +1,410 @@
1/* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */
2/*
3 * Fuzz harness for KEX code
4 *
5 * Placed in the public domain
6 */
7
8#include "includes.h"
9
10#include <sys/types.h>
11#include <sys/param.h>
12#include <stdio.h>
13#ifdef HAVE_STDINT_H
14# include <stdint.h>
15#endif
16#include <stdlib.h>
17#include <string.h>
18#include <unistd.h>
19#include <fcntl.h>
20#ifdef HAVE_ERR_H
21# include <err.h>
22#endif
23
24#include "ssherr.h"
25#include "ssh_api.h"
26#include "sshbuf.h"
27#include "packet.h"
28#include "myproposal.h"
29#include "authfile.h"
30
31struct ssh *active_state = NULL; /* XXX - needed for linking */
32
33void kex_tests(void);
34static int do_debug = 0;
35
36enum direction { S2C, C2S };
37
38static int
39do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection,
40 int *packet_count, int trigger_direction, int packet_index,
41 const char *dump_path, struct sshbuf *replace_data)
42{
43 u_char type;
44 size_t len, olen;
45 const u_char *buf;
46 int r;
47 FILE *dumpfile;
48
49 for (;;) {
50 if ((r = ssh_packet_next(from, &type)) != 0) {
51 fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r));
52 return r;
53 }
54 if (type != 0)
55 return 0;
56 buf = ssh_output_ptr(from, &len);
57 olen = len;
58 if (do_debug) {
59 printf("%s packet %d type %u len %zu:\n",
60 mydirection == S2C ? "s2c" : "c2s",
61 *packet_count, type, len);
62 sshbuf_dump_data(buf, len, stdout);
63 }
64 if (mydirection == trigger_direction &&
65 packet_index == *packet_count) {
66 if (replace_data != NULL) {
67 buf = sshbuf_ptr(replace_data);
68 len = sshbuf_len(replace_data);
69 if (do_debug) {
70 printf("***** replaced packet "
71 "len %zu\n", len);
72 sshbuf_dump_data(buf, len, stdout);
73 }
74 } else if (dump_path != NULL) {
75 if ((dumpfile = fopen(dump_path, "w+")) == NULL)
76 err(1, "fopen %s", dump_path);
77 if (len != 0 &&
78 fwrite(buf, len, 1, dumpfile) != 1)
79 err(1, "fwrite %s", dump_path);
80 if (do_debug)
81 printf("***** dumped packet "
82 "len %zu\n", len);
83 fclose(dumpfile);
84 exit(0);
85 }
86 }
87 (*packet_count)++;
88 if (len == 0)
89 return 0;
90 if ((r = ssh_input_append(to, buf, len)) != 0 ||
91 (r = ssh_output_consume(from, olen)) != 0)
92 return r;
93 }
94}
95
96/* Minimal test_helper.c scaffholding to make this standalone */
97const char *in_test = NULL;
98#define TEST_START(a) \
99 do { \
100 in_test = (a); \
101 if (do_debug) \
102 fprintf(stderr, "test %s starting\n", in_test); \
103 } while (0)
104#define TEST_DONE() \
105 do { \
106 if (do_debug) \
107 fprintf(stderr, "test %s done\n", \
108 in_test ? in_test : "???"); \
109 in_test = NULL; \
110 } while(0)
111#define ASSERT_INT_EQ(a, b) \
112 do { \
113 if ((int)(a) != (int)(b)) { \
114 fprintf(stderr, "%s %s:%d " \
115 "%s (%d) != expected %s (%d)\n", \
116 in_test ? in_test : "(none)", \
117 __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
118 exit(2); \
119 } \
120 } while (0)
121#define ASSERT_INT_GE(a, b) \
122 do { \
123 if ((int)(a) < (int)(b)) { \
124 fprintf(stderr, "%s %s:%d " \
125 "%s (%d) < expected %s (%d)\n", \
126 in_test ? in_test : "(none)", \
127 __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
128 exit(2); \
129 } \
130 } while (0)
131#define ASSERT_PTR_NE(a, b) \
132 do { \
133 if ((a) == (b)) { \
134 fprintf(stderr, "%s %s:%d " \
135 "%s (%p) != expected %s (%p)\n", \
136 in_test ? in_test : "(none)", \
137 __func__, __LINE__, #a, (a), #b, (b)); \
138 exit(2); \
139 } \
140 } while (0)
141
142
143static void
144run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s,
145 int direction, int packet_index,
146 const char *dump_path, struct sshbuf *replace_data)
147{
148 int r = 0;
149
150 while (!server->kex->done || !client->kex->done) {
151 if ((r = do_send_and_receive(server, client, S2C, s2c,
152 direction, packet_index, dump_path, replace_data)))
153 break;
154 if ((r = do_send_and_receive(client, server, C2S, c2s,
155 direction, packet_index, dump_path, replace_data)))
156 break;
157 }
158 if (do_debug)
159 printf("done: %s\n", ssh_err(r));
160 ASSERT_INT_EQ(r, 0);
161 ASSERT_INT_EQ(server->kex->done, 1);
162 ASSERT_INT_EQ(client->kex->done, 1);
163}
164
165static void
166do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
167 int direction, int packet_index,
168 const char *dump_path, struct sshbuf *replace_data)
169{
170 struct ssh *client = NULL, *server = NULL, *server2 = NULL;
171 struct sshkey *pubkey = NULL;
172 struct sshbuf *state;
173 struct kex_params kex_params;
174 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
175 char *keyname = NULL;
176
177 TEST_START("sshkey_from_private");
178 ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0);
179 TEST_DONE();
180
181 TEST_START("ssh_init");
182 memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
183 if (kex != NULL)
184 kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex);
185 keyname = strdup(sshkey_ssh_name(prvkey));
186 ASSERT_PTR_NE(keyname, NULL);
187 kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
188 ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
189 ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
190 ASSERT_PTR_NE(client, NULL);
191 ASSERT_PTR_NE(server, NULL);
192 TEST_DONE();
193
194 TEST_START("ssh_add_hostkey");
195 ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0);
196 ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0);
197 TEST_DONE();
198
199 TEST_START("kex");
200 run_kex(client, server, s2c, c2s, direction, packet_index,
201 dump_path, replace_data);
202 TEST_DONE();
203
204 TEST_START("rekeying client");
205 ASSERT_INT_EQ(kex_send_kexinit(client), 0);
206 run_kex(client, server, s2c, c2s, direction, packet_index,
207 dump_path, replace_data);
208 TEST_DONE();
209
210 TEST_START("rekeying server");
211 ASSERT_INT_EQ(kex_send_kexinit(server), 0);
212 run_kex(client, server, s2c, c2s, direction, packet_index,
213 dump_path, replace_data);
214 TEST_DONE();
215
216 TEST_START("ssh_packet_get_state");
217 state = sshbuf_new();
218 ASSERT_PTR_NE(state, NULL);
219 ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
220 ASSERT_INT_GE(sshbuf_len(state), 1);
221 TEST_DONE();
222
223 TEST_START("ssh_packet_set_state");
224 server2 = NULL;
225 ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
226 ASSERT_PTR_NE(server2, NULL);
227 ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0);
228 kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */
229 ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
230 ASSERT_INT_EQ(sshbuf_len(state), 0);
231 sshbuf_free(state);
232 ASSERT_PTR_NE(server2->kex, NULL);
233 /* XXX we need to set the callbacks */
234 server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
235 server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
236 server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
237 server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
238#ifdef OPENSSL_HAS_ECC
239 server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
240#endif
241 server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
242 server2->kex->load_host_public_key = server->kex->load_host_public_key;
243 server2->kex->load_host_private_key = server->kex->load_host_private_key;
244 server2->kex->sign = server->kex->sign;
245 TEST_DONE();
246
247 TEST_START("rekeying server2");
248 ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
249 run_kex(client, server2, s2c, c2s, direction, packet_index,
250 dump_path, replace_data);
251 ASSERT_INT_EQ(kex_send_kexinit(client), 0);
252 run_kex(client, server2, s2c, c2s, direction, packet_index,
253 dump_path, replace_data);
254 TEST_DONE();
255
256 TEST_START("cleanup");
257 sshkey_free(pubkey);
258 ssh_free(client);
259 ssh_free(server);
260 ssh_free(server2);
261 free(keyname);
262 TEST_DONE();
263}
264
265static void
266usage(void)
267{
268 fprintf(stderr,
269 "Usage: kexfuzz [-hcdrv] [-D direction] [-f data_file]\n"
270 " [-K kex_alg] [-k private_key] [-i packet_index]\n"
271 "\n"
272 "Options:\n"
273 " -h Display this help\n"
274 " -c Count packets sent during KEX\n"
275 " -d Dump mode: record KEX packet to data file\n"
276 " -r Replace mode: replace packet with data file\n"
277 " -v Turn on verbose logging\n"
278 " -D S2C|C2S Packet direction for replacement or dump\n"
279 " -f data_file Path to data file for replacement or dump\n"
280 " -K kex_alg Name of KEX algorithm to test (see below)\n"
281 " -k private_key Path to private key file\n"
282 " -i packet_index Index of packet to replace or dump (from 0)\n"
283 "\n"
284 "Available KEX algorithms: %s\n", kex_alg_list(' '));
285}
286
287static void
288badusage(const char *bad)
289{
290 fprintf(stderr, "Invalid options\n");
291 fprintf(stderr, "%s\n", bad);
292 usage();
293 exit(1);
294}
295
296int
297main(int argc, char **argv)
298{
299 int ch, fd, r;
300 int count_flag = 0, dump_flag = 0, replace_flag = 0;
301 int packet_index = -1, direction = -1;
302 int s2c = 0, c2s = 0; /* packet counts */
303 const char *kex = NULL, *kpath = NULL, *data_path = NULL;
304 struct sshkey *key = NULL;
305 struct sshbuf *replace_data = NULL;
306
307 setvbuf(stdout, NULL, _IONBF, 0);
308 while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) {
309 switch (ch) {
310 case 'h':
311 usage();
312 return 0;
313 case 'c':
314 count_flag = 1;
315 break;
316 case 'd':
317 dump_flag = 1;
318 break;
319 case 'r':
320 replace_flag = 1;
321 break;
322 case 'v':
323 do_debug = 1;
324 break;
325
326 case 'D':
327 if (strcasecmp(optarg, "s2c") == 0)
328 direction = S2C;
329 else if (strcasecmp(optarg, "c2s") == 0)
330 direction = C2S;
331 else
332 badusage("Invalid direction (-D)");
333 break;
334 case 'f':
335 data_path = optarg;
336 break;
337 case 'K':
338 kex = optarg;
339 break;
340 case 'k':
341 kpath = optarg;
342 break;
343 case 'i':
344 packet_index = atoi(optarg);
345 if (packet_index < 0)
346 badusage("Invalid packet index");
347 break;
348 default:
349 badusage("unsupported flag");
350 }
351 }
352 argc -= optind;
353 argv += optind;
354
355 /* Must select a single mode */
356 if ((count_flag + dump_flag + replace_flag) != 1)
357 badusage("Must select one mode: -c, -d or -r");
358 /* KEX type is mandatory */
359 if (kex == NULL || !kex_names_valid(kex) || strchr(kex, ',') != NULL)
360 badusage("Missing or invalid kex type (-K flag)");
361 /* Valid key is mandatory */
362 if (kpath == NULL)
363 badusage("Missing private key (-k flag)");
364 if ((fd = open(kpath, O_RDONLY)) == -1)
365 err(1, "open %s", kpath);
366 if ((r = sshkey_load_private_type_fd(fd, KEY_UNSPEC, NULL,
367 &key, NULL)) != 0)
368 errx(1, "Unable to load key %s: %s", kpath, ssh_err(r));
369 close(fd);
370 /* XXX check that it is a private key */
371 /* XXX support certificates */
372 if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1)
373 badusage("Invalid key file (-k flag)");
374
375 /* Replace (fuzz) mode */
376 if (replace_flag) {
377 if (packet_index == -1 || direction == -1 || data_path == NULL)
378 badusage("Replace (-r) mode must specify direction "
379 "(-D) packet index (-i) and data path (-f)");
380 if ((fd = open(data_path, O_RDONLY)) == -1)
381 err(1, "open %s", data_path);
382 replace_data = sshbuf_new();
383 if ((r = sshkey_load_file(fd, replace_data)) != 0)
384 errx(1, "read %s: %s", data_path, ssh_err(r));
385 close(fd);
386 }
387
388 /* Dump mode */
389 if (dump_flag) {
390 if (packet_index == -1 || direction == -1 || data_path == NULL)
391 badusage("Dump (-d) mode must specify direction "
392 "(-D), packet index (-i) and data path (-f)");
393 }
394
395 /* Count mode needs no further flags */
396
397 do_kex_with_key(kex, key, &c2s, &s2c,
398 direction, packet_index,
399 dump_flag ? data_path : NULL,
400 replace_flag ? replace_data : NULL);
401 sshkey_free(key);
402 sshbuf_free(replace_data);
403
404 if (count_flag) {
405 printf("S2C: %d\n", s2c);
406 printf("C2S: %d\n", c2s);
407 }
408
409 return 0;
410}
diff --git a/regress/modpipe.c b/regress/modpipe.c
index e854f9e07..5f4824b51 100755
--- a/regress/modpipe.c
+++ b/regress/modpipe.c
@@ -25,36 +25,11 @@
25#include <stdarg.h> 25#include <stdarg.h>
26#include <stdlib.h> 26#include <stdlib.h>
27#include <errno.h> 27#include <errno.h>
28#ifdef HAVE_ERR_H
29# include <err.h>
30#endif
28#include "openbsd-compat/getopt_long.c" 31#include "openbsd-compat/getopt_long.c"
29 32
30static void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
31static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
32
33static void
34err(int r, const char *fmt, ...)
35{
36 va_list args;
37
38 va_start(args, fmt);
39 fprintf(stderr, "%s: ", strerror(errno));
40 vfprintf(stderr, fmt, args);
41 fputc('\n', stderr);
42 va_end(args);
43 exit(r);
44}
45
46static void
47errx(int r, const char *fmt, ...)
48{
49 va_list args;
50
51 va_start(args, fmt);
52 vfprintf(stderr, fmt, args);
53 fputc('\n', stderr);
54 va_end(args);
55 exit(r);
56}
57
58static void 33static void
59usage(void) 34usage(void)
60{ 35{
diff --git a/regress/netcat.c b/regress/netcat.c
index 6234ba019..98a08b1ec 100644
--- a/regress/netcat.c
+++ b/regress/netcat.c
@@ -61,6 +61,9 @@
61# include <sys/poll.h> 61# include <sys/poll.h>
62# endif 62# endif
63#endif 63#endif
64#ifdef HAVE_ERR_H
65# include <err.h>
66#endif
64 67
65/* Telnet options from arpa/telnet.h */ 68/* Telnet options from arpa/telnet.h */
66#define IAC 255 69#define IAC 255
@@ -134,46 +137,6 @@ void usage(int);
134ssize_t drainbuf(int, unsigned char *, size_t *); 137ssize_t drainbuf(int, unsigned char *, size_t *);
135ssize_t fillbuf(int, unsigned char *, size_t *); 138ssize_t fillbuf(int, unsigned char *, size_t *);
136 139
137static void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
138static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
139static void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
140
141static void
142err(int r, const char *fmt, ...)
143{
144 va_list args;
145
146 va_start(args, fmt);
147 fprintf(stderr, "%s: ", strerror(errno));
148 vfprintf(stderr, fmt, args);
149 fputc('\n', stderr);
150 va_end(args);
151 exit(r);
152}
153
154static void
155errx(int r, const char *fmt, ...)
156{
157 va_list args;
158
159 va_start(args, fmt);
160 vfprintf(stderr, fmt, args);
161 fputc('\n', stderr);
162 va_end(args);
163 exit(r);
164}
165
166static void
167warn(const char *fmt, ...)
168{
169 va_list args;
170
171 va_start(args, fmt);
172 fprintf(stderr, "%s: ", strerror(errno));
173 vfprintf(stderr, fmt, args);
174 fputc('\n', stderr);
175 va_end(args);
176}
177 140
178int 141int
179main(int argc, char *argv[]) 142main(int argc, char *argv[])
diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
new file mode 100644
index 000000000..010e02865
--- /dev/null
+++ b/regress/sshcfgparse.sh
@@ -0,0 +1,29 @@
1# $OpenBSD: sshcfgparse.sh,v 1.2 2016/07/14 01:24:21 dtucker Exp $
2# Placed in the Public Domain.
3
4tid="ssh config parse"
5
6verbose "reparse minimal config"
7(${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 &&
8 ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 &&
9 diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "reparse minimal config"
10
11verbose "ssh -W opts"
12f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'`
13test "$f" = "no" || fail "exitonforwardfailure default"
14f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/exitonforwardfailure/{print $2}'`
15test "$f" = "yes" || fail "exitonforwardfailure enable"
16f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o exitonforwardfailure=no h | \
17 awk '/exitonforwardfailure/{print $2}'`
18test "$f" = "no" || fail "exitonforwardfailure override"
19
20f=`${SSH} -GF $OBJ/ssh_config host | awk '/clearallforwardings/{print $2}'`
21test "$f" = "no" || fail "clearallforwardings default"
22f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/clearallforwardings/{print $2}'`
23test "$f" = "yes" || fail "clearallforwardings enable"
24f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \
25 awk '/clearallforwardings/{print $2}'`
26test "$f" = "no" || fail "clearallforwardings override"
27
28# cleanup
29rm -f $OBJ/ssh_config.[012]
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 114e129f2..1b6526d0b 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ 1# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -221,6 +221,7 @@ echo "#!/bin/sh" > $SSHLOGWRAP
221echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP 221echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
222 222
223chmod a+rx $OBJ/ssh-log-wrapper.sh 223chmod a+rx $OBJ/ssh-log-wrapper.sh
224REAL_SSH="$SSH"
224SSH="$SSHLOGWRAP" 225SSH="$SSHLOGWRAP"
225 226
226# Some test data. We make a copy because some tests will overwrite it. 227# Some test data. We make a copy because some tests will overwrite it.
@@ -411,6 +412,13 @@ cat << EOF > $OBJ/sshd_config
411 Subsystem sftp $SFTPSERVER 412 Subsystem sftp $SFTPSERVER
412EOF 413EOF
413 414
415# This may be necessary if /usr/src and/or /usr/obj are group-writable,
416# but if you aren't careful with permissions then the unit tests could
417# be abused to locally escalate privileges.
418if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
419 echo "StrictModes no" >> $OBJ/sshd_config
420fi
421
414if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then 422if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
415 trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" 423 trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
416 echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config 424 echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index d3d90823f..0a95d4b20 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,5 +1,5 @@
1# $OpenBSD: Makefile,v 1.5 2015/02/16 22:21:03 djm Exp $ 1# $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $
2REGRESS_FAIL_EARLY= yes 2REGRESS_FAIL_EARLY= yes
3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys 3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8
4 4
5.include <bsd.subdir.mk> 5.include <bsd.subdir.mk>
diff --git a/regress/unittests/sshbuf/test_sshbuf_misc.c b/regress/unittests/sshbuf/test_sshbuf_misc.c
index f155491a0..762a6c31c 100644
--- a/regress/unittests/sshbuf/test_sshbuf_misc.c
+++ b/regress/unittests/sshbuf/test_sshbuf_misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_sshbuf_misc.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ 1/* $OpenBSD: test_sshbuf_misc.c,v 1.2 2016/05/03 13:48:33 djm Exp $ */
2/* 2/*
3 * Regress test for sshbuf.h buffer API 3 * Regress test for sshbuf.h buffer API
4 * 4 *
@@ -134,5 +134,34 @@ sshbuf_misc_tests(void)
134 ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f); 134 ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f);
135 sshbuf_free(p1); 135 sshbuf_free(p1);
136 TEST_DONE(); 136 TEST_DONE();
137
138 TEST_START("sshbuf_dup_string");
139 p1 = sshbuf_new();
140 ASSERT_PTR_NE(p1, NULL);
141 /* Check empty buffer */
142 p = sshbuf_dup_string(p1);
143 ASSERT_PTR_NE(p, NULL);
144 ASSERT_SIZE_T_EQ(strlen(p), 0);
145 free(p);
146 /* Check buffer with string */
147 ASSERT_INT_EQ(sshbuf_put(p1, "quad1", strlen("quad1")), 0);
148 p = sshbuf_dup_string(p1);
149 ASSERT_PTR_NE(p, NULL);
150 ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
151 ASSERT_STRING_EQ(p, "quad1");
152 free(p);
153 /* Check buffer with terminating nul */
154 ASSERT_INT_EQ(sshbuf_put(p1, "\0", 1), 0);
155 p = sshbuf_dup_string(p1);
156 ASSERT_PTR_NE(p, NULL);
157 ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1"));
158 ASSERT_STRING_EQ(p, "quad1");
159 free(p);
160 /* Check buffer with data after nul (expect failure) */
161 ASSERT_INT_EQ(sshbuf_put(p1, "quad2", strlen("quad2")), 0);
162 p = sshbuf_dup_string(p1);
163 ASSERT_PTR_EQ(p, NULL);
164 sshbuf_free(p1);
165 TEST_DONE();
137} 166}
138 167
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 1f160d1a7..1476dc2e3 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */ 1/* $OpenBSD: test_sshkey.c,v 1.10 2016/05/02 09:52:00 djm Exp $ */
2/* 2/*
3 * Regress test for sshkey.h key management API 3 * Regress test for sshkey.h key management API
4 * 4 *
@@ -455,7 +455,7 @@ sshkey_tests(void)
455 put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL); 455 put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
456 put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL); 456 put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
457 ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0); 457 ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
458 ASSERT_INT_EQ(sshkey_certify(k1, k2), 0); 458 ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL), 0);
459 b = sshbuf_new(); 459 b = sshbuf_new();
460 ASSERT_PTR_NE(b, NULL); 460 ASSERT_PTR_NE(b, NULL);
461 ASSERT_INT_EQ(sshkey_putb(k1, b), 0); 461 ASSERT_INT_EQ(sshkey_putb(k1, b), 0);
diff --git a/regress/unittests/test_helper/Makefile b/regress/unittests/test_helper/Makefile
index 5b3894cbf..78026e653 100644
--- a/regress/unittests/test_helper/Makefile
+++ b/regress/unittests/test_helper/Makefile
@@ -1,9 +1,8 @@
1# $OpenBSD: Makefile,v 1.2 2015/01/20 22:58:57 djm Exp $ 1# $OpenBSD: Makefile,v 1.3 2016/07/04 18:01:44 guenther Exp $
2 2
3LIB= test_helper 3LIB= test_helper
4SRCS= test_helper.c fuzz.c 4SRCS= test_helper.c fuzz.c
5 5
6DEBUGLIBS= no
7NOPROFILE= yes 6NOPROFILE= yes
8NOPIC= yes 7NOPIC= yes
9 8
diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile
new file mode 100644
index 000000000..150ea2f2e
--- /dev/null
+++ b/regress/unittests/utf8/Makefile
@@ -0,0 +1,12 @@
1# $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $
2
3TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX"
4
5PROG=test_utf8
6SRCS=tests.c
7REGRESS_TARGETS=run-regress-${PROG}
8
9run-regress-${PROG}: ${PROG}
10 env ${TEST_ENV} ./${PROG}
11
12.include <bsd.regress.mk>
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c
new file mode 100644
index 000000000..fad2ec279
--- /dev/null
+++ b/regress/unittests/utf8/tests.c
@@ -0,0 +1,82 @@
1/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */
2/*
3 * Regress test for the utf8.h *mprintf() API
4 *
5 * Written by Ingo Schwarze <schwarze@openbsd.org> in 2016
6 * and placed in the public domain.
7 */
8
9#include <locale.h>
10#include <string.h>
11
12#include "test_helper.h"
13
14#include "utf8.h"
15
16void badarg(void);
17void one(const char *, const char *, int, int, int, const char *);
18
19void
20badarg(void)
21{
22 char buf[16];
23 int len, width;
24
25 width = 1;
26 TEST_START("utf8_badarg");
27 len = snmprintf(buf, sizeof(buf), &width, "\377");
28 ASSERT_INT_EQ(len, -1);
29 ASSERT_STRING_EQ(buf, "");
30 ASSERT_INT_EQ(width, 0);
31 TEST_DONE();
32}
33
34void
35one(const char *name, const char *mbs, int width,
36 int wantwidth, int wantlen, const char *wants)
37{
38 char buf[16];
39 int *wp;
40 int len;
41
42 if (wantlen == -2)
43 wantlen = strlen(wants);
44 (void)strlcpy(buf, "utf8_", sizeof(buf));
45 (void)strlcat(buf, name, sizeof(buf));
46 TEST_START(buf);
47 wp = wantwidth == -2 ? NULL : &width;
48 len = snmprintf(buf, sizeof(buf), wp, "%s", mbs);
49 ASSERT_INT_EQ(len, wantlen);
50 ASSERT_STRING_EQ(buf, wants);
51 ASSERT_INT_EQ(width, wantwidth);
52 TEST_DONE();
53}
54
55void
56tests(void)
57{
58 char *loc;
59
60 TEST_START("utf8_setlocale");
61 loc = setlocale(LC_CTYPE, "en_US.UTF-8");
62 ASSERT_PTR_NE(loc, NULL);
63 TEST_DONE();
64
65 badarg();
66 one("null", NULL, 8, 6, 6, "(null)");
67 one("empty", "", 2, 0, 0, "");
68 one("ascii", "x", -2, -2, -2, "x");
69 one("newline", "a\nb", -2, -2, -2, "a\nb");
70 one("cr", "a\rb", -2, -2, -2, "a\rb");
71 one("tab", "a\tb", -2, -2, -2, "a\tb");
72 one("esc", "\033x", -2, -2, -2, "\\033x");
73 one("inv_badbyte", "\377x", -2, -2, -2, "\\377x");
74 one("inv_nocont", "\341x", -2, -2, -2, "\\341x");
75 one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
76 one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
77 one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
78 one("width_ascii", "123", 2, 2, -1, "12");
79 one("width_double", "a\343\201\201", 2, 1, -1, "a");
80 one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
81 one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
82}
diff --git a/roaming.h b/roaming.h
deleted file mode 100644
index e69de29bb..000000000
--- a/roaming.h
+++ /dev/null
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index d132e2646..2e1ed2c52 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -103,6 +103,12 @@ static const struct sock_filter preauth_insns[] = {
103 offsetof(struct seccomp_data, nr)), 103 offsetof(struct seccomp_data, nr)),
104 104
105 /* Syscalls to non-fatally deny */ 105 /* Syscalls to non-fatally deny */
106#ifdef __NR_lstat
107 SC_DENY(lstat, EACCES),
108#endif
109#ifdef __NR_lstat64
110 SC_DENY(lstat64, EACCES),
111#endif
106#ifdef __NR_fstat 112#ifdef __NR_fstat
107 SC_DENY(fstat, EACCES), 113 SC_DENY(fstat, EACCES),
108#endif 114#endif
diff --git a/scard/.cvsignore b/scard/.cvsignore
deleted file mode 100644
index 5349d34ae..000000000
--- a/scard/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
1Makefile
2Ssh.bin
diff --git a/scp.0 b/scp.0
index 6b70e4ed4..46a084698 100644
--- a/scp.0
+++ b/scp.0
@@ -94,8 +94,9 @@ DESCRIPTION
94 HostKeyAlgorithms 94 HostKeyAlgorithms
95 HostKeyAlias 95 HostKeyAlias
96 HostName 96 HostName
97 IdentityFile
98 IdentitiesOnly 97 IdentitiesOnly
98 IdentityAgent
99 IdentityFile
99 IPQoS 100 IPQoS
100 KbdInteractiveAuthentication 101 KbdInteractiveAuthentication
101 KbdInteractiveDevices 102 KbdInteractiveDevices
@@ -110,6 +111,7 @@ DESCRIPTION
110 PreferredAuthentications 111 PreferredAuthentications
111 Protocol 112 Protocol
112 ProxyCommand 113 ProxyCommand
114 ProxyJump
113 PubkeyAcceptedKeyTypes 115 PubkeyAcceptedKeyTypes
114 PubkeyAuthentication 116 PubkeyAuthentication
115 RekeyLimit 117 RekeyLimit
@@ -163,4 +165,4 @@ AUTHORS
163 Timo Rinne <tri@iki.fi> 165 Timo Rinne <tri@iki.fi>
164 Tatu Ylonen <ylo@cs.hut.fi> 166 Tatu Ylonen <ylo@cs.hut.fi>
165 167
166OpenBSD 5.9 September 25, 2015 OpenBSD 5.9 168OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/scp.1 b/scp.1
index 54ea352ce..4ae877753 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
8.\" 8.\"
9.\" Created: Sun May 7 00:14:37 1995 ylo 9.\" Created: Sun May 7 00:14:37 1995 ylo
10.\" 10.\"
11.\" $OpenBSD: scp.1,v 1.68 2015/09/25 18:19:54 jmc Exp $ 11.\" $OpenBSD: scp.1,v 1.71 2016/07/16 06:57:55 jmc Exp $
12.\" 12.\"
13.Dd $Mdocdate: September 25 2015 $ 13.Dd $Mdocdate: July 16 2016 $
14.Dt SCP 1 14.Dt SCP 1
15.Os 15.Os
16.Sh NAME 16.Sh NAME
@@ -155,8 +155,9 @@ For full details of the options listed below, and their possible values, see
155.It HostKeyAlgorithms 155.It HostKeyAlgorithms
156.It HostKeyAlias 156.It HostKeyAlias
157.It HostName 157.It HostName
158.It IdentityFile
159.It IdentitiesOnly 158.It IdentitiesOnly
159.It IdentityAgent
160.It IdentityFile
160.It IPQoS 161.It IPQoS
161.It KbdInteractiveAuthentication 162.It KbdInteractiveAuthentication
162.It KbdInteractiveDevices 163.It KbdInteractiveDevices
@@ -171,6 +172,7 @@ For full details of the options listed below, and their possible values, see
171.It PreferredAuthentications 172.It PreferredAuthentications
172.It Protocol 173.It Protocol
173.It ProxyCommand 174.It ProxyCommand
175.It ProxyJump
174.It PubkeyAcceptedKeyTypes 176.It PubkeyAcceptedKeyTypes
175.It PubkeyAuthentication 177.It PubkeyAuthentication
176.It RekeyLimit 178.It RekeyLimit
diff --git a/scp.c b/scp.c
index 0bdd7cb0b..43ca3fa09 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */ 1/* $OpenBSD: scp.c,v 1.186 2016/05/25 23:48:45 schwarze Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -96,6 +96,7 @@
96#include <errno.h> 96#include <errno.h>
97#include <fcntl.h> 97#include <fcntl.h>
98#include <limits.h> 98#include <limits.h>
99#include <locale.h>
99#include <pwd.h> 100#include <pwd.h>
100#include <signal.h> 101#include <signal.h>
101#include <stdarg.h> 102#include <stdarg.h>
@@ -114,6 +115,7 @@
114#include "log.h" 115#include "log.h"
115#include "misc.h" 116#include "misc.h"
116#include "progressmeter.h" 117#include "progressmeter.h"
118#include "utf8.h"
117 119
118extern char *__progname; 120extern char *__progname;
119 121
@@ -191,7 +193,7 @@ do_local_cmd(arglist *a)
191 if (verbose_mode) { 193 if (verbose_mode) {
192 fprintf(stderr, "Executing:"); 194 fprintf(stderr, "Executing:");
193 for (i = 0; i < a->num; i++) 195 for (i = 0; i < a->num; i++)
194 fprintf(stderr, " %s", a->list[i]); 196 fmprintf(stderr, " %s", a->list[i]);
195 fprintf(stderr, "\n"); 197 fprintf(stderr, "\n");
196 } 198 }
197 if ((pid = fork()) == -1) 199 if ((pid = fork()) == -1)
@@ -232,7 +234,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
232 int pin[2], pout[2], reserved[2]; 234 int pin[2], pout[2], reserved[2];
233 235
234 if (verbose_mode) 236 if (verbose_mode)
235 fprintf(stderr, 237 fmprintf(stderr,
236 "Executing: program %s host %s, user %s, command %s\n", 238 "Executing: program %s host %s, user %s, command %s\n",
237 ssh_program, host, 239 ssh_program, host,
238 remuser ? remuser : "(unspecified)", cmd); 240 remuser ? remuser : "(unspecified)", cmd);
@@ -307,7 +309,7 @@ do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout)
307 int status; 309 int status;
308 310
309 if (verbose_mode) 311 if (verbose_mode)
310 fprintf(stderr, 312 fmprintf(stderr,
311 "Executing: 2nd program %s host %s, user %s, command %s\n", 313 "Executing: 2nd program %s host %s, user %s, command %s\n",
312 ssh_program, host, 314 ssh_program, host,
313 remuser ? remuser : "(unspecified)", cmd); 315 remuser ? remuser : "(unspecified)", cmd);
@@ -378,6 +380,8 @@ main(int argc, char **argv)
378 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 380 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
379 sanitise_stdfd(); 381 sanitise_stdfd();
380 382
383 setlocale(LC_CTYPE, "");
384
381 /* Copy argv, because we modify it */ 385 /* Copy argv, because we modify it */
382 newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv)); 386 newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv));
383 for (n = 0; n < argc; n++) 387 for (n = 0; n < argc; n++)
@@ -810,9 +814,8 @@ syserr: run_err("%s: %s", name, strerror(errno));
810 snprintf(buf, sizeof buf, "C%04o %lld %s\n", 814 snprintf(buf, sizeof buf, "C%04o %lld %s\n",
811 (u_int) (stb.st_mode & FILEMODEMASK), 815 (u_int) (stb.st_mode & FILEMODEMASK),
812 (long long)stb.st_size, last); 816 (long long)stb.st_size, last);
813 if (verbose_mode) { 817 if (verbose_mode)
814 fprintf(stderr, "Sending file modes: %s", buf); 818 fmprintf(stderr, "Sending file modes: %s", buf);
815 }
816 (void) atomicio(vwrite, remout, buf, strlen(buf)); 819 (void) atomicio(vwrite, remout, buf, strlen(buf));
817 if (response() < 0) 820 if (response() < 0)
818 goto next; 821 goto next;
@@ -848,8 +851,6 @@ next: if (fd != -1) {
848 haderr = errno; 851 haderr = errno;
849 } 852 }
850 unset_nonblock(remout); 853 unset_nonblock(remout);
851 if (showprogress)
852 stop_progress_meter();
853 854
854 if (fd != -1) { 855 if (fd != -1) {
855 if (close(fd) < 0 && !haderr) 856 if (close(fd) < 0 && !haderr)
@@ -861,6 +862,8 @@ next: if (fd != -1) {
861 else 862 else
862 run_err("%s: %s", name, strerror(haderr)); 863 run_err("%s: %s", name, strerror(haderr));
863 (void) response(); 864 (void) response();
865 if (showprogress)
866 stop_progress_meter();
864 } 867 }
865} 868}
866 869
@@ -889,7 +892,7 @@ rsource(char *name, struct stat *statp)
889 (void) snprintf(path, sizeof path, "D%04o %d %.1024s\n", 892 (void) snprintf(path, sizeof path, "D%04o %d %.1024s\n",
890 (u_int) (statp->st_mode & FILEMODEMASK), 0, last); 893 (u_int) (statp->st_mode & FILEMODEMASK), 0, last);
891 if (verbose_mode) 894 if (verbose_mode)
892 fprintf(stderr, "Entering directory: %s", path); 895 fmprintf(stderr, "Entering directory: %s", path);
893 (void) atomicio(vwrite, remout, path, strlen(path)); 896 (void) atomicio(vwrite, remout, path, strlen(path));
894 if (response() < 0) { 897 if (response() < 0) {
895 closedir(dirp); 898 closedir(dirp);
@@ -929,7 +932,7 @@ sink(int argc, char **argv)
929 off_t size, statbytes; 932 off_t size, statbytes;
930 unsigned long long ull; 933 unsigned long long ull;
931 int setimes, targisdir, wrerrno = 0; 934 int setimes, targisdir, wrerrno = 0;
932 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; 935 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
933 struct timeval tv[2]; 936 struct timeval tv[2];
934 937
935#define atime tv[0] 938#define atime tv[0]
@@ -964,12 +967,15 @@ sink(int argc, char **argv)
964 } while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); 967 } while (cp < &buf[sizeof(buf) - 1] && ch != '\n');
965 *cp = 0; 968 *cp = 0;
966 if (verbose_mode) 969 if (verbose_mode)
967 fprintf(stderr, "Sink: %s", buf); 970 fmprintf(stderr, "Sink: %s", buf);
968 971
969 if (buf[0] == '\01' || buf[0] == '\02') { 972 if (buf[0] == '\01' || buf[0] == '\02') {
970 if (iamremote == 0) 973 if (iamremote == 0) {
974 (void) snmprintf(visbuf, sizeof(visbuf),
975 NULL, "%s", buf + 1);
971 (void) atomicio(vwrite, STDERR_FILENO, 976 (void) atomicio(vwrite, STDERR_FILENO,
972 buf + 1, strlen(buf + 1)); 977 visbuf, strlen(visbuf));
978 }
973 if (buf[0] == '\02') 979 if (buf[0] == '\02')
974 exit(1); 980 exit(1);
975 ++errs; 981 ++errs;
@@ -1145,8 +1151,6 @@ bad: run_err("%s: %s", np, strerror(errno));
1145 } 1151 }
1146 } 1152 }
1147 unset_nonblock(remin); 1153 unset_nonblock(remin);
1148 if (showprogress)
1149 stop_progress_meter();
1150 if (count != 0 && wrerr == NO && 1154 if (count != 0 && wrerr == NO &&
1151 atomicio(vwrite, ofd, bp->buf, count) != count) { 1155 atomicio(vwrite, ofd, bp->buf, count) != count) {
1152 wrerr = YES; 1156 wrerr = YES;
@@ -1185,6 +1189,8 @@ bad: run_err("%s: %s", np, strerror(errno));
1185 wrerrno = errno; 1189 wrerrno = errno;
1186 } 1190 }
1187 (void) response(); 1191 (void) response();
1192 if (showprogress)
1193 stop_progress_meter();
1188 if (setimes && wrerr == NO) { 1194 if (setimes && wrerr == NO) {
1189 setimes = 0; 1195 setimes = 0;
1190 if (utimes(np, tv) < 0) { 1196 if (utimes(np, tv) < 0) {
@@ -1212,7 +1218,7 @@ screwup:
1212int 1218int
1213response(void) 1219response(void)
1214{ 1220{
1215 char ch, *cp, resp, rbuf[2048]; 1221 char ch, *cp, resp, rbuf[2048], visbuf[2048];
1216 1222
1217 if (atomicio(read, remin, &resp, sizeof(resp)) != sizeof(resp)) 1223 if (atomicio(read, remin, &resp, sizeof(resp)) != sizeof(resp))
1218 lostconn(0); 1224 lostconn(0);
@@ -1232,8 +1238,13 @@ response(void)
1232 *cp++ = ch; 1238 *cp++ = ch;
1233 } while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n'); 1239 } while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n');
1234 1240
1235 if (!iamremote) 1241 if (!iamremote) {
1236 (void) atomicio(vwrite, STDERR_FILENO, rbuf, cp - rbuf); 1242 cp[-1] = '\0';
1243 (void) snmprintf(visbuf, sizeof(visbuf),
1244 NULL, "%s\n", rbuf);
1245 (void) atomicio(vwrite, STDERR_FILENO,
1246 visbuf, strlen(visbuf));
1247 }
1237 ++errs; 1248 ++errs;
1238 if (resp == 1) 1249 if (resp == 1)
1239 return (-1); 1250 return (-1);
@@ -1271,7 +1282,7 @@ run_err(const char *fmt,...)
1271 1282
1272 if (!iamremote) { 1283 if (!iamremote) {
1273 va_start(ap, fmt); 1284 va_start(ap, fmt);
1274 vfprintf(stderr, fmt, ap); 1285 vfmprintf(stderr, fmt, ap);
1275 va_end(ap); 1286 va_end(ap);
1276 fprintf(stderr, "\n"); 1287 fprintf(stderr, "\n");
1277 } 1288 }
@@ -1317,7 +1328,7 @@ okname(char *cp0)
1317 } while (*++cp); 1328 } while (*++cp);
1318 return (1); 1329 return (1);
1319 1330
1320bad: fprintf(stderr, "%s: invalid user name\n", cp0); 1331bad: fmprintf(stderr, "%s: invalid user name\n", cp0);
1321 return (0); 1332 return (0);
1322} 1333}
1323 1334
diff --git a/servconf.c b/servconf.c
index b19d30e18..873b0d02a 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.292 2016/06/23 05:17:51 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -381,6 +381,14 @@ fill_default_server_options(ServerOptions *options)
381 CLEAR_ON_NONE(options->host_cert_files[i]); 381 CLEAR_ON_NONE(options->host_cert_files[i]);
382#undef CLEAR_ON_NONE 382#undef CLEAR_ON_NONE
383 383
384 /* Similar handling for AuthenticationMethods=any */
385 if (options->num_auth_methods == 1 &&
386 strcmp(options->auth_methods[0], "any") == 0) {
387 free(options->auth_methods[0]);
388 options->auth_methods[0] = NULL;
389 options->num_auth_methods = 0;
390 }
391
384#ifndef HAVE_MMAP 392#ifndef HAVE_MMAP
385 if (use_privsep && options->compression == 1) { 393 if (use_privsep && options->compression == 1) {
386 error("This platform does not support both privilege " 394 error("This platform does not support both privilege "
@@ -706,14 +714,15 @@ process_queued_listen_addrs(ServerOptions *options)
706struct connection_info * 714struct connection_info *
707get_connection_info(int populate, int use_dns) 715get_connection_info(int populate, int use_dns)
708{ 716{
717 struct ssh *ssh = active_state; /* XXX */
709 static struct connection_info ci; 718 static struct connection_info ci;
710 719
711 if (!populate) 720 if (!populate)
712 return &ci; 721 return &ci;
713 ci.host = get_canonical_hostname(use_dns); 722 ci.host = auth_get_canonical_hostname(ssh, use_dns);
714 ci.address = get_remote_ipaddr(); 723 ci.address = ssh_remote_ipaddr(ssh);
715 ci.laddress = get_local_ipaddr(packet_get_connection_in()); 724 ci.laddress = ssh_local_ipaddr(ssh);
716 ci.lport = get_local_port(); 725 ci.lport = ssh_local_port(ssh);
717 return &ci; 726 return &ci;
718} 727}
719 728
@@ -1803,21 +1812,41 @@ process_server_config_line(ServerOptions *options, char *line,
1803 1812
1804 case sAuthenticationMethods: 1813 case sAuthenticationMethods:
1805 if (options->num_auth_methods == 0) { 1814 if (options->num_auth_methods == 0) {
1815 value = 0; /* seen "any" pseudo-method */
1816 value2 = 0; /* sucessfully parsed any method */
1806 while ((arg = strdelim(&cp)) && *arg != '\0') { 1817 while ((arg = strdelim(&cp)) && *arg != '\0') {
1807 if (options->num_auth_methods >= 1818 if (options->num_auth_methods >=
1808 MAX_AUTH_METHODS) 1819 MAX_AUTH_METHODS)
1809 fatal("%s line %d: " 1820 fatal("%s line %d: "
1810 "too many authentication methods.", 1821 "too many authentication methods.",
1811 filename, linenum); 1822 filename, linenum);
1812 if (auth2_methods_valid(arg, 0) != 0) 1823 if (strcmp(arg, "any") == 0) {
1824 if (options->num_auth_methods > 0) {
1825 fatal("%s line %d: \"any\" "
1826 "must appear alone in "
1827 "AuthenticationMethods",
1828 filename, linenum);
1829 }
1830 value = 1;
1831 } else if (value) {
1832 fatal("%s line %d: \"any\" must appear "
1833 "alone in AuthenticationMethods",
1834 filename, linenum);
1835 } else if (auth2_methods_valid(arg, 0) != 0) {
1813 fatal("%s line %d: invalid " 1836 fatal("%s line %d: invalid "
1814 "authentication method list.", 1837 "authentication method list.",
1815 filename, linenum); 1838 filename, linenum);
1839 }
1840 value2 = 1;
1816 if (!*activep) 1841 if (!*activep)
1817 continue; 1842 continue;
1818 options->auth_methods[ 1843 options->auth_methods[
1819 options->num_auth_methods++] = xstrdup(arg); 1844 options->num_auth_methods++] = xstrdup(arg);
1820 } 1845 }
1846 if (value2 == 0) {
1847 fatal("%s line %d: no AuthenticationMethods "
1848 "specified", filename, linenum);
1849 }
1821 } 1850 }
1822 return 0; 1851 return 0;
1823 1852
@@ -1993,6 +2022,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1993 M_CP_INTOPT(allow_agent_forwarding); 2022 M_CP_INTOPT(allow_agent_forwarding);
1994 M_CP_INTOPT(permit_tun); 2023 M_CP_INTOPT(permit_tun);
1995 M_CP_INTOPT(fwd_opts.gateway_ports); 2024 M_CP_INTOPT(fwd_opts.gateway_ports);
2025 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
1996 M_CP_INTOPT(x11_display_offset); 2026 M_CP_INTOPT(x11_display_offset);
1997 M_CP_INTOPT(x11_forwarding); 2027 M_CP_INTOPT(x11_forwarding);
1998 M_CP_INTOPT(x11_use_localhost); 2028 M_CP_INTOPT(x11_use_localhost);
@@ -2005,6 +2035,16 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2005 M_CP_INTOPT(rekey_limit); 2035 M_CP_INTOPT(rekey_limit);
2006 M_CP_INTOPT(rekey_interval); 2036 M_CP_INTOPT(rekey_interval);
2007 2037
2038 /*
2039 * The bind_mask is a mode_t that may be unsigned, so we can't use
2040 * M_CP_INTOPT - it does a signed comparison that causes compiler
2041 * warnings.
2042 */
2043 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2044 dst->fwd_opts.streamlocal_bind_mask =
2045 src->fwd_opts.streamlocal_bind_mask;
2046 }
2047
2008 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2048 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2009#define M_CP_STROPT(n) do {\ 2049#define M_CP_STROPT(n) do {\
2010 if (src->n != NULL && dst->n != src->n) { \ 2050 if (src->n != NULL && dst->n != src->n) { \
@@ -2058,7 +2098,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
2058 2098
2059 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2099 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
2060 2100
2061 obuf = cbuf = xstrdup(buffer_ptr(conf)); 2101 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2102 fatal("%s: sshbuf_dup_string failed", __func__);
2062 active = connectinfo ? 0 : 1; 2103 active = connectinfo ? 0 : 1;
2063 linenum = 1; 2104 linenum = 1;
2064 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2105 while ((cp = strsep(&cbuf, "\n")) != NULL) {
@@ -2182,11 +2223,13 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2182{ 2223{
2183 u_int i; 2224 u_int i;
2184 2225
2185 if (count <= 0) 2226 if (count <= 0 && code != sAuthenticationMethods)
2186 return; 2227 return;
2187 printf("%s", lookup_opcode_name(code)); 2228 printf("%s", lookup_opcode_name(code));
2188 for (i = 0; i < count; i++) 2229 for (i = 0; i < count; i++)
2189 printf(" %s", vals[i]); 2230 printf(" %s", vals[i]);
2231 if (code == sAuthenticationMethods && count == 0)
2232 printf(" any");
2190 printf("\n"); 2233 printf("\n");
2191} 2234}
2192 2235
@@ -2291,6 +2334,7 @@ dump_config(ServerOptions *o)
2291 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2334 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2292 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2335 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2293 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2336 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2337 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2294 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2338 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2295 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2339 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2296 2340
diff --git a/serverloop.c b/serverloop.c
index 80d1db549..3563e5d42 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.184 2016/03/07 19:02:43 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -276,7 +276,7 @@ client_alive_check(void)
276 */ 276 */
277static void 277static void
278wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, 278wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
279 u_int *nallocp, u_int64_t max_time_milliseconds) 279 u_int *nallocp, u_int64_t max_time_ms)
280{ 280{
281 struct timeval tv, *tvp; 281 struct timeval tv, *tvp;
282 int ret; 282 int ret;
@@ -288,9 +288,9 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
288 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 288 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp,
289 &minwait_secs, 0); 289 &minwait_secs, 0);
290 290
291 /* XXX need proper deadline system for rekey/client alive */
291 if (minwait_secs != 0) 292 if (minwait_secs != 0)
292 max_time_milliseconds = MIN(max_time_milliseconds, 293 max_time_ms = MIN(max_time_ms, (u_int)minwait_secs * 1000);
293 (u_int)minwait_secs * 1000);
294 294
295 /* 295 /*
296 * if using client_alive, set the max timeout accordingly, 296 * if using client_alive, set the max timeout accordingly,
@@ -300,11 +300,13 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
300 * this could be randomized somewhat to make traffic 300 * this could be randomized somewhat to make traffic
301 * analysis more difficult, but we're not doing it yet. 301 * analysis more difficult, but we're not doing it yet.
302 */ 302 */
303 if (compat20 && 303 if (compat20 && options.client_alive_interval) {
304 max_time_milliseconds == 0 && options.client_alive_interval) { 304 uint64_t keepalive_ms =
305 (uint64_t)options.client_alive_interval * 1000;
306
305 client_alive_scheduled = 1; 307 client_alive_scheduled = 1;
306 max_time_milliseconds = 308 if (max_time_ms == 0 || max_time_ms > keepalive_ms)
307 (u_int64_t)options.client_alive_interval * 1000; 309 max_time_ms = keepalive_ms;
308 } 310 }
309 311
310 if (compat20) { 312 if (compat20) {
@@ -353,14 +355,14 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
353 * from it, then read as much as is available and exit. 355 * from it, then read as much as is available and exit.
354 */ 356 */
355 if (child_terminated && packet_not_very_much_data_to_write()) 357 if (child_terminated && packet_not_very_much_data_to_write())
356 if (max_time_milliseconds == 0 || client_alive_scheduled) 358 if (max_time_ms == 0 || client_alive_scheduled)
357 max_time_milliseconds = 100; 359 max_time_ms = 100;
358 360
359 if (max_time_milliseconds == 0) 361 if (max_time_ms == 0)
360 tvp = NULL; 362 tvp = NULL;
361 else { 363 else {
362 tv.tv_sec = max_time_milliseconds / 1000; 364 tv.tv_sec = max_time_ms / 1000;
363 tv.tv_usec = 1000 * (max_time_milliseconds % 1000); 365 tv.tv_usec = 1000 * (max_time_ms % 1000);
364 tvp = &tv; 366 tvp = &tv;
365 } 367 }
366 368
@@ -393,6 +395,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
393static void 395static void
394process_input(fd_set *readset) 396process_input(fd_set *readset)
395{ 397{
398 struct ssh *ssh = active_state; /* XXX */
396 int len; 399 int len;
397 char buf[16384]; 400 char buf[16384];
398 401
@@ -400,8 +403,8 @@ process_input(fd_set *readset)
400 if (FD_ISSET(connection_in, readset)) { 403 if (FD_ISSET(connection_in, readset)) {
401 len = read(connection_in, buf, sizeof(buf)); 404 len = read(connection_in, buf, sizeof(buf));
402 if (len == 0) { 405 if (len == 0) {
403 verbose("Connection closed by %.100s", 406 verbose("Connection closed by %.100s port %d",
404 get_remote_ipaddr()); 407 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
405 connection_closed = 1; 408 connection_closed = 1;
406 if (compat20) 409 if (compat20)
407 return; 410 return;
@@ -410,8 +413,9 @@ process_input(fd_set *readset)
410 if (errno != EINTR && errno != EAGAIN && 413 if (errno != EINTR && errno != EAGAIN &&
411 errno != EWOULDBLOCK) { 414 errno != EWOULDBLOCK) {
412 verbose("Read error from remote host " 415 verbose("Read error from remote host "
413 "%.100s: %.100s", 416 "%.100s port %d: %.100s",
414 get_remote_ipaddr(), strerror(errno)); 417 ssh_remote_ipaddr(ssh),
418 ssh_remote_port(ssh), strerror(errno));
415 cleanup_exit(255); 419 cleanup_exit(255);
416 } 420 }
417 } else { 421 } else {
@@ -1239,12 +1243,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1239 /* check permissions */ 1243 /* check permissions */
1240 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || 1244 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
1241 no_port_forwarding_flag || 1245 no_port_forwarding_flag ||
1242 (!want_reply && fwd.listen_port == 0) 1246 (!want_reply && fwd.listen_port == 0) ||
1243#ifndef NO_IPPORT_RESERVED_CONCEPT 1247 (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
1244 || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && 1248 pw->pw_uid != 0)) {
1245 pw->pw_uid != 0)
1246#endif
1247 ) {
1248 success = 0; 1249 success = 0;
1249 packet_send_debug("Server has disabled port forwarding."); 1250 packet_send_debug("Server has disabled port forwarding.");
1250 } else { 1251 } else {
diff --git a/session.c b/session.c
index 87fddfc3d..2235f26ac 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -769,6 +769,7 @@ do_exec_pty(Session *s, const char *command)
769static void 769static void
770do_pre_login(Session *s) 770do_pre_login(Session *s)
771{ 771{
772 struct ssh *ssh = active_state; /* XXX */
772 socklen_t fromlen; 773 socklen_t fromlen;
773 struct sockaddr_storage from; 774 struct sockaddr_storage from;
774 pid_t pid = getpid(); 775 pid_t pid = getpid();
@@ -788,7 +789,7 @@ do_pre_login(Session *s)
788 } 789 }
789 790
790 record_utmp_only(pid, s->tty, s->pw->pw_name, 791 record_utmp_only(pid, s->tty, s->pw->pw_name,
791 get_remote_name_or_ip(utmp_len, options.use_dns), 792 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
792 (struct sockaddr *)&from, fromlen); 793 (struct sockaddr *)&from, fromlen);
793} 794}
794#endif 795#endif
@@ -800,6 +801,7 @@ do_pre_login(Session *s)
800int 801int
801do_exec(Session *s, const char *command) 802do_exec(Session *s, const char *command)
802{ 803{
804 struct ssh *ssh = active_state; /* XXX */
803 int ret; 805 int ret;
804 const char *forced = NULL, *tty = NULL; 806 const char *forced = NULL, *tty = NULL;
805 char session_type[1024]; 807 char session_type[1024];
@@ -842,8 +844,8 @@ do_exec(Session *s, const char *command)
842 tty == NULL ? "" : " on ", 844 tty == NULL ? "" : " on ",
843 tty == NULL ? "" : tty, 845 tty == NULL ? "" : tty,
844 s->pw->pw_name, 846 s->pw->pw_name,
845 get_remote_ipaddr(), 847 ssh_remote_ipaddr(ssh),
846 get_remote_port(), 848 ssh_remote_port(ssh),
847 s->self); 849 s->self);
848 850
849#ifdef SSH_AUDIT_EVENTS 851#ifdef SSH_AUDIT_EVENTS
@@ -878,6 +880,7 @@ do_exec(Session *s, const char *command)
878void 880void
879do_login(Session *s, const char *command) 881do_login(Session *s, const char *command)
880{ 882{
883 struct ssh *ssh = active_state; /* XXX */
881 socklen_t fromlen; 884 socklen_t fromlen;
882 struct sockaddr_storage from; 885 struct sockaddr_storage from;
883 struct passwd * pw = s->pw; 886 struct passwd * pw = s->pw;
@@ -900,7 +903,7 @@ do_login(Session *s, const char *command)
900 /* Record that there was a login on that tty from the remote host. */ 903 /* Record that there was a login on that tty from the remote host. */
901 if (!use_privsep) 904 if (!use_privsep)
902 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, 905 record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
903 get_remote_name_or_ip(utmp_len, 906 session_get_remote_name_or_ip(ssh, utmp_len,
904 options.use_dns), 907 options.use_dns),
905 (struct sockaddr *)&from, fromlen); 908 (struct sockaddr *)&from, fromlen);
906 909
@@ -1161,6 +1164,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
1161static char ** 1164static char **
1162do_setup_env(Session *s, const char *shell) 1165do_setup_env(Session *s, const char *shell)
1163{ 1166{
1167 struct ssh *ssh = active_state; /* XXX */
1164 char buf[256]; 1168 char buf[256];
1165 u_int i, envsize; 1169 u_int i, envsize;
1166 char **env, *laddr; 1170 char **env, *laddr;
@@ -1262,12 +1266,14 @@ do_setup_env(Session *s, const char *shell)
1262 1266
1263 /* SSH_CLIENT deprecated */ 1267 /* SSH_CLIENT deprecated */
1264 snprintf(buf, sizeof buf, "%.50s %d %d", 1268 snprintf(buf, sizeof buf, "%.50s %d %d",
1265 get_remote_ipaddr(), get_remote_port(), get_local_port()); 1269 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1270 ssh_local_port(ssh));
1266 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1271 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1267 1272
1268 laddr = get_local_ipaddr(packet_get_connection_in()); 1273 laddr = get_local_ipaddr(packet_get_connection_in());
1269 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1274 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1270 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); 1275 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1276 laddr, ssh_local_port(ssh));
1271 free(laddr); 1277 free(laddr);
1272 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1278 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1273 1279
@@ -1317,7 +1323,7 @@ do_setup_env(Session *s, const char *shell)
1317 * Pull in any environment variables that may have 1323 * Pull in any environment variables that may have
1318 * been set by PAM. 1324 * been set by PAM.
1319 */ 1325 */
1320 if (options.use_pam) { 1326 if (options.use_pam && !options.use_login) {
1321 char **p; 1327 char **p;
1322 1328
1323 p = fetch_pam_child_environment(); 1329 p = fetch_pam_child_environment();
@@ -1684,6 +1690,7 @@ child_close_fds(void)
1684void 1690void
1685do_child(Session *s, const char *command) 1691do_child(Session *s, const char *command)
1686{ 1692{
1693 struct ssh *ssh = active_state; /* XXX */
1687 extern char **environ; 1694 extern char **environ;
1688 char **env; 1695 char **env;
1689 char *argv[ARGV_MAX]; 1696 char *argv[ARGV_MAX];
@@ -1760,14 +1767,14 @@ do_child(Session *s, const char *command)
1760 1767
1761 /* we have to stash the hostname before we close our socket. */ 1768 /* we have to stash the hostname before we close our socket. */
1762 if (options.use_login) 1769 if (options.use_login)
1763 hostname = get_remote_name_or_ip(utmp_len, 1770 hostname = session_get_remote_name_or_ip(ssh, utmp_len,
1764 options.use_dns); 1771 options.use_dns);
1765 /* 1772 /*
1766 * Close the connection descriptors; note that this is the child, and 1773 * Close the connection descriptors; note that this is the child, and
1767 * the server will still have the socket open, and it is important 1774 * the server will still have the socket open, and it is important
1768 * that we do not shutdown it. Note that the descriptors cannot be 1775 * that we do not shutdown it. Note that the descriptors cannot be
1769 * closed before building the environment, as we call 1776 * closed before building the environment, as we call
1770 * get_remote_ipaddr there. 1777 * ssh_remote_ipaddr there.
1771 */ 1778 */
1772 child_close_fds(); 1779 child_close_fds();
1773 1780
@@ -2526,12 +2533,13 @@ session_exit_message(Session *s, int status)
2526void 2533void
2527session_close(Session *s) 2534session_close(Session *s)
2528{ 2535{
2536 struct ssh *ssh = active_state; /* XXX */
2529 u_int i; 2537 u_int i;
2530 2538
2531 verbose("Close session: user %s from %.200s port %d id %d", 2539 verbose("Close session: user %s from %.200s port %d id %d",
2532 s->pw->pw_name, 2540 s->pw->pw_name,
2533 get_remote_ipaddr(), 2541 ssh_remote_ipaddr(ssh),
2534 get_remote_port(), 2542 ssh_remote_port(ssh),
2535 s->self); 2543 s->self);
2536 2544
2537 if (s->ttyfd != -1) 2545 if (s->ttyfd != -1)
@@ -2800,3 +2808,18 @@ do_cleanup(Authctxt *authctxt)
2800 if (!use_privsep || mm_is_monitor()) 2808 if (!use_privsep || mm_is_monitor())
2801 session_destroy_all(session_pty_cleanup2); 2809 session_destroy_all(session_pty_cleanup2);
2802} 2810}
2811
2812/* Return a name for the remote host that fits inside utmp_size */
2813
2814const char *
2815session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)
2816{
2817 const char *remote = "";
2818
2819 if (utmp_size > 0)
2820 remote = auth_get_canonical_hostname(ssh, use_dns);
2821 if (utmp_size == 0 || strlen(remote) > utmp_size)
2822 remote = ssh_remote_ipaddr(ssh);
2823 return remote;
2824}
2825
diff --git a/session.h b/session.h
index 6a2f35e41..f18eaf329 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */ 1/* $OpenBSD: session.h,v 1.32 2016/03/07 19:02:43 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -81,4 +81,6 @@ void do_setusercontext(struct passwd *);
81void child_set_env(char ***envp, u_int *envsizep, const char *name, 81void child_set_env(char ***envp, u_int *envsizep, const char *name,
82 const char *value); 82 const char *value);
83 83
84const char *session_get_remote_name_or_ip(struct ssh *, u_int, int);
85
84#endif 86#endif
diff --git a/sftp-client.c b/sftp-client.c
index d49bfaaba..0ca44a4d6 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.c,v 1.121 2016/02/11 02:21:34 djm Exp $ */ 1/* $OpenBSD: sftp-client.c,v 1.124 2016/05/25 23:48:45 schwarze Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -53,6 +53,7 @@
53#include "atomicio.h" 53#include "atomicio.h"
54#include "progressmeter.h" 54#include "progressmeter.h"
55#include "misc.h" 55#include "misc.h"
56#include "utf8.h"
56 57
57#include "sftp.h" 58#include "sftp.h"
58#include "sftp-common.h" 59#include "sftp-common.h"
@@ -515,8 +516,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
515 struct sshbuf *msg; 516 struct sshbuf *msg;
516 u_int count, id, i, expected_id, ents = 0; 517 u_int count, id, i, expected_id, ents = 0;
517 size_t handle_len; 518 size_t handle_len;
518 u_char type; 519 u_char type, *handle;
519 char *handle;
520 int status = SSH2_FX_FAILURE; 520 int status = SSH2_FX_FAILURE;
521 int r; 521 int r;
522 522
@@ -611,7 +611,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
611 } 611 }
612 612
613 if (print_flag) 613 if (print_flag)
614 printf("%s\n", longname); 614 mprintf("%s\n", longname);
615 615
616 /* 616 /*
617 * Directory entries should never contain '/' 617 * Directory entries should never contain '/'
@@ -1461,7 +1461,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
1461 return -1; 1461 return -1;
1462 } 1462 }
1463 if (print_flag) 1463 if (print_flag)
1464 printf("Retrieving %s\n", src); 1464 mprintf("Retrieving %s\n", src);
1465 1465
1466 if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) 1466 if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
1467 mode = dirattrib->perm & 01777; 1467 mode = dirattrib->perm & 01777;
@@ -1601,7 +1601,7 @@ do_upload(struct sftp_conn *conn, const char *local_path,
1601 if (resume) { 1601 if (resume) {
1602 /* Get remote file size if it exists */ 1602 /* Get remote file size if it exists */
1603 if ((c = do_stat(conn, remote_path, 0)) == NULL) { 1603 if ((c = do_stat(conn, remote_path, 0)) == NULL) {
1604 close(local_fd); 1604 close(local_fd);
1605 return -1; 1605 return -1;
1606 } 1606 }
1607 1607
@@ -1794,7 +1794,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
1794 return -1; 1794 return -1;
1795 } 1795 }
1796 if (print_flag) 1796 if (print_flag)
1797 printf("Entering %s\n", src); 1797 mprintf("Entering %s\n", src);
1798 1798
1799 attrib_clear(&a); 1799 attrib_clear(&a);
1800 stat_to_attrib(&sb, &a); 1800 stat_to_attrib(&sb, &a);
diff --git a/sftp-server.0 b/sftp-server.0
index 3b22ed2a0..20d477d49 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -93,4 +93,4 @@ HISTORY
93AUTHORS 93AUTHORS
94 Markus Friedl <markus@openbsd.org> 94 Markus Friedl <markus@openbsd.org>
95 95
96OpenBSD 5.9 December 11, 2014 OpenBSD 5.9 96OpenBSD 6.0 December 11, 2014 OpenBSD 6.0
diff --git a/sftp-server.c b/sftp-server.c
index e11a1b89b..646286a3c 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,9 +29,6 @@
29#ifdef HAVE_SYS_STATVFS_H 29#ifdef HAVE_SYS_STATVFS_H
30#include <sys/statvfs.h> 30#include <sys/statvfs.h>
31#endif 31#endif
32#ifdef HAVE_SYS_PRCTL_H
33#include <sys/prctl.h>
34#endif
35 32
36#include <dirent.h> 33#include <dirent.h>
37#include <errno.h> 34#include <errno.h>
@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1588 1585
1589 log_init(__progname, log_level, log_facility, log_stderr); 1586 log_init(__progname, log_level, log_facility, log_stderr);
1590 1587
1591#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
1592 /* 1588 /*
1593 * On Linux, we should try to avoid making /proc/self/{mem,maps} 1589 * On platforms where we can, avoid making /proc/self/{mem,maps}
1594 * available to the user so that sftp access doesn't automatically 1590 * available to the user so that sftp access doesn't automatically
1595 * imply arbitrary code execution access that will break 1591 * imply arbitrary code execution access that will break
1596 * restricted configurations. 1592 * restricted configurations.
1597 */ 1593 */
1598 if (prctl(PR_SET_DUMPABLE, 0) != 0) 1594 platform_disable_tracing(1); /* strict */
1599 fatal("unable to make the process undumpable");
1600#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
1601 1595
1602 /* Drop any fine-grained privileges we don't need */ 1596 /* Drop any fine-grained privileges we don't need */
1603 platform_pledge_sftp_server(); 1597 platform_pledge_sftp_server();
diff --git a/sftp.0 b/sftp.0
index ce48de9ca..2e0c274d9 100644
--- a/sftp.0
+++ b/sftp.0
@@ -130,8 +130,9 @@ DESCRIPTION
130 HostKeyAlgorithms 130 HostKeyAlgorithms
131 HostKeyAlias 131 HostKeyAlias
132 HostName 132 HostName
133 IdentityFile
134 IdentitiesOnly 133 IdentitiesOnly
134 IdentityAgent
135 IdentityFile
135 IPQoS 136 IPQoS
136 KbdInteractiveAuthentication 137 KbdInteractiveAuthentication
137 KbdInteractiveDevices 138 KbdInteractiveDevices
@@ -146,6 +147,7 @@ DESCRIPTION
146 PreferredAuthentications 147 PreferredAuthentications
147 Protocol 148 Protocol
148 ProxyCommand 149 ProxyCommand
150 ProxyJump
149 PubkeyAuthentication 151 PubkeyAuthentication
150 RekeyLimit 152 RekeyLimit
151 RhostsRSAAuthentication 153 RhostsRSAAuthentication
@@ -381,4 +383,4 @@ SEE ALSO
381 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 383 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
382 filexfer-00.txt, January 2001, work in progress material. 384 filexfer-00.txt, January 2001, work in progress material.
383 385
384OpenBSD 5.9 September 25, 2015 OpenBSD 5.9 386OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/sftp.1 b/sftp.1
index edc5a85e6..fbdd00a1e 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.102 2015/09/25 18:19:54 jmc Exp $ 1.\" $OpenBSD: sftp.1,v 1.105 2016/07/16 06:57:55 jmc Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -22,7 +22,7 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: September 25 2015 $ 25.Dd $Mdocdate: July 16 2016 $
26.Dt SFTP 1 26.Dt SFTP 1
27.Os 27.Os
28.Sh NAME 28.Sh NAME
@@ -220,8 +220,9 @@ For full details of the options listed below, and their possible values, see
220.It HostKeyAlgorithms 220.It HostKeyAlgorithms
221.It HostKeyAlias 221.It HostKeyAlias
222.It HostName 222.It HostName
223.It IdentityFile
224.It IdentitiesOnly 223.It IdentitiesOnly
224.It IdentityAgent
225.It IdentityFile
225.It IPQoS 226.It IPQoS
226.It KbdInteractiveAuthentication 227.It KbdInteractiveAuthentication
227.It KbdInteractiveDevices 228.It KbdInteractiveDevices
@@ -236,6 +237,7 @@ For full details of the options listed below, and their possible values, see
236.It PreferredAuthentications 237.It PreferredAuthentications
237.It Protocol 238.It Protocol
238.It ProxyCommand 239.It ProxyCommand
240.It ProxyJump
239.It PubkeyAuthentication 241.It PubkeyAuthentication
240.It RekeyLimit 242.It RekeyLimit
241.It RhostsRSAAuthentication 243.It RhostsRSAAuthentication
diff --git a/sftp.c b/sftp.c
index 2077219fa..08e13a733 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.172 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: sftp.c,v 1.175 2016/07/22 03:47:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -49,6 +49,7 @@ typedef void EditLine;
49#endif 49#endif
50#include <limits.h> 50#include <limits.h>
51#include <signal.h> 51#include <signal.h>
52#include <stdarg.h>
52#include <stdlib.h> 53#include <stdlib.h>
53#include <stdio.h> 54#include <stdio.h>
54#include <string.h> 55#include <string.h>
@@ -63,6 +64,7 @@ typedef void EditLine;
63#include "log.h" 64#include "log.h"
64#include "pathnames.h" 65#include "pathnames.h"
65#include "misc.h" 66#include "misc.h"
67#include "utf8.h"
66 68
67#include "sftp.h" 69#include "sftp.h"
68#include "ssherr.h" 70#include "ssherr.h"
@@ -335,7 +337,7 @@ local_do_ls(const char *args)
335 337
336/* Strip one path (usually the pwd) from the start of another */ 338/* Strip one path (usually the pwd) from the start of another */
337static char * 339static char *
338path_strip(char *path, char *strip) 340path_strip(const char *path, const char *strip)
339{ 341{
340 size_t len; 342 size_t len;
341 343
@@ -353,7 +355,7 @@ path_strip(char *path, char *strip)
353} 355}
354 356
355static char * 357static char *
356make_absolute(char *p, char *pwd) 358make_absolute(char *p, const char *pwd)
357{ 359{
358 char *abs_str; 360 char *abs_str;
359 361
@@ -551,7 +553,7 @@ parse_no_flags(const char *cmd, char **argv, int argc)
551} 553}
552 554
553static int 555static int
554is_dir(char *path) 556is_dir(const char *path)
555{ 557{
556 struct stat sb; 558 struct stat sb;
557 559
@@ -563,7 +565,7 @@ is_dir(char *path)
563} 565}
564 566
565static int 567static int
566remote_is_dir(struct sftp_conn *conn, char *path) 568remote_is_dir(struct sftp_conn *conn, const char *path)
567{ 569{
568 Attrib *a; 570 Attrib *a;
569 571
@@ -577,7 +579,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
577 579
578/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */ 580/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
579static int 581static int
580pathname_is_dir(char *pathname) 582pathname_is_dir(const char *pathname)
581{ 583{
582 size_t l = strlen(pathname); 584 size_t l = strlen(pathname);
583 585
@@ -585,8 +587,8 @@ pathname_is_dir(char *pathname)
585} 587}
586 588
587static int 589static int
588process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, 590process_get(struct sftp_conn *conn, const char *src, const char *dst,
589 int pflag, int rflag, int resume, int fflag) 591 const char *pwd, int pflag, int rflag, int resume, int fflag)
590{ 592{
591 char *abs_src = NULL; 593 char *abs_src = NULL;
592 char *abs_dst = NULL; 594 char *abs_dst = NULL;
@@ -644,9 +646,11 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
644 646
645 resume |= global_aflag; 647 resume |= global_aflag;
646 if (!quiet && resume) 648 if (!quiet && resume)
647 printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst); 649 mprintf("Resuming %s to %s\n",
650 g.gl_pathv[i], abs_dst);
648 else if (!quiet && !resume) 651 else if (!quiet && !resume)
649 printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); 652 mprintf("Fetching %s to %s\n",
653 g.gl_pathv[i], abs_dst);
650 if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { 654 if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
651 if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, 655 if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
652 pflag || global_pflag, 1, resume, 656 pflag || global_pflag, 1, resume,
@@ -669,8 +673,8 @@ out:
669} 673}
670 674
671static int 675static int
672process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, 676process_put(struct sftp_conn *conn, const char *src, const char *dst,
673 int pflag, int rflag, int resume, int fflag) 677 const char *pwd, int pflag, int rflag, int resume, int fflag)
674{ 678{
675 char *tmp_dst = NULL; 679 char *tmp_dst = NULL;
676 char *abs_dst = NULL; 680 char *abs_dst = NULL;
@@ -735,10 +739,11 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
735 739
736 resume |= global_aflag; 740 resume |= global_aflag;
737 if (!quiet && resume) 741 if (!quiet && resume)
738 printf("Resuming upload of %s to %s\n", g.gl_pathv[i], 742 mprintf("Resuming upload of %s to %s\n",
739 abs_dst); 743 g.gl_pathv[i], abs_dst);
740 else if (!quiet && !resume) 744 else if (!quiet && !resume)
741 printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); 745 mprintf("Uploading %s to %s\n",
746 g.gl_pathv[i], abs_dst);
742 if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { 747 if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
743 if (upload_dir(conn, g.gl_pathv[i], abs_dst, 748 if (upload_dir(conn, g.gl_pathv[i], abs_dst,
744 pflag || global_pflag, 1, resume, 749 pflag || global_pflag, 1, resume,
@@ -779,7 +784,8 @@ sdirent_comp(const void *aa, const void *bb)
779 784
780/* sftp ls.1 replacement for directories */ 785/* sftp ls.1 replacement for directories */
781static int 786static int
782do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) 787do_ls_dir(struct sftp_conn *conn, const char *path,
788 const char *strip_path, int lflag)
783{ 789{
784 int n; 790 int n;
785 u_int c = 1, colspace = 0, columns = 1; 791 u_int c = 1, colspace = 0, columns = 1;
@@ -839,12 +845,12 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
839 attrib_to_stat(&d[n]->a, &sb); 845 attrib_to_stat(&d[n]->a, &sb);
840 lname = ls_file(fname, &sb, 1, 846 lname = ls_file(fname, &sb, 1,
841 (lflag & LS_SI_UNITS)); 847 (lflag & LS_SI_UNITS));
842 printf("%s\n", lname); 848 mprintf("%s\n", lname);
843 free(lname); 849 free(lname);
844 } else 850 } else
845 printf("%s\n", d[n]->longname); 851 mprintf("%s\n", d[n]->longname);
846 } else { 852 } else {
847 printf("%-*s", colspace, fname); 853 mprintf("%-*s", colspace, fname);
848 if (c >= columns) { 854 if (c >= columns) {
849 printf("\n"); 855 printf("\n");
850 c = 1; 856 c = 1;
@@ -864,8 +870,8 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
864 870
865/* sftp ls.1 replacement which handles path globs */ 871/* sftp ls.1 replacement which handles path globs */
866static int 872static int
867do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, 873do_globbed_ls(struct sftp_conn *conn, const char *path,
868 int lflag) 874 const char *strip_path, int lflag)
869{ 875{
870 char *fname, *lname; 876 char *fname, *lname;
871 glob_t g; 877 glob_t g;
@@ -925,10 +931,10 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
925 } 931 }
926 lname = ls_file(fname, g.gl_statv[i], 1, 932 lname = ls_file(fname, g.gl_statv[i], 1,
927 (lflag & LS_SI_UNITS)); 933 (lflag & LS_SI_UNITS));
928 printf("%s\n", lname); 934 mprintf("%s\n", lname);
929 free(lname); 935 free(lname);
930 } else { 936 } else {
931 printf("%-*s", colspace, fname); 937 mprintf("%-*s", colspace, fname);
932 if (c >= columns) { 938 if (c >= columns) {
933 printf("\n"); 939 printf("\n");
934 c = 1; 940 c = 1;
@@ -949,7 +955,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
949} 955}
950 956
951static int 957static int
952do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) 958do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
953{ 959{
954 struct sftp_statvfs st; 960 struct sftp_statvfs st;
955 char s_used[FMT_SCALED_STRSIZE]; 961 char s_used[FMT_SCALED_STRSIZE];
@@ -1205,7 +1211,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
1205 1211
1206static int 1212static int
1207parse_args(const char **cpp, int *ignore_errors, int *aflag, 1213parse_args(const char **cpp, int *ignore_errors, int *aflag,
1208 int *fflag, int *hflag, int *iflag, int *lflag, int *pflag, 1214 int *fflag, int *hflag, int *iflag, int *lflag, int *pflag,
1209 int *rflag, int *sflag, 1215 int *rflag, int *sflag,
1210 unsigned long *n_arg, char **path1, char **path2) 1216 unsigned long *n_arg, char **path1, char **path2)
1211{ 1217{
@@ -1397,7 +1403,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1397 int err_abort) 1403 int err_abort)
1398{ 1404{
1399 char *path1, *path2, *tmp; 1405 char *path1, *path2, *tmp;
1400 int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, 1406 int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0,
1401 iflag = 0; 1407 iflag = 0;
1402 int lflag = 0, pflag = 0, rflag = 0, sflag = 0; 1408 int lflag = 0, pflag = 0, rflag = 0, sflag = 0;
1403 int cmdnum, i; 1409 int cmdnum, i;
@@ -1456,7 +1462,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1456 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 1462 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
1457 for (i = 0; g.gl_pathv[i] && !interrupted; i++) { 1463 for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
1458 if (!quiet) 1464 if (!quiet)
1459 printf("Removing %s\n", g.gl_pathv[i]); 1465 mprintf("Removing %s\n", g.gl_pathv[i]);
1460 err = do_rm(conn, g.gl_pathv[i]); 1466 err = do_rm(conn, g.gl_pathv[i]);
1461 if (err != 0 && err_abort) 1467 if (err != 0 && err_abort)
1462 break; 1468 break;
@@ -1556,7 +1562,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1556 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 1562 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
1557 for (i = 0; g.gl_pathv[i] && !interrupted; i++) { 1563 for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
1558 if (!quiet) 1564 if (!quiet)
1559 printf("Changing mode on %s\n", g.gl_pathv[i]); 1565 mprintf("Changing mode on %s\n",
1566 g.gl_pathv[i]);
1560 err = do_setstat(conn, g.gl_pathv[i], &a); 1567 err = do_setstat(conn, g.gl_pathv[i], &a);
1561 if (err != 0 && err_abort) 1568 if (err != 0 && err_abort)
1562 break; 1569 break;
@@ -1586,12 +1593,12 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1586 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; 1593 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
1587 if (cmdnum == I_CHOWN) { 1594 if (cmdnum == I_CHOWN) {
1588 if (!quiet) 1595 if (!quiet)
1589 printf("Changing owner on %s\n", 1596 mprintf("Changing owner on %s\n",
1590 g.gl_pathv[i]); 1597 g.gl_pathv[i]);
1591 aa->uid = n_arg; 1598 aa->uid = n_arg;
1592 } else { 1599 } else {
1593 if (!quiet) 1600 if (!quiet)
1594 printf("Changing group on %s\n", 1601 mprintf("Changing group on %s\n",
1595 g.gl_pathv[i]); 1602 g.gl_pathv[i]);
1596 aa->gid = n_arg; 1603 aa->gid = n_arg;
1597 } 1604 }
@@ -1601,7 +1608,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1601 } 1608 }
1602 break; 1609 break;
1603 case I_PWD: 1610 case I_PWD:
1604 printf("Remote working directory: %s\n", *pwd); 1611 mprintf("Remote working directory: %s\n", *pwd);
1605 break; 1612 break;
1606 case I_LPWD: 1613 case I_LPWD:
1607 if (!getcwd(path_buf, sizeof(path_buf))) { 1614 if (!getcwd(path_buf, sizeof(path_buf))) {
@@ -1609,7 +1616,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1609 err = -1; 1616 err = -1;
1610 break; 1617 break;
1611 } 1618 }
1612 printf("Local working directory: %s\n", path_buf); 1619 mprintf("Local working directory: %s\n", path_buf);
1613 break; 1620 break;
1614 case I_QUIT: 1621 case I_QUIT:
1615 /* Processed below */ 1622 /* Processed below */
@@ -1678,7 +1685,7 @@ complete_display(char **list, u_int len)
1678 for (y = 0; list[y]; y++) { 1685 for (y = 0; list[y]; y++) {
1679 llen = strlen(list[y]); 1686 llen = strlen(list[y]);
1680 tmp = llen > len ? list[y] + len : ""; 1687 tmp = llen > len ? list[y] + len : "";
1681 printf("%-*s", colspace, tmp); 1688 mprintf("%-*s", colspace, tmp);
1682 if (m >= columns) { 1689 if (m >= columns) {
1683 printf("\n"); 1690 printf("\n");
1684 m = 1; 1691 m = 1;
@@ -2062,7 +2069,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
2062 2069
2063 if (remote_is_dir(conn, dir) && file2 == NULL) { 2070 if (remote_is_dir(conn, dir) && file2 == NULL) {
2064 if (!quiet) 2071 if (!quiet)
2065 printf("Changing to: %s\n", dir); 2072 mprintf("Changing to: %s\n", dir);
2066 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); 2073 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
2067 if (parse_dispatch_command(conn, cmd, 2074 if (parse_dispatch_command(conn, cmd,
2068 &remote_path, 1) != 0) { 2075 &remote_path, 1) != 0) {
@@ -2106,7 +2113,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2)
2106 break; 2113 break;
2107 } 2114 }
2108 if (!interactive) { /* Echo command */ 2115 if (!interactive) { /* Echo command */
2109 printf("sftp> %s", cmd); 2116 mprintf("sftp> %s", cmd);
2110 if (strlen(cmd) > 0 && 2117 if (strlen(cmd) > 0 &&
2111 cmd[strlen(cmd) - 1] != '\n') 2118 cmd[strlen(cmd) - 1] != '\n')
2112 printf("\n"); 2119 printf("\n");
diff --git a/ssh-add.0 b/ssh-add.0
index cc56b0035..706bfe661 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -126,4 +126,4 @@ AUTHORS
126 created OpenSSH. Markus Friedl contributed the support for SSH protocol 126 created OpenSSH. Markus Friedl contributed the support for SSH protocol
127 versions 1.5 and 2.0. 127 versions 1.5 and 2.0.
128 128
129OpenBSD 5.9 March 30, 2015 OpenBSD 5.9 129OpenBSD 6.0 March 30, 2015 OpenBSD 6.0
diff --git a/ssh-agent.0 b/ssh-agent.0
index 2cc5ac6e0..b6abf9b4e 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -109,4 +109,4 @@ AUTHORS
109 created OpenSSH. Markus Friedl contributed the support for SSH protocol 109 created OpenSSH. Markus Friedl contributed the support for SSH protocol
110 versions 1.5 and 2.0. 110 versions 1.5 and 2.0.
111 111
112OpenBSD 5.9 November 15, 2015 OpenBSD 5.9 112OpenBSD 6.0 November 15, 2015 OpenBSD 6.0
diff --git a/ssh-agent.c b/ssh-agent.c
index c38906d94..25d6ebc53 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -88,10 +88,6 @@
88#include "ssh-pkcs11.h" 88#include "ssh-pkcs11.h"
89#endif 89#endif
90 90
91#if defined(HAVE_SYS_PRCTL_H)
92#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
93#endif
94
95typedef enum { 91typedef enum {
96 AUTH_UNUSED, 92 AUTH_UNUSED,
97 AUTH_SOCKET, 93 AUTH_SOCKET,
@@ -144,8 +140,8 @@ char socket_dir[PATH_MAX];
144#define LOCK_SALT_SIZE 16 140#define LOCK_SALT_SIZE 16
145#define LOCK_ROUNDS 1 141#define LOCK_ROUNDS 1
146int locked = 0; 142int locked = 0;
147char lock_passwd[LOCK_SIZE]; 143u_char lock_pwhash[LOCK_SIZE];
148char lock_salt[LOCK_SALT_SIZE]; 144u_char lock_salt[LOCK_SALT_SIZE];
149 145
150extern char *__progname; 146extern char *__progname;
151 147
@@ -677,7 +673,8 @@ static void
677process_lock_agent(SocketEntry *e, int lock) 673process_lock_agent(SocketEntry *e, int lock)
678{ 674{
679 int r, success = 0, delay; 675 int r, success = 0, delay;
680 char *passwd, passwdhash[LOCK_SIZE]; 676 char *passwd;
677 u_char passwdhash[LOCK_SIZE];
681 static u_int fail_count = 0; 678 static u_int fail_count = 0;
682 size_t pwlen; 679 size_t pwlen;
683 680
@@ -689,11 +686,11 @@ process_lock_agent(SocketEntry *e, int lock)
689 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), 686 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
690 passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) 687 passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
691 fatal("bcrypt_pbkdf"); 688 fatal("bcrypt_pbkdf");
692 if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { 689 if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) {
693 debug("agent unlocked"); 690 debug("agent unlocked");
694 locked = 0; 691 locked = 0;
695 fail_count = 0; 692 fail_count = 0;
696 explicit_bzero(lock_passwd, sizeof(lock_passwd)); 693 explicit_bzero(lock_pwhash, sizeof(lock_pwhash));
697 success = 1; 694 success = 1;
698 } else { 695 } else {
699 /* delay in 0.1s increments up to 10s */ 696 /* delay in 0.1s increments up to 10s */
@@ -710,7 +707,7 @@ process_lock_agent(SocketEntry *e, int lock)
710 locked = 1; 707 locked = 1;
711 arc4random_buf(lock_salt, sizeof(lock_salt)); 708 arc4random_buf(lock_salt, sizeof(lock_salt));
712 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), 709 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
713 lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) 710 lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0)
714 fatal("bcrypt_pbkdf"); 711 fatal("bcrypt_pbkdf");
715 success = 1; 712 success = 1;
716 } 713 }
@@ -1208,10 +1205,7 @@ main(int ac, char **av)
1208 setegid(getgid()); 1205 setegid(getgid());
1209 setgid(getgid()); 1206 setgid(getgid());
1210 1207
1211#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 1208 platform_disable_tracing(0); /* strict=no */
1212 /* Disable ptrace on Linux without sgid bit */
1213 prctl(PR_SET_DUMPABLE, 0);
1214#endif
1215 1209
1216#ifdef WITH_OPENSSL 1210#ifdef WITH_OPENSSL
1217 OpenSSL_add_all_algorithms(); 1211 OpenSSL_add_all_algorithms();
diff --git a/ssh-dss.c b/ssh-dss.c
index cc47dcf5f..7af59fa6e 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.34 2015/12/11 04:21:12 mmcc Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -139,7 +139,8 @@ ssh_dss_verify(const struct sshkey *key,
139 char *ktype = NULL; 139 char *ktype = NULL;
140 140
141 if (key == NULL || key->dsa == NULL || 141 if (key == NULL || key->dsa == NULL ||
142 sshkey_type_plain(key->type) != KEY_DSA) 142 sshkey_type_plain(key->type) != KEY_DSA ||
143 signature == NULL || signaturelen == 0)
143 return SSH_ERR_INVALID_ARGUMENT; 144 return SSH_ERR_INVALID_ARGUMENT;
144 if (dlen == 0) 145 if (dlen == 0)
145 return SSH_ERR_INTERNAL_ERROR; 146 return SSH_ERR_INTERNAL_ERROR;
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 74912dfd9..d7bf3c69b 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.12 2015/12/11 04:21:12 mmcc Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.13 2016/04/21 06:08:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -121,7 +121,8 @@ ssh_ecdsa_verify(const struct sshkey *key,
121 char *ktype = NULL; 121 char *ktype = NULL;
122 122
123 if (key == NULL || key->ecdsa == NULL || 123 if (key == NULL || key->ecdsa == NULL ||
124 sshkey_type_plain(key->type) != KEY_ECDSA) 124 sshkey_type_plain(key->type) != KEY_ECDSA ||
125 signature == NULL || signaturelen == 0)
125 return SSH_ERR_INVALID_ARGUMENT; 126 return SSH_ERR_INVALID_ARGUMENT;
126 127
127 if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || 128 if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 ||
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index b159ff5ee..5163e0297 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ed25519.c,v 1.6 2015/01/15 21:38:50 markus Exp $ */ 1/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -107,7 +107,8 @@ ssh_ed25519_verify(const struct sshkey *key,
107 if (key == NULL || 107 if (key == NULL ||
108 sshkey_type_plain(key->type) != KEY_ED25519 || 108 sshkey_type_plain(key->type) != KEY_ED25519 ||
109 key->ed25519_pk == NULL || 109 key->ed25519_pk == NULL ||
110 datalen >= INT_MAX - crypto_sign_ed25519_BYTES) 110 datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
111 signature == NULL || signaturelen == 0)
111 return SSH_ERR_INVALID_ARGUMENT; 112 return SSH_ERR_INVALID_ARGUMENT;
112 113
113 if ((b = sshbuf_from(signature, signaturelen)) == NULL) 114 if ((b = sshbuf_from(signature, signaturelen)) == NULL)
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 2b749ae9f..569297da4 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -71,11 +71,11 @@ DESCRIPTION
71 or forgotten, a new key must be generated and the corresponding public 71 or forgotten, a new key must be generated and the corresponding public
72 key copied to other machines. 72 key copied to other machines.
73 73
74 For RSA1 keys, there is also a comment field in the key file that is only 74 For RSA1 keys and keys stored in the newer OpenSSH format, there is also
75 for convenience to the user to help identify the key. The comment can 75 a comment field in the key file that is only for convenience to the user
76 tell what the key is for, or whatever is useful. The comment is 76 to help identify the key. The comment can tell what the key is for, or
77 initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed 77 whatever is useful. The comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the
78 using the -c option. 78 key is created, but can be changed using the -c option.
79 79
80 After a key is generated, instructions below detail where the keys should 80 After a key is generated, instructions below detail where the keys should
81 be placed to be activated. 81 be placed to be activated.
@@ -117,9 +117,10 @@ DESCRIPTION
117 Provides a new comment. 117 Provides a new comment.
118 118
119 -c Requests changing the comment in the private and public key 119 -c Requests changing the comment in the private and public key
120 files. This operation is only supported for RSA1 keys. The 120 files. This operation is only supported for RSA1 keys and keys
121 program will prompt for the file containing the private keys, for 121 stored in the newer OpenSSH format. The program will prompt for
122 the passphrase if the key has one, and for the new comment. 122 the file containing the private keys, for the passphrase if the
123 key has one, and for the new comment.
123 124
124 -D pkcs11 125 -D pkcs11
125 Download the RSA public keys provided by the PKCS#11 shared 126 Download the RSA public keys provided by the PKCS#11 shared
@@ -202,7 +203,7 @@ DESCRIPTION
202 -l Show fingerprint of specified public key file. Private RSA1 keys 203 -l Show fingerprint of specified public key file. Private RSA1 keys
203 are also supported. For RSA and DSA keys ssh-keygen tries to 204 are also supported. For RSA and DSA keys ssh-keygen tries to
204 find the matching public key file and prints its fingerprint. If 205 find the matching public key file and prints its fingerprint. If
205 combined with -v, an ASCII art representation of the key is 206 combined with -v, a visual ASCII art representation of the key is
206 supplied with the fingerprint. 207 supplied with the fingerprint.
207 208
208 -M memory 209 -M memory
@@ -566,4 +567,4 @@ AUTHORS
566 created OpenSSH. Markus Friedl contributed the support for SSH protocol 567 created OpenSSH. Markus Friedl contributed the support for SSH protocol
567 versions 1.5 and 2.0. 568 versions 1.5 and 2.0.
568 569
569OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 570OpenBSD 6.0 June 16, 2016 OpenBSD 6.0
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 37a4fc2b2..ce2213c78 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.133 2016/06/16 06:10:45 jmc Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: February 17 2016 $ 38.Dd $Mdocdate: June 16 2016 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -207,7 +207,7 @@ There is no way to recover a lost passphrase.
207If the passphrase is lost or forgotten, a new key must be generated 207If the passphrase is lost or forgotten, a new key must be generated
208and the corresponding public key copied to other machines. 208and the corresponding public key copied to other machines.
209.Pp 209.Pp
210For RSA1 keys, 210For RSA1 keys and keys stored in the newer OpenSSH format,
211there is also a comment field in the key file that is only for 211there is also a comment field in the key file that is only for
212convenience to the user to help identify the key. 212convenience to the user to help identify the key.
213The comment can tell what the key is for, or whatever is useful. 213The comment can tell what the key is for, or whatever is useful.
@@ -264,7 +264,8 @@ flag will be ignored.
264Provides a new comment. 264Provides a new comment.
265.It Fl c 265.It Fl c
266Requests changing the comment in the private and public key files. 266Requests changing the comment in the private and public key files.
267This operation is only supported for RSA1 keys. 267This operation is only supported for RSA1 keys and keys stored in the
268newer OpenSSH format.
268The program will prompt for the file containing the private keys, for 269The program will prompt for the file containing the private keys, for
269the passphrase if the key has one, and for the new comment. 270the passphrase if the key has one, and for the new comment.
270.It Fl D Ar pkcs11 271.It Fl D Ar pkcs11
@@ -389,7 +390,8 @@ For RSA and DSA keys
389tries to find the matching public key file and prints its fingerprint. 390tries to find the matching public key file and prints its fingerprint.
390If combined with 391If combined with
391.Fl v , 392.Fl v ,
392an ASCII art representation of the key is supplied with the fingerprint. 393a visual ASCII art representation of the key is supplied with the
394fingerprint.
393.It Fl M Ar memory 395.It Fl M Ar memory
394Specify the amount of memory to use (in megabytes) when generating 396Specify the amount of memory to use (in megabytes) when generating
395candidate moduli for DH-GEX. 397candidate moduli for DH-GEX.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 478520123..0bd5fc93a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.290 2016/05/02 09:36:42 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -883,7 +883,7 @@ do_fingerprint(struct passwd *pw)
883 char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; 883 char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];
884 int i, invalid = 1; 884 int i, invalid = 1;
885 const char *path; 885 const char *path;
886 long int lnum = 0; 886 u_long lnum = 0;
887 887
888 if (!have_identity) 888 if (!have_identity)
889 ask_filename(pw, "Enter file in which the key is"); 889 ask_filename(pw, "Enter file in which the key is");
@@ -946,7 +946,7 @@ do_fingerprint(struct passwd *pw)
946 } 946 }
947 /* Retry after parsing leading hostname/key options */ 947 /* Retry after parsing leading hostname/key options */
948 if (public == NULL && (public = try_read_key(&cp)) == NULL) { 948 if (public == NULL && (public = try_read_key(&cp)) == NULL) {
949 debug("%s:%ld: not a public key", path, lnum); 949 debug("%s:%lu: not a public key", path, lnum);
950 continue; 950 continue;
951 } 951 }
952 952
@@ -1599,6 +1599,12 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1599 ca = load_identity(tmp); 1599 ca = load_identity(tmp);
1600 free(tmp); 1600 free(tmp);
1601 1601
1602 if (key_type_name != NULL &&
1603 sshkey_type_from_name(key_type_name) != ca->type) {
1604 fatal("CA key type %s doesn't match specified %s",
1605 sshkey_ssh_name(ca), key_type_name);
1606 }
1607
1602 for (i = 0; i < argc; i++) { 1608 for (i = 0; i < argc; i++) {
1603 /* Split list of principals */ 1609 /* Split list of principals */
1604 n = 0; 1610 n = 0;
@@ -1640,8 +1646,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1640 &public->cert->signature_key)) != 0) 1646 &public->cert->signature_key)) != 0)
1641 fatal("key_from_private (ca key): %s", ssh_err(r)); 1647 fatal("key_from_private (ca key): %s", ssh_err(r));
1642 1648
1643 if (sshkey_certify(public, ca) != 0) 1649 if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
1644 fatal("Couldn't not certify key %s", tmp); 1650 fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
1645 1651
1646 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) 1652 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
1647 *cp = '\0'; 1653 *cp = '\0';
@@ -1920,7 +1926,7 @@ do_show_cert(struct passwd *pw)
1920 FILE *f; 1926 FILE *f;
1921 char *cp, line[SSH_MAX_PUBKEY_BYTES]; 1927 char *cp, line[SSH_MAX_PUBKEY_BYTES];
1922 const char *path; 1928 const char *path;
1923 long int lnum = 0; 1929 u_long lnum = 0;
1924 1930
1925 if (!have_identity) 1931 if (!have_identity)
1926 ask_filename(pw, "Enter file in which the key is"); 1932 ask_filename(pw, "Enter file in which the key is");
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 5578cc504..e9d9f0d8b 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -108,4 +108,4 @@ BUGS
108 This is because it opens a connection to the ssh port, reads the public 108 This is because it opens a connection to the ssh port, reads the public
109 key, and drops the connection as soon as it gets the key. 109 key, and drops the connection as soon as it gets the key.
110 110
111OpenBSD 5.9 November 8, 2015 OpenBSD 5.9 111OpenBSD 6.0 November 8, 2015 OpenBSD 6.0
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7fe61e4e1..c30d54e62 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -302,6 +302,9 @@ keygrab_ssh2(con *c)
302#ifdef WITH_OPENSSL 302#ifdef WITH_OPENSSL
303 c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 303 c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
304 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 304 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
305 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
306 c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
307 c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
305 c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 308 c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
306 c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 309 c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
307# ifdef OPENSSL_HAS_ECC 310# ifdef OPENSSL_HAS_ECC
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index 65d75f313..34a451d62 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -49,4 +49,4 @@ HISTORY
49AUTHORS 49AUTHORS
50 Markus Friedl <markus@openbsd.org> 50 Markus Friedl <markus@openbsd.org>
51 51
52OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 52OpenBSD 6.0 February 17, 2016 OpenBSD 6.0
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
index 47aa7bdcd..1b58361a6 100644
--- a/ssh-pkcs11-helper.0
+++ b/ssh-pkcs11-helper.0
@@ -22,4 +22,4 @@ HISTORY
22AUTHORS 22AUTHORS
23 Markus Friedl <markus@openbsd.org> 23 Markus Friedl <markus@openbsd.org>
24 24
25OpenBSD 5.9 July 16, 2013 OpenBSD 5.9 25OpenBSD 6.0 July 16, 2013 OpenBSD 6.0
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 53d44d1f3..a6db2a06b 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-rsa.c,v 1.58 2015/12/11 04:21:12 mmcc Exp $ */ 1/* $OpenBSD: ssh-rsa.c,v 1.59 2016/04/21 06:08:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -172,7 +172,8 @@ ssh_rsa_verify(const struct sshkey *key,
172 172
173 if (key == NULL || key->rsa == NULL || 173 if (key == NULL || key->rsa == NULL ||
174 sshkey_type_plain(key->type) != KEY_RSA || 174 sshkey_type_plain(key->type) != KEY_RSA ||
175 BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) 175 BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE ||
176 sig == NULL || siglen == 0)
176 return SSH_ERR_INVALID_ARGUMENT; 177 return SSH_ERR_INVALID_ARGUMENT;
177 178
178 if ((b = sshbuf_from(sig, siglen)) == NULL) 179 if ((b = sshbuf_from(sig, siglen)) == NULL)
diff --git a/ssh.0 b/ssh.0
index 9aaf4367d..67ce809bb 100644
--- a/ssh.0
+++ b/ssh.0
@@ -6,10 +6,11 @@ NAME
6SYNOPSIS 6SYNOPSIS
7 ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] 7 ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8 [-D [bind_address:]port] [-E log_file] [-e escape_char] 8 [-D [bind_address:]port] [-E log_file] [-e escape_char]
9 [-F configfile] [-I pkcs11] [-i identity_file] [-L address] 9 [-F configfile] [-I pkcs11] [-i identity_file]
10 [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] 10 [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
11 [-Q query_option] [-R address] [-S ctl_path] [-W host:port] 11 [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
12 [-w local_tun[:remote_tun]] [user@]hostname [command] 12 [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
13 [user@]hostname [command]
13 14
14DESCRIPTION 15DESCRIPTION
15 ssh (SSH client) is a program for logging into a remote machine and for 16 ssh (SSH client) is a program for logging into a remote machine and for
@@ -147,6 +148,13 @@ DESCRIPTION
147 information from the filename obtained by appending -cert.pub to 148 information from the filename obtained by appending -cert.pub to
148 identity filenames. 149 identity filenames.
149 150
151 -J [user@]host[:port]
152 Connect to the target host by first making a ssh connection to
153 the jump host and then establishing a TCP forwarding to the
154 ultimate destination from there. Multiple jump hops may be
155 specified separated by comma characters. This is a shortcut to
156 specify a ProxyJump configuration directive.
157
150 -K Enables GSSAPI-based authentication and forwarding (delegation) 158 -K Enables GSSAPI-based authentication and forwarding (delegation)
151 of GSSAPI credentials to the server. 159 of GSSAPI credentials to the server.
152 160
@@ -264,8 +272,10 @@ DESCRIPTION
264 HostKeyAlgorithms 272 HostKeyAlgorithms
265 HostKeyAlias 273 HostKeyAlias
266 HostName 274 HostName
267 IdentityFile
268 IdentitiesOnly 275 IdentitiesOnly
276 IdentityAgent
277 IdentityFile
278 Include
269 IPQoS 279 IPQoS
270 KbdInteractiveAuthentication 280 KbdInteractiveAuthentication
271 KbdInteractiveDevices 281 KbdInteractiveDevices
@@ -284,6 +294,7 @@ DESCRIPTION
284 PreferredAuthentications 294 PreferredAuthentications
285 Protocol 295 Protocol
286 ProxyCommand 296 ProxyCommand
297 ProxyJump
287 ProxyUseFdpass 298 ProxyUseFdpass
288 PubkeyAcceptedKeyTypes 299 PubkeyAcceptedKeyTypes
289 PubkeyAuthentication 300 PubkeyAuthentication
@@ -384,7 +395,9 @@ DESCRIPTION
384 -W host:port 395 -W host:port
385 Requests that standard input and output on the client be 396 Requests that standard input and output on the client be
386 forwarded to host on port over the secure channel. Implies -N, 397 forwarded to host on port over the secure channel. Implies -N,
387 -T, ExitOnForwardFailure and ClearAllForwardings. 398 -T, ExitOnForwardFailure and ClearAllForwardings, though these
399 can be overridden in the configuration file or using -o command
400 line options.
388 401
389 -w local_tun[:remote_tun] 402 -w local_tun[:remote_tun]
390 Requests tunnel device forwarding with the specified tun(4) 403 Requests tunnel device forwarding with the specified tun(4)
@@ -955,4 +968,4 @@ AUTHORS
955 created OpenSSH. Markus Friedl contributed the support for SSH protocol 968 created OpenSSH. Markus Friedl contributed the support for SSH protocol
956 versions 1.5 and 2.0. 969 versions 1.5 and 2.0.
957 970
958OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 971OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/ssh.1 b/ssh.1
index cc5334338..4011c65aa 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.369 2016/02/17 07:38:19 jmc Exp $ 36.\" $OpenBSD: ssh.1,v 1.376 2016/07/16 06:57:55 jmc Exp $
37.Dd $Mdocdate: February 17 2016 $ 37.Dd $Mdocdate: July 16 2016 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -52,6 +52,7 @@
52.Op Fl F Ar configfile 52.Op Fl F Ar configfile
53.Op Fl I Ar pkcs11 53.Op Fl I Ar pkcs11
54.Op Fl i Ar identity_file 54.Op Fl i Ar identity_file
55.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port
55.Op Fl L Ar address 56.Op Fl L Ar address
56.Op Fl l Ar login_name 57.Op Fl l Ar login_name
57.Op Fl m Ar mac_spec 58.Op Fl m Ar mac_spec
@@ -312,6 +313,24 @@ by appending
312.Pa -cert.pub 313.Pa -cert.pub
313to identity filenames. 314to identity filenames.
314.Pp 315.Pp
316.It Fl J Xo
317.Sm off
318.Op Ar user No @
319.Ar host
320.Op : Ar port
321.Sm on
322.Xc
323Connect to the target host by first making a
324.Nm
325connection to the jump
326.Ar host
327and then establishing a TCP forwarding to the ultimate destination from
328there.
329Multiple jump hops may be specified separated by comma characters.
330This is a shortcut to specify a
331.Cm ProxyJump
332configuration directive.
333.Pp
315.It Fl K 334.It Fl K
316Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI 335Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
317credentials to the server. 336credentials to the server.
@@ -501,8 +520,10 @@ For full details of the options listed below, and their possible values, see
501.It HostKeyAlgorithms 520.It HostKeyAlgorithms
502.It HostKeyAlias 521.It HostKeyAlias
503.It HostName 522.It HostName
504.It IdentityFile
505.It IdentitiesOnly 523.It IdentitiesOnly
524.It IdentityAgent
525.It IdentityFile
526.It Include
506.It IPQoS 527.It IPQoS
507.It KbdInteractiveAuthentication 528.It KbdInteractiveAuthentication
508.It KbdInteractiveDevices 529.It KbdInteractiveDevices
@@ -521,6 +542,7 @@ For full details of the options listed below, and their possible values, see
521.It PreferredAuthentications 542.It PreferredAuthentications
522.It Protocol 543.It Protocol
523.It ProxyCommand 544.It ProxyCommand
545.It ProxyJump
524.It ProxyUseFdpass 546.It ProxyUseFdpass
525.It PubkeyAcceptedKeyTypes 547.It PubkeyAcceptedKeyTypes
526.It PubkeyAuthentication 548.It PubkeyAuthentication
@@ -707,7 +729,10 @@ Implies
707.Fl T , 729.Fl T ,
708.Cm ExitOnForwardFailure 730.Cm ExitOnForwardFailure
709and 731and
710.Cm ClearAllForwardings . 732.Cm ClearAllForwardings ,
733though these can be overridden in the configuration file or using
734.Fl o
735command line options.
711.Pp 736.Pp
712.It Fl w Xo 737.It Fl w Xo
713.Ar local_tun Ns Op : Ns Ar remote_tun 738.Ar local_tun Ns Op : Ns Ar remote_tun
diff --git a/ssh.c b/ssh.c
index f9ff91f04..03a23fb6a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.436 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh.c,v 1.445 2016/07/17 04:20:16 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,6 +67,7 @@
67#include <string.h> 67#include <string.h>
68#include <unistd.h> 68#include <unistd.h>
69#include <limits.h> 69#include <limits.h>
70#include <locale.h>
70 71
71#include <netinet/in.h> 72#include <netinet/in.h>
72#include <arpa/inet.h> 73#include <arpa/inet.h>
@@ -151,10 +152,6 @@ int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;
151 */ 152 */
152int fork_after_authentication_flag = 0; 153int fork_after_authentication_flag = 0;
153 154
154/* forward stdio to remote host and port */
155char *stdio_forward_host = NULL;
156int stdio_forward_port = 0;
157
158/* 155/*
159 * General data structure for command line options and options configurable 156 * General data structure for command line options and options configurable
160 * in configuration files. See readconf.h. 157 * in configuration files. See readconf.h.
@@ -202,10 +199,11 @@ usage(void)
202 fprintf(stderr, 199 fprintf(stderr,
203"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" 200"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
204" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" 201" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
205" [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n" 202" [-F configfile] [-I pkcs11] [-i identity_file]\n"
206" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" 203" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"
207" [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n" 204" [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n"
208" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" 205" [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n"
206" [user@]hostname [command]\n"
209 ); 207 );
210 exit(255); 208 exit(255);
211} 209}
@@ -334,7 +332,7 @@ resolve_addr(const char *name, int port, char *caddr, size_t clen)
334 * NB. this function must operate with a options having undefined members. 332 * NB. this function must operate with a options having undefined members.
335 */ 333 */
336static int 334static int
337check_follow_cname(char **namep, const char *cname) 335check_follow_cname(int direct, char **namep, const char *cname)
338{ 336{
339 int i; 337 int i;
340 struct allowed_cname *rule; 338 struct allowed_cname *rule;
@@ -346,9 +344,9 @@ check_follow_cname(char **namep, const char *cname)
346 return 0; 344 return 0;
347 /* 345 /*
348 * Don't attempt to canonicalize names that will be interpreted by 346 * Don't attempt to canonicalize names that will be interpreted by
349 * a proxy unless the user specifically requests so. 347 * a proxy or jump host unless the user specifically requests so.
350 */ 348 */
351 if (!option_clear_or_none(options.proxy_command) && 349 if (!direct &&
352 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) 350 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
353 return 0; 351 return 0;
354 debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); 352 debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
@@ -375,7 +373,7 @@ check_follow_cname(char **namep, const char *cname)
375static struct addrinfo * 373static struct addrinfo *
376resolve_canonicalize(char **hostp, int port) 374resolve_canonicalize(char **hostp, int port)
377{ 375{
378 int i, ndots; 376 int i, direct, ndots;
379 char *cp, *fullhost, newname[NI_MAXHOST]; 377 char *cp, *fullhost, newname[NI_MAXHOST];
380 struct addrinfo *addrs; 378 struct addrinfo *addrs;
381 379
@@ -386,7 +384,9 @@ resolve_canonicalize(char **hostp, int port)
386 * Don't attempt to canonicalize names that will be interpreted by 384 * Don't attempt to canonicalize names that will be interpreted by
387 * a proxy unless the user specifically requests so. 385 * a proxy unless the user specifically requests so.
388 */ 386 */
389 if (!option_clear_or_none(options.proxy_command) && 387 direct = option_clear_or_none(options.proxy_command) &&
388 options.jump_host == NULL;
389 if (!direct &&
390 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) 390 options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
391 return NULL; 391 return NULL;
392 392
@@ -441,7 +441,7 @@ resolve_canonicalize(char **hostp, int port)
441 /* Remove trailing '.' */ 441 /* Remove trailing '.' */
442 fullhost[strlen(fullhost) - 1] = '\0'; 442 fullhost[strlen(fullhost) - 1] = '\0';
443 /* Follow CNAME if requested */ 443 /* Follow CNAME if requested */
444 if (!check_follow_cname(&fullhost, newname)) { 444 if (!check_follow_cname(direct, &fullhost, newname)) {
445 debug("Canonicalized hostname \"%s\" => \"%s\"", 445 debug("Canonicalized hostname \"%s\" => \"%s\"",
446 *hostp, fullhost); 446 *hostp, fullhost);
447 } 447 }
@@ -513,7 +513,8 @@ set_addrinfo_port(struct addrinfo *addrs, int port)
513int 513int
514main(int ac, char **av) 514main(int ac, char **av)
515{ 515{
516 int i, r, opt, exit_status, use_syslog, config_test = 0; 516 struct ssh *ssh = NULL;
517 int i, r, opt, exit_status, use_syslog, direct, config_test = 0;
517 char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; 518 char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile;
518 char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; 519 char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
519 char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex; 520 char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex;
@@ -592,6 +593,8 @@ main(int ac, char **av)
592 */ 593 */
593 umask(022); 594 umask(022);
594 595
596 setlocale(LC_CTYPE, "");
597
595 /* 598 /*
596 * Initialize option structure to indicate that no values have been 599 * Initialize option structure to indicate that no values have been
597 * set. 600 * set.
@@ -606,7 +609,7 @@ main(int ac, char **av)
606 609
607 again: 610 again:
608 while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" 611 while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
609 "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { 612 "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
610 switch (opt) { 613 switch (opt) {
611 case '1': 614 case '1':
612 options.protocol = SSH_PROTO_1; 615 options.protocol = SSH_PROTO_1;
@@ -650,7 +653,7 @@ main(int ac, char **av)
650 options.fwd_opts.gateway_ports = 1; 653 options.fwd_opts.gateway_ports = 1;
651 break; 654 break;
652 case 'O': 655 case 'O':
653 if (stdio_forward_host != NULL) 656 if (options.stdio_forward_host != NULL)
654 fatal("Cannot specify multiplexing " 657 fatal("Cannot specify multiplexing "
655 "command with -W"); 658 "command with -W");
656 else if (muxclient_command != 0) 659 else if (muxclient_command != 0)
@@ -731,6 +734,15 @@ main(int ac, char **av)
731 fprintf(stderr, "no support for PKCS#11.\n"); 734 fprintf(stderr, "no support for PKCS#11.\n");
732#endif 735#endif
733 break; 736 break;
737 case 'J':
738 if (options.jump_host != NULL)
739 fatal("Only a single -J option permitted");
740 if (options.proxy_command != NULL)
741 fatal("Cannot specify -J with ProxyCommand");
742 if (parse_jump(optarg, &options, 1) == -1)
743 fatal("Invalid -J argument");
744 options.proxy_command = xstrdup("none");
745 break;
734 case 't': 746 case 't':
735 if (options.request_tty == REQUEST_TTY_YES) 747 if (options.request_tty == REQUEST_TTY_YES)
736 options.request_tty = REQUEST_TTY_FORCE; 748 options.request_tty = REQUEST_TTY_FORCE;
@@ -742,8 +754,10 @@ main(int ac, char **av)
742 debug_flag = 1; 754 debug_flag = 1;
743 options.log_level = SYSLOG_LEVEL_DEBUG1; 755 options.log_level = SYSLOG_LEVEL_DEBUG1;
744 } else { 756 } else {
745 if (options.log_level < SYSLOG_LEVEL_DEBUG3) 757 if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
758 debug_flag++;
746 options.log_level++; 759 options.log_level++;
760 }
747 } 761 }
748 break; 762 break;
749 case 'V': 763 case 'V':
@@ -769,13 +783,13 @@ main(int ac, char **av)
769 } 783 }
770 break; 784 break;
771 case 'W': 785 case 'W':
772 if (stdio_forward_host != NULL) 786 if (options.stdio_forward_host != NULL)
773 fatal("stdio forward already specified"); 787 fatal("stdio forward already specified");
774 if (muxclient_command != 0) 788 if (muxclient_command != 0)
775 fatal("Cannot specify stdio forward with -O"); 789 fatal("Cannot specify stdio forward with -O");
776 if (parse_forward(&fwd, optarg, 1, 0)) { 790 if (parse_forward(&fwd, optarg, 1, 0)) {
777 stdio_forward_host = fwd.listen_host; 791 options.stdio_forward_host = fwd.listen_host;
778 stdio_forward_port = fwd.listen_port; 792 options.stdio_forward_port = fwd.listen_port;
779 free(fwd.connect_host); 793 free(fwd.connect_host);
780 } else { 794 } else {
781 fprintf(stderr, 795 fprintf(stderr,
@@ -785,8 +799,6 @@ main(int ac, char **av)
785 } 799 }
786 options.request_tty = REQUEST_TTY_NO; 800 options.request_tty = REQUEST_TTY_NO;
787 no_shell_flag = 1; 801 no_shell_flag = 1;
788 options.clear_forwardings = 1;
789 options.exit_on_forward_failure = 1;
790 break; 802 break;
791 case 'q': 803 case 'q':
792 options.log_level = SYSLOG_LEVEL_QUIET; 804 options.log_level = SYSLOG_LEVEL_QUIET;
@@ -1043,9 +1055,10 @@ main(int ac, char **av)
1043 * has specifically requested canonicalisation for this case via 1055 * has specifically requested canonicalisation for this case via
1044 * CanonicalizeHostname=always 1056 * CanonicalizeHostname=always
1045 */ 1057 */
1046 if (addrs == NULL && options.num_permitted_cnames != 0 && 1058 direct = option_clear_or_none(options.proxy_command) &&
1047 (option_clear_or_none(options.proxy_command) || 1059 options.jump_host == NULL;
1048 options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { 1060 if (addrs == NULL && options.num_permitted_cnames != 0 && (direct ||
1061 options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
1049 if ((addrs = resolve_host(host, options.port, 1062 if ((addrs = resolve_host(host, options.port,
1050 option_clear_or_none(options.proxy_command), 1063 option_clear_or_none(options.proxy_command),
1051 cname, sizeof(cname))) == NULL) { 1064 cname, sizeof(cname))) == NULL) {
@@ -1053,7 +1066,7 @@ main(int ac, char **av)
1053 if (option_clear_or_none(options.proxy_command)) 1066 if (option_clear_or_none(options.proxy_command))
1054 cleanup_exit(255); /* logged in resolve_host */ 1067 cleanup_exit(255); /* logged in resolve_host */
1055 } else 1068 } else
1056 check_follow_cname(&host, cname); 1069 check_follow_cname(direct, &host, cname);
1057 } 1070 }
1058 1071
1059 /* 1072 /*
@@ -1078,6 +1091,41 @@ main(int ac, char **av)
1078 /* Fill configuration defaults. */ 1091 /* Fill configuration defaults. */
1079 fill_default_options(&options); 1092 fill_default_options(&options);
1080 1093
1094 /*
1095 * If ProxyJump option specified, then construct a ProxyCommand now.
1096 */
1097 if (options.jump_host != NULL) {
1098 char port_s[8];
1099
1100 /* Consistency check */
1101 if (options.proxy_command != NULL)
1102 fatal("inconsistent options: ProxyCommand+ProxyJump");
1103 /* Never use FD passing for ProxyJump */
1104 options.proxy_use_fdpass = 0;
1105 snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
1106 xasprintf(&options.proxy_command,
1107 "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s",
1108 /* Optional "-l user" argument if jump_user set */
1109 options.jump_user == NULL ? "" : " -l ",
1110 options.jump_user == NULL ? "" : options.jump_user,
1111 /* Optional "-p port" argument if jump_port set */
1112 options.jump_port <= 0 ? "" : " -p ",
1113 options.jump_port <= 0 ? "" : port_s,
1114 /* Optional additional jump hosts ",..." */
1115 options.jump_extra == NULL ? "" : " -J ",
1116 options.jump_extra == NULL ? "" : options.jump_extra,
1117 /* Optional "-F" argumment if -F specified */
1118 config == NULL ? "" : " -F ",
1119 config == NULL ? "" : config,
1120 /* Optional "-v" arguments if -v set */
1121 debug_flag ? " -" : "",
1122 debug_flag, "vvv",
1123 /* Mandatory hostname */
1124 options.jump_host);
1125 debug("Setting implicit ProxyCommand from ProxyJump: %s",
1126 options.proxy_command);
1127 }
1128
1081 if (options.port == 0) 1129 if (options.port == 0)
1082 options.port = default_ssh_port(); 1130 options.port = default_ssh_port();
1083 channel_set_af(options.address_family); 1131 channel_set_af(options.address_family);
@@ -1220,6 +1268,8 @@ main(int ac, char **av)
1220 packet_set_timeout(options.server_alive_interval, 1268 packet_set_timeout(options.server_alive_interval,
1221 options.server_alive_count_max); 1269 options.server_alive_count_max);
1222 1270
1271 ssh = active_state; /* XXX */
1272
1223 if (timeout_ms > 0) 1273 if (timeout_ms > 0)
1224 debug3("timeout: %d ms remain after connect", timeout_ms); 1274 debug3("timeout: %d ms remain after connect", timeout_ms);
1225 1275
@@ -1332,6 +1382,23 @@ main(int ac, char **av)
1332 /* load options.identity_files */ 1382 /* load options.identity_files */
1333 load_public_identity_files(); 1383 load_public_identity_files();
1334 1384
1385 /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
1386 if (options.identity_agent &&
1387 strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) {
1388 if (strcmp(options.identity_agent, "none") == 0) {
1389 unsetenv(SSH_AUTHSOCKET_ENV_NAME);
1390 } else {
1391 p = tilde_expand_filename(options.identity_agent,
1392 original_real_uid);
1393 cp = percent_expand(p, "d", pw->pw_dir,
1394 "u", pw->pw_name, "l", thishost, "h", host,
1395 "r", options.user, (char *)NULL);
1396 setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
1397 free(cp);
1398 free(p);
1399 }
1400 }
1401
1335 /* Expand ~ in known host file names. */ 1402 /* Expand ~ in known host file names. */
1336 tilde_expand_paths(options.system_hostfiles, 1403 tilde_expand_paths(options.system_hostfiles,
1337 options.num_system_hostfiles); 1404 options.num_system_hostfiles);
@@ -1346,7 +1413,7 @@ main(int ac, char **av)
1346 1413
1347 if (packet_connection_is_on_socket()) { 1414 if (packet_connection_is_on_socket()) {
1348 verbose("Authenticated to %s ([%s]:%d).", host, 1415 verbose("Authenticated to %s ([%s]:%d).", host,
1349 get_remote_ipaddr(), get_remote_port()); 1416 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
1350 } else { 1417 } else {
1351 verbose("Authenticated to %s (via proxy).", host); 1418 verbose("Authenticated to %s (via proxy).", host);
1352 } 1419 }
@@ -1392,7 +1459,7 @@ static void
1392control_persist_detach(void) 1459control_persist_detach(void)
1393{ 1460{
1394 pid_t pid; 1461 pid_t pid;
1395 int devnull; 1462 int devnull, keep_stderr;
1396 1463
1397 debug("%s: backgrounding master process", __func__); 1464 debug("%s: backgrounding master process", __func__);
1398 1465
@@ -1423,8 +1490,10 @@ control_persist_detach(void)
1423 error("%s: open(\"/dev/null\"): %s", __func__, 1490 error("%s: open(\"/dev/null\"): %s", __func__,
1424 strerror(errno)); 1491 strerror(errno));
1425 } else { 1492 } else {
1493 keep_stderr = log_is_on_stderr() && debug_flag;
1426 if (dup2(devnull, STDIN_FILENO) == -1 || 1494 if (dup2(devnull, STDIN_FILENO) == -1 ||
1427 dup2(devnull, STDOUT_FILENO) == -1) 1495 dup2(devnull, STDOUT_FILENO) == -1 ||
1496 (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))
1428 error("%s: dup2: %s", __func__, strerror(errno)); 1497 error("%s: dup2: %s", __func__, strerror(errno));
1429 if (devnull > STDERR_FILENO) 1498 if (devnull > STDERR_FILENO)
1430 close(devnull); 1499 close(devnull);
@@ -1516,18 +1585,19 @@ ssh_init_stdio_forwarding(void)
1516 Channel *c; 1585 Channel *c;
1517 int in, out; 1586 int in, out;
1518 1587
1519 if (stdio_forward_host == NULL) 1588 if (options.stdio_forward_host == NULL)
1520 return; 1589 return;
1521 if (!compat20) 1590 if (!compat20)
1522 fatal("stdio forwarding require Protocol 2"); 1591 fatal("stdio forwarding require Protocol 2");
1523 1592
1524 debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); 1593 debug3("%s: %s:%d", __func__, options.stdio_forward_host,
1594 options.stdio_forward_port);
1525 1595
1526 if ((in = dup(STDIN_FILENO)) < 0 || 1596 if ((in = dup(STDIN_FILENO)) < 0 ||
1527 (out = dup(STDOUT_FILENO)) < 0) 1597 (out = dup(STDOUT_FILENO)) < 0)
1528 fatal("channel_connect_stdio_fwd: dup() in/out failed"); 1598 fatal("channel_connect_stdio_fwd: dup() in/out failed");
1529 if ((c = channel_connect_stdio_fwd(stdio_forward_host, 1599 if ((c = channel_connect_stdio_fwd(options.stdio_forward_host,
1530 stdio_forward_port, in, out)) == NULL) 1600 options.stdio_forward_port, in, out)) == NULL)
1531 fatal("%s: channel_connect_stdio_fwd failed", __func__); 1601 fatal("%s: channel_connect_stdio_fwd failed", __func__);
1532 channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); 1602 channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0);
1533 channel_register_open_confirm(c->self, ssh_stdio_confirm, NULL); 1603 channel_register_open_confirm(c->self, ssh_stdio_confirm, NULL);
diff --git a/ssh1.h b/ssh1.h
index 353d93041..6a05c4724 100644
--- a/ssh1.h
+++ b/ssh1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh1.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: ssh1.h,v 1.7 2016/05/04 14:22:33 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -22,7 +22,6 @@
22#define SSH_MSG_MIN 1 22#define SSH_MSG_MIN 1
23#define SSH_MSG_MAX 254 23#define SSH_MSG_MAX 254
24/* Message name */ /* msg code */ /* arguments */ 24/* Message name */ /* msg code */ /* arguments */
25#define SSH_MSG_NONE 0 /* no message */
26#define SSH_MSG_DISCONNECT 1 /* cause (string) */ 25#define SSH_MSG_DISCONNECT 1 /* cause (string) */
27#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ 26#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
28#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ 27#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
diff --git a/ssh2.h b/ssh2.h
index 5d1918bf8..f2e37c96a 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */ 1/* $OpenBSD: ssh2.h,v 1.18 2016/05/04 14:22:33 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -55,6 +55,10 @@
55 * 192-255 Local extensions 55 * 192-255 Local extensions
56 */ 56 */
57 57
58/* special marker for no message */
59
60#define SSH_MSG_NONE 0
61
58/* ranges */ 62/* ranges */
59 63
60#define SSH2_MSG_TRANSPORT_MIN 1 64#define SSH2_MSG_TRANSPORT_MIN 1
diff --git a/ssh_api.c b/ssh_api.c
index f544f006b..2a9f1497c 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: ssh_api.c,v 1.7 2016/05/04 14:22:33 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 3 * Copyright (c) 2012 Markus Friedl. All rights reserved.
4 * 4 *
@@ -17,14 +17,12 @@
17 17
18#include "includes.h" 18#include "includes.h"
19 19
20#include "ssh1.h" /* For SSH_MSG_NONE */
21#include "ssh_api.h" 20#include "ssh_api.h"
22#include "compat.h" 21#include "compat.h"
23#include "log.h" 22#include "log.h"
24#include "authfile.h" 23#include "authfile.h"
25#include "sshkey.h" 24#include "sshkey.h"
26#include "misc.h" 25#include "misc.h"
27#include "ssh1.h"
28#include "ssh2.h" 26#include "ssh2.h"
29#include "version.h" 27#include "version.h"
30#include "myproposal.h" 28#include "myproposal.h"
@@ -103,6 +101,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
103#ifdef WITH_OPENSSL 101#ifdef WITH_OPENSSL
104 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 102 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
105 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 103 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
104 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
105 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 107 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
107 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 108 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
108# ifdef OPENSSL_HAS_ECC 109# ifdef OPENSSL_HAS_ECC
@@ -117,6 +118,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
117#ifdef WITH_OPENSSL 118#ifdef WITH_OPENSSL
118 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 119 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
119 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 120 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
121 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
122 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
123 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
120 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 124 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
121 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 125 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
122# ifdef OPENSSL_HAS_ECC 126# ifdef OPENSSL_HAS_ECC
diff --git a/ssh_config.0 b/ssh_config.0
index b823c021c..8733281f5 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -532,6 +532,22 @@ DESCRIPTION
532 situations where ssh-agent offers many different identities. The 532 situations where ssh-agent offers many different identities. The
533 default is M-bM-^@M-^\noM-bM-^@M-^]. 533 default is M-bM-^@M-^\noM-bM-^@M-^].
534 534
535 IdentityAgent
536 Specifies the UNIX-domain socket used to communicate with the
537 authentication agent.
538
539 This option overrides the M-bM-^@M-^\SSH_AUTH_SOCKM-bM-^@M-^] environment variable
540 and can be used to select a specific agent. Setting the socket
541 name to M-bM-^@M-^\noneM-bM-^@M-^] disables the use of an authentication agent. If
542 the string M-bM-^@M-^\SSH_AUTH_SOCKM-bM-^@M-^] is specified, the location of the
543 socket will be read from the SSH_AUTH_SOCK environment variable.
544
545 The socket name may use the tilde syntax to refer to a user's
546 home directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y
547 (local user's home directory), M-bM-^@M-^X%uM-bM-^@M-^Y (local user name), M-bM-^@M-^X%lM-bM-^@M-^Y
548 (local host name), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host name) or M-bM-^@M-^X%rM-bM-^@M-^Y (remote user
549 name).
550
535 IdentityFile 551 IdentityFile
536 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA 552 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
537 authentication identity is read. The default is ~/.ssh/identity 553 authentication identity is read. The default is ~/.ssh/identity
@@ -569,6 +585,16 @@ DESCRIPTION
569 listed early in the configuration file as it will not be applied 585 listed early in the configuration file as it will not be applied
570 to unknown options that appear before it. 586 to unknown options that appear before it.
571 587
588 Include
589 Include the specified configuration file(s). Multiple pathnames
590 may be specified and each pathname may contain glob(3) wildcards
591 and, for user configurations, shell-like M-bM-^@M-^\~M-bM-^@M-^] references to user
592 home directories. Files without absolute paths are assumed to be
593 in ~/.ssh if included in a user configuration file or /etc/ssh if
594 included from the system configuration file. Include directive
595 may appear inside a Match or Host block to perform conditional
596 inclusion.
597
572 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. 598 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
573 Accepted values are M-bM-^@M-^\af11M-bM-^@M-^], M-bM-^@M-^\af12M-bM-^@M-^], M-bM-^@M-^\af13M-bM-^@M-^], M-bM-^@M-^\af21M-bM-^@M-^], M-bM-^@M-^\af22M-bM-^@M-^], 599 Accepted values are M-bM-^@M-^\af11M-bM-^@M-^], M-bM-^@M-^\af12M-bM-^@M-^], M-bM-^@M-^\af13M-bM-^@M-^], M-bM-^@M-^\af21M-bM-^@M-^], M-bM-^@M-^\af22M-bM-^@M-^],
574 M-bM-^@M-^\af23M-bM-^@M-^], M-bM-^@M-^\af31M-bM-^@M-^], M-bM-^@M-^\af32M-bM-^@M-^], M-bM-^@M-^\af33M-bM-^@M-^], M-bM-^@M-^\af41M-bM-^@M-^], M-bM-^@M-^\af42M-bM-^@M-^], M-bM-^@M-^\af43M-bM-^@M-^], M-bM-^@M-^\cs0M-bM-^@M-^], 600 M-bM-^@M-^\af23M-bM-^@M-^], M-bM-^@M-^\af31M-bM-^@M-^], M-bM-^@M-^\af32M-bM-^@M-^], M-bM-^@M-^\af33M-bM-^@M-^], M-bM-^@M-^\af41M-bM-^@M-^], M-bM-^@M-^\af42M-bM-^@M-^], M-bM-^@M-^\af43M-bM-^@M-^], M-bM-^@M-^\cs0M-bM-^@M-^],
@@ -746,6 +772,18 @@ DESCRIPTION
746 772
747 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 773 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
748 774
775 ProxyJump
776 Specifies one or more jump proxies as [user@]host[:port].
777 Multiple proxies may be separated by comma characters and will be
778 visited sequentially. Setting this option will cause ssh(1) to
779 connect to the target host by first making a ssh(1) connection to
780 the specified ProxyJump host and then establishing a TCP
781 forwarding to the ultimate target from there.
782
783 Note that this option will compete with the ProxyCommand option -
784 whichever is specified first will prevent later instances of the
785 other from taking effect.
786
749 ProxyUseFdpass 787 ProxyUseFdpass
750 Specifies that ProxyCommand will pass a connected file descriptor 788 Specifies that ProxyCommand will pass a connected file descriptor
751 back to ssh(1) instead of continuing to execute and pass data. 789 back to ssh(1) instead of continuing to execute and pass data.
@@ -1049,4 +1087,4 @@ AUTHORS
1049 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1087 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1050 versions 1.5 and 2.0. 1088 versions 1.5 and 2.0.
1051 1089
1052OpenBSD 5.9 February 20, 2016 OpenBSD 5.9 1090OpenBSD 6.0 July 22, 2016 OpenBSD 6.0
diff --git a/ssh_config.5 b/ssh_config.5
index caf13a62d..7630e7bcb 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.228 2016/02/20 23:01:46 sobrado Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.236 2016/07/22 07:00:46 djm Exp $
37.Dd $Mdocdate: February 20 2016 $ 37.Dd $Mdocdate: July 22 2016 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -952,6 +952,36 @@ This option is intended for situations where ssh-agent
952offers many different identities. 952offers many different identities.
953The default is 953The default is
954.Dq no . 954.Dq no .
955.It Cm IdentityAgent
956Specifies the
957.Ux Ns -domain
958socket used to communicate with the authentication agent.
959.Pp
960This option overrides the
961.Dq SSH_AUTH_SOCK
962environment variable and can be used to select a specific agent.
963Setting the socket name to
964.Dq none
965disables the use of an authentication agent.
966If the string
967.Dq SSH_AUTH_SOCK
968is specified, the location of the socket will be read from the
969.Ev SSH_AUTH_SOCK
970environment variable.
971.Pp
972The socket name may use the tilde
973syntax to refer to a user's home directory or one of the following
974escape characters:
975.Ql %d
976(local user's home directory),
977.Ql %u
978(local user name),
979.Ql %l
980(local host name),
981.Ql %h
982(remote host name) or
983.Ql %r
984(remote user name).
955.It Cm IdentityFile 985.It Cm IdentityFile
956Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 986Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
957identity is read. 987identity is read.
@@ -1019,6 +1049,25 @@ It is recommended that
1019.Cm IgnoreUnknown 1049.Cm IgnoreUnknown
1020be listed early in the configuration file as it will not be applied 1050be listed early in the configuration file as it will not be applied
1021to unknown options that appear before it. 1051to unknown options that appear before it.
1052.It Cm Include
1053Include the specified configuration file(s).
1054Multiple pathnames may be specified and each pathname may contain
1055.Xr glob 3
1056wildcards and, for user configurations, shell-like
1057.Dq ~
1058references to user home directories.
1059Files without absolute paths are assumed to be in
1060.Pa ~/.ssh
1061if included in a user configuration file or
1062.Pa /etc/ssh
1063if included from the system configuration file.
1064.Cm Include
1065directive may appear inside a
1066.Cm Match
1067or
1068.Cm Host
1069block
1070to perform conditional inclusion.
1022.It Cm IPQoS 1071.It Cm IPQoS
1023Specifies the IPv4 type-of-service or DSCP class for connections. 1072Specifies the IPv4 type-of-service or DSCP class for connections.
1024Accepted values are 1073Accepted values are
@@ -1309,6 +1358,30 @@ For example, the following directive would connect via an HTTP proxy at
1309.Bd -literal -offset 3n 1358.Bd -literal -offset 3n
1310ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1359ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1311.Ed 1360.Ed
1361.It Cm ProxyJump
1362Specifies one or more jump proxies as
1363.Xo
1364.Sm off
1365.Op Ar user No @
1366.Ar host
1367.Op : Ns Ar port
1368.Sm on
1369.Xc .
1370Multiple proxies may be separated by comma characters and will be visited
1371sequentially.
1372Setting this option will cause
1373.Xr ssh 1
1374to connect to the target host by first making a
1375.Xr ssh 1
1376connection to the specified
1377.Cm ProxyJump
1378host and then establishing a
1379TCP forwarding to the ultimate target from there.
1380.Pp
1381Note that this option will compete with the
1382.Cm ProxyCommand
1383option - whichever is specified first will prevent later instances of the
1384other from taking effect.
1312.It Cm ProxyUseFdpass 1385.It Cm ProxyUseFdpass
1313Specifies that 1386Specifies that
1314.Cm ProxyCommand 1387.Cm ProxyCommand
diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c
index 23e0fd7c1..74c49be7c 100644
--- a/sshbuf-getput-basic.c
+++ b/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-getput-basic.c,v 1.5 2015/10/20 23:24:25 mmcc Exp $ */ 1/* $OpenBSD: sshbuf-getput-basic.c,v 1.6 2016/06/16 11:00:17 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -19,6 +19,8 @@
19#include "includes.h" 19#include "includes.h"
20 20
21#include <sys/types.h> 21#include <sys/types.h>
22
23#include <stdarg.h>
22#include <stdlib.h> 24#include <stdlib.h>
23#include <stdio.h> 25#include <stdio.h>
24#include <string.h> 26#include <string.h>
@@ -268,7 +270,7 @@ sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap)
268 int r, len; 270 int r, len;
269 u_char *p; 271 u_char *p;
270 272
271 va_copy(ap2, ap); 273 VA_COPY(ap2, ap);
272 if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) { 274 if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) {
273 r = SSH_ERR_INVALID_ARGUMENT; 275 r = SSH_ERR_INVALID_ARGUMENT;
274 goto out; 276 goto out;
@@ -278,7 +280,7 @@ sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap)
278 goto out; /* Nothing to do */ 280 goto out; /* Nothing to do */
279 } 281 }
280 va_end(ap2); 282 va_end(ap2);
281 va_copy(ap2, ap); 283 VA_COPY(ap2, ap);
282 if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0) 284 if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0)
283 goto out; 285 goto out;
284 if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) { 286 if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {
diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index 3da4b80e7..15dcfbc79 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-misc.c,v 1.5 2015/10/05 17:11:21 djm Exp $ */ 1/* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -136,3 +136,26 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64)
136 return 0; 136 return 0;
137} 137}
138 138
139char *
140sshbuf_dup_string(struct sshbuf *buf)
141{
142 const u_char *p = NULL, *s = sshbuf_ptr(buf);
143 size_t l = sshbuf_len(buf);
144 char *r;
145
146 if (s == NULL || l > SIZE_MAX)
147 return NULL;
148 /* accept a nul only as the last character in the buffer */
149 if (l > 0 && (p = memchr(s, '\0', l)) != NULL) {
150 if (p != s + l - 1)
151 return NULL;
152 l--; /* the nul is put back below */
153 }
154 if ((r = malloc(l + 1)) == NULL)
155 return NULL;
156 if (l > 0)
157 memcpy(r, s, l);
158 r[l] = '\0';
159 return r;
160}
161
diff --git a/sshbuf.h b/sshbuf.h
index 63495fbb0..52ff017cc 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.h,v 1.6 2015/12/10 07:01:35 mmcc Exp $ */ 1/* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -239,6 +239,13 @@ char *sshbuf_dtob64(struct sshbuf *buf);
239/* Decode base64 data and append it to the buffer */ 239/* Decode base64 data and append it to the buffer */
240int sshbuf_b64tod(struct sshbuf *buf, const char *b64); 240int sshbuf_b64tod(struct sshbuf *buf, const char *b64);
241 241
242/*
243 * Duplicate the contents of a buffer to a string (caller to free).
244 * Returns NULL on buffer error, or if the buffer contains a premature
245 * nul character.
246 */
247char *sshbuf_dup_string(struct sshbuf *buf);
248
242/* Macros for decoding/encoding integers */ 249/* Macros for decoding/encoding integers */
243#define PEEK_U64(p) \ 250#define PEEK_U64(p) \
244 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ 251 (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \
diff --git a/sshconnect2.c b/sshconnect2.c
index f79c96beb..fae8b0f2c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.247 2016/07/22 05:46:11 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -71,6 +71,7 @@
71#include "uidswap.h" 71#include "uidswap.h"
72#include "hostfile.h" 72#include "hostfile.h"
73#include "ssherr.h" 73#include "ssherr.h"
74#include "utf8.h"
74 75
75#ifdef GSSAPI 76#ifdef GSSAPI
76#include "ssh-gss.h" 77#include "ssh-gss.h"
@@ -171,13 +172,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
171 compat_cipher_proposal(options.ciphers); 172 compat_cipher_proposal(options.ciphers);
172 myproposal[PROPOSAL_ENC_ALGS_STOC] = 173 myproposal[PROPOSAL_ENC_ALGS_STOC] =
173 compat_cipher_proposal(options.ciphers); 174 compat_cipher_proposal(options.ciphers);
174 if (options.compression) { 175 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
175 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 176 myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
176 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; 177 "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
177 } else {
178 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
179 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
180 }
181 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 178 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
182 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 179 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
183 if (options.hostkeyalgorithms != NULL) { 180 if (options.hostkeyalgorithms != NULL) {
@@ -206,6 +203,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
206#ifdef WITH_OPENSSL 203#ifdef WITH_OPENSSL
207 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 204 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
208 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 205 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
206 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
207 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
208 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
209 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 209 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
210 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 210 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
211# ifdef OPENSSL_HAS_ECC 211# ifdef OPENSSL_HAS_ECC
@@ -496,21 +496,15 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt)
496int 496int
497input_userauth_banner(int type, u_int32_t seq, void *ctxt) 497input_userauth_banner(int type, u_int32_t seq, void *ctxt)
498{ 498{
499 char *msg, *raw, *lang; 499 char *msg, *lang;
500 u_int len; 500 u_int len;
501 501
502 debug3("input_userauth_banner"); 502 debug3("%s", __func__);
503 raw = packet_get_string(&len); 503 msg = packet_get_string(&len);
504 lang = packet_get_string(NULL); 504 lang = packet_get_string(NULL);
505 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { 505 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
506 if (len > 65536) 506 fmprintf(stderr, "%s", msg);
507 len = 65536; 507 free(msg);
508 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
509 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
510 fprintf(stderr, "%s", msg);
511 free(msg);
512 }
513 free(raw);
514 free(lang); 508 free(lang);
515 return 0; 509 return 0;
516} 510}
@@ -562,7 +556,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
562 packet_check_eom(); 556 packet_check_eom();
563 557
564 if (partial != 0) { 558 if (partial != 0) {
565 logit("Authenticated with partial success."); 559 verbose("Authenticated with partial success.");
566 /* reset state */ 560 /* reset state */
567 pubkey_cleanup(authctxt); 561 pubkey_cleanup(authctxt);
568 pubkey_prepare(authctxt); 562 pubkey_prepare(authctxt);
@@ -1094,8 +1088,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1094 /* 1088 /*
1095 * If the key is an certificate, try to find a matching private key 1089 * If the key is an certificate, try to find a matching private key
1096 * and use it to complete the signature. 1090 * and use it to complete the signature.
1097 * If no such private key exists, return failure and continue with 1091 * If no such private key exists, fall back to trying the certificate
1098 * other methods of authentication. 1092 * key itself in case it has a private half already loaded.
1099 */ 1093 */
1100 if (key_is_cert(id->key)) { 1094 if (key_is_cert(id->key)) {
1101 matched = 0; 1095 matched = 0;
@@ -1112,12 +1106,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1112 "certificate", __func__, id->filename, 1106 "certificate", __func__, id->filename,
1113 id->agent_fd != -1 ? " from agent" : ""); 1107 id->agent_fd != -1 ? " from agent" : "");
1114 } else { 1108 } else {
1115 /* XXX maybe verbose/error? */ 1109 debug("%s: no separate private key for certificate "
1116 debug("%s: no private key for certificate "
1117 "\"%s\"", __func__, id->filename); 1110 "\"%s\"", __func__, id->filename);
1118 free(blob);
1119 buffer_free(&b);
1120 return 0;
1121 } 1111 }
1122 } 1112 }
1123 1113
@@ -1300,29 +1290,6 @@ pubkey_prepare(Authctxt *authctxt)
1300 id->userprovided = options.identity_file_userprovided[i]; 1290 id->userprovided = options.identity_file_userprovided[i];
1301 TAILQ_INSERT_TAIL(&files, id, next); 1291 TAILQ_INSERT_TAIL(&files, id, next);
1302 } 1292 }
1303 /* Prefer PKCS11 keys that are explicitly listed */
1304 TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
1305 if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
1306 continue;
1307 found = 0;
1308 TAILQ_FOREACH(id2, &files, next) {
1309 if (id2->key == NULL ||
1310 (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
1311 continue;
1312 if (sshkey_equal(id->key, id2->key)) {
1313 TAILQ_REMOVE(&files, id, next);
1314 TAILQ_INSERT_TAIL(preferred, id, next);
1315 found = 1;
1316 break;
1317 }
1318 }
1319 /* If IdentitiesOnly set and key not found then don't use it */
1320 if (!found && options.identities_only) {
1321 TAILQ_REMOVE(&files, id, next);
1322 explicit_bzero(id, sizeof(*id));
1323 free(id);
1324 }
1325 }
1326 /* list of certificates specified by user */ 1293 /* list of certificates specified by user */
1327 for (i = 0; i < options.num_certificate_files; i++) { 1294 for (i = 0; i < options.num_certificate_files; i++) {
1328 key = options.certificates[i]; 1295 key = options.certificates[i];
@@ -1381,6 +1348,29 @@ pubkey_prepare(Authctxt *authctxt)
1381 } 1348 }
1382 authctxt->agent_fd = agent_fd; 1349 authctxt->agent_fd = agent_fd;
1383 } 1350 }
1351 /* Prefer PKCS11 keys that are explicitly listed */
1352 TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
1353 if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
1354 continue;
1355 found = 0;
1356 TAILQ_FOREACH(id2, &files, next) {
1357 if (id2->key == NULL ||
1358 (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
1359 continue;
1360 if (sshkey_equal(id->key, id2->key)) {
1361 TAILQ_REMOVE(&files, id, next);
1362 TAILQ_INSERT_TAIL(preferred, id, next);
1363 found = 1;
1364 break;
1365 }
1366 }
1367 /* If IdentitiesOnly set and key not found then don't use it */
1368 if (!found && options.identities_only) {
1369 TAILQ_REMOVE(&files, id, next);
1370 explicit_bzero(id, sizeof(*id));
1371 free(id);
1372 }
1373 }
1384 /* append remaining keys from the config file */ 1374 /* append remaining keys from the config file */
1385 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { 1375 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1386 TAILQ_REMOVE(&files, id, next); 1376 TAILQ_REMOVE(&files, id, next);
@@ -1926,8 +1916,8 @@ authmethods_get(void)
1926 buffer_append(&b, method->name, strlen(method->name)); 1916 buffer_append(&b, method->name, strlen(method->name));
1927 } 1917 }
1928 } 1918 }
1929 buffer_append(&b, "\0", 1); 1919 if ((list = sshbuf_dup_string(&b)) == NULL)
1930 list = xstrdup(buffer_ptr(&b)); 1920 fatal("%s: sshbuf_dup_string failed", __func__);
1931 buffer_free(&b); 1921 buffer_free(&b);
1932 return list; 1922 return list;
1933} 1923}
diff --git a/sshd.0 b/sshd.0
index 7eb05312f..0f7db5fc3 100644
--- a/sshd.0
+++ b/sshd.0
@@ -662,4 +662,4 @@ AUTHORS
662 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 662 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
663 for privilege separation. 663 for privilege separation.
664 664
665OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 665OpenBSD 6.0 February 17, 2016 OpenBSD 6.0
diff --git a/sshd.c b/sshd.c
index 430569c46..799c7711f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: sshd.c,v 1.470 2016/05/24 04:43:45 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -371,7 +371,8 @@ grace_alarm_handler(int sig)
371 } 371 }
372 372
373 /* Log error and exit. */ 373 /* Log error and exit. */
374 sigdie("Timeout before authentication for %s", get_remote_ipaddr()); 374 sigdie("Timeout before authentication for %s port %d",
375 ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
375} 376}
376 377
377/* 378/*
@@ -407,7 +408,7 @@ key_regeneration_alarm(int sig)
407} 408}
408 409
409static void 410static void
410sshd_exchange_identification(int sock_in, int sock_out) 411sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
411{ 412{
412 u_int i; 413 u_int i;
413 int mismatch; 414 int mismatch;
@@ -439,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
439 if (atomicio(vwrite, sock_out, server_version_string, 440 if (atomicio(vwrite, sock_out, server_version_string,
440 strlen(server_version_string)) 441 strlen(server_version_string))
441 != strlen(server_version_string)) { 442 != strlen(server_version_string)) {
442 logit("Could not write ident string to %s", get_remote_ipaddr()); 443 logit("Could not write ident string to %s port %d",
444 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
443 cleanup_exit(255); 445 cleanup_exit(255);
444 } 446 }
445 447
@@ -447,8 +449,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
447 memset(buf, 0, sizeof(buf)); 449 memset(buf, 0, sizeof(buf));
448 for (i = 0; i < sizeof(buf) - 1; i++) { 450 for (i = 0; i < sizeof(buf) - 1; i++) {
449 if (atomicio(read, sock_in, &buf[i], 1) != 1) { 451 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
450 logit("Did not receive identification string from %s", 452 logit("Did not receive identification string "
451 get_remote_ipaddr()); 453 "from %s port %d",
454 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
452 cleanup_exit(255); 455 cleanup_exit(255);
453 } 456 }
454 if (buf[i] == '\r') { 457 if (buf[i] == '\r') {
@@ -477,7 +480,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
477 (void) atomicio(vwrite, sock_out, s, strlen(s)); 480 (void) atomicio(vwrite, sock_out, s, strlen(s));
478 logit("Bad protocol version identification '%.100s' " 481 logit("Bad protocol version identification '%.100s' "
479 "from %s port %d", client_version_string, 482 "from %s port %d", client_version_string,
480 get_remote_ipaddr(), get_remote_port()); 483 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
481 close(sock_in); 484 close(sock_in);
482 close(sock_out); 485 close(sock_out);
483 cleanup_exit(255); 486 cleanup_exit(255);
@@ -485,23 +488,25 @@ sshd_exchange_identification(int sock_in, int sock_out)
485 debug("Client protocol version %d.%d; client software version %.100s", 488 debug("Client protocol version %d.%d; client software version %.100s",
486 remote_major, remote_minor, remote_version); 489 remote_major, remote_minor, remote_version);
487 490
488 active_state->compat = compat_datafellows(remote_version); 491 ssh->compat = compat_datafellows(remote_version);
489 492
490 if ((datafellows & SSH_BUG_PROBE) != 0) { 493 if ((ssh->compat & SSH_BUG_PROBE) != 0) {
491 logit("probed from %s with %s. Don't panic.", 494 logit("probed from %s port %d with %s. Don't panic.",
492 get_remote_ipaddr(), client_version_string); 495 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
496 client_version_string);
493 cleanup_exit(255); 497 cleanup_exit(255);
494 } 498 }
495 if ((datafellows & SSH_BUG_SCANNER) != 0) { 499 if ((ssh->compat & SSH_BUG_SCANNER) != 0) {
496 logit("scanned from %s with %s. Don't panic.", 500 logit("scanned from %s port %d with %s. Don't panic.",
497 get_remote_ipaddr(), client_version_string); 501 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
502 client_version_string);
498 cleanup_exit(255); 503 cleanup_exit(255);
499 } 504 }
500 if ((datafellows & SSH_BUG_RSASIGMD5) != 0) { 505 if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
501 logit("Client version \"%.100s\" uses unsafe RSA signature " 506 logit("Client version \"%.100s\" uses unsafe RSA signature "
502 "scheme; disabling use of RSA keys", remote_version); 507 "scheme; disabling use of RSA keys", remote_version);
503 } 508 }
504 if ((datafellows & SSH_BUG_DERIVEKEY) != 0) { 509 if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) {
505 fatal("Client version \"%.100s\" uses unsafe key agreement; " 510 fatal("Client version \"%.100s\" uses unsafe key agreement; "
506 "refusing connection", remote_version); 511 "refusing connection", remote_version);
507 } 512 }
@@ -546,8 +551,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
546 (void) atomicio(vwrite, sock_out, s, strlen(s)); 551 (void) atomicio(vwrite, sock_out, s, strlen(s));
547 close(sock_in); 552 close(sock_in);
548 close(sock_out); 553 close(sock_out);
549 logit("Protocol major versions differ for %s: %.200s vs. %.200s", 554 logit("Protocol major versions differ for %s port %d: "
550 get_remote_ipaddr(), 555 "%.200s vs. %.200s",
556 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
551 server_version_string, client_version_string); 557 server_version_string, client_version_string);
552 cleanup_exit(255); 558 cleanup_exit(255);
553 } 559 }
@@ -839,8 +845,8 @@ list_hostkey_types(void)
839 break; 845 break;
840 } 846 }
841 } 847 }
842 buffer_append(&b, "\0", 1); 848 if ((ret = sshbuf_dup_string(&b)) == NULL)
843 ret = xstrdup(buffer_ptr(&b)); 849 fatal("%s: sshbuf_dup_string failed", __func__);
844 buffer_free(&b); 850 buffer_free(&b);
845 debug("list_hostkey_types: %s", ret); 851 debug("list_hostkey_types: %s", ret);
846 return ret; 852 return ret;
@@ -1021,12 +1027,13 @@ usage(void)
1021} 1027}
1022 1028
1023static void 1029static void
1024send_rexec_state(int fd, Buffer *conf) 1030send_rexec_state(int fd, struct sshbuf *conf)
1025{ 1031{
1026 Buffer m; 1032 struct sshbuf *m;
1033 int r;
1027 1034
1028 debug3("%s: entering fd = %d config len %d", __func__, fd, 1035 debug3("%s: entering fd = %d config len %zu", __func__, fd,
1029 buffer_len(conf)); 1036 sshbuf_len(conf));
1030 1037
1031 /* 1038 /*
1032 * Protocol from reexec master to child: 1039 * Protocol from reexec master to child:
@@ -1040,31 +1047,41 @@ send_rexec_state(int fd, Buffer *conf)
1040 * bignum q " 1047 * bignum q "
1041 * string rngseed (only if OpenSSL is not self-seeded) 1048 * string rngseed (only if OpenSSL is not self-seeded)
1042 */ 1049 */
1043 buffer_init(&m); 1050 if ((m = sshbuf_new()) == NULL)
1044 buffer_put_cstring(&m, buffer_ptr(conf)); 1051 fatal("%s: sshbuf_new failed", __func__);
1052 if ((r = sshbuf_put_stringb(m, conf)) != 0)
1053 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1045 1054
1046#ifdef WITH_SSH1 1055#ifdef WITH_SSH1
1047 if (sensitive_data.server_key != NULL && 1056 if (sensitive_data.server_key != NULL &&
1048 sensitive_data.server_key->type == KEY_RSA1) { 1057 sensitive_data.server_key->type == KEY_RSA1) {
1049 buffer_put_int(&m, 1); 1058 if ((r = sshbuf_put_u32(m, 1)) != 0 ||
1050 buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); 1059 (r = sshbuf_put_bignum1(m,
1051 buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); 1060 sensitive_data.server_key->rsa->e)) != 0 ||
1052 buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); 1061 (r = sshbuf_put_bignum1(m,
1053 buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); 1062 sensitive_data.server_key->rsa->n)) != 0 ||
1054 buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); 1063 (r = sshbuf_put_bignum1(m,
1055 buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); 1064 sensitive_data.server_key->rsa->d)) != 0 ||
1065 (r = sshbuf_put_bignum1(m,
1066 sensitive_data.server_key->rsa->iqmp)) != 0 ||
1067 (r = sshbuf_put_bignum1(m,
1068 sensitive_data.server_key->rsa->p)) != 0 ||
1069 (r = sshbuf_put_bignum1(m,
1070 sensitive_data.server_key->rsa->q)) != 0)
1071 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1056 } else 1072 } else
1057#endif 1073#endif
1058 buffer_put_int(&m, 0); 1074 if ((r = sshbuf_put_u32(m, 1)) != 0)
1075 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1059 1076
1060#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) 1077#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
1061 rexec_send_rng_seed(&m); 1078 rexec_send_rng_seed(m);
1062#endif 1079#endif
1063 1080
1064 if (ssh_msg_send(fd, 0, &m) == -1) 1081 if (ssh_msg_send(fd, 0, m) == -1)
1065 fatal("%s: ssh_msg_send failed", __func__); 1082 fatal("%s: ssh_msg_send failed", __func__);
1066 1083
1067 buffer_free(&m); 1084 sshbuf_free(m);
1068 1085
1069 debug3("%s: done", __func__); 1086 debug3("%s: done", __func__);
1070} 1087}
@@ -1087,7 +1104,7 @@ recv_rexec_state(int fd, Buffer *conf)
1087 1104
1088 cp = buffer_get_string(&m, &len); 1105 cp = buffer_get_string(&m, &len);
1089 if (conf != NULL) 1106 if (conf != NULL)
1090 buffer_append(conf, cp, len + 1); 1107 buffer_append(conf, cp, len);
1091 free(cp); 1108 free(cp);
1092 1109
1093 if (buffer_get_int(&m)) { 1110 if (buffer_get_int(&m)) {
@@ -1452,6 +1469,47 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1452 } 1469 }
1453} 1470}
1454 1471
1472/*
1473 * If IP options are supported, make sure there are none (log and
1474 * return an error if any are found). Basically we are worried about
1475 * source routing; it can be used to pretend you are somebody
1476 * (ip-address) you are not. That itself may be "almost acceptable"
1477 * under certain circumstances, but rhosts autentication is useless
1478 * if source routing is accepted. Notice also that if we just dropped
1479 * source routing here, the other side could use IP spoofing to do
1480 * rest of the interaction and could still bypass security. So we
1481 * exit here if we detect any IP options.
1482 */
1483static void
1484check_ip_options(struct ssh *ssh)
1485{
1486#ifdef IP_OPTIONS
1487 int sock_in = ssh_packet_get_connection_in(ssh);
1488 struct sockaddr_storage from;
1489 socklen_t option_size, i, fromlen = sizeof(from);
1490 u_char opts[200];
1491 char text[sizeof(opts) * 3 + 1];
1492
1493 memset(&from, 0, sizeof(from));
1494 if (getpeername(sock_in, (struct sockaddr *)&from,
1495 &fromlen) < 0)
1496 return;
1497 if (from.ss_family != AF_INET)
1498 return;
1499 /* XXX IPv6 options? */
1500
1501 if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
1502 &option_size) >= 0 && option_size != 0) {
1503 text[0] = '\0';
1504 for (i = 0; i < option_size; i++)
1505 snprintf(text + i*3, sizeof(text) - i*3,
1506 " %2.2x", opts[i]);
1507 fatal("Connection from %.100s port %d with IP opts: %.800s",
1508 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
1509 }
1510 return;
1511#endif /* IP_OPTIONS */
1512}
1455 1513
1456/* 1514/*
1457 * Main program for the daemon. 1515 * Main program for the daemon.
@@ -1459,6 +1517,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1459int 1517int
1460main(int ac, char **av) 1518main(int ac, char **av)
1461{ 1519{
1520 struct ssh *ssh = NULL;
1462 extern char *optarg; 1521 extern char *optarg;
1463 extern int optind; 1522 extern int optind;
1464 int r, opt, i, j, on = 1; 1523 int r, opt, i, j, on = 1;
@@ -2118,28 +2177,25 @@ main(int ac, char **av)
2118 */ 2177 */
2119 packet_set_connection(sock_in, sock_out); 2178 packet_set_connection(sock_in, sock_out);
2120 packet_set_server(); 2179 packet_set_server();
2180 ssh = active_state; /* XXX */
2181 check_ip_options(ssh);
2121 2182
2122 /* Set SO_KEEPALIVE if requested. */ 2183 /* Set SO_KEEPALIVE if requested. */
2123 if (options.tcp_keep_alive && packet_connection_is_on_socket() && 2184 if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
2124 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) 2185 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
2125 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 2186 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
2126 2187
2127 if ((remote_port = get_remote_port()) < 0) { 2188 if ((remote_port = ssh_remote_port(ssh)) < 0) {
2128 debug("get_remote_port failed"); 2189 debug("ssh_remote_port failed");
2129 cleanup_exit(255); 2190 cleanup_exit(255);
2130 } 2191 }
2131 2192
2132 /* 2193 /*
2133 * We use get_canonical_hostname with usedns = 0 instead of
2134 * get_remote_ipaddr here so IP options will be checked.
2135 */
2136 (void) get_canonical_hostname(0);
2137 /*
2138 * The rest of the code depends on the fact that 2194 * The rest of the code depends on the fact that
2139 * get_remote_ipaddr() caches the remote ip, even if 2195 * ssh_remote_ipaddr() caches the remote ip, even if
2140 * the socket goes away. 2196 * the socket goes away.
2141 */ 2197 */
2142 remote_ip = get_remote_ipaddr(); 2198 remote_ip = ssh_remote_ipaddr(ssh);
2143 2199
2144#ifdef SSH_AUDIT_EVENTS 2200#ifdef SSH_AUDIT_EVENTS
2145 audit_connection_from(remote_ip, remote_port); 2201 audit_connection_from(remote_ip, remote_port);
@@ -2148,7 +2204,7 @@ main(int ac, char **av)
2148 /* Log the connection. */ 2204 /* Log the connection. */
2149 laddr = get_local_ipaddr(sock_in); 2205 laddr = get_local_ipaddr(sock_in);
2150 verbose("Connection from %s port %d on %s port %d", 2206 verbose("Connection from %s port %d on %s port %d",
2151 remote_ip, remote_port, laddr, get_local_port()); 2207 remote_ip, remote_port, laddr, ssh_local_port(ssh));
2152 free(laddr); 2208 free(laddr);
2153 2209
2154 /* 2210 /*
@@ -2163,7 +2219,7 @@ main(int ac, char **av)
2163 if (!debug_flag) 2219 if (!debug_flag)
2164 alarm(options.login_grace_time); 2220 alarm(options.login_grace_time);
2165 2221
2166 sshd_exchange_identification(sock_in, sock_out); 2222 sshd_exchange_identification(ssh, sock_in, sock_out);
2167 2223
2168 /* In inetd mode, generate ephemeral key only for proto 1 connections */ 2224 /* In inetd mode, generate ephemeral key only for proto 1 connections */
2169 if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) 2225 if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
@@ -2299,6 +2355,7 @@ main(int ac, char **av)
2299int 2355int
2300ssh1_session_key(BIGNUM *session_key_int) 2356ssh1_session_key(BIGNUM *session_key_int)
2301{ 2357{
2358 struct ssh *ssh = active_state; /* XXX */
2302 int rsafail = 0; 2359 int rsafail = 0;
2303 2360
2304 if (BN_cmp(sensitive_data.server_key->rsa->n, 2361 if (BN_cmp(sensitive_data.server_key->rsa->n,
@@ -2307,9 +2364,9 @@ ssh1_session_key(BIGNUM *session_key_int)
2307 if (BN_num_bits(sensitive_data.server_key->rsa->n) < 2364 if (BN_num_bits(sensitive_data.server_key->rsa->n) <
2308 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + 2365 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
2309 SSH_KEY_BITS_RESERVED) { 2366 SSH_KEY_BITS_RESERVED) {
2310 fatal("do_connection: %s: " 2367 fatal("do_connection: %s port %d: "
2311 "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", 2368 "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
2312 get_remote_ipaddr(), 2369 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
2313 BN_num_bits(sensitive_data.server_key->rsa->n), 2370 BN_num_bits(sensitive_data.server_key->rsa->n),
2314 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), 2371 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
2315 SSH_KEY_BITS_RESERVED); 2372 SSH_KEY_BITS_RESERVED);
@@ -2325,9 +2382,9 @@ ssh1_session_key(BIGNUM *session_key_int)
2325 if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < 2382 if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
2326 BN_num_bits(sensitive_data.server_key->rsa->n) + 2383 BN_num_bits(sensitive_data.server_key->rsa->n) +
2327 SSH_KEY_BITS_RESERVED) { 2384 SSH_KEY_BITS_RESERVED) {
2328 fatal("do_connection: %s: " 2385 fatal("do_connection: %s port %d: "
2329 "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", 2386 "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
2330 get_remote_ipaddr(), 2387 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
2331 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), 2388 BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
2332 BN_num_bits(sensitive_data.server_key->rsa->n), 2389 BN_num_bits(sensitive_data.server_key->rsa->n),
2333 SSH_KEY_BITS_RESERVED); 2390 SSH_KEY_BITS_RESERVED);
@@ -2348,6 +2405,7 @@ ssh1_session_key(BIGNUM *session_key_int)
2348static void 2405static void
2349do_ssh1_kex(void) 2406do_ssh1_kex(void)
2350{ 2407{
2408 struct ssh *ssh = active_state; /* XXX */
2351 int i, len; 2409 int i, len;
2352 int rsafail = 0; 2410 int rsafail = 0;
2353 BIGNUM *session_key_int, *fake_key_int, *real_key_int; 2411 BIGNUM *session_key_int, *fake_key_int, *real_key_int;
@@ -2465,9 +2523,10 @@ do_ssh1_kex(void)
2465 (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); 2523 (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
2466 len = BN_num_bytes(session_key_int); 2524 len = BN_num_bytes(session_key_int);
2467 if (len < 0 || (u_int)len > sizeof(session_key)) { 2525 if (len < 0 || (u_int)len > sizeof(session_key)) {
2468 error("do_ssh1_kex: bad session key len from %s: " 2526 error("%s: bad session key len from %s port %d: "
2469 "session_key_int %d > sizeof(session_key) %lu", 2527 "session_key_int %d > sizeof(session_key) %lu", __func__,
2470 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 2528 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
2529 len, (u_long)sizeof(session_key));
2471 rsafail++; 2530 rsafail++;
2472 } else { 2531 } else {
2473 explicit_bzero(session_key, sizeof(session_key)); 2532 explicit_bzero(session_key, sizeof(session_key));
@@ -2558,10 +2617,11 @@ do_ssh2_kex(void)
2558 2617
2559 if (options.compression == COMP_NONE) { 2618 if (options.compression == COMP_NONE) {
2560 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2619 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2561 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 2620 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
2562 } else if (options.compression == COMP_DELAYED) { 2621 } else if (options.compression == COMP_DELAYED) {
2563 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2622 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2564 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; 2623 myproposal[PROPOSAL_COMP_ALGS_STOC] =
2624 "none,zlib@openssh.com";
2565 } 2625 }
2566 2626
2567 if (options.rekey_limit || options.rekey_interval) 2627 if (options.rekey_limit || options.rekey_interval)
@@ -2578,6 +2638,9 @@ do_ssh2_kex(void)
2578#ifdef WITH_OPENSSL 2638#ifdef WITH_OPENSSL
2579 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 2639 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2580 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 2640 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2641 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
2642 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
2643 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
2581 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2644 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2582 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2645 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2583# ifdef OPENSSL_HAS_ECC 2646# ifdef OPENSSL_HAS_ECC
diff --git a/sshd_config b/sshd_config
index a848d73e4..75ae8e739 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ 1# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -34,7 +34,6 @@
34#RekeyLimit default none 34#RekeyLimit default none
35 35
36# Logging 36# Logging
37# obsoletes QuietMode and FascistLogging
38#SyslogFacility AUTH 37#SyslogFacility AUTH
39#LogLevel INFO 38#LogLevel INFO
40 39
diff --git a/sshd_config.0 b/sshd_config.0
index 8bda6a39f..85379dca5 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -80,9 +80,11 @@ DESCRIPTION
80 valid; a numerical user ID is not recognized. By default, login 80 valid; a numerical user ID is not recognized. By default, login
81 is allowed for all users. If the pattern takes the form 81 is allowed for all users. If the pattern takes the form
82 USER@HOST then USER and HOST are separately checked, restricting 82 USER@HOST then USER and HOST are separately checked, restricting
83 logins to particular users from particular hosts. The allow/deny 83 logins to particular users from particular hosts. HOST criteria
84 directives are processed in the following order: DenyUsers, 84 may additionally contain addresses to match in CIDR
85 AllowUsers, DenyGroups, and finally AllowGroups. 85 address/masklen format. The allow/deny directives are processed
86 in the following order: DenyUsers, AllowUsers, DenyGroups, and
87 finally AllowGroups.
86 88
87 See PATTERNS in ssh_config(5) for more information on patterns. 89 See PATTERNS in ssh_config(5) for more information on patterns.
88 90
@@ -90,8 +92,11 @@ DESCRIPTION
90 Specifies the authentication methods that must be successfully 92 Specifies the authentication methods that must be successfully
91 completed for a user to be granted access. This option must be 93 completed for a user to be granted access. This option must be
92 followed by one or more comma-separated lists of authentication 94 followed by one or more comma-separated lists of authentication
93 method names. Successful authentication requires completion of 95 method names, or by the single string M-bM-^@M-^\anyM-bM-^@M-^] to indicate the
94 every method in at least one of these lists. 96 default behaviour of accepting any single authentication method.
97 if the default is overridden, then successful authentication
98 requires completion of every method in at least one of these
99 lists.
95 100
96 For example, an argument of M-bM-^@M-^\publickey,password 101 For example, an argument of M-bM-^@M-^\publickey,password
97 publickey,keyboard-interactiveM-bM-^@M-^] would require the user to 102 publickey,keyboard-interactiveM-bM-^@M-^] would require the user to
@@ -116,9 +121,9 @@ DESCRIPTION
116 121
117 This option will yield a fatal error if enabled if protocol 1 is 122 This option will yield a fatal error if enabled if protocol 1 is
118 also enabled. Note that each authentication method listed should 123 also enabled. Note that each authentication method listed should
119 also be explicitly enabled in the configuration. The default is 124 also be explicitly enabled in the configuration. The default
120 not to require multiple authentication; successful completion of 125 M-bM-^@M-^\anyM-bM-^@M-^] is not to require multiple authentication; successful
121 a single authentication method is sufficient. 126 completion of a single authentication method is sufficient.
122 127
123 AuthorizedKeysCommand 128 AuthorizedKeysCommand
124 Specifies a program to be used to look up the user's public keys. 129 Specifies a program to be used to look up the user's public keys.
@@ -339,9 +344,11 @@ DESCRIPTION
339 numerical user ID is not recognized. By default, login is 344 numerical user ID is not recognized. By default, login is
340 allowed for all users. If the pattern takes the form USER@HOST 345 allowed for all users. If the pattern takes the form USER@HOST
341 then USER and HOST are separately checked, restricting logins to 346 then USER and HOST are separately checked, restricting logins to
342 particular users from particular hosts. The allow/deny 347 particular users from particular hosts. HOST criteria may
343 directives are processed in the following order: DenyUsers, 348 additionally contain addresses to match in CIDR address/masklen
344 AllowUsers, DenyGroups, and finally AllowGroups. 349 format. The allow/deny directives are processed in the following
350 order: DenyUsers, AllowUsers, DenyGroups, and finally
351 AllowGroups.
345 352
346 See PATTERNS in ssh_config(5) for more information on patterns. 353 See PATTERNS in ssh_config(5) for more information on patterns.
347 354
@@ -447,7 +454,7 @@ DESCRIPTION
447 454
448 HostKeyAgent 455 HostKeyAgent
449 Identifies the UNIX-domain socket used to communicate with an 456 Identifies the UNIX-domain socket used to communicate with an
450 agent that has access to the private host keys. If 457 agent that has access to the private host keys. If the string
451 M-bM-^@M-^\SSH_AUTH_SOCKM-bM-^@M-^] is specified, the location of the socket will be 458 M-bM-^@M-^\SSH_AUTH_SOCKM-bM-^@M-^] is specified, the location of the socket will be
452 read from the SSH_AUTH_SOCK environment variable. 459 read from the SSH_AUTH_SOCK environment variable.
453 460
@@ -708,8 +715,10 @@ DESCRIPTION
708 Multiple forwards may be specified by separating them with 715 Multiple forwards may be specified by separating them with
709 whitespace. An argument of M-bM-^@M-^\anyM-bM-^@M-^] can be used to remove all 716 whitespace. An argument of M-bM-^@M-^\anyM-bM-^@M-^] can be used to remove all
710 restrictions and permit any forwarding requests. An argument of 717 restrictions and permit any forwarding requests. An argument of
711 M-bM-^@M-^\noneM-bM-^@M-^] can be used to prohibit all forwarding requests. By 718 M-bM-^@M-^\noneM-bM-^@M-^] can be used to prohibit all forwarding requests. The
712 default all port forwarding requests are permitted. 719 wildcard M-bM-^@M-^\*M-bM-^@M-^] can be used for host or port to allow all hosts or
720 ports, respectively. By default all port forwarding requests are
721 permitted.
713 722
714 PermitRootLogin 723 PermitRootLogin
715 Specifies whether root can log in using ssh(1). The argument 724 Specifies whether root can log in using ssh(1). The argument
@@ -927,7 +936,7 @@ DESCRIPTION
927 address maps back to the very same IP address. 936 address maps back to the very same IP address.
928 937
929 If this option is set to M-bM-^@M-^\noM-bM-^@M-^] (the default) then only addresses 938 If this option is set to M-bM-^@M-^\noM-bM-^@M-^] (the default) then only addresses
930 and not host names may be used in ~/.ssh/known_hosts from and 939 and not host names may be used in ~/.ssh/authorized_keys from and
931 sshd_config Match Host directives. 940 sshd_config Match Host directives.
932 941
933 UseLogin 942 UseLogin
@@ -1051,4 +1060,4 @@ AUTHORS
1051 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1060 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1052 for privilege separation. 1061 for privilege separation.
1053 1062
1054OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 1063OpenBSD 6.0 July 19, 2016 OpenBSD 6.0
diff --git a/sshd_config.5 b/sshd_config.5
index a37a3aca3..1bc26ec4d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.220 2016/02/17 08:57:34 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.227 2016/07/19 12:59:16 jmc Exp $
37.Dd $Mdocdate: February 17 2016 $ 37.Dd $Mdocdate: July 19 2016 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -173,6 +173,8 @@ By default, login is allowed for all users.
173If the pattern takes the form USER@HOST then USER and HOST 173If the pattern takes the form USER@HOST then USER and HOST
174are separately checked, restricting logins to particular 174are separately checked, restricting logins to particular
175users from particular hosts. 175users from particular hosts.
176HOST criteria may additionally contain addresses to match in CIDR
177address/masklen format.
176The allow/deny directives are processed in the following order: 178The allow/deny directives are processed in the following order:
177.Cm DenyUsers , 179.Cm DenyUsers ,
178.Cm AllowUsers , 180.Cm AllowUsers ,
@@ -187,9 +189,12 @@ for more information on patterns.
187Specifies the authentication methods that must be successfully completed 189Specifies the authentication methods that must be successfully completed
188for a user to be granted access. 190for a user to be granted access.
189This option must be followed by one or more comma-separated lists of 191This option must be followed by one or more comma-separated lists of
190authentication method names. 192authentication method names, or by the single string
191Successful authentication requires completion of every method in at least 193.Dq any
192one of these lists. 194to indicate the default behaviour of accepting any single authentication
195method.
196if the default is overridden, then successful authentication requires
197completion of every method in at least one of these lists.
193.Pp 198.Pp
194For example, an argument of 199For example, an argument of
195.Dq publickey,password publickey,keyboard-interactive 200.Dq publickey,password publickey,keyboard-interactive
@@ -229,7 +234,9 @@ This option will yield a fatal
229error if enabled if protocol 1 is also enabled. 234error if enabled if protocol 1 is also enabled.
230Note that each authentication method listed should also be explicitly enabled 235Note that each authentication method listed should also be explicitly enabled
231in the configuration. 236in the configuration.
232The default is not to require multiple authentication; successful completion 237The default
238.Dq any
239is not to require multiple authentication; successful completion
233of a single authentication method is sufficient. 240of a single authentication method is sufficient.
234.It Cm AuthorizedKeysCommand 241.It Cm AuthorizedKeysCommand
235Specifies a program to be used to look up the user's public keys. 242Specifies a program to be used to look up the user's public keys.
@@ -560,6 +567,8 @@ By default, login is allowed for all users.
560If the pattern takes the form USER@HOST then USER and HOST 567If the pattern takes the form USER@HOST then USER and HOST
561are separately checked, restricting logins to particular 568are separately checked, restricting logins to particular
562users from particular hosts. 569users from particular hosts.
570HOST criteria may additionally contain addresses to match in CIDR
571address/masklen format.
563The allow/deny directives are processed in the following order: 572The allow/deny directives are processed in the following order:
564.Cm DenyUsers , 573.Cm DenyUsers ,
565.Cm AllowUsers , 574.Cm AllowUsers ,
@@ -734,7 +743,7 @@ to an
734.It Cm HostKeyAgent 743.It Cm HostKeyAgent
735Identifies the UNIX-domain socket used to communicate 744Identifies the UNIX-domain socket used to communicate
736with an agent that has access to the private host keys. 745with an agent that has access to the private host keys.
737If 746If the string
738.Dq SSH_AUTH_SOCK 747.Dq SSH_AUTH_SOCK
739is specified, the location of the socket will be read from the 748is specified, the location of the socket will be read from the
740.Ev SSH_AUTH_SOCK 749.Ev SSH_AUTH_SOCK
@@ -1206,6 +1215,9 @@ can be used to remove all restrictions and permit any forwarding requests.
1206An argument of 1215An argument of
1207.Dq none 1216.Dq none
1208can be used to prohibit all forwarding requests. 1217can be used to prohibit all forwarding requests.
1218The wildcard
1219.Dq *
1220can be used for host or port to allow all hosts or ports, respectively.
1209By default all port forwarding requests are permitted. 1221By default all port forwarding requests are permitted.
1210.It Cm PermitRootLogin 1222.It Cm PermitRootLogin
1211Specifies whether root can log in using 1223Specifies whether root can log in using
@@ -1534,7 +1546,7 @@ very same IP address.
1534If this option is set to 1546If this option is set to
1535.Dq no 1547.Dq no
1536(the default) then only addresses and not host names may be used in 1548(the default) then only addresses and not host names may be used in
1537.Pa ~/.ssh/known_hosts 1549.Pa ~/.ssh/authorized_keys
1538.Cm from 1550.Cm from
1539and 1551and
1540.Nm 1552.Nm
diff --git a/sshkey.c b/sshkey.c
index 87b093e91..c9f04cd67 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.31 2015/12/11 04:21:12 mmcc Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.35 2016/06/19 07:48:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -1966,7 +1966,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1966#ifdef DEBUG_PK /* XXX */ 1966#ifdef DEBUG_PK /* XXX */
1967 sshbuf_dump(b, stderr); 1967 sshbuf_dump(b, stderr);
1968#endif 1968#endif
1969 *keyp = NULL; 1969 if (keyp != NULL)
1970 *keyp = NULL;
1970 if ((copy = sshbuf_fromb(b)) == NULL) { 1971 if ((copy = sshbuf_fromb(b)) == NULL) {
1971 ret = SSH_ERR_ALLOC_FAIL; 1972 ret = SSH_ERR_ALLOC_FAIL;
1972 goto out; 1973 goto out;
@@ -2121,8 +2122,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2121 goto out; 2122 goto out;
2122 } 2123 }
2123 ret = 0; 2124 ret = 0;
2124 *keyp = key; 2125 if (keyp != NULL) {
2125 key = NULL; 2126 *keyp = key;
2127 key = NULL;
2128 }
2126 out: 2129 out:
2127 sshbuf_free(copy); 2130 sshbuf_free(copy);
2128 sshkey_free(key); 2131 sshkey_free(key);
@@ -2367,7 +2370,7 @@ sshkey_drop_cert(struct sshkey *k)
2367 2370
2368/* Sign a certified key, (re-)generating the signed certblob. */ 2371/* Sign a certified key, (re-)generating the signed certblob. */
2369int 2372int
2370sshkey_certify(struct sshkey *k, struct sshkey *ca) 2373sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg)
2371{ 2374{
2372 struct sshbuf *principals = NULL; 2375 struct sshbuf *principals = NULL;
2373 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; 2376 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32];
@@ -2457,7 +2460,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca)
2457 2460
2458 /* Sign the whole mess */ 2461 /* Sign the whole mess */
2459 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), 2462 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2460 sshbuf_len(cert), NULL, 0)) != 0) 2463 sshbuf_len(cert), alg, 0)) != 0)
2461 goto out; 2464 goto out;
2462 2465
2463 /* Append signature and we are done */ 2466 /* Append signature and we are done */
@@ -3631,12 +3634,10 @@ sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob,
3631 /* The encrypted private part is not parsed by this function. */ 3634 /* The encrypted private part is not parsed by this function. */
3632 3635
3633 r = 0; 3636 r = 0;
3634 if (keyp != NULL) 3637 if (keyp != NULL) {
3635 *keyp = pub; 3638 *keyp = pub;
3636 else 3639 pub = NULL;
3637 sshkey_free(pub); 3640 }
3638 pub = NULL;
3639
3640 out: 3641 out:
3641 sshbuf_free(copy); 3642 sshbuf_free(copy);
3642 sshkey_free(pub); 3643 sshkey_free(pub);
@@ -3657,7 +3658,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
3657 const struct sshcipher *cipher; 3658 const struct sshcipher *cipher;
3658 struct sshkey *prv = NULL; 3659 struct sshkey *prv = NULL;
3659 3660
3660 *keyp = NULL; 3661 if (keyp != NULL)
3662 *keyp = NULL;
3661 if (commentp != NULL) 3663 if (commentp != NULL)
3662 *commentp = NULL; 3664 *commentp = NULL;
3663 3665
@@ -3743,8 +3745,10 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
3743 goto out; 3745 goto out;
3744 } 3746 }
3745 r = 0; 3747 r = 0;
3746 *keyp = prv; 3748 if (keyp != NULL) {
3747 prv = NULL; 3749 *keyp = prv;
3750 prv = NULL;
3751 }
3748 if (commentp != NULL) { 3752 if (commentp != NULL) {
3749 *commentp = comment; 3753 *commentp = comment;
3750 comment = NULL; 3754 comment = NULL;
@@ -3769,7 +3773,8 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
3769 BIO *bio = NULL; 3773 BIO *bio = NULL;
3770 int r; 3774 int r;
3771 3775
3772 *keyp = NULL; 3776 if (keyp != NULL)
3777 *keyp = NULL;
3773 3778
3774 if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) 3779 if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)
3775 return SSH_ERR_ALLOC_FAIL; 3780 return SSH_ERR_ALLOC_FAIL;
@@ -3838,8 +3843,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
3838 goto out; 3843 goto out;
3839 } 3844 }
3840 r = 0; 3845 r = 0;
3841 *keyp = prv; 3846 if (keyp != NULL) {
3842 prv = NULL; 3847 *keyp = prv;
3848 prv = NULL;
3849 }
3843 out: 3850 out:
3844 BIO_free(bio); 3851 BIO_free(bio);
3845 if (pk != NULL) 3852 if (pk != NULL)
@@ -3853,7 +3860,8 @@ int
3853sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3860sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3854 const char *passphrase, struct sshkey **keyp, char **commentp) 3861 const char *passphrase, struct sshkey **keyp, char **commentp)
3855{ 3862{
3856 *keyp = NULL; 3863 if (keyp != NULL)
3864 *keyp = NULL;
3857 if (commentp != NULL) 3865 if (commentp != NULL)
3858 *commentp = NULL; 3866 *commentp = NULL;
3859 3867
diff --git a/sshkey.h b/sshkey.h
index a20a14f9e..8c3d866bf 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.12 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.13 2016/05/02 09:36:42 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -137,7 +137,7 @@ int sshkey_type_is_cert(int);
137int sshkey_type_plain(int); 137int sshkey_type_plain(int);
138int sshkey_to_certified(struct sshkey *); 138int sshkey_to_certified(struct sshkey *);
139int sshkey_drop_cert(struct sshkey *); 139int sshkey_drop_cert(struct sshkey *);
140int sshkey_certify(struct sshkey *, struct sshkey *); 140int sshkey_certify(struct sshkey *, struct sshkey *, const char *);
141int sshkey_cert_copy(const struct sshkey *, struct sshkey *); 141int sshkey_cert_copy(const struct sshkey *, struct sshkey *);
142int sshkey_cert_check_authority(const struct sshkey *, int, int, 142int sshkey_cert_check_authority(const struct sshkey *, int, int,
143 const char *, const char **); 143 const char *, const char **);
diff --git a/ttymodes.c b/ttymodes.c
index 6f51b8a70..db772c39c 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ttymodes.c,v 1.29 2008/11/02 00:16:16 stevesk Exp $ */ 1/* $OpenBSD: ttymodes.c,v 1.30 2016/05/04 14:22:33 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -54,7 +54,6 @@
54 54
55#include "packet.h" 55#include "packet.h"
56#include "log.h" 56#include "log.h"
57#include "ssh1.h"
58#include "compat.h" 57#include "compat.h"
59#include "buffer.h" 58#include "buffer.h"
60 59
diff --git a/ttymodes.h b/ttymodes.h
index 4d848fe3a..14e177cef 100644
--- a/ttymodes.h
+++ b/ttymodes.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ttymodes.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: ttymodes.h,v 1.15 2016/05/03 09:03:49 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -127,6 +127,9 @@ TTYMODE(IXOFF, c_iflag, 40)
127#ifdef IMAXBEL 127#ifdef IMAXBEL
128TTYMODE(IMAXBEL,c_iflag, 41) 128TTYMODE(IMAXBEL,c_iflag, 41)
129#endif /* IMAXBEL */ 129#endif /* IMAXBEL */
130#ifdef IUTF8
131TTYMODE(IUTF8, c_iflag, 42)
132#endif /* IUTF8 */
130 133
131TTYMODE(ISIG, c_lflag, 50) 134TTYMODE(ISIG, c_lflag, 50)
132TTYMODE(ICANON, c_lflag, 51) 135TTYMODE(ICANON, c_lflag, 51)
diff --git a/utf8.c b/utf8.c
new file mode 100644
index 000000000..f563d3738
--- /dev/null
+++ b/utf8.c
@@ -0,0 +1,290 @@
1/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */
2/*
3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Utility functions for multibyte-character handling,
20 * in particular to sanitize untrusted strings for terminal output.
21 */
22
23#include "includes.h"
24
25#include <sys/types.h>
26#ifdef HAVE_LANGINFO_H
27# include <langinfo.h>
28#endif
29#include <limits.h>
30#include <stdarg.h>
31#include <stdio.h>
32#include <stdlib.h>
33#include <string.h>
34#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
35# include <vis.h>
36#endif
37#ifdef HAVE_WCHAR_H
38# include <wchar.h>
39#endif
40
41#include "utf8.h"
42
43static int dangerous_locale(void);
44static int grow_dst(char **, size_t *, size_t, char **, size_t);
45static int vasnmprintf(char **, size_t, int *, const char *, va_list);
46
47
48/*
49 * For US-ASCII and UTF-8 encodings, we can safely recover from
50 * encoding errors and from non-printable characters. For any
51 * other encodings, err to the side of caution and abort parsing:
52 * For state-dependent encodings, recovery is impossible.
53 * For arbitrary encodings, replacement of non-printable
54 * characters would be non-trivial and too fragile.
55 */
56
57static int
58dangerous_locale(void) {
59 char *loc;
60
61 loc = nl_langinfo(CODESET);
62 return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8");
63}
64
65static int
66grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need)
67{
68 char *tp;
69 size_t tsz;
70
71 if (*dp + need < *dst + *sz)
72 return 0;
73 tsz = *sz + 128;
74 if (tsz > maxsz)
75 tsz = maxsz;
76 if ((tp = realloc(*dst, tsz)) == NULL)
77 return -1;
78 *dp = tp + (*dp - *dst);
79 *dst = tp;
80 *sz = tsz;
81 return 0;
82}
83
84/*
85 * The following two functions limit the number of bytes written,
86 * including the terminating '\0', to sz. Unless wp is NULL,
87 * they limit the number of display columns occupied to *wp.
88 * Whichever is reached first terminates the output string.
89 * To stay close to the standard interfaces, they return the number of
90 * non-NUL bytes that would have been written if both were unlimited.
91 * If wp is NULL, newline, carriage return, and tab are allowed;
92 * otherwise, the actual number of columns occupied by what was
93 * written is returned in *wp.
94 */
95
96static int
97vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
98{
99 char *src; /* Source string returned from vasprintf. */
100 char *sp; /* Pointer into src. */
101 char *dst; /* Destination string to be returned. */
102 char *dp; /* Pointer into dst. */
103 char *tp; /* Temporary pointer for dst. */
104 size_t sz; /* Number of bytes allocated for dst. */
105 wchar_t wc; /* Wide character at sp. */
106 int len; /* Number of bytes in the character at sp. */
107 int ret; /* Number of bytes needed to format src. */
108 int width; /* Display width of the character wc. */
109 int total_width, max_width, print;
110
111 src = NULL;
112 if ((ret = vasprintf(&src, fmt, ap)) <= 0)
113 goto fail;
114
115 sz = strlen(src) + 1;
116 if ((dst = malloc(sz)) == NULL) {
117 free(src);
118 goto fail;
119 }
120
121 if (maxsz > INT_MAX)
122 maxsz = INT_MAX;
123
124 sp = src;
125 dp = dst;
126 ret = 0;
127 print = 1;
128 total_width = 0;
129 max_width = wp == NULL ? INT_MAX : *wp;
130 while (*sp != '\0') {
131 if ((len = mbtowc(&wc, sp, MB_CUR_MAX)) == -1) {
132 (void)mbtowc(NULL, NULL, MB_CUR_MAX);
133 if (dangerous_locale()) {
134 ret = -1;
135 break;
136 }
137 len = 1;
138 width = -1;
139 } else if (wp == NULL &&
140 (wc == L'\n' || wc == L'\r' || wc == L'\t')) {
141 /*
142 * Don't use width uninitialized; the actual
143 * value doesn't matter because total_width
144 * is only returned for wp != NULL.
145 */
146 width = 0;
147 } else if ((width = wcwidth(wc)) == -1 &&
148 dangerous_locale()) {
149 ret = -1;
150 break;
151 }
152
153 /* Valid, printable character. */
154
155 if (width >= 0) {
156 if (print && (dp - dst >= (int)maxsz - len ||
157 total_width > max_width - width))
158 print = 0;
159 if (print) {
160 if (grow_dst(&dst, &sz, maxsz,
161 &dp, len) == -1) {
162 ret = -1;
163 break;
164 }
165 total_width += width;
166 memcpy(dp, sp, len);
167 dp += len;
168 }
169 sp += len;
170 if (ret >= 0)
171 ret += len;
172 continue;
173 }
174
175 /* Escaping required. */
176
177 while (len > 0) {
178 if (print && (dp - dst >= (int)maxsz - 4 ||
179 total_width > max_width - 4))
180 print = 0;
181 if (print) {
182 if (grow_dst(&dst, &sz, maxsz,
183 &dp, 4) == -1) {
184 ret = -1;
185 break;
186 }
187 tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0);
188 width = tp - dp;
189 total_width += width;
190 dp = tp;
191 } else
192 width = 4;
193 len--;
194 sp++;
195 if (ret >= 0)
196 ret += width;
197 }
198 if (len > 0)
199 break;
200 }
201 free(src);
202 *dp = '\0';
203 *str = dst;
204 if (wp != NULL)
205 *wp = total_width;
206
207 /*
208 * If the string was truncated by the width limit but
209 * would have fit into the size limit, the only sane way
210 * to report the problem is using the return value, such
211 * that the usual idiom "if (ret < 0 || ret >= sz) error"
212 * works as expected.
213 */
214
215 if (ret < (int)maxsz && !print)
216 ret = -1;
217 return ret;
218
219fail:
220 if (wp != NULL)
221 *wp = 0;
222 if (ret == 0) {
223 *str = src;
224 return 0;
225 } else {
226 *str = NULL;
227 return -1;
228 }
229}
230
231int
232snmprintf(char *str, size_t sz, int *wp, const char *fmt, ...)
233{
234 va_list ap;
235 char *cp;
236 int ret;
237
238 va_start(ap, fmt);
239 ret = vasnmprintf(&cp, sz, wp, fmt, ap);
240 va_end(ap);
241 if (cp != NULL) {
242 (void)strlcpy(str, cp, sz);
243 free(cp);
244 } else
245 *str = '\0';
246 return ret;
247}
248
249/*
250 * To stay close to the standard interfaces, the following functions
251 * return the number of non-NUL bytes written.
252 */
253
254int
255vfmprintf(FILE *stream, const char *fmt, va_list ap)
256{
257 char *str;
258 int ret;
259
260 if ((ret = vasnmprintf(&str, INT_MAX, NULL, fmt, ap)) < 0)
261 return -1;
262 if (fputs(str, stream) == EOF)
263 ret = -1;
264 free(str);
265 return ret;
266}
267
268int
269fmprintf(FILE *stream, const char *fmt, ...)
270{
271 va_list ap;
272 int ret;
273
274 va_start(ap, fmt);
275 ret = vfmprintf(stream, fmt, ap);
276 va_end(ap);
277 return ret;
278}
279
280int
281mprintf(const char *fmt, ...)
282{
283 va_list ap;
284 int ret;
285
286 va_start(ap, fmt);
287 ret = vfmprintf(stdout, fmt, ap);
288 va_end(ap);
289 return ret;
290}
diff --git a/utf8.h b/utf8.h
new file mode 100644
index 000000000..43ce1d55d
--- /dev/null
+++ b/utf8.h
@@ -0,0 +1,24 @@
1/* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */
2/*
3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18int mprintf(const char *, ...)
19 __attribute__((format(printf, 1, 2)));
20int fmprintf(FILE *, const char *, ...)
21 __attribute__((format(printf, 2, 3)));
22int vfmprintf(FILE *, const char *, va_list);
23int snmprintf(char *, size_t, int *, const char *, ...)
24 __attribute__((format(printf, 4, 5)));
diff --git a/version.h b/version.h
index eb4e94825..617ab62ad 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.76 2016/02/23 09:14:34 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.77 2016/07/24 11:45:36 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_7.2" 3#define SSH_VERSION "OpenSSH_7.3"
4 4
5#define SSH_PORTABLE "p2" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 11:31:41 +0000