148 files changed, 7367 insertions, 2382 deletions

diff --git a/ChangeLog b/ChangeLog
index 2292ffb00..046e32e8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,670 @@
+20050309
+ - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
+   so that regress tests behave.  From Chris Adams.
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2005/03/07 23:41:54
+     [ssh.1 ssh_config.5]
+     more macro simplification;
+   - djm@cvs.openbsd.org 2005/03/08 23:49:48
+     [version.h]
+     OpenSSH 4.0
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
+   [contrib/suse/openssh.spec] Update spec file versions
+ - (djm) [log.c] Fix dumb syntax error; ok dtucker@
+ - (djm) Release OpenSSH 4.0p1
+
+20050307
+ - (dtucker) [configure.ac] Disable gettext search when configuring with
+   BSM audit support for the time being.  ok djm@
+ - (dtucker) OpenBSD CVS Sync (regress/)
+   - fgsch@cvs.openbsd.org 2004/12/10 01:31:30
+     [Makefile sftp-glob.sh]
+     some globbing regress; prompted and ok djm@
+   - david@cvs.openbsd.org 2005/01/14 04:21:18
+     [Makefile test-exec.sh]
+     pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
+   - dtucker@cvs.openbsd.org 2005/02/27 11:33:30
+     [multiplex.sh test-exec.sh sshd-log-wrapper.sh]
+     Add optional capability to log output from regress commands; ok markus@
+     Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
+   - djm@cvs.openbsd.org 2005/02/27 23:13:36
+     [login-timeout.sh]
+     avoid nameservice lookups in regress test; ok dtucker@
+   - djm@cvs.openbsd.org 2005/03/04 08:48:46
+     [Makefile envpass.sh]
+     regress test for SendEnv config parsing bug; ok dtucker@
+ - (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
+ - (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
+
+20050306
+ - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
+   when attempting to audit disconnect events.  Reported by Phil Dibowitz.
+ - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
+   events earlier, prevents mm_request_send errors reported by Matt Goebel.
+
+20050305
+ - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch 
+   from vinschen at redhat.com
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2005/03/02 11:45:01
+     [ssh.1]
+     missing word;
+   - djm@cvs.openbsd.org 2005/03/04 08:48:06
+     [readconf.c]
+     fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
+
+20050302
+ - (djm) OpenBSD CVS sync:
+   - jmc@cvs.openbsd.org 2005/03/01 14:47:58
+     [ssh.1]
+     remove some unneccesary macros;
+     do not mark up punctuation;
+   - jmc@cvs.openbsd.org 2005/03/01 14:55:23
+     [ssh_config.5]
+     do not mark up punctuation;
+     whitespace;
+   - jmc@cvs.openbsd.org 2005/03/01 14:59:49
+     [sshd.8]
+     new sentence, new line;
+     whitespace;
+   - jmc@cvs.openbsd.org 2005/03/01 15:05:00
+     [ssh-keygen.1]
+     whitespace;
+   - jmc@cvs.openbsd.org 2005/03/01 15:47:14
+     [ssh-keyscan.1 ssh-keyscan.c]
+     sort options and sync usage();
+   - jmc@cvs.openbsd.org 2005/03/01 17:19:35
+     [scp.1 sftp.1]
+     add HashKnownHosts to -o list;
+     ok markus@
+   - jmc@cvs.openbsd.org 2005/03/01 17:22:06
+     [ssh.c]
+     sync usage() w/ man SYNOPSIS;
+     ok markus@
+   - jmc@cvs.openbsd.org 2005/03/01 17:32:19
+     [ssh-add.1]
+     sort options;
+   - jmc@cvs.openbsd.org 2005/03/01 18:15:56
+     [ssh-keygen.1]
+     sort options (no attempt made at synopsis clean up though);
+     spelling (occurance -> occurrence);
+     use prompt before examples;
+     grammar;
+   - djm@cvs.openbsd.org 2005/03/02 01:00:06
+     [sshconnect.c]
+     fix addition of new hashed hostnames when CheckHostIP=yes;
+     found and ok dtucker@
+   - djm@cvs.openbsd.org 2005/03/02 01:27:41
+     [ssh-keygen.c]
+     ignore hostnames with metachars when hashing; ok deraadt@
+   - djm@cvs.openbsd.org 2005/03/02 02:21:07
+     [ssh.1]
+     bz#987: mention ForwardX11Trusted in ssh.1,
+     reported by andrew.benham AT thus.net; ok deraadt@
+ - (tim) [regress/agent-ptrace.sh] add another possible gdb error.
+
+20050301
+ - (djm) OpenBSD CVS sync:
+   - otto@cvs.openbsd.org 2005/02/16 09:56:44
+     [ssh.c]
+     Better diagnostic if an identity file is not accesible. ok markus@ djm@
+   - djm@cvs.openbsd.org 2005/02/18 03:05:53
+     [canohost.c]
+     better error messages for getnameinfo failures; ok dtucker@
+   - djm@cvs.openbsd.org 2005/02/20 22:59:06
+     [sftp.c]
+     turn on ssh batch mode when in sftp batch mode, patch from 
+     jdmossh AT nand.net;
+     ok markus@
+   - jmc@cvs.openbsd.org 2005/02/25 10:55:13
+     [sshd.8]
+     add /etc/motd and $HOME/.hushlogin to FILES;
+     from michael knudsen;
+   - djm@cvs.openbsd.org 2005/02/28 00:54:10
+     [ssh_config.5]
+     bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
+     orion AT cora.nwra.com; ok markus@
+   - djm@cvs.openbsd.org 2005/03/01 10:09:52
+     [auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
+     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
+     [sshd_config.5]
+     bz#413: allow optional specification of bind address for port forwardings.
+     Patch originally by Dan Astorian, but worked on by several people
+     Adds GatewayPorts=clientspecified option on server to allow remote 
+     forwards to bind to client-specified ports.
+   - djm@cvs.openbsd.org 2005/03/01 10:40:27
+     [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
+     [sshconnect.c sshd.8]
+     add support for hashing host names and addresses added to known_hosts
+     files, to improve privacy of which hosts user have been visiting; ok 
+     markus@ deraadt@
+   - djm@cvs.openbsd.org 2005/03/01 10:41:28
+     [ssh-keyscan.1 ssh-keyscan.c]
+     option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
+   - djm@cvs.openbsd.org 2005/03/01 10:42:49
+     [ssh-keygen.1 ssh-keygen.c ssh_config.5]
+     add tools for managing known_hosts files with hashed hostnames, including
+     hashing existing files and deleting hosts by name; ok markus@ deraadt@
+
+20050226
+ - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
+   Remove two obsolete Cygwin #ifdefs.  Patch from vinschen at redhat.com.
+ - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
+   Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
+   more.  Patch from vinschen at redhat.com.
+ - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
+   binaries without the config files.  Primarily useful for packaging.
+   Patch from phil at usc.edu.  ok djm@
+
+20050224
+ - (djm) [configure.ac] in_addr_t test needs sys/types.h too
+
+20050222
+ - (dtucker) [uidswap.c] Skip uid restore test on Cygwin.  Patch from
+   vinschen at redhat.com.
+
+20050220
+ - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
+   defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
+   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
+   parts by John R. Jackson.  ok djm@
+ - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
+   unrelated platforms to be configured incorrectly.
+
+20050216
+ - (djm) write seed to temporary file and atomically rename into place; 
+   ok dtucker@
+ - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
+   via mkstemp in some configurations.  ok djm@
+ - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
+   by the system headers.
+ - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
+   Unix; prevents problems relating to the location of -lresolv in the
+   link order.
+ - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
+   authentication early enough to be available to PAM session modules when
+   privsep=yes.  Patch from deengert at anl.gov, ok'ed in principle by Sam
+   Hartman and similar to Debian's ssh-krb5 package.
+ - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
+   compiler warnings on AIX.
+
+20050215
+ - (dtucker) [config.sh.in] Collect oslevel -r too.
+ - (dtucker) [README.platform auth.c configure.ac loginrec.c
+   openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
+   on AIX where possible (see README.platform for details) and work around
+   a misfeature of AIX's getnameinfo.  ok djm@
+ - (dtucker) [loginrec.c] Add missing #include.
+
+20050211
+ - (dtucker) [configure.ac] Tidy up configure --help output.
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
+
+20050210
+ - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
+   --disable-etc-default-login configure option.
+
+20050209
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
+     [ssh_config]
+     Make it clear that the example entries in ssh_config are only some of the
+     commonly-used options and refer the user to ssh_config(5) for more
+     details; ok djm@
+   - jmc@cvs.openbsd.org 2005/01/28 15:05:43
+     [ssh_config.5]
+     grammar;
+   - jmc@cvs.openbsd.org 2005/01/28 18:14:09
+     [ssh_config.5]
+     wording;
+     ok markus@
+   - dtucker@cvs.openbsd.org 2005/01/30 11:18:08
+     [monitor.c]
+     Make code match intent; ok djm@
+   - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
+     [sshd.c]
+     Provide reason in error message if getnameinfo fails; ok markus@
+ - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
+   disable_forwarding() from compat library. Prevent linker errrors trying
+   to resolve it for binaries other than sshd.  ok djm@
+ - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
+   paths.  ok djm@
+ - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
+   the username to be passed to the passwd command when changing expired
+   passwords.  ok djm@
+
+20050208
+ - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
+   regress tests so newer versions of GNU head(1) behave themselves.  Patch
+   by djm, so ok me.
+ - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
+ - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
+   monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
+   defines and enums with SSH_ to prevent namespace collisions on some
+   platforms (eg AIX).
+
+20050204
+ - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
+ - (dtucker) [auth.c] Fix parens in audit log check.
+
+20050202
+ - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
+   rev 1.11 from OpenBSD and make it use fchdir if available.  ok djm@
+ - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
+   Make record_failed_login() call provide hostname rather than having the
+   implementations having to do lookups themselves.  Only affects AIX and
+   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
+ - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
+   the process.  Since we also unset KRB5CCNAME at startup, if it's set after
+   authentication it must have been set by the platform's native auth system.
+   This was already done for AIX; this enables it for the general case.
+ - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
+   Bug #974: Teach sshd to write failed login records to btmp for failed auth
+   attempts (currently only for password, kbdint and C/R, only on Linux and
+   HP-UX), based on code from login.c from util-linux. With ashok_kovai at
+   hotmail.com, ok djm@
+ - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
+   monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
+   (first stage) Add audit instrumentation to sshd, currently disabled by
+   default.  with suggestions from and ok djm@
+
+20050201
+ - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
+   platforms syslog will revert to its default values.  This may result in
+   messages from external libraries (eg libwrap) being sent to a different
+   facility.
+ - (dtucker) [sshd_config.5] Bug #701: remove warning about
+   keyboard-interactive since this is no longer the case.
+
+20050124
+ - (dtucker) OpenBSD CVS Sync
+   - otto@cvs.openbsd.org 2005/01/21 08:32:02
+     [auth-passwd.c sshd.c]
+     Warn in advance for password and account expiry; initialize loginmsg
+     buffer earlier and clear it after privsep fork. ok and help dtucker@
+     markus@
+   - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
+     [auth.c]
+     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
+     DenyGroups.  bz #909, ok djm@
+   - djm@cvs.openbsd.org 2005/01/23 10:18:12
+     [cipher.c]
+     config option "Ciphers" should be case-sensitive; ok dtucker@
+   - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
+     [scp.c sftp.c]
+     Have scp and sftp wait for the spawned ssh to exit before they exit
+     themselves.  This prevents ssh from being unable to restore terminal
+     modes (not normally a problem on OpenBSD but common with -Portable
+     on POSIX platforms).  From peak at argo.troja.mff.cuni.cz (bz#950);
+     ok djm@ markus@
+   - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
+     [moduli]
+     Import new moduli; requested by deraadt@ a week ago
+   - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
+     [auth-passwd.c]
+     #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
+
+20050120
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/12/23 17:35:48
+     [session.c]
+     check for NULL; from mpech
+   - markus@cvs.openbsd.org 2004/12/23 17:38:07
+     [ssh-keygen.c]
+     leak; from mpech
+   - djm@cvs.openbsd.org 2004/12/23 23:11:00
+     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
+     bz #898: support AddressFamily in sshd_config. from
+     peak@argo.troja.mff.cuni.cz; ok deraadt@
+   - markus@cvs.openbsd.org 2005/01/05 08:51:32
+     [sshconnect.c]
+     remove dead code, log connect() failures with level error, ok djm@
+   - jmc@cvs.openbsd.org 2005/01/08 00:41:19
+     [sshd_config.5]
+     `login'(n) -> `log in'(v);
+   - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
+     [moduli.c]
+     Correct spelling: SCHNOOR->SCHNORR; ok djm@
+   - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
+     [sshd.c]
+     Make debugging output continue after reexec; ok djm@
+   - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
+     [auth-bsdauth.c auth2-chall.c]
+     Have keyboard-interactive code call the drivers even for responses for
+     invalid logins.  This allows the drivers themselves to decide how to
+     handle them and prevent leaking information where possible.  Existing
+     behaviour for bsdauth is maintained by checking authctxt->valid in the
+     bsdauth driver.  Note that any third-party kbdint drivers will now need
+     to be able to handle responses for invalid logins.  ok markus@
+   - djm@cvs.openbsd.org 2004/12/22 02:13:19
+     [cipher-ctr.c cipher.c]
+     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
+     many years now; ok deraadt@
+     (Id sync only: Portable will continue to support older OpenSSLs)
+ - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
+   existence via keyboard-interactive/pam, in conjunction with previous
+   auth2-chall.c change; with Colin Watson and djm.
+ - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
+   bytes to prevent errors from login_init_entry() when the username is
+   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
+ - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
+   the list of available kbdint devices if UsePAM=no.  ok djm@
+
+20050118
+ - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
+   "make survey" and "make send-survey".  This will provide data on the
+   configure parameters, platform and platform features to the development
+   team, which will allow (among other things) better targetting of testing.
+   It's entirely voluntary and is off be default. ok djm@
+ - (dtucker) [survey.sh.in] Remove any blank lines from the output of
+   ccver-v and ccver-V.
+
+20041220
+ - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
+   from prngd is enabled at compile time but fails at run time, eg because
+   prngd is not running.  Note that if you have prngd running when OpenSSH is
+   built, OpenSSL will consider itself internally seeded and rand-helper won't
+   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@
+ - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
+   on some wacky platforms (eg old AIXes), dd will refuse to create an output
+   file if it doesn't exist.
+
+20041213
+ - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
+   amarendra.godbole at ge com.
+
+20041211
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/12/06 16:00:43
+     [bufaux.c]
+     use 0x00 not \0 since buf[] is a bignum
+   - fgsch@cvs.openbsd.org 2004/12/10 03:10:42
+     [sftp.c]
+     - fix globbed ls for paths the same lenght as the globbed path when
+       we have a unique matching.
+     - fix globbed ls in case of a directory when we have a unique matching.
+     - as a side effect, if the path does not exist error (used to silently
+       ignore).
+     - don't do extra do_lstat() if we only have one matching file.
+     djm@ ok
+   - dtucker@cvs.openbsd.org 2004/12/11 01:48:56
+     [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
+     Fix debug call in error path of authorized_keys processing and fix related
+     warnings; ok djm@
+
+20041208
+ - (tim) [configure.ac] Comment some non obvious platforms in the
+ target-specific case statement. Suggested and OK by dtucker@
+
+20041207
+ - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
+
+20041206
+ - (dtucker) [TODO WARNING.RNG] Update to reflect current reality.  ok djm@
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/11/25 22:22:14
+     [sftp-client.c sftp.c]
+     leak; from mpech
+   - jmc@cvs.openbsd.org 2004/11/29 00:05:17
+     [sftp.1]
+     missing full stop;
+   - djm@cvs.openbsd.org 2004/11/29 07:41:24
+     [sftp-client.h sftp.c]
+     Some small fixes from moritz@jodeit.org. ok deraadt@
+   - jaredy@cvs.openbsd.org 2004/12/05 23:55:07
+     [sftp.1]
+     - explain that patterns can be used as arguments in get/put/ls/etc
+       commands (prodded by Michael Knudsen)
+     - describe ls flags as a list
+     - other minor improvements
+     ok jmc, djm
+   - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
+     [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
+     Discard over-length authorized_keys entries rather than complaining when
+     they don't decode.  bz #884, with & ok djm@
+ - (dtucker) OpenBSD CVS Sync (regress/)
+   - djm@cvs.openbsd.org 2004/06/26 06:16:07
+     [reexec.sh]
+     don't change the name of the copied sshd for the reexec fallback test,
+     makes life simpler for portable
+   - dtucker@cvs.openbsd.org 2004/07/08 12:59:35
+     [scp.sh]
+     Regress test for bz #863 (scp double-error), requires $SUDO.  ok markus@
+   - david@cvs.openbsd.org 2004/07/09 19:45:43
+     [Makefile]
+     add a missing CLEANFILES used in the re-exec test
+   - djm@cvs.openbsd.org 2004/10/08 02:01:50
+     [reexec.sh]
+     shrink and tidy; ok dtucker@
+   - djm@cvs.openbsd.org 2004/10/29 23:59:22
+     [Makefile added brokenkeys.sh]
+     regression test for handling of corrupt keys in authorized_keys file
+   - djm@cvs.openbsd.org 2004/11/07 00:32:41
+     [multiplex.sh]
+     regression tests for new multiplex commands
+   - dtucker@cvs.openbsd.org 2004/11/25 09:39:27
+     [test-exec.sh]
+     Remove obsolete RhostsAuthentication from test config; ok markus@
+   - dtucker@cvs.openbsd.org 2004/12/06 10:49:56
+     [test-exec.sh]
+     Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
+
+20041203
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2004/11/07 17:42:36
+     [ssh.1]
+     options sort, and whitespace;
+   - jmc@cvs.openbsd.org 2004/11/07 17:57:30
+     [ssh.c]
+     usage():
+     - add -O
+     - sync -S w/ manpage
+     - remove -h
+ - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
+   subsequently denied by the PAM auth stack, send the PAM message to the
+   user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
+   ok djm@
+
+20041107
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2004/11/05 12:19:56
+     [sftp.c]
+     command editing and history support via libedit; ok markus@
+     thanks to hshoexer@ and many testers on tech@ too
+   - djm@cvs.openbsd.org 2004/11/07 00:01:46
+     [clientloop.c clientloop.h ssh.1 ssh.c]
+     add basic control of a running multiplex master connection; including the
+     ability to check its status and request it to exit; ok markus@
+ - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
+   option and supporting makefile bits and documentation.
+
+20041105
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/08/30 09:18:08
+     [LICENCE]
+     s/keygen/keyscan/
+   - jmc@cvs.openbsd.org 2004/08/30 21:22:49
+     [ssh-add.1 ssh.1]
+     .Xsession -> .xsession;
+     originally from a pr from f at obiit dot org, but missed by myself;
+     ok markus@ matthieu@
+   - djm@cvs.openbsd.org 2004/09/07 23:41:30
+     [clientloop.c ssh.c]
+     cleanup multiplex control socket on SIGHUP too, spotted by sturm@
+     ok markus@ deraadt@
+   - deraadt@cvs.openbsd.org 2004/09/15 00:46:01
+     [ssh.c]
+     /* fallthrough */ is something a programmer understands.  But
+     /* FALLTHROUGH */ is also understood by lint, so that is better.
+   - jaredy@cvs.openbsd.org 2004/09/15 03:25:41
+     [sshd_config.5]
+     mention PrintLastLog only prints last login time for interactive
+     sessions, like PrintMotd mentions.
+     From Michael Knudsen, with wording changed slightly to match the
+     PrintMotd description.
+     ok djm
+   - mickey@cvs.openbsd.org 2004/09/15 18:42:27
+     [sshd.c]
+     use less doubles in daemons; markus@ ok
+   - deraadt@cvs.openbsd.org 2004/09/15 18:46:04
+     [scp.c]
+     scratch that do { } while (0) wrapper in this case
+   - djm@cvs.openbsd.org 2004/09/23 13:00:04
+     [ssh.c]
+     correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
+   - djm@cvs.openbsd.org 2004/09/25 03:45:14
+     [sshd.c]
+     these printf args are no longer double; ok deraadt@ markus@
+   - djm@cvs.openbsd.org 2004/10/07 10:10:24
+     [scp.1 sftp.1 ssh.1 ssh_config.5]
+     document KbdInteractiveDevices; ok markus@
+   - djm@cvs.openbsd.org 2004/10/07 10:12:36
+     [ssh-agent.c]
+     don't unlink agent socket when bind() fails, spotted by rich AT
+     rich-paul.net, ok markus@
+   - markus@cvs.openbsd.org 2004/10/20 11:48:53
+     [packet.c ssh1.h]
+     disconnect for invalid (out of range) message types.
+   - djm@cvs.openbsd.org 2004/10/29 21:47:15
+     [channels.c channels.h clientloop.c]
+     fix some window size change bugs for multiplexed connections: windows sizes
+     were not being updated if they had changed after ~^Z suspends and SIGWINCH
+     was not being processed unless the first connection had requested a tty;
+     ok markus
+   - djm@cvs.openbsd.org 2004/10/29 22:53:56
+     [clientloop.c misc.h readpass.c ssh-agent.c]
+     factor out common permission-asking code to separate function; ok markus@
+   - djm@cvs.openbsd.org 2004/10/29 23:56:17
+     [bufaux.c bufaux.h buffer.c buffer.h]
+     introduce a new buffer API that returns an error rather than fatal()ing
+     when presented with bad data; ok markus@
+   - djm@cvs.openbsd.org 2004/10/29 23:57:05
+     [key.c]
+     use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
+     files; ok markus@
+
+20041102
+ - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
+   10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
+   only if a conflict is detected.
+
+20041019
+ - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
+   on Cygwin.  Cygwin parts from vinschen at redhat com; ok djm@
+
+20041016
+ - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
+   ok dtucker@
+
+20041006
+ - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
+   and other PAM platforms.
+ - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
+   to void * to appease picky compilers (eg Tru64's "cc -std1").
+
+20040930
+ - (dtucker) [configure.ac] Set AC_PACKAGE_NAME.  ok djm@
+
+20040923
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
+   which could have caused the justification to be wrong.  ok djm@
+
+20040921
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
+   ok djm@
+ - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
+   install process.  Patch from vinschen at redhat.com.
+
+20040912
+ - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
+   No change in resultant binary
+ - (djm) [loginrec.c] __func__ifiy
+ - (djm) [loginrec.c] xmalloc
+ - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
+   banner. Suggested by deraadt@, ok mouring@, dtucker@
+ - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
+   Partly by & ok djm@.
+
+20040911
+ - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
+ - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
+   failing PAM session modules to user then exit, similar to the way
+   /etc/nologin is handled.  ok djm@
+ - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
+ - (djm) [auth2-kbdint.c auth2-none.c  auth2-passwd.c auth2-pubkey.c] 
+   Make cygwin code more consistent with that which surrounds it
+ - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
+   Bug #892: Send messages from failing PAM account modules to the client via
+   SSH2_MSG_USERAUTH_BANNER messages.  Note that this will not happen with
+   SSH2 kbdint authentication, which need to be dealt with separately.  ok djm@
+ - (dtucker) [session.c] Bug #927: make .hushlogin silent again.  ok djm@
+ - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
+   Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me.  ok djm@
+ - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM.  From deengert
+   at anl.gov, ok djm@
+
+20040830
+ - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
+   copy required environment variables on Cygwin.  Patch from vinschen at
+   redhat.com, ok djm@
+ - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too.  Patch from
+   vinschen at redhat.com.
+ - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
+   of shell constructs.  Patch from cjwatson at debian.org.
+
+20040829
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
+   failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
+   From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2004/08/23 11:48:09
+     [authfile.c]
+     fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
+   - djm@cvs.openbsd.org 2004/08/23 11:48:47
+     [channels.c]
+     typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
+   - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
+     [ssh-keysign.c ssh.c]
+     Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
+     change in Portable; ok markus@ (CVS ID sync only)
+   - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
+     [ssh-keysign.c]
+     Remove duplicate getuid(), suggested by & ok markus@
+   - markus@cvs.openbsd.org 2004/08/26 16:00:55
+     [ssh.1 sshd.8]
+     get rid of references to rhosts authentication; with jmc@
+   - djm@cvs.openbsd.org 2004/08/28 01:01:48
+     [sshd.c]
+     don't erroneously close stdin for !reexec case, from Dave Johnson;
+     ok markus@
+ - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
+   fixes configure warning on Solaris reported by wknox at mitre.org.
+ - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
+   support FD passing since multiplex requires it.  Noted by tim@
+ - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
+   down, needed on some platforms, should be harmless on others.  Patch from
+   jason at devrandom.org.
+ - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
+   files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
+ - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
+   builds too, from vinschen at redhat.com.
+ - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
+   too; patch from cmadams at hiwaay.net.
+ - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
+ - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
+   accounts with authentication configs that sshd can't support (ie
+   SYSTEM=NONE and AUTH1=something).
+
+20040828
+ - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
+   vinschen at redhat.com.
+
+20040823
+ - (djm) [ssh-rand-helper.c] Typo. Found by 
+   Martin.Kraemer AT Fujitsu-Siemens.com
+ - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by 
+   Martin.Kraemer AT Fujitsu-Siemens.com
+
 20040817
  - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
  - (djm) OpenBSD CVS Sync
@@ -1654,4 +2321,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $
+$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $
diff --git a/INSTALL b/INSTALL
index dae1bb159..4fc3744f3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -52,6 +52,14 @@ http://www.lothar.com/tech/crypto/
 S/Key Libraries:
 http://www.sparc.spb.su/solaris/skey/
 
+LibEdit:
+
+sftp now supports command-line editing via NetBSD's libedit.  If your
+platform has it available natively you can use that, alternatively
+you might try these multi-platform ports:
+http://www.thrysoee.dk/editline/
+http://sourceforge.net/projects/libedit/
+
 If you wish to use --with-skey then you will need the above library
 installed.  No other current S/Key library is currently known to be
 supported.
@@ -192,7 +200,20 @@ running and has collected some Entropy.
 For more information on configuration, please refer to the manual pages
 for sshd, ssh and ssh-agent.
 
-4. Problems?
+4. (Optional) Send survey
+-------------------------
+
+$ make survey
+[check the contents and make sure there's no sensitive information]
+$ make send-survey
+
+This will send configuration information for the currently configured
+host to a survey address.  This will help determine which configurations
+are actually in use, and what valid combinations of configure options
+exist.  The raw data is available only to the OpenSSH developers, however
+summary data may be published.
+
+5. Problems?
 ------------
 
 If you experience problems compiling, installing or running OpenSSH.
@@ -200,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
 
 
-$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $
+$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $
diff --git a/LICENCE b/LICENCE
index d8c157304..ae03eb3a7 100644
--- a/LICENCE
+++ b/LICENCE
@@ -97,7 +97,7 @@ OpenSSH contains no GPL code.
      * <http://www.core-sdi.com>
 
 3)
-    ssh-keygen was contributed by David Mazieres under a BSD-style
+    ssh-keyscan was contributed by David Mazieres under a BSD-style
     license.
 
      * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
@@ -203,6 +203,7 @@ OpenSSH contains no GPL code.
         Wayne Schroeder
         William Jones
         Darren Tucker
+        Sun Microsystems
 
      * Redistribution and use in source and binary forms, with or without
      * modification, are permitted provided that the following conditions
@@ -329,4 +330,4 @@ OpenSSH contains no GPL code.
 
 
 ------
-$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $
+$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $
diff --git a/Makefile.in b/Makefile.in
index ea0f9c3ef..bca425d36 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $
+# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -43,6 +43,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+LIBEDIT=@LIBEDIT@
 LIBPAM=@LIBPAM@
 LIBWRAP=@LIBWRAP@
 AR=@AR@
@@ -84,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
         auth-krb5.o \
         auth2-gss.o gss-serv.o gss-serv-krb5.o \
-        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o
+        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+        audit.o audit-bsm.o
 
 MANPAGES        = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN     = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@@ -158,7 +160,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
         $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
-        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
 
 ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
         $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -194,13 +196,13 @@ moduli:
 
 clean:  regressclean
         rm -f *.o *.a $(TARGETS) logintest config.cache config.log
-        rm -f *.out core
+        rm -f *.out core survey
         (cd openbsd-compat && $(MAKE) clean)
 
 distclean:      regressclean
         rm -f *.o *.a $(TARGETS) logintest config.cache config.log
         rm -f *.out core opensshd.init
-        rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~
+        rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~
         rm -rf autom4te.cache
         (cd openbsd-compat && $(MAKE) distclean)
         (cd scard && $(MAKE) distclean)
@@ -228,8 +230,9 @@ distprep: catman-do
         -rm -rf autom4te.cache
         (cd scard && $(MAKE) -f Makefile.in distprep)
 
-install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
-install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
+install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
+install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
 
 check-config:
         -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
@@ -279,6 +282,8 @@ install-files: scard-install
         ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
         ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+install-sysconf:
         if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
                 $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
         fi
@@ -376,7 +381,7 @@ tests:	$(TARGETS)
         BUILDDIR=`pwd`; \
         [ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress; \
         [ -f `pwd`/regress/Makefile ]  || \
-            ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
+            ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
         TEST_SHELL="@TEST_SHELL@"; \
         TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
         TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
@@ -410,6 +415,15 @@ regressclean:
                 (cd regress && $(MAKE) clean) \
         fi
 
+survey: survey.sh ssh
+        @$(SHELL) ./survey.sh > survey
+        @echo 'The survey results have been placed in the file "survey" in the'
+        @echo 'current directory.  Please review the file then send with'
+        @echo '"make send-survey".'
+
+send-survey:    survey
+        mail portable-survey@mindrot.org <survey
+
 package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
         if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
                 sh buildpkg.sh; \
diff --git a/README b/README
index 8724d8b5a..0c5335ff5 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-3.8.1 for the release notes.
+See http://www.openssh.com/txt/release-4.0 for the release notes.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -61,4 +61,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.56 2004/08/14 00:26:30 djm Exp $
+$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $
diff --git a/README.platform b/README.platform
index 880b83c63..af551de48 100644
--- a/README.platform
+++ b/README.platform
@@ -13,6 +13,15 @@ Accounts in this state must have their passwords reset manually by the
 administrator.  As a precaution, it is recommended that the administrative
 passwords be reset before upgrading from OpenSSH <3.8.
 
+As of OpenSSH 4.0, configure will attempt to detect if your version
+and maintenance level of AIX has a working getaddrinfo, and will use it
+if found.  This will enable IPv6 support.  If for some reason configure
+gets it wrong, or if you want to build binaries to work on earlier MLs
+than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS
+to force the previous IPv4-only behaviour.
+
+IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5
+IPv6 known broken: 4.3.3ML11 5.1ML4
 
 Cygwin
 ------
@@ -23,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel.
 
 Solaris
 -------
-Currently, sshd does not support BSM auditting.  This can show up as errors
-when editting cron entries via crontab.  See.
-http://bugzilla.mindrot.org/show_bug.cgi?id=125
+If you enable BSM auditing on Solaris, you need to update audit_event(4)
+for praudit(1m) to give sensible output.  The following line needs to be
+added to /etc/security/audit_event:
+
+        32800:AUE_openssh:OpenSSH login:lo
+
+The BSM audit event range available for third party TCB applications is
+32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
+There is no official registry of 3rd party event numbers, so if this
+number is already in use on your system, you may change it at build time
+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
+
 
-$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $
+$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $
diff --git a/README.privsep b/README.privsep
index 32403770d..ecb9d6914 100644
--- a/README.privsep
+++ b/README.privsep
@@ -38,9 +38,8 @@ privsep user and chroot directory:
 Privsep requires operating system support for file descriptor passing.
 Compression will be disabled on systems without a working mmap MAP_ANON.
 
-PAM-enabled OpenSSH is known to function with privsep on Linux.
-It does not function on HP-UX with a trusted system
-configuration.
+PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX
+(including Trusted Mode), Linux and Solaris.
 
 On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
 part of privsep is supported.  Post-authentication privsep is disabled
@@ -61,4 +60,4 @@ process 1005 is the sshd process listening for new connections.
 process 6917 is the privileged monitor process, 6919 is the user owned
 sshd process and 6921 is the shell process.
 
-$Id: README.privsep,v 1.14 2004/06/28 03:50:36 tim Exp $
+$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $
diff --git a/TODO b/TODO
index 1b1d03c43..e8aaa4b96 100644
--- a/TODO
+++ b/TODO
@@ -30,13 +30,8 @@ Programming:
 
 - More platforms for for setproctitle() emulation (testing needed)
 
-- Improve PAM support (a pam_lastlog module will cause sshd to exit)
-  and maybe support alternate forms of authentications like OPIE via
-  pam?
-
 - Improve PAM ChallengeResponseAuthentication
  - Informational messages
- - chauthtok
  - Use different PAM service name for kbdint vs regular auth (suggest from
    Solar Designer)
  - Ability to select which ChallengeResponseAuthentications may be used
@@ -59,8 +54,6 @@ Clean up configure/makefiles:
   information in wtmpx or utmpx or any of that stuff if it's not detected
   from the start
 
-- Fails to compile when cross compile. (vinschen@redhat.com)
-
 - Replace the whole u_intXX_t evilness in acconfig.h with something better???
  - Do it in configure.ac
 
@@ -72,10 +65,6 @@ Clean up configure/makefiles:
   entropy related stuff into another.
 
 Packaging:
-- Solaris: Update packaging scripts and build new sysv startup scripts
-  Ideally the package metadata should be generated by autoconf.
-  (gilbert.r.loomis@saic.com)
-
 - HP-UX: Provide DEPOT package scripts.
   (gilbert.r.loomis@saic.com)
 
@@ -94,4 +83,4 @@ PrivSep Issues:
 - Cygwin
   + Privsep for Pre-auth only (no fd passing)
 
-$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $
+$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $
diff --git a/WARNING.RNG b/WARNING.RNG
index 5d4ea8753..687891a73 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time,
 especially on slower machines. Additionally some program can take a
 disproportionate time to execute.
 
-Tuning the default entropy collection code is difficult at this point.
-It requires doing 'times ./ssh-rand-helper'  and modifying the
-($etcdir)/ssh_prng_cmds until you have found the issue.  In the next
-release we will be looking at support '-v' for verbose output to allow
-easier debugging.
+Tuning the random helper can be done by running ./ssh-random-helper in
+very verbose mode ("-vvv") and identifying the commands that are taking
+accessive amounts of time or hanging altogher.  Any problem commands can
+be modified or removed from ssh_prng_cmds.
 
 The default entropy collector will timeout programs which take too long
 to execute, the actual timeout used can be adjusted with the
@@ -93,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
 prngd/egd and configure OpenSSH using --with-prngd-port=xx or
 --with-prngd-socket=xx (refer to INSTALL for more information).
 
-$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $
+$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $
diff --git a/acconfig.h b/acconfig.h
index 014413505..5721f65fb 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -52,9 +52,6 @@
 #undef SPT_TYPE
 #undef SPT_PADCHAR
 
-/* setgroups() NOOP allowed */
-#undef SETGROUPS_NOOP
-
 /* SCO workaround */
 #undef BROKEN_SYS_TERMIO_H
 
diff --git a/audit-bsm.c b/audit-bsm.c
new file mode 100644
index 000000000..c2679d3da
--- /dev/null
+++ b/audit-bsm.c
@@ -0,0 +1,329 @@
+/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */
+
+/*
+ * TODO
+ *
+ * - deal with overlap between this and sys_auth_allowed_user
+ *   sys_auth_record_login and record_failed_login.
+ */
+
+/*
+ * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* #pragma ident        "@(#)bsmaudit.c 1.1     01/09/17 SMI" */
+
+#include "includes.h"
+#if defined(USE_BSM_AUDIT)
+
+#include "ssh.h"
+#include "log.h"
+#include "auth.h"
+#include "xmalloc.h"
+
+#ifndef AUE_openssh
+# define AUE_openssh     32800
+#endif
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+#include <bsm/audit_record.h>
+#include <locale.h>
+
+#if defined(HAVE_GETAUDIT_ADDR)
+#define AuditInfoStruct         auditinfo_addr
+#define AuditInfoTermID         au_tid_addr_t
+#define GetAuditFunc(a,b)       getaudit_addr((a),(b))
+#define GetAuditFuncText        "getaudit_addr"
+#define SetAuditFunc(a,b)       setaudit_addr((a),(b))
+#define SetAuditFuncText        "setaudit_addr"
+#define AUToSubjectFunc         au_to_subject_ex
+#define AUToReturnFunc(a,b)     au_to_return32((a), (int32_t)(b))
+#else
+#define AuditInfoStruct         auditinfo
+#define AuditInfoTermID         au_tid_t
+#define GetAuditFunc(a,b)       getaudit(a)
+#define GetAuditFuncText        "getaudit"
+#define SetAuditFunc(a,b)       setaudit(a)
+#define SetAuditFuncText        "setaudit"
+#define AUToSubjectFunc         au_to_subject
+#define AUToReturnFunc(a,b)     au_to_return((a), (u_int)(b))
+#endif
+
+extern int      cannot_audit(int);
+extern void     aug_init(void);
+extern dev_t    aug_get_port(void);
+extern int      aug_get_machine(char *, u_int32_t *, u_int32_t *);
+extern void     aug_save_auid(au_id_t);
+extern void     aug_save_uid(uid_t);
+extern void     aug_save_euid(uid_t);
+extern void     aug_save_gid(gid_t);
+extern void     aug_save_egid(gid_t);
+extern void     aug_save_pid(pid_t);
+extern void     aug_save_asid(au_asid_t);
+extern void     aug_save_tid(dev_t, unsigned int);
+extern void     aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
+extern int      aug_save_me(void);
+extern int      aug_save_namask(void);
+extern void     aug_save_event(au_event_t);
+extern void     aug_save_sorf(int);
+extern void     aug_save_text(char *);
+extern void     aug_save_text1(char *);
+extern void     aug_save_text2(char *);
+extern void     aug_save_na(int);
+extern void     aug_save_user(char *);
+extern void     aug_save_path(char *);
+extern int      aug_save_policy(void);
+extern void     aug_save_afunc(int (*)(int));
+extern int      aug_audit(void);
+extern int      aug_na_selected(void);
+extern int      aug_selected(void);
+extern int      aug_daemon_session(void);
+
+#ifndef HAVE_GETTEXT
+# define gettext(a)     (a)
+#endif
+
+extern Authctxt *the_authctxt;
+static AuditInfoTermID ssh_bsm_tid;
+
+/* Below is the low-level BSM interface code */
+
+/*
+ * Check if the specified event is selected (enabled) for auditing.
+ * Returns 1 if the event is selected, 0 if not and -1 on failure.
+ */
+static int
+selected(char *username, uid_t uid, au_event_t event, int sf)
+{
+        int rc, sorf;
+        char naflags[512];
+        struct au_mask mask;
+
+        mask.am_success = mask.am_failure = 0;
+        if (uid < 0) {
+                /* get flags for non-attributable (to a real user) events */
+                rc = getacna(naflags, sizeof(naflags));
+                if (rc == 0)
+                        (void) getauditflagsbin(naflags, &mask);
+        } else
+                rc = au_user_mask(username, &mask);
+
+        sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
+        return(au_preselect(event, &mask, sorf, AU_PRS_REREAD));
+}
+
+static void
+bsm_audit_record(int typ, char *string, au_event_t event_no)
+{
+        int             ad, rc, sel;
+        uid_t           uid = -1;
+        gid_t           gid = -1;
+        pid_t           pid = getpid();
+        AuditInfoTermID tid = ssh_bsm_tid;
+
+        if (the_authctxt != NULL && the_authctxt->valid) {
+                uid = the_authctxt->pw->pw_uid;
+                gid = the_authctxt->pw->pw_gid;
+        }
+
+        rc = (typ == 0) ? 0 : -1;
+        sel = selected(the_authctxt->user, uid, event_no, rc);
+        debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
+        if (!sel)
+                return; /* audit event does not match mask, do not write */
+
+        debug3("BSM audit: writing audit new record");
+        ad = au_open();
+
+        (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
+            pid, pid, &tid));
+        (void) au_write(ad, au_to_text(string));
+        (void) au_write(ad, AUToReturnFunc(typ, rc));
+
+        rc = au_close(ad, AU_TO_WRITE, event_no);
+        if (rc < 0)
+                error("BSM audit: %s failed to write \"%s\" record: %s",
+                    __func__, string, strerror(errno));
+}
+
+static void
+bsm_audit_session_setup(void)
+{
+        int rc;
+        struct AuditInfoStruct info;
+        au_mask_t mask;
+
+        if (the_authctxt == NULL) {
+                error("BSM audit: session setup internal error (NULL ctxt)");
+                return;
+        }
+
+        if (the_authctxt->valid)
+                info.ai_auid = the_authctxt->pw->pw_uid;
+        else
+                info.ai_auid = -1;
+        info.ai_asid = getpid();
+        mask.am_success = 0;
+        mask.am_failure = 0;
+
+        (void) au_user_mask(the_authctxt->user, &mask);
+
+        info.ai_mask.am_success  = mask.am_success;
+        info.ai_mask.am_failure  = mask.am_failure;
+
+        info.ai_termid = ssh_bsm_tid;
+
+        rc = SetAuditFunc(&info, sizeof(info));
+        if (rc < 0)
+                error("BSM audit: %s: %s failed: %s", __func__,
+                    SetAuditFuncText, strerror(errno));
+}
+
+static void
+bsm_audit_bad_login(const char *what)
+{
+        char textbuf[BSM_TEXTBUFSZ];
+
+        if (the_authctxt->valid) {
+                (void) snprintf(textbuf, sizeof (textbuf),
+                        gettext("invalid %s for user %s"),
+                            what, the_authctxt->user);
+                bsm_audit_record(4, textbuf, AUE_openssh);
+        } else {
+                (void) snprintf(textbuf, sizeof (textbuf),
+                        gettext("invalid user name \"%s\""),
+                            the_authctxt->user);
+                bsm_audit_record(3, textbuf, AUE_openssh);
+        }
+}
+
+/* Below is the sshd audit API code */
+
+void
+audit_connection_from(const char *host, int port)
+{
+        AuditInfoTermID *tid = &ssh_bsm_tid;
+        char buf[1024];
+
+        if (cannot_audit(0))
+                return;
+        debug3("BSM audit: connection from %.100s port %d", host, port);
+
+        /* populate our terminal id structure */
+#if defined(HAVE_GETAUDIT_ADDR)
+        tid->at_port = (dev_t)port;
+        aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type));
+        snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0],
+            tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]);
+        debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf);
+#else
+        /* this is used on IPv4-only machines */
+        tid->port = (dev_t)port;
+        tid->machine = inet_addr(host);
+        snprintf(buf, sizeof(buf), "%08x", tid->machine);
+        debug3("BSM audit: machine ID %s", buf);
+#endif
+}
+
+void
+audit_run_command(const char *command)
+{
+        /* not implemented */
+}
+
+void
+audit_session_open(const char *ttyn)
+{
+        /* not implemented */
+}
+
+void
+audit_session_close(const char *ttyn)
+{
+        /* not implemented */
+}
+
+void
+audit_event(ssh_audit_event_t event)
+{
+        char    textbuf[BSM_TEXTBUFSZ];
+        static int logged_in = 0;
+        const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";
+
+        if (cannot_audit(0))
+                return;
+
+        switch(event) {
+        case SSH_AUTH_SUCCESS:
+                logged_in = 1;
+                bsm_audit_session_setup();
+                snprintf(textbuf, sizeof(textbuf),
+                    gettext("successful login %s"), user);
+                bsm_audit_record(0, textbuf, AUE_openssh);
+                break;
+
+        case SSH_CONNECTION_CLOSE:
+                /*
+                 * We can also get a close event if the user attempted auth
+                 * but never succeeded.
+                 */
+                if (logged_in) {
+                        snprintf(textbuf, sizeof(textbuf),
+                            gettext("sshd logout %s"), the_authctxt->user);
+                        bsm_audit_record(0, textbuf, AUE_logout);
+                } else {
+                        debug("%s: connection closed without authentication",
+                            __func__);
+                }
+                break;
+
+        case SSH_NOLOGIN:
+                bsm_audit_record(1,
+                    gettext("logins disabled by /etc/nologin"), AUE_openssh);
+                break;
+
+        case SSH_LOGIN_EXCEED_MAXTRIES:
+                snprintf(textbuf, sizeof(textbuf),
+                    gettext("too many tries for user %s"), the_authctxt->user);
+                bsm_audit_record(1, textbuf, AUE_openssh);
+                break;
+
+        case SSH_LOGIN_ROOT_DENIED:
+                bsm_audit_record(2, gettext("not_console"), AUE_openssh);
+                break;
+
+        case SSH_AUTH_FAIL_PASSWD:
+                bsm_audit_bad_login("password");
+                break;
+
+        case SSH_AUTH_FAIL_KBDINT:
+                bsm_audit_bad_login("interactive password entry");
+                break;
+
+        default:
+                debug("%s: unhandled event %d", __func__, event);
+        }
+}
+#endif /* BSM */
diff --git a/audit.c b/audit.c
new file mode 100644
index 000000000..18fc41047
--- /dev/null
+++ b/audit.c
@@ -0,0 +1,181 @@
+/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef SSH_AUDIT_EVENTS
+
+#include "audit.h"
+#include "log.h"
+#include "auth.h"
+
+/*
+ * Care must be taken when using this since it WILL NOT be initialized when
+ * audit_connection_from() is called and MAY NOT be initialized when
+ * audit_event(CONNECTION_ABANDON) is called.  Test for NULL before using.
+ */
+extern Authctxt *the_authctxt;
+
+/* Maybe add the audit class to struct Authmethod? */
+ssh_audit_event_t
+audit_classify_auth(const char *method)
+{
+        if (strcmp(method, "none") == 0)
+                return SSH_AUTH_FAIL_NONE;
+        else if (strcmp(method, "password") == 0)
+                return SSH_AUTH_FAIL_PASSWD;
+        else if (strcmp(method, "publickey") == 0 ||
+            strcmp(method, "rsa") == 0)
+                return SSH_AUTH_FAIL_PUBKEY;
+        else if (strncmp(method, "keyboard-interactive", 20) == 0 ||
+            strcmp(method, "challenge-response") == 0)
+                return SSH_AUTH_FAIL_KBDINT;
+        else if (strcmp(method, "hostbased") == 0 ||
+            strcmp(method, "rhosts-rsa") == 0)
+                return SSH_AUTH_FAIL_HOSTBASED;
+        else if (strcmp(method, "gssapi-with-mic") == 0)
+                return SSH_AUTH_FAIL_GSSAPI;
+        else
+                return SSH_AUDIT_UNKNOWN;
+}
+
+/* helper to return supplied username */
+const char *
+audit_username(void)
+{
+        static const char unknownuser[] = "(unknown user)";
+        static const char invaliduser[] = "(invalid user)";
+
+        if (the_authctxt == NULL || the_authctxt->user == NULL)
+                return (unknownuser);
+        if (!the_authctxt->valid)
+                return (invaliduser);
+        return (the_authctxt->user);
+}
+
+const char *
+audit_event_lookup(ssh_audit_event_t ev)
+{
+        int i;
+        static struct event_lookup_struct {
+                ssh_audit_event_t event;
+                const char *name;
+        } event_lookup[] = {
+                {SSH_LOGIN_EXCEED_MAXTRIES,     "LOGIN_EXCEED_MAXTRIES"},
+                {SSH_LOGIN_ROOT_DENIED,         "LOGIN_ROOT_DENIED"},
+                {SSH_AUTH_SUCCESS,              "AUTH_SUCCESS"},
+                {SSH_AUTH_FAIL_NONE,            "AUTH_FAIL_NONE"},
+                {SSH_AUTH_FAIL_PASSWD,          "AUTH_FAIL_PASSWD"},
+                {SSH_AUTH_FAIL_KBDINT,          "AUTH_FAIL_KBDINT"},
+                {SSH_AUTH_FAIL_PUBKEY,          "AUTH_FAIL_PUBKEY"},
+                {SSH_AUTH_FAIL_HOSTBASED,       "AUTH_FAIL_HOSTBASED"},
+                {SSH_AUTH_FAIL_GSSAPI,          "AUTH_FAIL_GSSAPI"},
+                {SSH_INVALID_USER,              "INVALID_USER"},
+                {SSH_NOLOGIN,                   "NOLOGIN"},
+                {SSH_CONNECTION_CLOSE,          "CONNECTION_CLOSE"},
+                {SSH_CONNECTION_ABANDON,        "CONNECTION_ABANDON"},
+                {SSH_AUDIT_UNKNOWN,             "AUDIT_UNKNOWN"}
+        };
+
+        for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++)
+                if (event_lookup[i].event == ev)
+                        break;
+        return(event_lookup[i].name);
+}
+
+# ifndef CUSTOM_SSH_AUDIT_EVENTS
+/*
+ * Null implementations of audit functions.
+ * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled.
+ */
+
+/*
+ * Called after a connection has been accepted but before any authentication
+ * has been attempted.
+ */
+void
+audit_connection_from(const char *host, int port)
+{
+        debug("audit connection from %s port %d euid %d", host, port,
+           (int)geteuid());
+}
+
+/*
+ * Called when various events occur (see audit.h for a list of possible
+ * events and what they mean).
+ */
+void
+audit_event(ssh_audit_event_t event)
+{
+        debug("audit event euid %d user %s event %d (%s)", geteuid(),
+            audit_username(), event, audit_event_lookup(event));
+}
+
+/*
+ * Called when a user session is started.  Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+ * Note that this may be called multiple times if multiple sessions are used
+ * within a single connection.
+ */
+void
+audit_session_open(const char *ttyn)
+{
+        const char *t = ttyn ? ttyn : "(no tty)";
+
+        debug("audit session open euid %d user %s tty name %s", geteuid(),
+             audit_username(), t);
+}
+
+/*
+ * Called when a user session is closed.  Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+ * Note that this may be called multiple times if multiple sessions are used
+ * within a single connection.
+ */
+void
+audit_session_close(const char *ttyn)
+{
+        const char *t = ttyn ? ttyn : "(no tty)";
+
+        debug("audit session close euid %d user %s tty name %s", geteuid(),
+             audit_username(), t);
+}
+
+/*
+ * This will be called when a user runs a non-interactive command.  Note that
+ * it may be called multiple times for a single connection since SSH2 allows
+ * multiple sessions within a single connection.
+ */
+void
+audit_run_command(const char *command)
+{
+        debug("audit run command euid %d user %s command '%.200s'", geteuid(),
+            audit_username(), command);
+}
+# endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
+#endif /* SSH_AUDIT_EVENTS */
diff --git a/audit.h b/audit.h
new file mode 100644
index 000000000..78e58966f
--- /dev/null
+++ b/audit.h
@@ -0,0 +1,56 @@
+/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "auth.h"
+
+#ifndef _SSH_AUDIT_H
+# define _SSH_AUDIT_H
+enum ssh_audit_event_type {
+        SSH_LOGIN_EXCEED_MAXTRIES,
+        SSH_LOGIN_ROOT_DENIED,
+        SSH_AUTH_SUCCESS,
+        SSH_AUTH_FAIL_NONE,
+        SSH_AUTH_FAIL_PASSWD,
+        SSH_AUTH_FAIL_KBDINT,   /* keyboard-interactive or challenge-response */
+        SSH_AUTH_FAIL_PUBKEY,   /* ssh2 pubkey or ssh1 rsa */
+        SSH_AUTH_FAIL_HOSTBASED,        /* ssh2 hostbased or ssh1 rhostsrsa */
+        SSH_AUTH_FAIL_GSSAPI,
+        SSH_INVALID_USER,
+        SSH_NOLOGIN,            /* denied by /etc/nologin, not implemented */
+        SSH_CONNECTION_CLOSE,   /* closed after attempting auth or session */
+        SSH_CONNECTION_ABANDON, /* closed without completing auth */
+        SSH_AUDIT_UNKNOWN
+};
+typedef enum ssh_audit_event_type ssh_audit_event_t;
+
+void    audit_connection_from(const char *, int);
+void    audit_event(ssh_audit_event_t);
+void    audit_session_open(const char *);
+void    audit_session_close(const char *);
+void    audit_run_command(const char *);
+ssh_audit_event_t audit_classify_auth(const char *);
+
+#endif /* _SSH_AUDIT_H */
diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index 2ac27a7a2..920c977d8 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $");
 
 #ifdef BSD_AUTH
 #include "xmalloc.h"
@@ -83,6 +83,9 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses)
         Authctxt *authctxt = ctx;
         int authok;
 
+        if (!authctxt->valid)
+                return -1;
+
         if (authctxt->as == 0)
                 error("bsdauth_respond: no bsd auth session");
 
diff --git a/auth-chall.c b/auth-chall.c
index a9d314dd2..e4f783096 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $");
 #include "auth.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "servconf.h"
 
 /* limited protocol v1 interface to kbd-interactive authentication */
 
 extern KbdintDevice *devices[];
 static KbdintDevice *device;
+extern ServerOptions options;
 
 char *
 get_challenge(Authctxt *authctxt)
@@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt)
         u_int i, numprompts;
         u_int *echo_on;
 
+#ifdef USE_PAM
+        if (!options.use_pam)
+                remove_kbdint_device("pam");
+#endif
+
         device = devices[0]; /* we always use the 1st device for protocol 1 */
         if (device == NULL)
                 return NULL;
diff --git a/auth-krb5.c b/auth-krb5.c
index a324ff15c..2f742534a 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -187,6 +187,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
         snprintf(authctxt->krb5_ccname, len, "FILE:%s",
             authctxt->krb5_ticket_file);
 
+#ifdef USE_PAM
+        if (options.use_pam)
+                do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
+#endif
+
  out:
         restore_uid();
 
diff --git a/auth-options.c b/auth-options.c
index 0e146ab15..04d12d66e 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.28 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $");
 
 #include "xmalloc.h"
 #include "match.h"
@@ -217,7 +217,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                 }
                 cp = "permitopen=\"";
                 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        char host[256], sport[6];
+                        char *host, *p;
                         u_short port;
                         char *patterns = xmalloc(strlen(opts) + 1);
 
@@ -236,25 +236,29 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                         if (!*opts) {
                                 debug("%.100s, line %lu: missing end quote",
                                     file, linenum);
-                                auth_debug_add("%.100s, line %lu: missing end quote",
-                                    file, linenum);
+                                auth_debug_add("%.100s, line %lu: missing "
+                                    "end quote", file, linenum);
                                 xfree(patterns);
                                 goto bad_option;
                         }
                         patterns[i] = 0;
                         opts++;
-                        if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 &&
-                            sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
-                                debug("%.100s, line %lu: Bad permitopen specification "
-                                    "<%.100s>", file, linenum, patterns);
+                        p = patterns;
+                        host = hpdelim(&p);
+                        if (host == NULL || strlen(host) >= NI_MAXHOST) {
+                                debug("%.100s, line %lu: Bad permitopen "
+                                    "specification <%.100s>", file, linenum, 
+                                    patterns);
                                 auth_debug_add("%.100s, line %lu: "
-                                    "Bad permitopen specification", file, linenum);
+                                    "Bad permitopen specification", file,
+                                    linenum);
                                 xfree(patterns);
                                 goto bad_option;
                         }
-                        if ((port = a2port(sport)) == 0) {
-                                debug("%.100s, line %lu: Bad permitopen port <%.100s>",
-                                    file, linenum, sport);
+                        host = cleanhostname(host);
+                        if (p == NULL || (port = a2port(p)) == 0) {
+                                debug("%.100s, line %lu: Bad permitopen port "
+                                    "<%.100s>", file, linenum, p ? p : "");
                                 auth_debug_add("%.100s, line %lu: "
                                     "Bad permitopen port", file, linenum);
                                 xfree(patterns);
diff --git a/auth-pam.c b/auth-pam.c
index 147f4f8bb..6ce8c429b 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
 
 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $");
+RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $");
 
 #ifdef USE_PAM
 #if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -185,8 +185,8 @@ static int sshpam_cred_established = 0;
 static int sshpam_account_status = -1;
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
-static char badpw[] = "\b\n\r\177INCORRECT";
 static const char *sshpam_password = NULL;
+static char badpw[] = "\b\n\r\177INCORRECT";
 
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -491,6 +491,51 @@ sshpam_null_conv(int n, struct pam_message **msg,
 
 static struct pam_conv null_conv = { sshpam_null_conv, NULL };
 
+static int
+sshpam_store_conv(int n, struct pam_message **msg,
+    struct pam_response **resp, void *data)
+{
+        struct pam_response *reply;
+        int i;
+        size_t len;
+
+        debug3("PAM: %s called with %d messages", __func__, n);
+        *resp = NULL;
+
+        if (n <= 0 || n > PAM_MAX_NUM_MSG)
+                return (PAM_CONV_ERR);
+
+        if ((reply = malloc(n * sizeof(*reply))) == NULL)
+                return (PAM_CONV_ERR);
+        memset(reply, 0, n * sizeof(*reply));
+
+        for (i = 0; i < n; ++i) {
+                switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+                case PAM_ERROR_MSG:
+                case PAM_TEXT_INFO:
+                        len = strlen(PAM_MSG_MEMBER(msg, i, msg));
+                        buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len);
+                        buffer_append(&loginmsg, "\n", 1 );
+                        reply[i].resp_retcode = PAM_SUCCESS;
+                        break;
+                default:
+                        goto fail;
+                }
+        }
+        *resp = reply;
+        return (PAM_SUCCESS);
+
+ fail:
+        for(i = 0; i < n; i++) {
+                if (reply[i].resp != NULL)
+                        xfree(reply[i].resp);
+        }
+        xfree(reply);
+        return (PAM_CONV_ERR);
+}
+
+static struct pam_conv store_conv = { sshpam_store_conv, NULL };
+
 void
 sshpam_cleanup(void)
 {
@@ -528,7 +573,7 @@ sshpam_init(Authctxt *authctxt)
         }
         debug("PAM: initializing for \"%s\"", user);
         sshpam_err =
-            pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
+            pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
         sshpam_authctxt = authctxt;
 
         if (sshpam_err != PAM_SUCCESS) {
@@ -610,7 +655,7 @@ sshpam_query(void *ctx, char **name, char **info,
         size_t plen;
         u_char type;
         char *msg;
-        size_t len;
+        size_t len, mlen;
 
         debug3("PAM: %s entering", __func__);
         buffer_init(&buffer);
@@ -623,22 +668,27 @@ sshpam_query(void *ctx, char **name, char **info,
         while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
                 type = buffer_get_char(&buffer);
                 msg = buffer_get_string(&buffer, NULL);
+                mlen = strlen(msg);
                 switch (type) {
                 case PAM_PROMPT_ECHO_ON:
                 case PAM_PROMPT_ECHO_OFF:
                         *num = 1;
-                        len = plen + strlen(msg) + 1;
+                        len = plen + mlen + 1;
                         **prompts = xrealloc(**prompts, len);
-                        plen += snprintf(**prompts + plen, len, "%s", msg);
+                        strlcpy(**prompts + plen, msg, len - plen);
+                        plen += mlen;
                         **echo_on = (type == PAM_PROMPT_ECHO_ON);
                         xfree(msg);
                         return (0);
                 case PAM_ERROR_MSG:
                 case PAM_TEXT_INFO:
                         /* accumulate messages */
-                        len = plen + strlen(msg) + 2;
+                        len = plen + mlen + 2;
                         **prompts = xrealloc(**prompts, len);
-                        plen += snprintf(**prompts + plen, len, "%s\n", msg);
+                        strlcpy(**prompts + plen, msg, len - plen);
+                        plen += mlen;
+                        strlcat(**prompts + plen, "\n", len - plen);
+                        plen++;
                         xfree(msg);
                         break;
                 case PAM_SUCCESS:
@@ -652,6 +702,12 @@ sshpam_query(void *ctx, char **name, char **info,
                                 **prompts = NULL;
                         }
                         if (type == PAM_SUCCESS) {
+                                if (!sshpam_authctxt->valid ||
+                                    (sshpam_authctxt->pw->pw_uid == 0 &&
+                                    options.permit_root_login != PERMIT_YES))
+                                        fatal("Internal error: PAM auth "
+                                            "succeeded when it should have "
+                                            "failed");
                                 import_environments(&buffer);
                                 *num = 0;
                                 **echo_on = 0;
@@ -765,11 +821,13 @@ finish_pam(void)
 u_int
 do_pam_account(void)
 {
+        debug("%s: called", __func__);
         if (sshpam_account_status != -1)
                 return (sshpam_account_status);
 
         sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
-        debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err);
+        debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
+            pam_strerror(sshpam_handle, sshpam_err));
         
         if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
                 sshpam_account_status = 0;
@@ -799,7 +857,7 @@ void
 do_pam_setcred(int init)
 {
         sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
-            (const void *)&null_conv);
+            (const void *)&store_conv);
         if (sshpam_err != PAM_SUCCESS)
                 fatal("PAM: failed to set PAM_CONV: %s",
                     pam_strerror(sshpam_handle, sshpam_err));
@@ -900,51 +958,6 @@ do_pam_chauthtok(void)
                     pam_strerror(sshpam_handle, sshpam_err));
 }
 
-static int
-sshpam_store_conv(int n, struct pam_message **msg,
-    struct pam_response **resp, void *data)
-{
-        struct pam_response *reply;
-        int i;
-        size_t len;
-
-        debug3("PAM: %s called with %d messages", __func__, n);
-        *resp = NULL;
-
-        if (n <= 0 || n > PAM_MAX_NUM_MSG)
-                return (PAM_CONV_ERR);
-
-        if ((reply = malloc(n * sizeof(*reply))) == NULL)
-                return (PAM_CONV_ERR);
-        memset(reply, 0, n * sizeof(*reply));
-
-        for (i = 0; i < n; ++i) {
-                switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
-                case PAM_ERROR_MSG:
-                case PAM_TEXT_INFO:
-                        len = strlen(PAM_MSG_MEMBER(msg, i, msg));
-                        buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len);
-                        buffer_append(&loginmsg, "\n", 1 );
-                        reply[i].resp_retcode = PAM_SUCCESS;
-                        break;
-                default:
-                        goto fail;
-                }
-        }
-        *resp = reply;
-        return (PAM_SUCCESS);
-
- fail:
-        for(i = 0; i < n; i++) {
-                if (reply[i].resp != NULL)
-                        xfree(reply[i].resp);
-        }
-        xfree(reply);
-        return (PAM_CONV_ERR);
-}
-
-static struct pam_conv store_conv = { sshpam_store_conv, NULL };
-
 void
 do_pam_session(void)
 {
@@ -955,10 +968,21 @@ do_pam_session(void)
                 fatal("PAM: failed to set PAM_CONV: %s",
                     pam_strerror(sshpam_handle, sshpam_err));
         sshpam_err = pam_open_session(sshpam_handle, 0);
-        if (sshpam_err != PAM_SUCCESS)
-                fatal("PAM: pam_open_session(): %s",
+        if (sshpam_err == PAM_SUCCESS)
+                sshpam_session_open = 1;
+        else {
+                sshpam_session_open = 0;
+                disable_forwarding();
+                error("PAM: pam_open_session(): %s",
                     pam_strerror(sshpam_handle, sshpam_err));
-        sshpam_session_open = 1;
+        }
+
+}
+
+int
+is_pam_session_open(void)
+{
+        return sshpam_session_open;
 }
 
 /*
diff --git a/auth-pam.h b/auth-pam.h
index f479413d7..a1a2b52d8 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -1,4 +1,4 @@
-/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */
+/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Damien Miller.  All rights reserved.
@@ -45,5 +45,6 @@ void free_pam_environment(char **);
 void sshpam_thread_cleanup(void);
 void sshpam_cleanup(void);
 int sshpam_auth_passwd(Authctxt *, const char *);
+int is_pam_session_open(void);
 
 #endif /* USE_PAM */
diff --git a/auth-passwd.c b/auth-passwd.c
index 7a68e0562..27ece3f72 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,17 +36,27 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
 
 #include "packet.h"
+#include "buffer.h"
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
 #include "auth-options.h"
 
+extern Buffer loginmsg;
 extern ServerOptions options;
 int sys_auth_passwd(Authctxt *, const char *);
 
+#ifdef HAVE_LOGIN_CAP
+extern login_cap_t *lc;
+#endif
+
+
+#define DAY             (24L * 60 * 60) /* 1 day in seconds */
+#define TWO_WEEKS       (2L * 7 * DAY)  /* 2 weeks in seconds */
+
 void
 disable_forwarding(void)
 {
@@ -63,7 +73,7 @@ int
 auth_password(Authctxt *authctxt, const char *password)
 {
         struct passwd * pw = authctxt->pw;
-        int ok = authctxt->valid;
+        int result, ok = authctxt->valid;
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
         static int expire_checked = 0;
 #endif
@@ -100,22 +110,57 @@ auth_password(Authctxt *authctxt, const char *password)
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
         if (!expire_checked) {
                 expire_checked = 1;
-                if (auth_shadow_pwexpired(authctxt)) {
-                        disable_forwarding();
+                if (auth_shadow_pwexpired(authctxt))
                         authctxt->force_pwchange = 1;
-                }
         }
 #endif
-                
-        return (sys_auth_passwd(authctxt, password) && ok);
+        result = sys_auth_passwd(authctxt, password);
+        if (authctxt->force_pwchange)
+                disable_forwarding();
+        return (result && ok);
 }
 
 #ifdef BSD_AUTH
+static void
+warn_expiry(Authctxt *authctxt, auth_session_t *as)
+{
+        char buf[256];
+        quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
+
+        pwwarntime = acwarntime = TWO_WEEKS;
+
+        pwtimeleft = auth_check_change(as);
+        actimeleft = auth_check_expire(as);
+#ifdef HAVE_LOGIN_CAP
+        if (authctxt->valid) {
+                pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
+                    TWO_WEEKS);
+                acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
+                    TWO_WEEKS);
+        }
+#endif
+        if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
+                daysleft = pwtimeleft / DAY + 1;
+                snprintf(buf, sizeof(buf),
+                    "Your password will expire in %lld day%s.\n",
+                    daysleft, daysleft == 1 ? "" : "s");
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+        if (actimeleft != 0 && actimeleft < acwarntime) {
+                daysleft = actimeleft / DAY + 1;
+                snprintf(buf, sizeof(buf),
+                    "Your account will expire in %lld day%s.\n",
+                    daysleft, daysleft == 1 ? "" : "s");
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+}
+
 int
 sys_auth_passwd(Authctxt *authctxt, const char *password)
 {
         struct passwd *pw = authctxt->pw;
         auth_session_t *as;
+        static int expire_checked = 0;
 
         as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
             (char *)password);
@@ -125,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
                 authctxt->force_pwchange = 1;
                 return (1);
         } else {
+                if (!expire_checked) {
+                        expire_checked = 1;
+                        warn_expiry(authctxt, as);
+                }
                 return (auth_close(as));
         }
 }
diff --git a/auth-rsa.c b/auth-rsa.c
index 16369d47c..4378008d3 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
 #include "hostfile.h"
 #include "monitor_wrap.h"
 #include "ssh.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -49,7 +50,7 @@ extern u_char session_id[16];
  *   options bits e n comment
  * where bits, e and n are decimal numbers,
  * and comment is any string of characters up to newline.  The maximum
- * length of a line is 8000 characters.  See the documentation for a
+ * length of a line is SSH_MAX_PUBKEY_BYTES characters.  See sshd(8) for a
  * description of the options.
  */
 
@@ -152,7 +153,7 @@ auth_rsa_challenge_dialog(Key *key)
 int
 auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 {
-        char line[8192], *file;
+        char line[SSH_MAX_PUBKEY_BYTES], *file;
         int allowed = 0;
         u_int bits;
         FILE *f;
@@ -201,12 +202,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
          * found, perform a challenge-response dialog to verify that the
          * user really has the corresponding private key.
          */
-        while (fgets(line, sizeof(line), f)) {
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp;
                 char *key_options;
 
-                linenum++;
-
                 /* Skip leading whitespace, empty and comment lines. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                         ;
diff --git a/auth-shadow.c b/auth-shadow.c
index a85442d72..f6004f68f 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $");
+RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $");
 
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 #include <shadow.h>
@@ -32,6 +32,9 @@ RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $");
 #include "buffer.h"
 #include "log.h"
 
+#ifdef DAY
+# undef DAY
+#endif
 #define DAY     (24L * 60 * 60) /* 1 day in seconds */
 
 extern Buffer loginmsg;
diff --git a/auth.c b/auth.c
index 0956b0b19..256807683 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -50,6 +50,8 @@ RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $");
 #include "misc.h"
 #include "bufaux.h"
 #include "packet.h"
+#include "loginrec.h"
+#include "monitor_wrap.h"
 
 /* import */
 extern ServerOptions options;
@@ -153,8 +155,9 @@ allowed_user(struct passwd * pw)
                 for (i = 0; i < options.num_deny_users; i++)
                         if (match_user(pw->pw_name, hostname, ipaddr,
                             options.deny_users[i])) {
-                                logit("User %.100s not allowed because listed in DenyUsers",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because listed in DenyUsers",
+                                    pw->pw_name, hostname);
                                 return 0;
                         }
         }
@@ -166,16 +169,16 @@ allowed_user(struct passwd * pw)
                                 break;
                 /* i < options.num_allow_users iff we break for loop */
                 if (i >= options.num_allow_users) {
-                        logit("User %.100s not allowed because not listed in AllowUsers",
-                            pw->pw_name);
+                        logit("User %.100s from %.100s not allowed because "
+                            "not listed in AllowUsers", pw->pw_name, hostname);
                         return 0;
                 }
         }
         if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
                 /* Get the user's group access list (primary and supplementary) */
                 if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
-                        logit("User %.100s not allowed because not in any group",
-                            pw->pw_name);
+                        logit("User %.100s from %.100s not allowed because "
+                            "not in any group", pw->pw_name, hostname);
                         return 0;
                 }
 
@@ -184,8 +187,9 @@ allowed_user(struct passwd * pw)
                         if (ga_match(options.deny_groups,
                             options.num_deny_groups)) {
                                 ga_free();
-                                logit("User %.100s not allowed because a group is listed in DenyGroups",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because a group is listed in DenyGroups",
+                                    pw->pw_name, hostname);
                                 return 0;
                         }
                 /*
@@ -196,15 +200,16 @@ allowed_user(struct passwd * pw)
                         if (!ga_match(options.allow_groups,
                             options.num_allow_groups)) {
                                 ga_free();
-                                logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because none of user's groups are listed "
+                                    "in AllowGroups", pw->pw_name, hostname);
                                 return 0;
                         }
                 ga_free();
         }
 
 #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
-        if (!sys_auth_allowed_user(pw))
+        if (!sys_auth_allowed_user(pw, &loginmsg))
                 return 0;
 #endif
 
@@ -240,8 +245,50 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
             info);
 
 #ifdef CUSTOM_FAILED_LOGIN
-        if (authenticated == 0 && strcmp(method, "password") == 0)
-                record_failed_login(authctxt->user, "ssh");
+        if (authenticated == 0 && !authctxt->postponed &&
+            (strcmp(method, "password") == 0 ||
+            strncmp(method, "keyboard-interactive", 20) == 0 ||
+            strcmp(method, "challenge-response") == 0))
+                record_failed_login(authctxt->user,
+                    get_canonical_hostname(options.use_dns), "ssh");
+#endif
+#ifdef SSH_AUDIT_EVENTS
+        if (authenticated == 0 && !authctxt->postponed) {
+                ssh_audit_event_t event;
+
+                debug3("audit failed auth attempt, method %s euid %d",
+                    method, (int)geteuid());
+                /*
+                 * Because the auth loop is used in both monitor and slave,
+                 * we must be careful to send each event only once and with
+                 * enough privs to write the event.
+                 */
+                event = audit_classify_auth(method);
+                switch(event) {
+                case SSH_AUTH_FAIL_NONE:
+                case SSH_AUTH_FAIL_PASSWD:
+                case SSH_AUTH_FAIL_KBDINT:
+                        if (geteuid() == 0)
+                                audit_event(event);
+                        break;
+                case SSH_AUTH_FAIL_PUBKEY:
+                case SSH_AUTH_FAIL_HOSTBASED:
+                case SSH_AUTH_FAIL_GSSAPI:
+                        /*
+                         * This is required to handle the case where privsep
+                         * is enabled but it's root logging in, since
+                         * use_privsep won't be cleared until after a
+                         * successful login.
+                         */
+                        if (geteuid() == 0)
+                                audit_event(event);
+                        else
+                                PRIVSEP(audit_event(event));
+                        break;
+                default:
+                        error("unknown authentication audit event %d", event);
+                }
+        }
 #endif
 }
 
@@ -465,8 +512,12 @@ getpwnamallow(const char *user)
                 logit("Invalid user %.100s from %.100s",
                     user, get_remote_ipaddr());
 #ifdef CUSTOM_FAILED_LOGIN
-                record_failed_login(user, "ssh");
+                record_failed_login(user,
+                    get_canonical_hostname(options.use_dns), "ssh");
 #endif
+#ifdef SSH_AUDIT_EVENTS
+                audit_event(SSH_INVALID_USER);
+#endif /* SSH_AUDIT_EVENTS */
                 return (NULL);
         }
         if (!allowed_user(pw))
diff --git a/auth.h b/auth.h
index 2f094403d..8d1f93403 100644
--- a/auth.h
+++ b/auth.h
@@ -130,6 +130,9 @@ int auth_shadow_pwexpired(Authctxt *);
 #endif
 
 #include "auth-pam.h"
+#include "audit.h"
+void remove_kbdint_device(const char *);
+
 void disable_forwarding(void);
 
 void    do_authentication(Authctxt *);
@@ -137,6 +140,7 @@ void	do_authentication2(Authctxt *);
 
 void    auth_log(Authctxt *, int, char *, char *);
 void    userauth_finish(Authctxt *, int, char *);
+void    userauth_send_banner(const char *);
 int     auth_root_allowed(char *);
 
 char    *auth2_read_banner(void);
diff --git a/auth1.c b/auth1.c
index 3f93b9869..d08928455 100644
--- a/auth1.c
+++ b/auth1.c
@@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $");
 #include "session.h"
 #include "uidswap.h"
 #include "monitor_wrap.h"
+#include "buffer.h"
 
 /* import */
 extern ServerOptions options;
+extern Buffer loginmsg;
 
 /*
  * convert ssh auth msg type into description
@@ -245,14 +247,33 @@ do_authloop(Authctxt *authctxt)
 #else
                 /* Special handling for root */
                 if (authenticated && authctxt->pw->pw_uid == 0 &&
-                    !auth_root_allowed(get_authname(type)))
+                    !auth_root_allowed(get_authname(type))) {
                         authenticated = 0;
+# ifdef SSH_AUDIT_EVENTS
+                        PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+# endif
+                }
 #endif
 
 #ifdef USE_PAM
                 if (options.use_pam && authenticated &&
-                    !PRIVSEP(do_pam_account()))
-                        authenticated = 0;
+                    !PRIVSEP(do_pam_account())) {
+                        char *msg;
+                        size_t len;
+
+                        error("Access denied for user %s by PAM account "
+                           "configuration", authctxt->user);
+                        len = buffer_len(&loginmsg);
+                        buffer_append(&loginmsg, "\0", 1);
+                        msg = buffer_ptr(&loginmsg);
+                        /* strip trailing newlines */
+                        if (len > 0)
+                                while (len > 0 && msg[--len] == '\n')
+                                        msg[len] = '\0';
+                        else
+                                msg = "Access denied.";
+                        packet_disconnect(msg);
+                }
 #endif
 
                 /* Log before sending the reply */
@@ -266,8 +287,12 @@ do_authloop(Authctxt *authctxt)
                 if (authenticated)
                         return;
 
-                if (authctxt->failures++ > options.max_authtries)
+                if (authctxt->failures++ > options.max_authtries) {
+#ifdef SSH_AUDIT_EVENTS
+                        PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+#endif
                         packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+                }
 
                 packet_start(SSH_SMSG_FAILURE);
                 packet_send();
diff --git a/auth2-chall.c b/auth2-chall.c
index f5f2f1477..4e2b1e856 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $");
 #include "xmalloc.h"
 #include "dispatch.h"
 #include "log.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;
 
 static int auth2_challenge_start(Authctxt *);
 static int send_userauth_info_request(Authctxt *);
@@ -71,6 +75,21 @@ struct KbdintAuthctxt
         u_int nreq;
 };
 
+#ifdef USE_PAM
+void
+remove_kbdint_device(const char *devname)
+{
+        int i, j;
+
+        for (i = 0; devices[i] != NULL; i++)
+                if (strcmp(devices[i]->name, devname) == 0) {
+                        for (j = i; devices[j] != NULL; j++)
+                                devices[j] = devices[j+1];
+                        i--;
+                }
+}
+#endif
+
 static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
@@ -78,6 +97,11 @@ kbdint_alloc(const char *devs)
         Buffer b;
         int i;
 
+#ifdef USE_PAM
+        if (!options.use_pam)
+                remove_kbdint_device("pam");
+#endif
+
         kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
         if (strcmp(devs, "") == 0) {
                 buffer_init(&b);
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index 1696ef4d3..fa8364975 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -53,7 +53,7 @@ userauth_kbdint(Authctxt *authctxt)
         xfree(lang);
 #ifdef HAVE_CYGWIN
         if (check_nt_auth(0, authctxt->pw) == 0)
-                return(0);
+                authenticated = 0;
 #endif
         return authenticated;
 }
diff --git a/auth2-none.c b/auth2-none.c
index 2bf5b5c80..1c30a3203 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -74,6 +74,19 @@ auth2_read_banner(void)
         return (banner);
 }
 
+void
+userauth_send_banner(const char *msg)
+{
+        if (datafellows & SSH_BUG_BANNER)
+                return;
+
+        packet_start(SSH2_MSG_USERAUTH_BANNER);
+        packet_put_cstring(msg);
+        packet_put_cstring("");         /* language, unused */
+        packet_send();
+        debug("%s: sent", __func__);
+}
+
 static void
 userauth_banner(void)
 {
@@ -84,12 +97,8 @@ userauth_banner(void)
 
         if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
                 goto done;
+        userauth_send_banner(banner);
 
-        packet_start(SSH2_MSG_USERAUTH_BANNER);
-        packet_put_cstring(banner);
-        packet_put_cstring("");         /* language, unused */
-        packet_send();
-        debug("userauth_banner: sent");
 done:
         if (banner)
                 xfree(banner);
@@ -103,7 +112,7 @@ userauth_none(Authctxt *authctxt)
         userauth_banner();
 #ifdef HAVE_CYGWIN
         if (check_nt_auth(1, authctxt->pw) == 0)
-                return(0);
+                return (0);
 #endif
         if (options.password_authentication)
                 return (PRIVSEP(auth_password(authctxt, "")));
diff --git a/auth2-passwd.c b/auth2-passwd.c
index a4f482d2e..2321ef47b 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -55,12 +55,12 @@ userauth_passwd(Authctxt *authctxt)
 
         if (change)
                 logit("password change not supported");
-        else if (PRIVSEP(auth_password(authctxt, password)) == 1
+        else if (PRIVSEP(auth_password(authctxt, password)) == 1)
+                authenticated = 1;
 #ifdef HAVE_CYGWIN
-            && check_nt_auth(1, authctxt->pw)
+        if (check_nt_auth(1, authctxt->pw) == 0)
+                authenticated = 0;
 #endif
-            )
-                authenticated = 1;
         memset(password, 0, len);
         xfree(password);
         return authenticated;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 9898d4a63..a97d0f430 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,8 +23,9 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $");
 
+#include "ssh.h"
 #include "ssh2.h"
 #include "xmalloc.h"
 #include "packet.h"
@@ -40,6 +41,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
 #include "auth-options.h"
 #include "canohost.h"
 #include "monitor_wrap.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -158,7 +160,7 @@ done:
         xfree(pkblob);
 #ifdef HAVE_CYGWIN
         if (check_nt_auth(0, authctxt->pw) == 0)
-                return(0);
+                authenticated = 0;
 #endif
         return authenticated;
 }
@@ -167,7 +169,7 @@ done:
 static int
 user_key_allowed2(struct passwd *pw, Key *key, char *file)
 {
-        char line[8192];
+        char line[SSH_MAX_PUBKEY_BYTES];
         int found_key = 0;
         FILE *f;
         u_long linenum = 0;
@@ -204,9 +206,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
         found_key = 0;
         found = key_new(key->type);
 
-        while (fgets(line, sizeof(line), f)) {
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp, *key_options = NULL;
-                linenum++;
+
                 /* Skip leading whitespace, empty and comment lines. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                         ;
diff --git a/auth2.c b/auth2.c
index b98309576..2265d311e 100644
--- a/auth2.c
+++ b/auth2.c
@@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $");
 #include "dispatch.h"
 #include "pathnames.h"
 #include "monitor_wrap.h"
+#include "buffer.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $");
 extern ServerOptions options;
 extern u_char *session_id2;
 extern u_int session_id2_len;
+extern Buffer loginmsg;
 
 /* methods */
 
@@ -165,6 +167,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                         if (options.use_pam)
                                 PRIVSEP(start_pam(authctxt));
 #endif
+#ifdef SSH_AUDIT_EVENTS
+                        PRIVSEP(audit_event(SSH_INVALID_USER));
+#endif
                 }
                 setproctitle("%s%s", authctxt->valid ? user : "unknown",
                     use_privsep ? " [net]" : "");
@@ -212,12 +217,26 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 
         /* Special handling for root */
         if (authenticated && authctxt->pw->pw_uid == 0 &&
-            !auth_root_allowed(method))
+            !auth_root_allowed(method)) {
                 authenticated = 0;
+#ifdef SSH_AUDIT_EVENTS
+                PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+#endif
+        }
 
 #ifdef USE_PAM
-        if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
-                authenticated = 0;
+        if (options.use_pam && authenticated) {
+                if (!PRIVSEP(do_pam_account())) {
+                        /* if PAM returned a message, send it to the user */
+                        if (buffer_len(&loginmsg) > 0) {
+                                buffer_append(&loginmsg, "\0", 1);
+                                userauth_send_banner(buffer_ptr(&loginmsg));
+                                packet_write_wait();
+                        }
+                        fatal("Access denied for user %s by PAM account "
+                           "configuration", authctxt->user);
+                }
+        }
 #endif
 
 #ifdef _UNICOS
@@ -243,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                 /* now we can break out */
                 authctxt->success = 1;
         } else {
-                if (authctxt->failures++ > options.max_authtries)
+                if (authctxt->failures++ > options.max_authtries) {
+#ifdef SSH_AUDIT_EVENTS
+                        PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+#endif
                         packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+                }
                 methods = authmethods_get();
                 packet_start(SSH2_MSG_USERAUTH_FAILURE);
                 packet_put_cstring(methods);
diff --git a/authfile.c b/authfile.c
index 76a60d020..6a04cd7a9 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -51,6 +51,7 @@ RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $");
 #include "log.h"
 #include "authfile.h"
 #include "rsa.h"
+#include "misc.h"
 
 /* Version identification string for SSH v1 identity files. */
 static const char authfile_id_string[] =
@@ -243,8 +244,10 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
                     filename, strerror(errno));
                 return NULL;
         }
-        if (st.st_size > 1*1024*1024)
-                close(fd);
+        if (st.st_size > 1*1024*1024) {
+                error("key file %.200s too large", filename);
+                return NULL;
+        }
         len = (size_t)st.st_size;               /* truncated */
 
         buffer_init(&buffer);
@@ -335,6 +338,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
                 return NULL;
         }
         if (st.st_size > 1*1024*1024) {
+                error("key file %.200s too large", filename);
                 close(fd);
                 return (NULL);
         }
@@ -598,13 +602,14 @@ static int
 key_try_load_public(Key *k, const char *filename, char **commentp)
 {
         FILE *f;
-        char line[4096];
+        char line[SSH_MAX_PUBKEY_BYTES];
         char *cp;
+        u_long linenum = 0;
 
         f = fopen(filename, "r");
         if (f != NULL) {
-                while (fgets(line, sizeof(line), f)) {
-                        line[sizeof(line)-1] = '\0';
+                while (read_keyfile_line(f, filename, line, sizeof(line),
+                            &linenum) != -1) {
                         cp = line;
                         switch (*cp) {
                         case '#':
diff --git a/bufaux.c b/bufaux.c
index bf148316d..4ea6af1b6 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -49,8 +49,8 @@ RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $");
  * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
  * by (bits+7)/8 bytes of binary data, msb first.
  */
-void
-buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
+int
+buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
 {
         int bits = BN_num_bits(value);
         int bin_size = (bits + 7) / 8;
@@ -60,9 +60,11 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 
         /* Get the value of in binary */
         oi = BN_bn2bin(value, buf);
-        if (oi != bin_size)
-                fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
+        if (oi != bin_size) {
+                error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
                     oi, bin_size);
+                return (-1);
+        }
 
         /* Store the number of bits in the buffer in two bytes, msb first. */
         PUT_16BIT(msg, bits);
@@ -72,36 +74,63 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 
         memset(buf, 0, bin_size);
         xfree(buf);
+
+        return (0);
+}
+
+void
+buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
+{
+        if (buffer_put_bignum_ret(buffer, value) == -1)
+                fatal("buffer_put_bignum: buffer error");
 }
 
 /*
  * Retrieves an BIGNUM from the buffer.
  */
-void
-buffer_get_bignum(Buffer *buffer, BIGNUM *value)
+int
+buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
 {
         u_int bits, bytes;
         u_char buf[2], *bin;
 
         /* Get the number for bits. */
-        buffer_get(buffer, (char *) buf, 2);
+        if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
+                error("buffer_get_bignum_ret: invalid length");
+                return (-1);
+        }
         bits = GET_16BIT(buf);
         /* Compute the number of binary bytes that follow. */
         bytes = (bits + 7) / 8;
-        if (bytes > 8 * 1024)
-                fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
-        if (buffer_len(buffer) < bytes)
-                fatal("buffer_get_bignum: input buffer too small");
+        if (bytes > 8 * 1024) {
+                error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
+                return (-1);
+        }
+        if (buffer_len(buffer) < bytes) {
+                error("buffer_get_bignum_ret: input buffer too small");
+                return (-1);
+        }
         bin = buffer_ptr(buffer);
         BN_bin2bn(bin, bytes, value);
-        buffer_consume(buffer, bytes);
+        if (buffer_consume_ret(buffer, bytes) == -1) {
+                error("buffer_get_bignum_ret: buffer_consume failed");
+                return (-1);
+        }
+        return (0);
+}
+
+void
+buffer_get_bignum(Buffer *buffer, BIGNUM *value)
+{
+        if (buffer_get_bignum_ret(buffer, value) == -1)
+                fatal("buffer_get_bignum: buffer error");
 }
 
 /*
  * Stores an BIGNUM in the buffer in SSH2 format.
  */
-void
-buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
+int
+buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
 {
         u_int bytes;
         u_char *buf;
@@ -110,69 +139,140 @@ buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 
         if (BN_is_zero(value)) {
                 buffer_put_int(buffer, 0);
-                return;
+                return 0;
+        }
+        if (value->neg) {
+                error("buffer_put_bignum2_ret: negative numbers not supported");
+                return (-1);
         }
-        if (value->neg)
-                fatal("buffer_put_bignum2: negative numbers not supported");
         bytes = BN_num_bytes(value) + 1; /* extra padding byte */
-        if (bytes < 2)
-                fatal("buffer_put_bignum2: BN too small");
+        if (bytes < 2) {
+                error("buffer_put_bignum2_ret: BN too small");
+                return (-1);
+        }
         buf = xmalloc(bytes);
-        buf[0] = '\0';
+        buf[0] = 0x00;
         /* Get the value of in binary */
         oi = BN_bn2bin(value, buf+1);
-        if (oi != bytes-1)
-                fatal("buffer_put_bignum2: BN_bn2bin() failed: "
+        if (oi != bytes-1) {
+                error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
                     "oi %d != bin_size %d", oi, bytes);
+                xfree(buf);
+                return (-1);
+        }
         hasnohigh = (buf[1] & 0x80) ? 0 : 1;
         buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
         memset(buf, 0, bytes);
         xfree(buf);
+        return (0);
 }
 
 void
-buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
+{
+        if (buffer_put_bignum2_ret(buffer, value) == -1)
+                fatal("buffer_put_bignum2: buffer error");
+}
+
+int
+buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
 {
         u_int len;
-        u_char *bin = buffer_get_string(buffer, &len);
+        u_char *bin;
+        
+        if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
+                error("buffer_get_bignum2_ret: invalid bignum");
+                return (-1);
+        }
 
-        if (len > 0 && (bin[0] & 0x80))
-                fatal("buffer_get_bignum2: negative numbers not supported");
-        if (len > 8 * 1024)
-                fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
+        if (len > 0 && (bin[0] & 0x80)) {
+                error("buffer_get_bignum2_ret: negative numbers not supported");
+                return (-1);
+        }
+        if (len > 8 * 1024) {
+                error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
+                return (-1);
+        }
         BN_bin2bn(bin, len, value);
         xfree(bin);
+        return (0);
+}
+
+void
+buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
+{
+        if (buffer_get_bignum2_ret(buffer, value) == -1)
+                fatal("buffer_get_bignum2: buffer error");
 }
 
 /*
  * Returns integers from the buffer (msb first).
  */
 
+int
+buffer_get_short_ret(u_short *ret, Buffer *buffer)
+{
+        u_char buf[2];
+
+        if (buffer_get_ret(buffer, (char *) buf, 2) == -1)
+                return (-1);
+        *ret = GET_16BIT(buf);
+        return (0);
+}
+
 u_short
 buffer_get_short(Buffer *buffer)
 {
-        u_char buf[2];
+        u_short ret;
+
+        if (buffer_get_short_ret(&ret, buffer) == -1)
+                fatal("buffer_get_short: buffer error");
 
-        buffer_get(buffer, (char *) buf, 2);
-        return GET_16BIT(buf);
+        return (ret);
+}
+
+int
+buffer_get_int_ret(u_int *ret, Buffer *buffer)
+{
+        u_char buf[4];
+
+        if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
+                return (-1);
+        *ret = GET_32BIT(buf);
+        return (0);
 }
 
 u_int
 buffer_get_int(Buffer *buffer)
 {
-        u_char buf[4];
+        u_int ret;
+
+        if (buffer_get_int_ret(&ret, buffer) == -1)
+                fatal("buffer_get_int: buffer error");
+
+        return (ret);
+}
 
-        buffer_get(buffer, (char *) buf, 4);
-        return GET_32BIT(buf);
+int
+buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer)
+{
+        u_char buf[8];
+
+        if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
+                return (-1);
+        *ret = GET_64BIT(buf);
+        return (0);
 }
 
 u_int64_t
 buffer_get_int64(Buffer *buffer)
 {
-        u_char buf[8];
+        u_int64_t ret;
 
-        buffer_get(buffer, (char *) buf, 8);
-        return GET_64BIT(buf);
+        if (buffer_get_int64_ret(&ret, buffer) == -1)
+                fatal("buffer_get_int: buffer error");
+
+        return (ret);
 }
 
 /*
@@ -214,25 +314,41 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
  * to the returned string, and is not counted in length.
  */
 void *
-buffer_get_string(Buffer *buffer, u_int *length_ptr)
+buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
 {
         u_char *value;
         u_int len;
 
         /* Get the length. */
         len = buffer_get_int(buffer);
-        if (len > 256 * 1024)
-                fatal("buffer_get_string: bad string length %u", len);
+        if (len > 256 * 1024) {
+                error("buffer_get_string_ret: bad string length %u", len);
+                return (NULL);
+        }
         /* Allocate space for the string.  Add one byte for a null character. */
         value = xmalloc(len + 1);
         /* Get the string. */
-        buffer_get(buffer, value, len);
+        if (buffer_get_ret(buffer, value, len) == -1) {
+                error("buffer_get_string_ret: buffer_get failed");
+                xfree(value);
+                return (NULL);
+        }
         /* Append a null character to make processing easier. */
         value[len] = 0;
         /* Optionally return the length of the string. */
         if (length_ptr)
                 *length_ptr = len;
-        return value;
+        return (value);
+}
+
+void *
+buffer_get_string(Buffer *buffer, u_int *length_ptr)
+{
+        void *ret;
+
+        if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL)
+                fatal("buffer_get_string: buffer error");
+        return (ret);
 }
 
 /*
@@ -256,11 +372,22 @@ buffer_put_cstring(Buffer *buffer, const char *s)
  * Returns a character from the buffer (0 - 255).
  */
 int
+buffer_get_char_ret(char *ret, Buffer *buffer)
+{
+        if (buffer_get_ret(buffer, ret, 1) == -1) {
+                error("buffer_get_char_ret: buffer_get_ret failed");
+                return (-1);
+        }
+        return (0);
+}
+
+int
 buffer_get_char(Buffer *buffer)
 {
         char ch;
 
-        buffer_get(buffer, &ch, 1);
+        if (buffer_get_char_ret(&ch, buffer) == -1)
+                fatal("buffer_get_char: buffer error");
         return (u_char) ch;
 }
 
diff --git a/bufaux.h b/bufaux.h
index 61c72e353..e30911ddc 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $       */
+/*      $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -42,4 +42,14 @@ void	buffer_put_cstring(Buffer *, const char *);
 #define buffer_skip_string(b) \
     do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0)
 
+int     buffer_put_bignum_ret(Buffer *, const BIGNUM *);
+int     buffer_get_bignum_ret(Buffer *, BIGNUM *);
+int     buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
+int     buffer_get_bignum2_ret(Buffer *, BIGNUM *);
+int     buffer_get_short_ret(u_short *, Buffer *);
+int     buffer_get_int_ret(u_int *, Buffer *);
+int     buffer_get_int64_ret(u_int64_t *, Buffer *);
+void    *buffer_get_string_ret(Buffer *, u_int *);
+int     buffer_get_char_ret(char *, Buffer *);
+
 #endif                          /* BUFAUX_H */
diff --git a/buffer.c b/buffer.c
index 9217cb269..1a25004ba 100644
--- a/buffer.c
+++ b/buffer.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -126,34 +126,62 @@ buffer_len(Buffer *buffer)
 
 /* Gets data from the beginning of the buffer. */
 
-void
-buffer_get(Buffer *buffer, void *buf, u_int len)
+int
+buffer_get_ret(Buffer *buffer, void *buf, u_int len)
 {
-        if (len > buffer->end - buffer->offset)
-                fatal("buffer_get: trying to get more bytes %d than in buffer %d",
+        if (len > buffer->end - buffer->offset) {
+                error("buffer_get_ret: trying to get more bytes %d than in buffer %d",
                     len, buffer->end - buffer->offset);
+                return (-1);
+        }
         memcpy(buf, buffer->buf + buffer->offset, len);
         buffer->offset += len;
+        return (0);
+}
+
+void
+buffer_get(Buffer *buffer, void *buf, u_int len)
+{
+        if (buffer_get_ret(buffer, buf, len) == -1)
+                fatal("buffer_get: buffer error");
 }
 
 /* Consumes the given number of bytes from the beginning of the buffer. */
 
+int
+buffer_consume_ret(Buffer *buffer, u_int bytes)
+{
+        if (bytes > buffer->end - buffer->offset) {
+                error("buffer_consume_ret: trying to get more bytes than in buffer");
+                return (-1);
+        }
+        buffer->offset += bytes;
+        return (0);
+}
+
 void
 buffer_consume(Buffer *buffer, u_int bytes)
 {
-        if (bytes > buffer->end - buffer->offset)
-                fatal("buffer_consume: trying to get more bytes than in buffer");
-        buffer->offset += bytes;
+        if (buffer_consume_ret(buffer, bytes) == -1)
+                fatal("buffer_consume: buffer error");
 }
 
 /* Consumes the given number of bytes from the end of the buffer. */
 
+int
+buffer_consume_end_ret(Buffer *buffer, u_int bytes)
+{
+        if (bytes > buffer->end - buffer->offset)
+                return (-1);
+        buffer->end -= bytes;
+        return (0);
+}
+
 void
 buffer_consume_end(Buffer *buffer, u_int bytes)
 {
-        if (bytes > buffer->end - buffer->offset)
+        if (buffer_consume_end_ret(buffer, bytes) == -1)
                 fatal("buffer_consume_end: trying to get more bytes than in buffer");
-        buffer->end -= bytes;
 }
 
 /* Returns a pointer to the first used byte in the buffer. */
diff --git a/buffer.h b/buffer.h
index 5e4c41244..9c09d4f43 100644
--- a/buffer.h
+++ b/buffer.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: buffer.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $     */
+/*      $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,4 +40,8 @@ void	 buffer_consume_end(Buffer *, u_int);
 
 void     buffer_dump(Buffer *);
 
+int      buffer_get_ret(Buffer *, void *, u_int);
+int      buffer_consume_ret(Buffer *, u_int);
+int      buffer_consume_end_ret(Buffer *, u_int);
+
 #endif                          /* BUFFER_H */
diff --git a/canohost.c b/canohost.c
index 8ad684d6c..1c22d4770 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -20,7 +20,6 @@ RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $");
 #include "canohost.h"
 
 static void check_ip_options(int, char *);
-static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
 
 /*
  * Return the canonical name of the host at the other end of the socket. The
@@ -166,7 +165,7 @@ check_ip_options(int sock, char *ipaddr)
 #endif /* IP_OPTIONS */
 }
 
-static void
+void
 ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
 {
         struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr;
@@ -232,6 +231,7 @@ get_socket_address(int sock, int remote, int flags)
         struct sockaddr_storage addr;
         socklen_t addrlen;
         char ntop[NI_MAXHOST];
+        int r;
 
         /* Get IP address of client. */
         addrlen = sizeof(addr);
@@ -252,9 +252,10 @@ get_socket_address(int sock, int remote, int flags)
                 addrlen = sizeof(struct sockaddr_in6);
 
         /* Get the address in ascii. */
-        if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
-            NULL, 0, flags) != 0) {
-                error("get_socket_address: getnameinfo %d failed", flags);
+        if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
+            sizeof(ntop), NULL, 0, flags)) != 0) {
+                error("get_socket_address: getnameinfo %d failed: %s", flags,
+                    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
                 return NULL;
         }
         return xstrdup(ntop);
@@ -330,6 +331,7 @@ get_sock_port(int sock, int local)
         struct sockaddr_storage from;
         socklen_t fromlen;
         char strport[NI_MAXSERV];
+        int r;
 
         /* Get IP address of client. */
         fromlen = sizeof(from);
@@ -351,9 +353,10 @@ get_sock_port(int sock, int local)
                 fromlen = sizeof(struct sockaddr_in6);
 
         /* Return port number. */
-        if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
-            strport, sizeof(strport), NI_NUMERICSERV) != 0)
-                fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed");
+        if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
+            strport, sizeof(strport), NI_NUMERICSERV)) != 0)
+                fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s",
+                    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
         return atoi(strport);
 }
 
diff --git a/canohost.h b/canohost.h
index 4347b488a..df1f125e5 100644
--- a/canohost.h
+++ b/canohost.h
@@ -23,3 +23,5 @@ char		*get_local_name(int);
 
 int              get_remote_port(void);
 int              get_local_port(void);
+
+void             ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
diff --git a/channels.c b/channels.c
index 1f6984aa7..1be213bce 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.209 2004/08/11 21:43:04 avsm Exp $");
+RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -2179,14 +2179,14 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
     const char *host_to_connect, u_short port_to_connect, int gateway_ports)
 {
         Channel *c;
-        int success, sock, on = 1;
+        int sock, r, success = 0, on = 1, wildcard = 0, is_client;
         struct addrinfo hints, *ai, *aitop;
-        const char *host;
+        const char *host, *addr;
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 
-        success = 0;
         host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
             listen_addr : host_to_connect;
+        is_client = (type == SSH_CHANNEL_PORT_LISTENER);
 
         if (host == NULL) {
                 error("No forward host name.");
@@ -2198,16 +2198,60 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
         }
 
         /*
+         * Determine whether or not a port forward listens to loopback,
+         * specified address or wildcard. On the client, a specified bind 
+         * address will always override gateway_ports. On the server, a 
+         * gateway_ports of 1 (``yes'') will override the client's 
+         * specification and force a wildcard bind, whereas a value of 2 
+         * (``clientspecified'') will bind to whatever address the client 
+         * asked for.
+         *
+         * Special-case listen_addrs are:
+         *
+         * "0.0.0.0"               -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR
+         * "" (empty string), "*"  -> wildcard v4/v6
+         * "localhost"             -> loopback v4/v6
+         */
+        addr = NULL;
+        if (listen_addr == NULL) {
+                /* No address specified: default to gateway_ports setting */
+                if (gateway_ports)
+                        wildcard = 1;
+        } else if (gateway_ports || is_client) {
+                if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
+                    strcmp(listen_addr, "0.0.0.0") == 0) ||
+                    *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
+                    (!is_client && gateway_ports == 1))
+                        wildcard = 1;
+                else if (strcmp(listen_addr, "localhost") != 0)
+                        addr = listen_addr;
+        }
+
+        debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s",
+            type, wildcard, (addr == NULL) ? "NULL" : addr);
+
+        /*
          * getaddrinfo returns a loopback address if the hostname is
          * set to NULL and hints.ai_flags is not AI_PASSIVE
          */
         memset(&hints, 0, sizeof(hints));
         hints.ai_family = IPv4or6;
-        hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
+        hints.ai_flags = wildcard ? AI_PASSIVE : 0;
         hints.ai_socktype = SOCK_STREAM;
         snprintf(strport, sizeof strport, "%d", listen_port);
-        if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
-                packet_disconnect("getaddrinfo: fatal error");
+        if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
+                if (addr == NULL) {
+                        /* This really shouldn't happen */
+                        packet_disconnect("getaddrinfo: fatal error: %s",
+                            gai_strerror(r));
+                } else {
+                        verbose("channel_setup_fwd_listener: "
+                            "getaddrinfo(%.64s): %s", addr, gai_strerror(r));
+                        packet_send_debug("channel_setup_fwd_listener: "
+                            "getaddrinfo(%.64s): %s", addr, gai_strerror(r));
+                }
+                aitop = NULL;
+        }
 
         for (ai = aitop; ai; ai = ai->ai_next) {
                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -2279,7 +2323,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
                 if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
                     strncmp(c->path, host, sizeof(c->path)) == 0 &&
                     c->listening_port == port) {
-                        debug2("%s: close clannel %d", __func__, i);
+                        debug2("%s: close channel %d", __func__, i);
                         channel_free(c);
                         found = 1;
                 }
@@ -2290,11 +2334,12 @@ channel_cancel_rport_listener(const char *host, u_short port)
 
 /* protocol local port fwd, used by ssh (and sshd in v1) */
 int
-channel_setup_local_fwd_listener(u_short listen_port,
+channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port,
     const char *host_to_connect, u_short port_to_connect, int gateway_ports)
 {
         return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
-            NULL, listen_port, host_to_connect, port_to_connect, gateway_ports);
+            listen_host, listen_port, host_to_connect, port_to_connect,
+            gateway_ports);
 }
 
 /* protocol v2 remote port fwd, used by sshd */
@@ -2312,7 +2357,7 @@ channel_setup_remote_fwd_listener(const char *listen_address,
  */
 
 void
-channel_request_remote_forwarding(u_short listen_port,
+channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
     const char *host_to_connect, u_short port_to_connect)
 {
         int type, success = 0;
@@ -2323,7 +2368,14 @@ channel_request_remote_forwarding(u_short listen_port,
 
         /* Send the forward request to the remote side. */
         if (compat20) {
-                const char *address_to_bind = "0.0.0.0";
+                const char *address_to_bind;
+                if (listen_host == NULL)
+                        address_to_bind = "localhost";
+                else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0)
+                        address_to_bind = "";
+                else
+                        address_to_bind = listen_host;
+
                 packet_start(SSH2_MSG_GLOBAL_REQUEST);
                 packet_put_cstring("tcpip-forward");
                 packet_put_char(1);                     /* boolean: want reply */
@@ -2369,10 +2421,9 @@ channel_request_remote_forwarding(u_short listen_port,
  * local side.
  */
 void
-channel_request_rforward_cancel(u_short port)
+channel_request_rforward_cancel(const char *host, u_short port)
 {
         int i;
-        const char *address_to_bind = "0.0.0.0";
 
         if (!compat20)
                 return;
@@ -2389,7 +2440,7 @@ channel_request_rforward_cancel(u_short port)
         packet_start(SSH2_MSG_GLOBAL_REQUEST);
         packet_put_cstring("cancel-tcpip-forward");
         packet_put_char(0);
-        packet_put_cstring(address_to_bind);
+        packet_put_cstring(host == NULL ? "" : host);
         packet_put_int(port);
         packet_send();
 
@@ -2430,7 +2481,8 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
 #endif
 
         /* Initiate forwarding */
-        channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);
+        channel_setup_local_fwd_listener(NULL, port, hostname,
+            host_port, gateway_ports);
 
         /* Free the argument string. */
         xfree(hostname);
@@ -2577,7 +2629,7 @@ channel_send_window_changes(void)
         struct winsize ws;
 
         for (i = 0; i < channels_alloc; i++) {
-                if (channels[i] == NULL ||
+                if (channels[i] == NULL || !channels[i]->client_tty || 
                     channels[i]->type != SSH_CHANNEL_OPEN)
                         continue;
                 if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
diff --git a/channels.h b/channels.h
index f8dc8249c..fc20fb2c3 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: channels.h,v 1.74 2004/08/11 21:43:04 avsm Exp $      */
+/*      $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -79,6 +79,7 @@ struct Channel {
         int     ctl_fd;         /* control fd (client sharing) */
         int     isatty;         /* rfd is a tty */
         int     wfd_isatty;     /* wfd is a tty */
+        int     client_tty;     /* (client) TTY has been requested */
         int     force_drain;    /* force close on iEOF */
         int     delayed;                /* fdset hack */
         Buffer  input;          /* data read from socket, to be sent over
@@ -202,9 +203,11 @@ void	 channel_clear_permitted_opens(void);
 void     channel_input_port_forward_request(int, int);
 int      channel_connect_to(const char *, u_short);
 int      channel_connect_by_listen_address(u_short);
-void     channel_request_remote_forwarding(u_short, const char *, u_short);
-void     channel_request_rforward_cancel(u_short port);
-int      channel_setup_local_fwd_listener(u_short, const char *, u_short, int);
+void     channel_request_remote_forwarding(const char *, u_short,
+             const char *, u_short);
+int      channel_setup_local_fwd_listener(const char *, u_short,
+             const char *, u_short, int);
+void     channel_request_rforward_cancel(const char *host, u_short port);
 int      channel_setup_remote_fwd_listener(const char *, u_short, int);
 int      channel_cancel_rport_listener(const char *, u_short);
 
diff --git a/cipher-ctr.c b/cipher-ctr.c
index 395dabedd..43f1ede57 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $");
+RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $");
 
 #include <openssl/evp.h>
 
diff --git a/cipher.c b/cipher.c
index 075a4c5fc..beba4618d 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -146,7 +146,7 @@ cipher_by_name(const char *name)
 {
         Cipher *c;
         for (c = ciphers; c->name != NULL; c++)
-                if (strcasecmp(c->name, name) == 0)
+                if (strcmp(c->name, name) == 0)
                         return c;
         return NULL;
 }
@@ -199,8 +199,10 @@ cipher_number(const char *name)
         Cipher *c;
         if (name == NULL)
                 return -1;
-        c = cipher_by_name(name);
-        return (c==NULL) ? -1 : c->number;
+        for (c = ciphers; c->name != NULL; c++)
+                if (strcasecmp(c->name, name) == 0)
+                        return c->number;
+        return -1;
 }
 
 char *
diff --git a/clientloop.c b/clientloop.c
index 1bcf4392f..90bdcbc39 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -437,8 +437,6 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
 static void
 client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
 {
-        struct winsize oldws, newws;
-
         /* Flush stdout and stderr buffers. */
         if (buffer_len(bout) > 0)
                 atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout));
@@ -455,19 +453,11 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
         buffer_free(bout);
         buffer_free(berr);
 
-        /* Save old window size. */
-        ioctl(fileno(stdin), TIOCGWINSZ, &oldws);
-
         /* Send the suspend signal to the program itself. */
         kill(getpid(), SIGTSTP);
 
-        /* Check if the window size has changed. */
-        if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 &&
-            (oldws.ws_row != newws.ws_row ||
-            oldws.ws_col != newws.ws_col ||
-            oldws.ws_xpixel != newws.ws_xpixel ||
-            oldws.ws_ypixel != newws.ws_ypixel))
-                received_window_change_signal = 1;
+        /* Reset window sizes in case they have changed */
+        received_window_change_signal = 1;
 
         /* OK, we have been continued by the user. Reinitialize buffers. */
         buffer_init(bin);
@@ -576,7 +566,7 @@ client_process_control(fd_set * readset)
         struct sockaddr_storage addr;
         struct confirm_ctx *cctx;
         char *cmd;
-        u_int len, env_len;
+        u_int len, env_len, command, flags;
         uid_t euid;
         gid_t egid;
 
@@ -606,39 +596,74 @@ client_process_control(fd_set * readset)
                 return;
         }
 
-        allowed = 1;
-        if (options.control_master == 2) {
-                char *p, prompt[1024];
-
-                allowed = 0;
-                snprintf(prompt, sizeof(prompt),
-                    "Allow shared connection to %s? ", host);
-                p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
-                if (p != NULL) {
-                        /*
-                         * Accept empty responses and responses consisting
-                         * of the word "yes" as affirmative.
-                         */
-                        if (*p == '\0' || *p == '\n' ||
-                            strcasecmp(p, "yes") == 0)
-                                allowed = 1;
-                        xfree(p);
-                }
-        }
-
         unset_nonblock(client_fd);
 
+        /* Read command */
         buffer_init(&m);
+        if (ssh_msg_recv(client_fd, &m) == -1) {
+                error("%s: client msg_recv failed", __func__);
+                close(client_fd);
+                buffer_free(&m);
+                return;
+        }
+        if ((ver = buffer_get_char(&m)) != 1) {
+                error("%s: wrong client version %d", __func__, ver);
+                buffer_free(&m);
+                close(client_fd);
+                return;
+        }
+
+        allowed = 1;
+        command = buffer_get_int(&m);
+        flags = buffer_get_int(&m);
+
+        buffer_clear(&m);
 
+        switch (command) {
+        case SSHMUX_COMMAND_OPEN:
+                if (options.control_master == 2)
+                        allowed = ask_permission("Allow shared connection "
+                            "to %s? ", host);
+                /* continue below */
+                break;
+        case SSHMUX_COMMAND_TERMINATE:
+                if (options.control_master == 2)
+                        allowed = ask_permission("Terminate shared connection "
+                            "to %s? ", host);
+                if (allowed)
+                        quit_pending = 1;
+                /* FALLTHROUGH */       
+        case SSHMUX_COMMAND_ALIVE_CHECK:
+                /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
+                buffer_clear(&m);
+                buffer_put_int(&m, allowed);
+                buffer_put_int(&m, getpid());
+                if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
+                        error("%s: client msg_send failed", __func__);
+                        close(client_fd);
+                        buffer_free(&m);
+                        return;
+                }
+                buffer_free(&m);
+                close(client_fd);
+                return;
+        default:
+                error("Unsupported command %d", command);
+                buffer_free(&m);
+                close(client_fd);
+                return;
+        }
+
+        /* Reply for SSHMUX_COMMAND_OPEN */
+        buffer_clear(&m);
         buffer_put_int(&m, allowed);
         buffer_put_int(&m, getpid());
-        if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+        if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
                 error("%s: client msg_send failed", __func__);
                 close(client_fd);
                 buffer_free(&m);
                 return;
         }
-        buffer_clear(&m);
 
         if (!allowed) {
                 error("Refused control connection");
@@ -647,14 +672,14 @@ client_process_control(fd_set * readset)
                 return;
         }
 
+        buffer_clear(&m);
         if (ssh_msg_recv(client_fd, &m) == -1) {
                 error("%s: client msg_recv failed", __func__);
                 close(client_fd);
                 buffer_free(&m);
                 return;
         }
-
-        if ((ver = buffer_get_char(&m)) != 0) {
+        if ((ver = buffer_get_char(&m)) != 1) {
                 error("%s: wrong client version %d", __func__, ver);
                 buffer_free(&m);
                 close(client_fd);
@@ -663,9 +688,8 @@ client_process_control(fd_set * readset)
 
         cctx = xmalloc(sizeof(*cctx));
         memset(cctx, 0, sizeof(*cctx));
-
-        cctx->want_tty = buffer_get_int(&m);
-        cctx->want_subsys = buffer_get_int(&m);
+        cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
+        cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
         cctx->term = buffer_get_string(&m, &len);
 
         cmd = buffer_get_string(&m, &len);
@@ -697,14 +721,21 @@ client_process_control(fd_set * readset)
         if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
                 error("%s: tcgetattr: %s", __func__, strerror(errno));
 
+        /* This roundtrip is just for synchronisation of ttymodes */
         buffer_clear(&m);
-        if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+        if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
                 error("%s: client msg_send failed", __func__);
                 close(client_fd);
                 close(new_fd[0]);
                 close(new_fd[1]);
                 close(new_fd[2]);
                 buffer_free(&m);
+                xfree(cctx->term);
+                if (env_len != 0) {
+                        for (i = 0; i < env_len; i++)
+                                xfree(cctx->env[i]);
+                        xfree(cctx->env);
+                }
                 return;
         }
         buffer_free(&m);
@@ -737,11 +768,11 @@ static void
 process_cmdline(void)
 {
         void (*handler)(int);
-        char *s, *cmd;
-        u_short fwd_port, fwd_host_port;
-        char buf[1024], sfwd_port[6], sfwd_host_port[6];
+        char *s, *cmd, *cancel_host;
         int delete = 0;
         int local = 0;
+        u_short cancel_port;
+        Forward fwd;
 
         leave_raw_mode();
         handler = signal(SIGINT, SIG_IGN);
@@ -787,37 +818,38 @@ process_cmdline(void)
                 s++;
 
         if (delete) {
-                if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) {
-                        logit("Bad forwarding specification.");
-                        goto out;
+                cancel_port = 0;
+                cancel_host = hpdelim(&s);      /* may be NULL */
+                if (s != NULL) {
+                        cancel_port = a2port(s);
+                        cancel_host = cleanhostname(cancel_host);
+                } else {
+                        cancel_port = a2port(cancel_host);
+                        cancel_host = NULL;
                 }
-                if ((fwd_host_port = a2port(sfwd_host_port)) == 0) {
-                        logit("Bad forwarding port(s).");
+                if (cancel_port == 0) {
+                        logit("Bad forwarding close port");
                         goto out;
                 }
-                channel_request_rforward_cancel(fwd_host_port);
+                channel_request_rforward_cancel(cancel_host, cancel_port);
         } else {
-                if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
-                    sfwd_port, buf, sfwd_host_port) != 3 &&
-                    sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
-                    sfwd_port, buf, sfwd_host_port) != 3) {
+                if (!parse_forward(&fwd, s)) {
                         logit("Bad forwarding specification.");
                         goto out;
                 }
-                if ((fwd_port = a2port(sfwd_port)) == 0 ||
-                    (fwd_host_port = a2port(sfwd_host_port)) == 0) {
-                        logit("Bad forwarding port(s).");
-                        goto out;
-                }
                 if (local) {
-                        if (channel_setup_local_fwd_listener(fwd_port, buf,
-                            fwd_host_port, options.gateway_ports) < 0) {
+                        if (channel_setup_local_fwd_listener(fwd.listen_host,
+                            fwd.listen_port, fwd.connect_host,
+                            fwd.connect_port, options.gateway_ports) < 0) {
                                 logit("Port forwarding failed.");
                                 goto out;
                         }
-                } else
-                        channel_request_remote_forwarding(fwd_port, buf,
-                            fwd_host_port);
+                } else {
+                        channel_request_remote_forwarding(fwd.listen_host,
+                            fwd.listen_port, fwd.connect_host,
+                            fwd.connect_port);
+                }
+
                 logit("Forwarding port.");
         }
 
@@ -1201,14 +1233,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
          * Set signal handlers, (e.g. to restore non-blocking mode)
          * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
          */
+        if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
+                signal(SIGHUP, signal_handler);
         if (signal(SIGINT, SIG_IGN) != SIG_IGN)
                 signal(SIGINT, signal_handler);
         if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
                 signal(SIGQUIT, signal_handler);
         if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
                 signal(SIGTERM, signal_handler);
-        if (have_pty)
-                signal(SIGWINCH, window_change_handler);
+        signal(SIGWINCH, window_change_handler);
 
         if (have_pty)
                 enter_raw_mode();
@@ -1316,8 +1349,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
         /* Terminate the session. */
 
         /* Stop watching for window change. */
-        if (have_pty)
-                signal(SIGWINCH, SIG_DFL);
+        signal(SIGWINCH, SIG_DFL);
 
         channel_free_all();
 
@@ -1684,9 +1716,13 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
     dispatch_fn *subsys_repl)
 {
         int len;
+        Channel *c = NULL;
 
         debug2("%s: id %d", __func__, id);
 
+        if ((c = channel_lookup(id)) == NULL)
+                fatal("client_session2_setup: channel %d: unknown channel", id);
+
         if (want_tty) {
                 struct winsize ws;
                 struct termios tio;
@@ -1705,6 +1741,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
                 tty_make_modes(-1, tiop != NULL ? tiop : &tio);
                 packet_send();
                 /* XXX wait for reply */
+                c->client_tty = 1;
         }
 
         /* Transfer any environment variables from client to server */
diff --git a/clientloop.h b/clientloop.h
index 9992d5938..b23c111cb 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */
+/*      $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,3 +40,11 @@ int	 client_loop(int, int, int);
 void     client_global_request_reply_fwd(int, u_int32_t, void *);
 void     client_session2_setup(int, int, int, const char *, struct termios *,
             int, Buffer *, char **, dispatch_fn *);
+
+/* Multiplexing control protocol flags */
+#define SSHMUX_COMMAND_OPEN             1       /* Open new connection */
+#define SSHMUX_COMMAND_ALIVE_CHECK      2       /* Check master is alive */
+#define SSHMUX_COMMAND_TERMINATE        3       /* Ask master to exit */
+
+#define SSHMUX_FLAG_TTY                 (1)     /* Request tty on open */
+#define SSHMUX_FLAG_SUBSYS              (1<<1)  /* Subsystem request on open */
diff --git a/compat.c b/compat.c
index 2fdebe7fa..4086e853e 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $");
 
 #include "buffer.h"
 #include "packet.h"
@@ -62,24 +62,28 @@ compat_datafellows(const char *version)
                   "OpenSSH_2.1*,"
                   "OpenSSH_2.2*",       SSH_OLD_SESSIONID|SSH_BUG_BANNER|
                                         SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-                                        SSH_BUG_EXTEOF},
+                                        SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
                 { "OpenSSH_2.3.0*",     SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
                                         SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-                                        SSH_BUG_EXTEOF},
+                                        SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
                 { "OpenSSH_2.3.*",      SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
-                                        SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+                                        SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+                                        SSH_OLD_FORWARD_ADDR},
                 { "OpenSSH_2.5.0p1*,"
                   "OpenSSH_2.5.1p1*",
                                         SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
-                                        SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+                                        SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+                                        SSH_OLD_FORWARD_ADDR},
                 { "OpenSSH_2.5.0*,"
                   "OpenSSH_2.5.1*,"
                   "OpenSSH_2.5.2*",     SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-                                        SSH_BUG_EXTEOF},
-                { "OpenSSH_2.5.3*",     SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+                                        SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
+                { "OpenSSH_2.5.3*",     SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
+                                        SSH_OLD_FORWARD_ADDR},
                 { "OpenSSH_2.*,"
                   "OpenSSH_3.0*,"
-                  "OpenSSH_3.1*",       SSH_BUG_EXTEOF},
+                  "OpenSSH_3.1*",       SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
+                { "OpenSSH_3.*",        SSH_OLD_FORWARD_ADDR },
                 { "Sun_SSH_1.0*",       SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
                 { "OpenSSH*",           0 },
                 { "*MindTerm*",         0 },
diff --git a/compat.h b/compat.h
index 5efb5c29e..cf92dbdee 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $     */
+/*      $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,6 +55,7 @@
 #define SSH_BUG_EXTEOF          0x00200000
 #define SSH_BUG_PROBE           0x00400000
 #define SSH_BUG_FIRSTKEX        0x00800000
+#define SSH_OLD_FORWARD_ADDR    0x01000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
diff --git a/config.h.in b/config.h.in
index 803aac4de..70f997323 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,5 @@
 /* config.h.in.  Generated from configure.ac by autoheader.  */
-/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -52,9 +52,6 @@
 #undef SPT_TYPE
 #undef SPT_PADCHAR
 
-/* setgroups() NOOP allowed */
-#undef SETGROUPS_NOOP
-
 /* SCO workaround */
 #undef BROKEN_SYS_TERMIO_H
 
@@ -461,9 +458,16 @@
 #undef HAVE_PROC_PID
 
 
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+   */
+#undef AIX_GETNAMEINFO_HACK
+
 /* Define to 1 if the `getpgrp' function requires zero arguments. */
 #undef GETPGRP_VOID
 
+/* Conflicting defs for getspnam */
+#undef GETSPNAM_CONFLICTING_DEFS
+
 /* Define to 1 if you have the `arc4random' function. */
 #undef HAVE_ARC4RANDOM
 
@@ -479,6 +483,9 @@
 /* Define to 1 if you have the `bindresvport_sa' function. */
 #undef HAVE_BINDRESVPORT_SA
 
+/* Define to 1 if you have the <bsm/audit.h> header file. */
+#undef HAVE_BSM_AUDIT_H
+
 /* Define to 1 if you have the <bstring.h> header file. */
 #undef HAVE_BSTRING_H
 
@@ -494,10 +501,30 @@
 /* Define to 1 if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H
 
+/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
+   don't. */
+#undef HAVE_DECL_AUTHENTICATE
+
 /* Define to 1 if you have the declaration of `h_errno', and to 0 if you
    don't. */
 #undef HAVE_DECL_H_ERRNO
 
+/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
+   don't. */
+#undef HAVE_DECL_LOGINFAILED
+
+/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
+   you don't. */
+#undef HAVE_DECL_LOGINRESTRICTIONS
+
+/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
+   don't. */
+#undef HAVE_DECL_LOGINSUCCESS
+
+/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
+   don't. */
+#undef HAVE_DECL_PASSWDEXPIRED
+
 /* Define to 1 if you have the <dirent.h> header file. */
 #undef HAVE_DIRENT_H
 
@@ -516,6 +543,9 @@
 /* Define to 1 if you have the `endutxent' function. */
 #undef HAVE_ENDUTXENT
 
+/* Define to 1 if you have the `fchdir' function. */
+#undef HAVE_FCHDIR
+
 /* Define to 1 if you have the `fchmod' function. */
 #undef HAVE_FCHMOD
 
@@ -540,6 +570,12 @@
 /* Define to 1 if you have the `getaddrinfo' function. */
 #undef HAVE_GETADDRINFO
 
+/* Define to 1 if you have the `getaudit' function. */
+#undef HAVE_GETAUDIT
+
+/* Define to 1 if you have the `getaudit_addr' function. */
+#undef HAVE_GETAUDIT_ADDR
+
 /* Define to 1 if you have the `getcwd' function. */
 #undef HAVE_GETCWD
 
@@ -636,9 +672,15 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
+/* Define to 1 if the system has the type `in_addr_t'. */
+#undef HAVE_IN_ADDR_T
+
 /* Define to 1 if you have the <lastlog.h> header file. */
 #undef HAVE_LASTLOG_H
 
+/* Define to 1 if you have the `bsm' library (-lbsm). */
+#undef HAVE_LIBBSM
+
 /* Define to 1 if you have the `crypt' library (-lcrypt). */
 #undef HAVE_LIBCRYPT
 
@@ -1068,6 +1110,9 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
+/* must supply username to passwd */
+#undef PASSWD_NEEDS_USERNAME
+
 /* The size of a `char', as computed by sizeof. */
 #undef SIZEOF_CHAR
 
@@ -1083,9 +1128,21 @@
 /* The size of a `short int', as computed by sizeof. */
 #undef SIZEOF_SHORT_INT
 
+/* Use audit debugging module */
+#undef SSH_AUDIT_EVENTS
+
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
+/* Use BSM audit module */
+#undef USE_BSM_AUDIT
+
+/* Use btmp to log bad logins */
+#undef USE_BTMP
+
+/* Use libedit for sftp */
+#undef USE_LIBEDIT
+
 /* Define to 1 if your processor stores words with the most significant byte
    first (like Motorola and SPARC, unlike Intel and VAX). */
 #undef WORDS_BIGENDIAN
@@ -1096,6 +1153,9 @@
 /* Define for large files, on AIX-style hosts. */
 #undef _LARGE_FILES
 
+/* log for bad login attempts */
+#undef _PATH_BTMP
+
 /* Define to `__inline__' or `__inline' if that's what the C compiler
    calls it, or to nothing if 'inline' is not supported under any name.  */
 #ifndef __cplusplus
diff --git a/configure b/configure
index 0c85e42ad..1bf7b0b0b 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59.
+# Generated by GNU Autoconf 2.59 for OpenSSH Portable.
 #
 # Copyright (C) 2003 Free Software Foundation, Inc.
 # This configure script is free software; the Free Software Foundation
@@ -265,11 +265,11 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 : ${ac_max_here_lines=38}
 
 # Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
+PACKAGE_NAME='OpenSSH'
+PACKAGE_TARNAME='openssh'
+PACKAGE_VERSION='Portable'
+PACKAGE_STRING='OpenSSH Portable'
+PACKAGE_BUGREPORT=''
 
 ac_unique_file="ssh.c"
 # Factoring default headers for most tests.
@@ -309,7 +309,7 @@ ac_includes_default="\
 # include <unistd.h>
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT build build_cpu build_vendor build_os host host_cpu host_vendor host_os AWK CPP RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AR CAT KILL PERL SED ENT TEST_MINUS_S_SH SH TEST_SHELL PATH_GROUPADD_PROG PATH_USERADD_PROG MAKE_PACKAGE_SUPPORTED LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD EGREP LIBWRAP LIBPAM INSTALL_SSH_RAND_HELPER SSH_PRIVSEP_USER PROG_LS PROG_NETSTAT PROG_ARP PROG_IFCONFIG PROG_JSTAT PROG_PS PROG_SAR PROG_W PROG_WHO PROG_LAST PROG_LASTLOG PROG_DF PROG_VMSTAT PROG_UPTIME PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS OPENSC_CONFIG PRIVSEP_PATH xauth_path STRIP_OPT XAUTH_PATH NROFF MANTYPE mansubdir user_path piddir LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT build build_cpu build_vendor build_os host host_cpu host_vendor host_os AWK CPP RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AR CAT KILL PERL SED ENT TEST_MINUS_S_SH SH TEST_SHELL PATH_GROUPADD_PROG PATH_USERADD_PROG MAKE_PACKAGE_SUPPORTED LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD EGREP LIBWRAP LIBEDIT LIBPAM INSTALL_SSH_RAND_HELPER SSH_PRIVSEP_USER PROG_LS PROG_NETSTAT PROG_ARP PROG_IFCONFIG PROG_JSTAT PROG_PS PROG_SAR PROG_W PROG_WHO PROG_LAST PROG_LASTLOG PROG_DF PROG_VMSTAT PROG_UPTIME PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS OPENSC_CONFIG PRIVSEP_PATH xauth_path STRIP_OPT XAUTH_PATH NROFF MANTYPE mansubdir user_path piddir LIBOBJS LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -778,7 +778,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
+\`configure' configures OpenSSH Portable to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -838,7 +838,9 @@ _ACEOF
 fi
 
 if test -n "$ac_init_help"; then
-
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of OpenSSH Portable:";;
+   esac
   cat <<\_ACEOF
 
 Optional Features:
@@ -846,7 +848,7 @@ Optional Features:
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --disable-largefile     omit support for large files
   --disable-strip         Disable calling strip(1) on install
-  --disable-etc-default-login       Disable using PATH from /etc/default/login no
+  --disable-etc-default-login Disable using PATH from /etc/default/login no
   --disable-lastlog       disable use of lastlog even if detected no
   --disable-utmp          disable use of utmp even if detected no
   --disable-utmpx         disable use of utmpx even if detected no
@@ -867,10 +869,10 @@ Optional Packages:
   --with-libs             Specify additional libraries to link with
   --with-zlib=PATH        Use zlib in PATH
   --without-zlib-version-check Disable zlib version check
-  --with-skey[=PATH]      Enable S/Key support
-                            (optionally in PATH)
-  --with-tcp-wrappers[=PATH]      Enable tcpwrappers support
-                            (optionally in PATH)
+  --with-skey[=PATH]      Enable S/Key support (optionally in PATH)
+  --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
+  --with-libedit[=PATH]   Enable libedit support for sftp
+  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)
   --with-pam              Enable PAM support
   --with-ssl-dir=PATH     Specify path to OpenSSL installation
   --with-rand-helper      Use subprocess to gather strong randomness
@@ -1001,6 +1003,8 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
+OpenSSH configure Portable
+generated by GNU Autoconf 2.59
 
 Copyright (C) 2003 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
@@ -1013,7 +1017,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by $as_me, which was
+It was created by OpenSSH $as_me Portable, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   $ $0 $@
@@ -1343,6 +1347,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
+
+
+
+
+
+
+
+
           ac_config_headers="$ac_config_headers config.h"
 
 ac_ext=c
@@ -4347,6 +4359,292 @@ fi
 
 fi
 
+                echo "$as_me:$LINENO: checking whether authenticate is declared" >&5
+echo $ECHO_N "checking whether authenticate is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_authenticate+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <usersec.h>
+
+int
+main ()
+{
+#ifndef authenticate
+  char *p = (char *) authenticate;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_have_decl_authenticate=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_have_decl_authenticate=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_authenticate" >&5
+echo "${ECHO_T}$ac_cv_have_decl_authenticate" >&6
+if test $ac_cv_have_decl_authenticate = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_AUTHENTICATE 1
+_ACEOF
+
+
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_AUTHENTICATE 0
+_ACEOF
+
+
+fi
+echo "$as_me:$LINENO: checking whether loginrestrictions is declared" >&5
+echo $ECHO_N "checking whether loginrestrictions is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_loginrestrictions+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <usersec.h>
+
+int
+main ()
+{
+#ifndef loginrestrictions
+  char *p = (char *) loginrestrictions;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_have_decl_loginrestrictions=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_have_decl_loginrestrictions=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginrestrictions" >&5
+echo "${ECHO_T}$ac_cv_have_decl_loginrestrictions" >&6
+if test $ac_cv_have_decl_loginrestrictions = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINRESTRICTIONS 1
+_ACEOF
+
+
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINRESTRICTIONS 0
+_ACEOF
+
+
+fi
+echo "$as_me:$LINENO: checking whether loginsuccess is declared" >&5
+echo $ECHO_N "checking whether loginsuccess is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_loginsuccess+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <usersec.h>
+
+int
+main ()
+{
+#ifndef loginsuccess
+  char *p = (char *) loginsuccess;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_have_decl_loginsuccess=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_have_decl_loginsuccess=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginsuccess" >&5
+echo "${ECHO_T}$ac_cv_have_decl_loginsuccess" >&6
+if test $ac_cv_have_decl_loginsuccess = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINSUCCESS 1
+_ACEOF
+
+
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINSUCCESS 0
+_ACEOF
+
+
+fi
+echo "$as_me:$LINENO: checking whether passwdexpired is declared" >&5
+echo $ECHO_N "checking whether passwdexpired is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_passwdexpired+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <usersec.h>
+
+int
+main ()
+{
+#ifndef passwdexpired
+  char *p = (char *) passwdexpired;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_have_decl_passwdexpired=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_have_decl_passwdexpired=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_passwdexpired" >&5
+echo "${ECHO_T}$ac_cv_have_decl_passwdexpired" >&6
+if test $ac_cv_have_decl_passwdexpired = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_PASSWDEXPIRED 1
+_ACEOF
+
+
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_PASSWDEXPIRED 0
+_ACEOF
+
+
+fi
+
+
                 echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5
 echo $ECHO_N "checking whether loginfailed is declared... $ECHO_C" >&6
 if test "${ac_cv_have_decl_loginfailed+set}" = set; then
@@ -4406,7 +4704,12 @@ fi
 echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginfailed" >&5
 echo "${ECHO_T}$ac_cv_have_decl_loginfailed" >&6
 if test $ac_cv_have_decl_loginfailed = yes; then
-  echo "$as_me:$LINENO: checking if loginfailed takes 4 arguments" >&5
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINFAILED 1
+_ACEOF
+
+echo "$as_me:$LINENO: checking if loginfailed takes 4 arguments" >&5
 echo $ECHO_N "checking if loginfailed takes 4 arguments... $ECHO_C" >&6
                   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -4460,9 +4763,16 @@ echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINFAILED 0
+_ACEOF
+
+
 fi
 
 
+
 for ac_func in setauthdb
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -4564,10 +4874,7 @@ _ACEOF
 fi
 done
 
-        cat >>confdefs.h <<\_ACEOF
-#define BROKEN_GETADDRINFO 1
-_ACEOF
-
+        check_for_aix_broken_getaddrinfo=1
         cat >>confdefs.h <<\_ACEOF
 #define BROKEN_REALPATH 1
 _ACEOF
@@ -4628,10 +4935,6 @@ _ACEOF
 #define DISABLE_FD_PASSING 1
 _ACEOF
 
-        cat >>confdefs.h <<\_ACEOF
-#define SETGROUPS_NOOP 1
-_ACEOF
-
         ;;
 *-*-dgux*)
         cat >>confdefs.h <<\_ACEOF
@@ -4964,7 +5267,13 @@ _ACEOF
 #define SPT_TYPE SPT_PSTAT
 _ACEOF
 
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_BTMP 1
+_ACEOF
+
         check_for_hpux_broken_getaddrinfo=1
+        check_for_conflicting_getspnam=1
         LIBS="$LIBS -lsec"
 
 echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
@@ -5236,6 +5545,16 @@ _ACEOF
 #define LINK_OPNOTSUPP_ERRNO EPERM
 _ACEOF
 
+
+cat >>confdefs.h <<\_ACEOF
+#define _PATH_BTMP "/var/log/btmp"
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_BTMP 1
+_ACEOF
+
         inet6_default_4in6=yes
         case `uname -r` in
         1.*|2.0.*)
@@ -5568,6 +5887,75 @@ _ACEOF
 
 fi
 
+        # -lresolv needs to be at then end of LIBS or DNS lookups break
+        echo "$as_me:$LINENO: checking for resolv in -lres_query" >&5
+echo $ECHO_N "checking for resolv in -lres_query... $ECHO_C" >&6
+if test "${ac_cv_lib_res_query_resolv+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lres_query  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char resolv ();
+int
+main ()
+{
+resolv ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_res_query_resolv=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_res_query_resolv=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_res_query_resolv" >&5
+echo "${ECHO_T}$ac_cv_lib_res_query_resolv" >&6
+if test $ac_cv_lib_res_query_resolv = yes; then
+   LIBS="$LIBS -lresolv"
+fi
+
         IPADDR_IN_DISPLAY=yes
         cat >>confdefs.h <<\_ACEOF
 #define USE_PIPES 1
@@ -5598,6 +5986,7 @@ _ACEOF
         # Attention: always take care to bind libsocket and libnsl before libc,
         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
         ;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
 *-*-sysv4.2*)
         cat >>confdefs.h <<\_ACEOF
 #define USE_PIPES 1
@@ -5616,6 +6005,7 @@ _ACEOF
 _ACEOF
 
         ;;
+# UnixWare 7.x, OpenUNIX 8
 *-*-sysv5*)
         cat >>confdefs.h <<\_ACEOF
 #define USE_PIPES 1
@@ -5636,154 +6026,13 @@ _ACEOF
         ;;
 *-*-sysv*)
         ;;
+# SCO UNIX and OEM versions of SCO UNIX
 *-*-sco3.2v4*)
-        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
-        LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
-        RANLIB=true
-        no_dev_ptmx=1
-        cat >>confdefs.h <<\_ACEOF
-#define BROKEN_SYS_TERMIO_H 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define USE_PIPES 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define HAVE_SECUREWARE 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define DISABLE_SHADOW 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define BROKEN_SAVED_UIDS 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define SETEUID_BREAKS_SETUID 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define BROKEN_SETREUID 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define BROKEN_SETREGID 1
-_ACEOF
-
-        cat >>confdefs.h <<\_ACEOF
-#define WITH_ABBREV_NO_TTY 1
-_ACEOF
-
-
-
-for ac_func in getluid setluid
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-char (*f) () = $ac_func;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != $ac_func;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -z "$ac_c_werror_flag"
-                         || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-eval "$as_ac_var=no"
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-        MANTYPE=man
-        do_sco3_extra_lib_check=yes
-        TEST_SHELL=ksh
+        { { echo "$as_me:$LINENO: error: \"This Platform is no longer supported.\"" >&5
+echo "$as_me: error: \"This Platform is no longer supported.\"" >&2;}
+   { (exit 1); exit 1; }; }
         ;;
+# SCO OpenServer 5.x
 *-*-sco3.2v5*)
         if test -z "$GCC"; then
                 CFLAGS="$CFLAGS -belf"
@@ -5827,6 +6076,11 @@ _ACEOF
 _ACEOF
 
 
+cat >>confdefs.h <<\_ACEOF
+#define PASSWD_NEEDS_USERNAME 1
+_ACEOF
+
+
 
 for ac_func in getluid setluid
 do
@@ -6152,11 +6406,9 @@ fi;
 echo "$as_me:$LINENO: checking compiler and flags for sanity" >&5
 echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+        { echo "$as_me:$LINENO: WARNING: cross compiling: not checking compiler sanity" >&5
+echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -6195,7 +6447,6 @@ echo "${ECHO_T}no" >&6
 echo "$as_me: error: *** compiler cannot create working executables, check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -6510,7 +6761,6 @@ done
 
 
 
-
 for ac_header in bstring.h crypt.h dirent.h endian.h features.h \
         floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
         login_cap.h maillock.h ndir.h netdb.h netgroup.h \
@@ -6518,7 +6768,7 @@ for ac_header in bstring.h crypt.h dirent.h endian.h features.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
         strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
         sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
-        sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+        sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
         sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
         time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h
 do
@@ -6641,9 +6891,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -6670,6 +6920,73 @@ fi
 done
 
 
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+
+for ac_header in sys/ptms.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
 # Checks for libraries.
 echo "$as_me:$LINENO: checking for yp_match" >&5
 echo $ECHO_N "checking for yp_match... $ECHO_C" >&6
@@ -7010,79 +7327,6 @@ fi
 fi
 
 
-if test "x$with_tcp_wrappers" != "xno" ; then
-    if test "x$do_sco3_extra_lib_check" = "xyes" ; then
-        echo "$as_me:$LINENO: checking for innetgr in -lrpc" >&5
-echo $ECHO_N "checking for innetgr in -lrpc... $ECHO_C" >&6
-if test "${ac_cv_lib_rpc_innetgr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lrpc -lyp -lrpc $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char innetgr ();
-int
-main ()
-{
-innetgr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -z "$ac_c_werror_flag"
-                         || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_rpc_innetgr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_rpc_innetgr=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_rpc_innetgr" >&5
-echo "${ECHO_T}$ac_cv_lib_rpc_innetgr" >&6
-if test $ac_cv_lib_rpc_innetgr = yes; then
-  LIBS="-lrpc -lyp -lrpc $LIBS"
-fi
-
-    fi
-fi
-
 
 for ac_func in dirname
 do
@@ -7303,9 +7547,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -7593,9 +7837,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -8222,9 +8466,9 @@ echo "$as_me: WARNING: zlib.h: proceeding with the preprocessor's result" >&2;}
 echo "$as_me: WARNING: zlib.h: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -8265,11 +8509,9 @@ fi;
 echo "$as_me:$LINENO: checking for zlib 1.1.4 or greater" >&5
 echo $ECHO_N "checking for zlib 1.1.4 or greater... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+        { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5
+echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -8331,7 +8573,6 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&2;}
 echo "$as_me: WARNING: zlib version may have security problems" >&2;}
           fi
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -8791,9 +9032,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -9303,11 +9544,15 @@ rm -f conftest*
 echo "$as_me:$LINENO: checking whether struct dirent allocates space for d_name" >&5
 echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+
+                { echo "$as_me:$LINENO: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5
+echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;}
+                cat >>confdefs.h <<\_ACEOF
+#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1
+_ACEOF
+
+
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -9348,7 +9593,6 @@ echo "${ECHO_T}no" >&6
 _ACEOF
 
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -9605,6 +9849,574 @@ rm -f conftest.err conftest.$ac_objext \
 
 fi;
 
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+
+# Check whether --with-libedit or --without-libedit was given.
+if test "${with_libedit+set}" = set; then
+  withval="$with_libedit"
+   if test "x$withval" != "xno" ; then
+                echo "$as_me:$LINENO: checking for el_init in -ledit" >&5
+echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6
+if test "${ac_cv_lib_edit_el_init+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ledit -lcurses
+                 $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char el_init ();
+int
+main ()
+{
+el_init ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_edit_el_init=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_edit_el_init=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_edit_el_init" >&5
+echo "${ECHO_T}$ac_cv_lib_edit_el_init" >&6
+if test $ac_cv_lib_edit_el_init = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_LIBEDIT
+_ACEOF
+
+                          LIBEDIT="-ledit -lcurses"
+                          LIBEDIT_MSG="yes"
+
+
+fi
+
+        fi
+
+fi;
+
+AUDIT_MODULE=none
+
+# Check whether --with-audit or --without-audit was given.
+if test "${with_audit+set}" = set; then
+  withval="$with_audit"
+
+          echo "$as_me:$LINENO: checking for supported audit module" >&5
+echo $ECHO_N "checking for supported audit module... $ECHO_C" >&6
+          case "$withval" in
+          bsm)
+                echo "$as_me:$LINENO: result: bsm" >&5
+echo "${ECHO_T}bsm" >&6
+                AUDIT_MODULE=bsm
+
+for ac_header in bsm/audit.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  { { echo "$as_me:$LINENO: error: BSM enabled and bsm/audit.h not found" >&5
+echo "$as_me: error: BSM enabled and bsm/audit.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+done
+
+
+echo "$as_me:$LINENO: checking for getaudit in -lbsm" >&5
+echo $ECHO_N "checking for getaudit in -lbsm... $ECHO_C" >&6
+if test "${ac_cv_lib_bsm_getaudit+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsm  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char getaudit ();
+int
+main ()
+{
+getaudit ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_bsm_getaudit=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_bsm_getaudit=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_bsm_getaudit" >&5
+echo "${ECHO_T}$ac_cv_lib_bsm_getaudit" >&6
+if test $ac_cv_lib_bsm_getaudit = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBBSM 1
+_ACEOF
+
+  LIBS="-lbsm $LIBS"
+
+else
+  { { echo "$as_me:$LINENO: error: BSM enabled and required library not found" >&5
+echo "$as_me: error: BSM enabled and required library not found" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+for ac_func in getaudit
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  { { echo "$as_me:$LINENO: error: BSM enabled and required function not found" >&5
+echo "$as_me: error: BSM enabled and required function not found" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+done
+
+                # These are optional
+
+for ac_func in getaudit_addr
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_BSM_AUDIT
+_ACEOF
+
+                ;;
+          debug)
+                AUDIT_MODULE=debug
+                echo "$as_me:$LINENO: result: debug" >&5
+echo "${ECHO_T}debug" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define SSH_AUDIT_EVENTS
+_ACEOF
+
+                ;;
+          *)
+                { { echo "$as_me:$LINENO: error: Unknown audit module $withval" >&5
+echo "$as_me: error: Unknown audit module $withval" >&2;}
+   { (exit 1); exit 1; }; }
+                ;;
+        esac
+
+fi;
+
+
 
 
 
@@ -9684,9 +10496,9 @@ fi;
 
 for ac_func in \
         arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
-        bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
-        futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
-        getpeereid _getpty getrlimit getttyent glob inet_aton \
+        bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
+        freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
+        getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
         pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
@@ -10760,11 +11572,9 @@ _ACEOF
                 echo "$as_me:$LINENO: checking if setresuid seems to work" >&5
 echo $ECHO_N "checking if setresuid seems to work... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+  { echo "$as_me:$LINENO: WARNING: cross compiling: not checking setresuid" >&5
+echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -10803,7 +11613,6 @@ _ACEOF
 
                  echo "$as_me:$LINENO: result: not implemented" >&5
 echo "${ECHO_T}not implemented" >&6
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -10914,11 +11723,9 @@ _ACEOF
                 echo "$as_me:$LINENO: checking if setresgid seems to work" >&5
 echo $ECHO_N "checking if setresgid seems to work... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+  { echo "$as_me:$LINENO: WARNING: cross compiling: not checking setresuid" >&5
+echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -10957,7 +11764,6 @@ _ACEOF
 
                  echo "$as_me:$LINENO: result: not implemented" >&5
 echo "${ECHO_T}not implemented" >&6
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -11835,11 +12641,9 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
         echo "$as_me:$LINENO: checking whether snprintf correctly terminates long strings" >&5
 echo $ECHO_N "checking whether snprintf correctly terminates long strings... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working snprintf()" >&5
+echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -11881,7 +12685,6 @@ _ACEOF
                         { echo "$as_me:$LINENO: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
 echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -12199,6 +13002,159 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes
 fi
 fi
 
+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+        echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5
+echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6
+        if test "$cross_compiling" = yes; then
+  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+        int err, sock;
+        struct addrinfo *gai_ai, *ai, hints;
+        char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_PASSIVE;
+
+        err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+        if (err != 0) {
+                fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+                exit(1);
+        }
+
+        for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+                if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+                        continue;
+
+                err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+                    sizeof(ntop), strport, sizeof(strport),
+                    NI_NUMERICHOST|NI_NUMERICSERV);
+
+                if (ai->ai_family == AF_INET && err != 0) {
+                        perror("getnameinfo");
+                        exit(2);
+                }
+        }
+        exit(0);
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+                        echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define AIX_GETNAMEINFO_HACK
+_ACEOF
+
+
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+
+                        echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+                        cat >>confdefs.h <<\_ACEOF
+#define BROKEN_GETADDRINFO 1
+_ACEOF
+
+
+
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+        echo "$as_me:$LINENO: checking for conflicting getspnam in shadow.h" >&5
+echo $ECHO_N "checking for conflicting getspnam in shadow.h... $ECHO_C" >&6
+        cat >conftest.$ac_ext <<_ACEOF
+
+#include <shadow.h>
+int main(void) {exit(0);}
+
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+                        echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+                        echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define GETSPNAM_CONFLICTING_DEFS 1
+_ACEOF
+
+
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
 echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5
 echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6
 if test "${ac_cv_func_getpgrp_void+set}" = set; then
@@ -12730,6 +13686,10 @@ if test "${with_ssl_dir+set}" = set; then
   withval="$with_ssl_dir"
 
                 if test "x$withval" != "xno" ; then
+                        case "$withval" in
+                                # Relative paths
+                                ./*|../*)       withval="`pwd`/$withval"
+                        esac
                         if test -d "$withval/lib"; then
                                 if test -n "${need_dash_r}"; then
                                         LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -12883,11 +13843,11 @@ rm -f conftest.err conftest.$ac_objext \
 echo "$as_me:$LINENO: checking OpenSSL header version" >&5
 echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+
+                { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
+echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -12944,7 +13904,6 @@ echo "${ECHO_T}not found" >&6
 echo "$as_me: error: OpenSSL version header not found." >&2;}
    { (exit 1); exit 1; }; }
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -12953,11 +13912,11 @@ fi
 echo "$as_me:$LINENO: checking OpenSSL library version" >&5
 echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+
+                { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
+echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -13015,7 +13974,6 @@ echo "${ECHO_T}not found" >&6
 echo "$as_me: error: OpenSSL library not found." >&2;}
    { (exit 1); exit 1; }; }
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -13024,11 +13982,11 @@ fi
 echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5
 echo $ECHO_N "checking whether OpenSSL's headers match the library... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+
+                { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
+echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -13074,7 +14032,6 @@ Check config.log for details.
 Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;}
    { (exit 1); exit 1; }; }
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -13238,11 +14195,14 @@ fi
 echo "$as_me:$LINENO: checking whether OpenSSL's PRNG is internally seeded" >&5
 echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+
+                { echo "$as_me:$LINENO: WARNING: cross compiling: assuming yes" >&5
+echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+                # This is safe, since all recent OpenSSL versions will
+                # complain at runtime if not seeded correctly.
+                OPENSSL_SEEDS_ITSELF=yes
+
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -13285,7 +14245,6 @@ echo "${ECHO_T}no" >&6
                 # seed itself
                 USE_RAND_HELPER=yes
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -17288,6 +18247,74 @@ _ACEOF
 fi
 
 
+echo "$as_me:$LINENO: checking for in_addr_t" >&5
+echo $ECHO_N "checking for in_addr_t... $ECHO_C" >&6
+if test "${ac_cv_type_in_addr_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+if ((in_addr_t *) 0)
+  return 0;
+if (sizeof (in_addr_t))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_in_addr_t=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_in_addr_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_in_addr_t" >&5
+echo "${ECHO_T}$ac_cv_type_in_addr_t" >&6
+if test $ac_cv_type_in_addr_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IN_ADDR_T 1
+_ACEOF
+
+
+fi
+
+
 echo "$as_me:$LINENO: checking for size_t" >&5
 echo $ECHO_N "checking for size_t... $ECHO_C" >&6
 if test "${ac_cv_have_size_t+set}" = set; then
@@ -18134,11 +19161,9 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \
         exit 1;
 else
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+  { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working snprintf()" >&5
+echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -18193,7 +19218,6 @@ sed 's/^/| /' conftest.$ac_ext >&5
 #define BROKEN_SNPRINTF 1
 _ACEOF
 
-
 fi
 rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
@@ -19391,25 +20415,14 @@ if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-        if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
+        cat >conftest.$ac_ext <<_ACEOF
 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 int main() {
 #ifdef msg_accrights
+#error "msg_accrights is a macro"
 exit(1);
 #endif
 struct msghdr m;
@@ -19418,12 +20431,23 @@ exit(0);
 }
 
 _ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
@@ -19431,16 +20455,13 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
   (exit $ac_status); }; }; then
    ac_cv_have_accrights_in_msghdr="yes"
 else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
+  echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-( exit $ac_status )
  ac_cv_have_accrights_in_msghdr="no"
 
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
 fi
 echo "$as_me:$LINENO: result: $ac_cv_have_accrights_in_msghdr" >&5
@@ -19458,25 +20479,14 @@ if test "${ac_cv_have_control_in_msghdr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-        if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
+        cat >conftest.$ac_ext <<_ACEOF
 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 int main() {
 #ifdef msg_control
+#error "msg_control is a macro"
 exit(1);
 #endif
 struct msghdr m;
@@ -19485,12 +20495,23 @@ exit(0);
 }
 
 _ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  (exit $ac_status); } &&
+         { ac_try='test -z "$ac_c_werror_flag"
+                         || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+         { ac_try='test -s conftest.$ac_objext'
   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
@@ -19498,16 +20519,13 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
   (exit $ac_status); }; }; then
    ac_cv_have_control_in_msghdr="yes"
 else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
+  echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-( exit $ac_status )
  ac_cv_have_control_in_msghdr="no"
 
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
 fi
 echo "$as_me:$LINENO: result: $ac_cv_have_control_in_msghdr" >&5
@@ -20050,9 +21068,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -21576,9 +22594,9 @@ echo "$as_me: WARNING: gssapi.h: proceeding with the preprocessor's result" >&2;
 echo "$as_me: WARNING: gssapi.h: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -21722,9 +22740,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -21880,9 +22898,9 @@ echo "$as_me: WARNING: gssapi_krb5.h: proceeding with the preprocessor's result"
 echo "$as_me: WARNING: gssapi_krb5.h: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -22039,9 +23057,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -22190,9 +23208,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -22341,9 +23359,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
     (
       cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists.  ##
-## ------------------------------------------ ##
+## ---------------------------------- ##
+## Report this to the OpenSSH lists.  ##
+## ---------------------------------- ##
 _ASBOX
     ) |
       sed "s/^/$as_me: WARNING:     /" >&2
@@ -22745,6 +23763,11 @@ _ACEOF
 
 fi
 
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+        { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /dev/ptmx test" >&5
+echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;}
+        disable_ptmx_check=yes
+fi
 if test -z "$no_dev_ptmx" ; then
         if test "x$disable_ptmx_check" != "xyes" ; then
                 echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
@@ -22777,7 +23800,9 @@ fi
 
         fi
 fi
-echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+        echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
 echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
 if test "${ac_cv_file___dev_ptc_+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -22796,15 +23821,19 @@ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
 echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
 if test $ac_cv_file___dev_ptc_ = yes; then
 
-                cat >>confdefs.h <<_ACEOF
+                        cat >>confdefs.h <<_ACEOF
 #define HAVE_DEV_PTS_AND_PTC 1
 _ACEOF
 
-                have_dev_ptc=1
+                        have_dev_ptc=1
 
 
 fi
 
+else
+        { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /dev/ptc test" >&5
+echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;}
+fi
 
 # Options from here on. Some of these are preset by platform above
 
@@ -23020,10 +24049,20 @@ fi
 # Check whether --enable-etc-default-login or --disable-etc-default-login was given.
 if test "${enable_etc_default_login+set}" = set; then
   enableval="$enable_etc_default_login"
-
+   if test "x$enableval" = "xno"; then
+                { echo "$as_me:$LINENO: /etc/default/login handling disabled" >&5
+echo "$as_me: /etc/default/login handling disabled" >&6;}
+                etc_default_login=no
+          else
+                etc_default_login=yes
+          fi
 else
+   etc_default_login=yes
+
+fi;
 
-echo "$as_me:$LINENO: checking for \"/etc/default/login\"" >&5
+if test "x$etc_default_login" != "xno"; then
+        echo "$as_me:$LINENO: checking for \"/etc/default/login\"" >&5
 echo $ECHO_N "checking for \"/etc/default/login\"... $ECHO_C" >&6
 if test "${ac_cv_file___etc_default_login_+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -23044,16 +24083,18 @@ if test $ac_cv_file___etc_default_login_ = yes; then
    external_path_file=/etc/default/login
 fi
 
-
-if test "x$external_path_file" = "x/etc/default/login"; then
-        cat >>confdefs.h <<\_ACEOF
+        if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+        then
+                { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /etc/default/login test" >&5
+echo "$as_me: WARNING: cross compiling: Disabling /etc/default/login test" >&2;}
+        elif test "x$external_path_file" = "x/etc/default/login"; then
+                cat >>confdefs.h <<\_ACEOF
 #define HAVE_ETC_DEFAULT_LOGIN 1
 _ACEOF
 
+        fi
 fi
 
-fi;
-
 if test $ac_cv_func_login_getcapbool = "yes" -a \
         $ac_cv_header_login_cap_h = "yes" ; then
         external_path_file=/etc/login.conf
@@ -23891,7 +24932,7 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
 fi
 
 
-                                                            ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds"
+                                                                      ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds survey.sh"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -24255,7 +25296,7 @@ BOXI_EOF
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by $as_me, which was
+This file was extended by OpenSSH $as_me Portable, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -24315,7 +25356,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-config.status
+OpenSSH config.status Portable
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 
@@ -24424,6 +25465,7 @@ do
   "openbsd-compat/Makefile" ) CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
   "scard/Makefile" ) CONFIG_FILES="$CONFIG_FILES scard/Makefile" ;;
   "ssh_prng_cmds" ) CONFIG_FILES="$CONFIG_FILES ssh_prng_cmds" ;;
+  "survey.sh" ) CONFIG_FILES="$CONFIG_FILES survey.sh" ;;
   "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
   *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
 echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
@@ -24548,6 +25590,7 @@ s,@PATH_PASSWD_PROG@,$PATH_PASSWD_PROG,;t t
 s,@LD@,$LD,;t t
 s,@EGREP@,$EGREP,;t t
 s,@LIBWRAP@,$LIBWRAP,;t t
+s,@LIBEDIT@,$LIBEDIT,;t t
 s,@LIBPAM@,$LIBPAM,;t t
 s,@INSTALL_SSH_RAND_HELPER@,$INSTALL_SSH_RAND_HELPER,;t t
 s,@SSH_PRIVSEP_USER@,$SSH_PRIVSEP_USER,;t t
@@ -25115,6 +26158,7 @@ echo "                 Smartcard support: $SCARD_MSG"
 echo "                     S/KEY support: $SKEY_MSG"
 echo "              TCP Wrappers support: $TCPW_MSG"
 echo "              MD5 password support: $MD5_MSG"
+echo "                   libedit support: $LIBEDIT_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
@@ -25135,7 +26179,8 @@ echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
 echo ""
 
 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
-        echo "SVR4 style packages are supported with \"make package\"\n"
+        echo "SVR4 style packages are supported with \"make package\""
+        echo ""
 fi
 
 if test "x$PAM_MSG" = "xyes" ; then
@@ -25164,3 +26209,7 @@ if test ! -z "$NO_PEERCHECK" ; then
         echo ""
 fi
 
+if test "$AUDIT_MODULE" = "bsm" ; then
+        echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+        echo "See the Solaris section in README.platform for details."
+fi
diff --git a/configure.ac b/configure.ac
index 36c457728..e48028b7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $
+# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -14,7 +14,7 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-AC_INIT
+AC_INIT(OpenSSH, Portable)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -121,8 +121,11 @@ case "$host" in
                                 LIBS="$LIBS -ls"
                         ])
                 ])
+        dnl Check for various auth function declarations in headers.
+        AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
+            passwdexpired], , , [#include <usersec.h>])
         dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
-        AC_CHECK_DECL(loginfailed,
+        AC_CHECK_DECLS(loginfailed,
                  [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
                   AC_TRY_COMPILE(
                         [#include <usersec.h>],
@@ -135,7 +138,7 @@ case "$host" in
                 [#include <usersec.h>]
         )
         AC_CHECK_FUNCS(setauthdb)
-        AC_DEFINE(BROKEN_GETADDRINFO)
+        check_for_aix_broken_getaddrinfo=1
         AC_DEFINE(BROKEN_REALPATH)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
@@ -155,7 +158,6 @@ case "$host" in
         AC_DEFINE(NO_X11_UNIX_SOCKETS)
         AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
         AC_DEFINE(DISABLE_FD_PASSING)
-        AC_DEFINE(SETGROUPS_NOOP)
         ;;
 *-*-dgux*)
         AC_DEFINE(IP_TOS_IS_BROKEN)
@@ -219,7 +221,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(DISABLE_UTMP)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+        AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
         check_for_hpux_broken_getaddrinfo=1
+        check_for_conflicting_getspnam=1
         LIBS="$LIBS -lsec"
         AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
         ;;
@@ -255,6 +259,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
         AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
+        AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+        AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
         inet6_default_4in6=yes
         case `uname -r` in
         1.*|2.0.*)
@@ -335,6 +341,8 @@ mips-sony-bsd|mips-sony-newsos4)
 *-sni-sysv*)
         # /usr/ucblib MUST NOT be searched on ReliantUNIX
         AC_CHECK_LIB(dl, dlsym, ,)
+        # -lresolv needs to be at then end of LIBS or DNS lookups break
+        AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
         IPADDR_IN_DISPLAY=yes
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(IP_TOS_IS_BROKEN)
@@ -347,12 +355,14 @@ mips-sony-bsd|mips-sony-newsos4)
         # Attention: always take care to bind libsocket and libnsl before libc,
         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
         ;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
 *-*-sysv4.2*)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
         ;;
+# UnixWare 7.x, OpenUNIX 8
 *-*-sysv5*)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
@@ -361,25 +371,11 @@ mips-sony-bsd|mips-sony-newsos4)
         ;;
 *-*-sysv*)
         ;;
+# SCO UNIX and OEM versions of SCO UNIX
 *-*-sco3.2v4*)
-        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
-        LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
-        RANLIB=true
-        no_dev_ptmx=1
-        AC_DEFINE(BROKEN_SYS_TERMIO_H)
-        AC_DEFINE(USE_PIPES)
-        AC_DEFINE(HAVE_SECUREWARE)
-        AC_DEFINE(DISABLE_SHADOW)
-        AC_DEFINE(BROKEN_SAVED_UIDS)
-        AC_DEFINE(SETEUID_BREAKS_SETUID)
-        AC_DEFINE(BROKEN_SETREUID)
-        AC_DEFINE(BROKEN_SETREGID)
-        AC_DEFINE(WITH_ABBREV_NO_TTY)
-        AC_CHECK_FUNCS(getluid setluid)
-        MANTYPE=man
-        do_sco3_extra_lib_check=yes
-        TEST_SHELL=ksh
+        AC_MSG_ERROR("This Platform is no longer supported.")
         ;;
+# SCO OpenServer 5.x
 *-*-sco3.2v5*)
         if test -z "$GCC"; then
                 CFLAGS="$CFLAGS -belf"
@@ -395,6 +391,7 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(WITH_ABBREV_NO_TTY)
         AC_DEFINE(BROKEN_UPDWTMPX)
+        AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
         AC_CHECK_FUNCS(getluid setluid)
         MANTYPE=man
         TEST_SHELL=ksh
@@ -506,15 +503,17 @@ AC_ARG_WITH(libs,
 )
 
 AC_MSG_CHECKING(compiler and flags for sanity)
-AC_TRY_RUN([
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([
 #include <stdio.h>
 int main(){exit(0);}
-        ],
+        ])],
         [       AC_MSG_RESULT(yes) ],
         [
                 AC_MSG_RESULT(no)
                 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
-        ]
+        ],
+        [       AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
 )
 
 # Checks for header files.
@@ -525,21 +524,21 @@ AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
         strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
         sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
-        sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+        sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
         sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
         time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
 
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
+
 # Checks for libraries.
 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
 
-dnl SCO OS3 needs this for libwrap
-if test "x$with_tcp_wrappers" != "xno" ; then
-    if test "x$do_sco3_extra_lib_check" = "xyes" ; then
-        AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
-    fi
-fi
-
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
         AC_CHECK_LIB(gen, dirname,[
@@ -640,7 +639,7 @@ AC_ARG_WITH(zlib-version-check,
 )
 
 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
-AC_TRY_RUN([
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
 #include <zlib.h>
 int main()
 {
@@ -652,7 +651,7 @@ int main()
                 exit(0);
         exit(2);
 }
-        ],
+        ]])],
         AC_MSG_RESULT(yes),
         [ AC_MSG_RESULT(no)
           if test -z "$zlib_check_nonfatal" ; then
@@ -665,7 +664,8 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
           else
                 AC_MSG_WARN([zlib version may have security problems])
           fi
-        ]
+        ],
+        [       AC_MSG_WARN([cross compiling: not checking zlib version]) ]
 )
 
 dnl UnixWare 2.x
@@ -719,16 +719,20 @@ AC_EGREP_CPP(FOUNDIT,
 )
 
 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
-AC_TRY_RUN(
-        [
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([[
 #include <sys/types.h>
 #include <dirent.h>
 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
-        ],
+        ]])],
         [AC_MSG_RESULT(yes)],
         [
                 AC_MSG_RESULT(no)
                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+        ],
+        [ 
+                AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+                AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
         ]
 )
 
@@ -743,8 +747,7 @@ fi
 # Check whether user wants S/Key support
 SKEY_MSG="no"
 AC_ARG_WITH(skey,
-        [  --with-skey[[=PATH]]      Enable S/Key support
-                            (optionally in PATH)],
+        [  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
         [
                 if test "x$withval" != "xno" ; then
 
@@ -785,8 +788,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
 # Check whether user wants TCP wrappers support
 TCPW_MSG="no"
 AC_ARG_WITH(tcp-wrappers,
-        [  --with-tcp-wrappers[[=PATH]]      Enable tcpwrappers support
-                            (optionally in PATH)],
+        [  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
         [
                 if test "x$withval" != "xno" ; then
                         saved_LIBS="$LIBS"
@@ -839,12 +841,59 @@ AC_ARG_WITH(tcp-wrappers,
         ]
 )
 
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+AC_ARG_WITH(libedit,
+        [  --with-libedit[[=PATH]]   Enable libedit support for sftp],
+        [ if test "x$withval" != "xno" ; then
+                AC_CHECK_LIB(edit, el_init,
+                        [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
+                          LIBEDIT="-ledit -lcurses"
+                          LIBEDIT_MSG="yes"
+                          AC_SUBST(LIBEDIT)
+                        ],
+                        [], [-lcurses]
+                )
+        fi ]
+)
+
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+        [  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
+        [
+          AC_MSG_CHECKING(for supported audit module)
+          case "$withval" in
+          bsm)
+                AC_MSG_RESULT(bsm)
+                AUDIT_MODULE=bsm
+                dnl    Checks for headers, libs and functions
+                AC_CHECK_HEADERS(bsm/audit.h, [],
+                    [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+                AC_CHECK_LIB(bsm, getaudit, [],
+                    [AC_MSG_ERROR(BSM enabled and required library not found)])
+                AC_CHECK_FUNCS(getaudit, [],
+                    [AC_MSG_ERROR(BSM enabled and required function not found)])
+                # These are optional
+                AC_CHECK_FUNCS(getaudit_addr)
+                AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+                ;;
+          debug)
+                AUDIT_MODULE=debug
+                AC_MSG_RESULT(debug)
+                AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+                ;;
+          *)
+                AC_MSG_ERROR([Unknown audit module $withval])
+                ;;
+        esac ]
+)
+
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
         arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
-        bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
-        futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
-        getpeereid _getpty getrlimit getttyent glob inet_aton \
+        bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
+        freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
+        getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
         pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
@@ -888,28 +937,32 @@ AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
 AC_CHECK_FUNCS(setresuid, [
         dnl Some platorms have setresuid that isn't implemented, test for this
         AC_MSG_CHECKING(if setresuid seems to work)
-        AC_TRY_RUN([
+        AC_RUN_IFELSE(
+                [AC_LANG_SOURCE([[
 #include <stdlib.h>
 #include <errno.h>
 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-                ],
+                ]])],
                 [AC_MSG_RESULT(yes)],
                 [AC_DEFINE(BROKEN_SETRESUID)
-                 AC_MSG_RESULT(not implemented)]
+                 AC_MSG_RESULT(not implemented)],
+                [AC_MSG_WARN([cross compiling: not checking setresuid])]
         )
 ])
 
 AC_CHECK_FUNCS(setresgid, [
         dnl Some platorms have setresgid that isn't implemented, test for this
         AC_MSG_CHECKING(if setresgid seems to work)
-        AC_TRY_RUN([
+        AC_RUN_IFELSE(
+                [AC_LANG_SOURCE([[
 #include <stdlib.h>
 #include <errno.h>
 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-                ],
+                ]])],
                 [AC_MSG_RESULT(yes)],
                 [AC_DEFINE(BROKEN_SETRESGID)
-                 AC_MSG_RESULT(not implemented)]
+                 AC_MSG_RESULT(not implemented)],
+                [AC_MSG_WARN([cross compiling: not checking setresuid])]
         )
 ])
 
@@ -935,17 +988,18 @@ AC_CHECK_FUNC(getpagesize,
 # Check for broken snprintf
 if test "x$ac_cv_func_snprintf" = "xyes" ; then
         AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
-        AC_TRY_RUN(
-                [
+        AC_RUN_IFELSE(
+                [AC_LANG_SOURCE([[
 #include <stdio.h>
 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
-                ],
+                ]])],
                 [AC_MSG_RESULT(yes)],
                 [
                         AC_MSG_RESULT(no)
                         AC_DEFINE(BROKEN_SNPRINTF)
                         AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
-                ]
+                ],
+                [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
         )
 fi
 
@@ -1104,6 +1158,82 @@ main(void)
         )
 fi
 
+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+        AC_MSG_CHECKING(if getaddrinfo seems to work)
+        AC_TRY_RUN(
+                [
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+        int err, sock;
+        struct addrinfo *gai_ai, *ai, hints;
+        char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = PF_UNSPEC;
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_PASSIVE;
+
+        err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+        if (err != 0) {
+                fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+                exit(1);
+        }
+
+        for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+                if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+                        continue;
+
+                err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+                    sizeof(ntop), strport, sizeof(strport),
+                    NI_NUMERICHOST|NI_NUMERICSERV);
+
+                if (ai->ai_family == AF_INET && err != 0) {
+                        perror("getnameinfo");
+                        exit(2);
+                }
+        }
+        exit(0);
+}
+                ],
+                [
+                        AC_MSG_RESULT(yes)
+                        AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
+[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
+                ],
+                [
+                        AC_MSG_RESULT(no)
+                        AC_DEFINE(BROKEN_GETADDRINFO)
+                ]
+        )
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+        AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
+        AC_COMPILE_IFELSE(
+                [
+#include <shadow.h>
+int main(void) {exit(0);}
+                ],
+                [
+                        AC_MSG_RESULT(no)
+                ],
+                [
+                        AC_MSG_RESULT(yes)
+                        AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+                            [Conflicting defs for getspnam])
+                ]
+        )
+fi
+
 AC_FUNC_GETPGRP
 
 # Check for PAM libs
@@ -1165,6 +1295,10 @@ AC_ARG_WITH(ssl-dir,
         [  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
         [
                 if test "x$withval" != "xno" ; then
+                        case "$withval" in
+                                # Relative paths
+                                ./*|../*)       withval="`pwd`/$withval"
+                        esac
                         if test -d "$withval/lib"; then
                                 if test -n "${need_dash_r}"; then
                                         LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -1206,8 +1340,8 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
 
 # Determine OpenSSL header version
 AC_MSG_CHECKING([OpenSSL header version])
-AC_TRY_RUN(
-        [
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([[
 #include <stdio.h>
 #include <string.h>
 #include <openssl/opensslv.h>
@@ -1225,7 +1359,7 @@ int main(void) {
 
         exit(0);
 }
-        ],
+        ]])],
         [
                 ssl_header_ver=`cat conftest.sslincver`
                 AC_MSG_RESULT($ssl_header_ver)
@@ -1233,13 +1367,16 @@ int main(void) {
         [
                 AC_MSG_RESULT(not found)
                 AC_MSG_ERROR(OpenSSL version header not found.)
+        ],
+        [
+                AC_MSG_WARN([cross compiling: not checking])
         ]
 )
 
 # Determine OpenSSL library version
 AC_MSG_CHECKING([OpenSSL library version])
-AC_TRY_RUN(
-        [
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([[
 #include <stdio.h>
 #include <string.h>
 #include <openssl/opensslv.h>
@@ -1258,7 +1395,7 @@ int main(void) {
 
         exit(0);
 }
-        ],
+        ]])],
         [
                 ssl_library_ver=`cat conftest.ssllibver`
                 AC_MSG_RESULT($ssl_library_ver)
@@ -1266,17 +1403,20 @@ int main(void) {
         [
                 AC_MSG_RESULT(not found)
                 AC_MSG_ERROR(OpenSSL library not found.)
+        ],
+        [
+                AC_MSG_WARN([cross compiling: not checking])
         ]
 )
 
 # Sanity check OpenSSL headers
 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
-AC_TRY_RUN(
-        [
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([[
 #include <string.h>
 #include <openssl/opensslv.h>
 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
-        ],
+        ]])],
         [
                 AC_MSG_RESULT(yes)
         ],
@@ -1285,6 +1425,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
                 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
 Check config.log for details.
 Also see contrib/findssl.sh for help identifying header/library mismatches.])
+        ],
+        [
+                AC_MSG_WARN([cross compiling: not checking])
         ]
 )
 
@@ -1305,12 +1448,12 @@ fi
 
 # Check wheter OpenSSL seeds itself
 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
-AC_TRY_RUN(
-        [
+AC_RUN_IFELSE(
+        [AC_LANG_SOURCE([[
 #include <string.h>
 #include <openssl/rand.h>
 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
-        ],
+        ]])],
         [
                 OPENSSL_SEEDS_ITSELF=yes
                 AC_MSG_RESULT(yes)
@@ -1320,6 +1463,12 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
                 # Default to use of the rand helper if OpenSSL doesn't
                 # seed itself
                 USE_RAND_HELPER=yes
+        ],
+        [
+                AC_MSG_WARN([cross compiling: assuming yes])
+                # This is safe, since all recent OpenSSL versions will
+                # complain at runtime if not seeded correctly. 
+                OPENSSL_SEEDS_ITSELF=yes
         ]
 )
 
@@ -1704,6 +1853,10 @@ TYPE_SOCKLEN_T
 
 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
 
+AC_CHECK_TYPES(in_addr_t,,,
+[#include <sys/types.h>
+#include <netinet/in.h>])
+
 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
         AC_TRY_COMPILE(
                 [
@@ -1886,8 +2039,8 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \
         exit 1;
 else
 dnl test snprintf (broken on SCO w/gcc)
-        AC_TRY_RUN(
-                [
+        AC_RUN_IFELSE(
+                [AC_LANG_SOURCE([[
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_SNPRINTF
@@ -1910,7 +2063,8 @@ main()
 #else
 main() { exit(0); }
 #endif
-                ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
+                ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+                AC_MSG_WARN([cross compiling: Assuming working snprintf()])
         )
 fi
 
@@ -2015,13 +2169,14 @@ fi
 dnl make sure we're using the real structure members and not defines
 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
                 ac_cv_have_accrights_in_msghdr, [
-        AC_TRY_RUN(
+        AC_COMPILE_IFELSE(
                 [
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 int main() {
 #ifdef msg_accrights
+#error "msg_accrights is a macro"
 exit(1);
 #endif
 struct msghdr m;
@@ -2039,13 +2194,14 @@ fi
 
 AC_CACHE_CHECK([for msg_control field in struct msghdr],
                 ac_cv_have_control_in_msghdr, [
-        AC_TRY_RUN(
+        AC_COMPILE_IFELSE(
                 [
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 int main() {
 #ifdef msg_control
+#error "msg_control is a macro"
 exit(1);
 #endif
 struct msghdr m;
@@ -2379,6 +2535,10 @@ if test ! -z "$MAIL" ; then
         AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
 fi
 
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+        AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+        disable_ptmx_check=yes
+fi
 if test -z "$no_dev_ptmx" ; then
         if test "x$disable_ptmx_check" != "xyes" ; then
                 AC_CHECK_FILE("/dev/ptmx",
@@ -2389,12 +2549,17 @@ if test -z "$no_dev_ptmx" ; then
                 )
         fi
 fi
-AC_CHECK_FILE("/dev/ptc",
-        [
-                AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
-                have_dev_ptc=1
-        ]
-)
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+        AC_CHECK_FILE("/dev/ptc",
+                [
+                        AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
+                        have_dev_ptc=1
+                ]
+        )
+else
+        AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
+fi
 
 # Options from here on. Some of these are preset by platform above
 AC_ARG_WITH(mantype,
@@ -2490,14 +2655,26 @@ fi
 
 # check for /etc/default/login and use it if present.
 AC_ARG_ENABLE(etc-default-login,
-        [  --disable-etc-default-login       Disable using PATH from /etc/default/login [no]],,
-[
-AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
+        [  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
+        [ if test "x$enableval" = "xno"; then
+                AC_MSG_NOTICE([/etc/default/login handling disabled])
+                etc_default_login=no
+          else
+                etc_default_login=yes
+          fi ],
+        [ etc_default_login=yes ]
+)
 
-if test "x$external_path_file" = "x/etc/default/login"; then
-        AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+if test "x$etc_default_login" != "xno"; then
+        AC_CHECK_FILE("/etc/default/login",
+            [ external_path_file=/etc/default/login ])
+        if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+        then
+                AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
+        elif test "x$external_path_file" = "x/etc/default/login"; then
+                AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+        fi
 fi
-])
 
 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
 if test $ac_cv_func_login_getcapbool = "yes" -a \
@@ -2931,7 +3108,8 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
 fi
 
 AC_EXEEXT
-AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
+        scard/Makefile ssh_prng_cmds survey.sh])
 AC_OUTPUT
 
 # Print summary of options
@@ -2977,6 +3155,7 @@ echo "                 Smartcard support: $SCARD_MSG"
 echo "                     S/KEY support: $SKEY_MSG"
 echo "              TCP Wrappers support: $TCPW_MSG"
 echo "              MD5 password support: $MD5_MSG"
+echo "                   libedit support: $LIBEDIT_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
@@ -2997,7 +3176,8 @@ echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
 echo ""
 
 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
-        echo "SVR4 style packages are supported with \"make package\"\n"
+        echo "SVR4 style packages are supported with \"make package\""
+        echo ""
 fi
 
 if test "x$PAM_MSG" = "xyes" ; then
@@ -3026,3 +3206,7 @@ if test ! -z "$NO_PEERCHECK" ; then
         echo ""
 fi
 
+if test "$AUDIT_MODULE" = "bsm" ; then
+        echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+        echo "See the Solaris section in README.platform for details."
+fi
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 53b16455e..67d8e6ff4 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       3.9p1
+  %define version       4.0p1
   %define cvs           %{nil}
   %define release       1
 %else
@@ -363,4 +363,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
 
-$Id: openssh.spec,v 1.51 2004/08/17 12:49:12 djm Exp $
+$Id: openssh.spec,v 1.52 2005/03/09 00:02:42 djm Exp $
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index 5a9b1ce0c..3dd45014a 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -195,28 +195,37 @@ configure are used for the Cygwin binary distribution:
 
         --prefix=/usr \
         --sysconfdir=/etc \
-        --libexecdir='$(sbindir)' \
+        --libexecdir='${sbindir}' \
         --localstatedir=/var \
-        --datadir='$(prefix)/share' \
-        --mandir='$(datadir)/man' \
+        --datadir='${prefix}/share' \
+        --mandir='${datadir}/man' \
+        --infodir='${datadir}/info'
         --with-tcp-wrappers
 
 If you want to create a Cygwin package, equivalent to the one
 in the Cygwin binary distribution, install like this:
 
         mkdir /tmp/cygwin-ssh
-        cd $(builddir)
+        cd ${builddir}
         make install DESTDIR=/tmp/cygwin-ssh
-        cd $(srcdir)/contrib/cygwin
+        cd ${srcdir}/contrib/cygwin
         make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
         cd /tmp/cygwin-ssh
         find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
-        
-You must have installed the zlib, the openssl-devel and the minires-devel
-packages to be able to build OpenSSH!
+
+You must have installed the following packages to be able to build OpenSSH:
+
+- zlib
+- openssl-devel
+- minires-devel
+
+If you want to build with --with-tcp-wrappers, you also need the package
+
+- tcp_wrappers
 
 Please send requests, error reports etc. to cygwin@cygwin.com.
 
+
 Have fun,
 
 Corinna Vinschen
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 9c0dabf41..c7164f610 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -449,7 +449,7 @@ then
           echo "Should this script create a new local account 'sshd_server' which has"
           if request "the required privileges?"
           then
-            _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
+            _admingroup=`awk -F: '{if ( $1 != "root" && $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
             if [ -z "${_admingroup}" ]
             then
               echo "There's no group with SID S-1-5-32-544 (Local administrators group) in"
diff --git a/contrib/findssl.sh b/contrib/findssl.sh
index 0c08d4a18..716abced5 100644
--- a/contrib/findssl.sh
+++ b/contrib/findssl.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 #
+# $Id: findssl.sh,v 1.3 2004/12/13 07:08:33 dtucker Exp $
+#
 # findssl.sh
 #       Search for all instances of OpenSSL headers and libraries
 #       and print their versions.
@@ -9,10 +11,11 @@
 #       Written by Darren Tucker (dtucker at zip dot com dot au)
 #       This file is placed in the public domain.
 #
-# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $
+#       Release history:
 #       2002-07-27: Initial release.
 #       2002-08-04: Added public domain notice.
 #       2003-06-24: Incorporated readme, set library paths. First cvs version.
+#       2004-12-13: Add traps to cleanup temp files, from Amarendra Godbole.
 #
 # "OpenSSL headers do not match your library" are usually caused by
 # OpenSSH's configure picking up an older version of OpenSSL headers
@@ -64,6 +67,11 @@ CC=gcc
 STATIC=-static
 
 #
+# Cleanup on interrupt
+#
+trap 'rm -f conftest.c' INT HUP TERM
+
+#
 # Set up conftest C source
 #
 rm -f findssl.log
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index f8a91f2c2..8fbc4c02a 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.9p1
+%define ver 4.0p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 3f4a0189b..449613db6 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.9p1
+Version: 4.0p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 754a70287..ecef13b50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-openssh (1:3.9p1-4) UNRELEASED; urgency=low
+openssh (1:4.0p1-1) UNRELEASED; urgency=low
 
+  * New upstream release.
   * Make gnome-ssh-askpass stay above other windows (thanks, Liyang HU;
     closes: #296487).
   * Remove obsolete and unnecessary ssh/forward_warning debconf note.
diff --git a/debian/rules b/debian/rules
index bcb28f87f..6a3f31420 100755
--- a/debian/rules
+++ b/debian/rules
@@ -50,7 +50,7 @@ FORCE_LIBS = LIBS=-lresolv
 endif
 
 # Change the version string to include the Debian version
-SSH_VERSION := $(shell sed -e '/define/!d; s/.*\"\(.*\)\".*/\1/; q' <version.h) Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
+SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//')
 
 build: build-deb build-udeb
 
@@ -65,7 +65,7 @@ build-deb-stamp:
         # Supply pthread linkage for just those binaries linked to PAM.
         perl -pi -e 's/^(LIBPAM=.*)/$$1 -pthread/' build-deb/Makefile
 
-        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='$(OPTFLAGS) -g -Wall -DUSE_POSIX_THREADS -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign'
+        $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='$(OPTFLAGS) -g -Wall -DUSE_POSIX_THREADS -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign'
         # Support building on Debian 3.0 (with GNOME 1.4) and later.
         if [ -f /usr/include/libgnomeui-2.0/gnome.h ]; then \
                 $(MAKE) -C contrib gnome-ssh-askpass2 CC='gcc $(OPTFLAGS) -g -Wall'; \
@@ -83,7 +83,7 @@ build-udeb-stamp:
         # Avoid libnsl linkage. Ugh.
         perl -pi -e 's/ +-lnsl//' build-udeb/config.status
         cd build-udeb && ./config.status
-        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_VERSION="\"$(SSH_VERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh scp sftp sshd ssh-keygen
+        $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""' SSH_KEYSIGN='/usr/lib/ssh-keysign' ssh scp sftp sshd ssh-keygen
         touch build-udeb-stamp
 
 clean:
diff --git a/defines.h b/defines.h
index 8c1d9c409..7758bc37a 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */
+/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
 
 
 /* Constants */
@@ -288,6 +288,10 @@ struct	sockaddr_un {
 };
 #endif /* HAVE_SYS_UN_H */
 
+#ifndef HAVE_IN_ADDR_T
+typedef u_int32_t       in_addr_t;
+#endif
+
 #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
 #define _STRUCT_WINSIZE
 struct winsize {
@@ -530,6 +534,11 @@ struct winsize {
 # define getpgrp() getpgrp(0)
 #endif
 
+#ifdef USE_BSM_AUDIT
+# define SSH_AUDIT_EVENTS
+# define CUSTOM_SSH_AUDIT_EVENTS
+#endif
+
 /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
 # define OPENSSL_free(x) Free(x)
@@ -644,6 +653,15 @@ struct winsize {
 # define CUSTOM_SYS_AUTH_PASSWD 1
 #endif
 
+/* HP-UX 11.11 */
+#ifdef BTMP_FILE
+# define _PATH_BTMP BTMP_FILE
+#endif
+
+#if defined(USE_BTMP) && defined(_PATH_BTMP)
+# define CUSTOM_FAILED_LOGIN
+#endif
+
 /** end of login recorder definitions */
 
 #endif /* _DEFINES_H */
diff --git a/hostfile.c b/hostfile.c
index 88c054912..2e1c8bcd0 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,13 +36,102 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $");
+
+#include <resolv.h>
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
 
 #include "packet.h"
 #include "match.h"
 #include "key.h"
 #include "hostfile.h"
 #include "log.h"
+#include "xmalloc.h"
+
+static int
+extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
+{
+        char *p, *b64salt;
+        u_int b64len;
+        int ret;
+
+        if (l < sizeof(HASH_MAGIC) - 1) {
+                debug2("extract_salt: string too short");
+                return (-1);
+        }
+        if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) {
+                debug2("extract_salt: invalid magic identifier");
+                return (-1);
+        }
+        s += sizeof(HASH_MAGIC) - 1;
+        l -= sizeof(HASH_MAGIC) - 1;
+        if ((p = memchr(s, HASH_DELIM, l)) == NULL) {
+                debug2("extract_salt: missing salt termination character");
+                return (-1);
+        }
+
+        b64len = p - s;
+        /* Sanity check */
+        if (b64len == 0 || b64len > 1024) {
+                debug2("extract_salt: bad encoded salt length %u", b64len);
+                return (-1);
+        }
+        b64salt = xmalloc(1 + b64len);
+        memcpy(b64salt, s, b64len);
+        b64salt[b64len] = '\0';
+
+        ret = __b64_pton(b64salt, salt, salt_len);
+        xfree(b64salt);
+        if (ret == -1) {
+                debug2("extract_salt: salt decode error");
+                return (-1);
+        }
+        if (ret != SHA_DIGEST_LENGTH) {
+                debug2("extract_salt: expected salt len %u, got %u",
+                    salt_len, ret);
+                return (-1);
+        }
+        
+        return (0);
+}
+
+char *
+host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
+{
+        const EVP_MD *md = EVP_sha1();
+        HMAC_CTX mac_ctx;
+        char salt[256], result[256], uu_salt[512], uu_result[512];
+        static char encoded[1024];
+        u_int i, len;
+
+        len = EVP_MD_size(md);
+
+        if (name_from_hostfile == NULL) {
+                /* Create new salt */
+                for (i = 0; i < len; i++)
+                        salt[i] = arc4random();
+        } else {
+                /* Extract salt from known host entry */
+                if (extract_salt(name_from_hostfile, src_len, salt,
+                    sizeof(salt)) == -1)
+                        return (NULL);
+        }
+
+        HMAC_Init(&mac_ctx, salt, len, md);
+        HMAC_Update(&mac_ctx, host, strlen(host));
+        HMAC_Final(&mac_ctx, result, NULL);
+        HMAC_cleanup(&mac_ctx);
+
+        if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || 
+            __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
+                fatal("host_hash: __b64_ntop failed");
+
+        snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
+            HASH_DELIM, uu_result);
+
+        return (encoded);
+}
 
 /*
  * Parses an RSA (number of bits, e, n) or DSA key from a string.  Moves the
@@ -104,7 +193,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
         char line[8192];
         int linenum = 0;
         u_int kbits;
-        char *cp, *cp2;
+        char *cp, *cp2, *hashed_host;
         HostStatus end_return;
 
         debug3("check_host_in_hostfile: filename %s", filename);
@@ -137,8 +226,18 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
                         ;
 
                 /* Check if the host name matches. */
-                if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1)
-                        continue;
+                if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) {
+                        if (*cp != HASH_DELIM)
+                                continue;
+                        hashed_host = host_hash(host, cp, (u_int) (cp2 - cp));
+                        if (hashed_host == NULL) {
+                                debug("Invalid hashed host line %d of %s",
+                                    linenum, filename);
+                                continue;
+                        }
+                        if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0)
+                                continue;
+                }
 
                 /* Got a match.  Skip host name. */
                 cp = cp2;
@@ -211,16 +310,28 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
  */
 
 int
-add_host_to_hostfile(const char *filename, const char *host, const Key *key)
+add_host_to_hostfile(const char *filename, const char *host, const Key *key, 
+    int store_hash)
 {
         FILE *f;
         int success = 0;
+        char *hashed_host;
+
         if (key == NULL)
                 return 1;       /* XXX ? */
         f = fopen(filename, "a");
         if (!f)
                 return 0;
-        fprintf(f, "%s ", host);
+
+        if (store_hash) {
+                if ((hashed_host = host_hash(host, NULL, 0)) == NULL) {
+                        error("add_host_to_hostfile: host_hash failed");
+                        fclose(f);
+                        return 0;
+                }
+        }
+        fprintf(f, "%s ", store_hash ? hashed_host : host);
+
         if (key_write(key, f)) {
                 success = 1;
         } else {
diff --git a/hostfile.h b/hostfile.h
index efcddc9f9..d6330752e 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $     */
+/*      $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,8 +21,13 @@ typedef enum {
 int      hostfile_read_key(char **, u_int *, Key *);
 HostStatus check_host_in_hostfile(const char *, const char *,
             const Key *, Key *, int *);
-int     add_host_to_hostfile(const char *, const char *, const Key *);
+int     add_host_to_hostfile(const char *, const char *, const Key *, int);
 int     lookup_key_in_hostfile_by_type(const char *, const char *,
             int, Key *, int *);
 
+#define HASH_MAGIC      "|1|"
+#define HASH_DELIM      '|'
+
+char    *host_hash(const char *, const char *, u_int);
+
 #endif
diff --git a/includes.h b/includes.h
index 3a6b4c32b..3d3aa3b21 100644
--- a/includes.h
+++ b/includes.h
@@ -185,7 +185,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
  * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
  * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
  */
-#ifdef __hpux
+#ifdef GETSPNAM_CONFLICTING_DEFS
 # ifdef _INCLUDE__STDC__
 #  undef _INCLUDE__STDC__
 # endif
diff --git a/key.c b/key.c
index 21b0869df..e41930464 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -681,8 +681,8 @@ Key *
 key_from_blob(const u_char *blob, u_int blen)
 {
         Buffer b;
-        char *ktype;
         int rlen, type;
+        char *ktype = NULL;
         Key *key = NULL;
 
 #ifdef DEBUG_PK
@@ -690,24 +690,38 @@ key_from_blob(const u_char *blob, u_int blen)
 #endif
         buffer_init(&b);
         buffer_append(&b, blob, blen);
-        ktype = buffer_get_string(&b, NULL);
+        if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) {
+                error("key_from_blob: can't read key type");
+                goto out;
+        }
+
         type = key_type_from_name(ktype);
 
         switch (type) {
         case KEY_RSA:
                 key = key_new(type);
-                buffer_get_bignum2(&b, key->rsa->e);
-                buffer_get_bignum2(&b, key->rsa->n);
+                if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
+                    buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
+                        error("key_from_blob: can't read rsa key");
+                        key_free(key);
+                        key = NULL;
+                        goto out;
+                }
 #ifdef DEBUG_PK
                 RSA_print_fp(stderr, key->rsa, 8);
 #endif
                 break;
         case KEY_DSA:
                 key = key_new(type);
-                buffer_get_bignum2(&b, key->dsa->p);
-                buffer_get_bignum2(&b, key->dsa->q);
-                buffer_get_bignum2(&b, key->dsa->g);
-                buffer_get_bignum2(&b, key->dsa->pub_key);
+                if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
+                    buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
+                    buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
+                    buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
+                        error("key_from_blob: can't read dsa key");
+                        key_free(key);
+                        key = NULL;
+                        goto out;
+                }
 #ifdef DEBUG_PK
                 DSA_print_fp(stderr, key->dsa, 8);
 #endif
@@ -717,12 +731,14 @@ key_from_blob(const u_char *blob, u_int blen)
                 break;
         default:
                 error("key_from_blob: cannot handle type %s", ktype);
-                break;
+                goto out;
         }
         rlen = buffer_len(&b);
         if (key != NULL && rlen != 0)
                 error("key_from_blob: remaining bytes in key blob %d", rlen);
-        xfree(ktype);
+ out:
+        if (ktype != NULL)
+                xfree(ktype);
         buffer_free(&b);
         return key;
 }
diff --git a/log.c b/log.c
index 3f87a63ee..bab88feea 100644
--- a/log.c
+++ b/log.c
@@ -194,6 +194,9 @@ debug3(const char *fmt,...)
 void
 log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 {
+#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
+        struct syslog_data sdata = SYSLOG_DATA_INIT;
+#endif
         argv0 = av0;
 
         switch (level) {
@@ -263,6 +266,19 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
                     (int) facility);
                 exit(1);
         }
+
+        /*
+         * If an external library (eg libwrap) attempts to use syslog
+         * immediately after reexec, syslog may be pointing to the wrong
+         * facility, so we force an open/close of syslog here.
+         */
+#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
+        openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
+        closelog_r(&sdata);
+#else
+        openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
+        closelog();
+#endif
 }
 
 #define MSGBUFSIZ 1024
diff --git a/loginrec.c b/loginrec.c
index f07f65fce..361ac4cb7 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -25,130 +25,125 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * The btmp logging code is derived from login.c from util-linux and is under
+ * the the following license:
+ *
+ * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+
 /**
  ** loginrec.c:  platform-independent login recording and lastlog retrieval
  **/
 
 /*
-  The new login code explained
-  ============================
-
-  This code attempts to provide a common interface to login recording
-  (utmp and friends) and last login time retrieval.
-
-  Its primary means of achieving this is to use 'struct logininfo', a
-  union of all the useful fields in the various different types of
-  system login record structures one finds on UNIX variants.
-
-  We depend on autoconf to define which recording methods are to be
-  used, and which fields are contained in the relevant data structures
-  on the local system. Many C preprocessor symbols affect which code
-  gets compiled here.
-
-  The code is designed to make it easy to modify a particular
-  recording method, without affecting other methods nor requiring so
-  many nested conditional compilation blocks as were commonplace in
-  the old code.
-
-  For login recording, we try to use the local system's libraries as
-  these are clearly most likely to work correctly. For utmp systems
-  this usually means login() and logout() or setutent() etc., probably
-  in libutil, along with logwtmp() etc. On these systems, we fall back
-  to writing the files directly if we have to, though this method
-  requires very thorough testing so we do not corrupt local auditing
-  information. These files and their access methods are very system
-  specific indeed.
-
-  For utmpx systems, the corresponding library functions are
-  setutxent() etc. To the author's knowledge, all utmpx systems have
-  these library functions and so no direct write is attempted. If such
-  a system exists and needs support, direct analogues of the [uw]tmp
-  code should suffice.
-
-  Retrieving the time of last login ('lastlog') is in some ways even
-  more problemmatic than login recording. Some systems provide a
-  simple table of all users which we seek based on uid and retrieve a
-  relatively standard structure. Others record the same information in
-  a directory with a separate file, and others don't record the
-  information separately at all. For systems in the latter category,
-  we look backwards in the wtmp or wtmpx file for the last login entry
-  for our user. Naturally this is slower and on busy systems could
-  incur a significant performance penalty.
-
-  Calling the new code
-  --------------------
-
-  In OpenSSH all login recording and retrieval is performed in
-  login.c. Here you'll find working examples. Also, in the logintest.c
-  program there are more examples.
-
-  Internal handler calling method
-  -------------------------------
-
-  When a call is made to login_login() or login_logout(), both
-  routines set a struct logininfo flag defining which action (log in,
-  or log out) is to be taken. They both then call login_write(), which
-  calls whichever of the many structure-specific handlers autoconf
-  selects for the local system.
-
-  The handlers themselves handle system data structure specifics. Both
-  struct utmp and struct utmpx have utility functions (see
-  construct_utmp*()) to try to make it simpler to add extra systems
-  that introduce new features to either structure.
-
-  While it may seem terribly wasteful to replicate so much similar
-  code for each method, experience has shown that maintaining code to
-  write both struct utmp and utmpx in one function, whilst maintaining
-  support for all systems whether they have library support or not, is
-  a difficult and time-consuming task.
-
-  Lastlog support proceeds similarly. Functions login_get_lastlog()
-  (and its OpenSSH-tuned friend login_get_lastlog_time()) call
-  getlast_entry(), which tries one of three methods to find the last
-  login time. It uses local system lastlog support if it can,
-  otherwise it tries wtmp or wtmpx before giving up and returning 0,
-  meaning "tilt".
-
-  Maintenance
-  -----------
-
-  In many cases it's possible to tweak autoconf to select the correct
-  methods for a particular platform, either by improving the detection
-  code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
-  symbols for the platform.
-
-  Use logintest to check which symbols are defined before modifying
-  configure.ac and loginrec.c. (You have to build logintest yourself
-  with 'make logintest' as it's not built by default.)
-
-  Otherwise, patches to the specific method(s) are very helpful!
-
-*/
-
-/**
- ** TODO:
- **   homegrown ttyslot()
- **   test, test, test
- **
- ** Platform status:
- ** ----------------
- **
- ** Known good:
- **   Linux (Redhat 6.2, Debian)
- **   Solaris
- **   HP-UX 10.20 (gcc only)
- **   IRIX
- **   NeXT - M68k/HPPA/Sparc (4.2/3.3)
- **
- ** Testing required: Please send reports!
- **   NetBSD
- **   HP-UX 11
- **   AIX
- **
- ** Platforms with known problems:
- **   Some variants of Slackware Linux
- **
- **/
+ *  The new login code explained
+ *  ============================
+ *
+ *  This code attempts to provide a common interface to login recording
+ *  (utmp and friends) and last login time retrieval.
+ *
+ *  Its primary means of achieving this is to use 'struct logininfo', a
+ *  union of all the useful fields in the various different types of
+ *  system login record structures one finds on UNIX variants.
+ *
+ *  We depend on autoconf to define which recording methods are to be
+ *  used, and which fields are contained in the relevant data structures
+ *  on the local system. Many C preprocessor symbols affect which code
+ *  gets compiled here.
+ *
+ *  The code is designed to make it easy to modify a particular
+ *  recording method, without affecting other methods nor requiring so
+ *  many nested conditional compilation blocks as were commonplace in
+ *  the old code.
+ *
+ *  For login recording, we try to use the local system's libraries as
+ *  these are clearly most likely to work correctly. For utmp systems
+ *  this usually means login() and logout() or setutent() etc., probably
+ *  in libutil, along with logwtmp() etc. On these systems, we fall back
+ *  to writing the files directly if we have to, though this method
+ *  requires very thorough testing so we do not corrupt local auditing
+ *  information. These files and their access methods are very system
+ *  specific indeed.
+ *
+ *  For utmpx systems, the corresponding library functions are
+ *  setutxent() etc. To the author's knowledge, all utmpx systems have
+ *  these library functions and so no direct write is attempted. If such
+ *  a system exists and needs support, direct analogues of the [uw]tmp
+ *  code should suffice.
+ *
+ *  Retrieving the time of last login ('lastlog') is in some ways even
+ *  more problemmatic than login recording. Some systems provide a
+ *  simple table of all users which we seek based on uid and retrieve a
+ *  relatively standard structure. Others record the same information in
+ *  a directory with a separate file, and others don't record the
+ *  information separately at all. For systems in the latter category,
+ *  we look backwards in the wtmp or wtmpx file for the last login entry
+ *  for our user. Naturally this is slower and on busy systems could
+ *  incur a significant performance penalty.
+ *
+ *  Calling the new code
+ *  --------------------
+ *
+ *  In OpenSSH all login recording and retrieval is performed in
+ *  login.c. Here you'll find working examples. Also, in the logintest.c
+ *  program there are more examples.
+ *
+ *  Internal handler calling method
+ *  -------------------------------
+ *
+ *  When a call is made to login_login() or login_logout(), both
+ *  routines set a struct logininfo flag defining which action (log in,
+ *  or log out) is to be taken. They both then call login_write(), which
+ *  calls whichever of the many structure-specific handlers autoconf
+ *  selects for the local system.
+ *
+ *  The handlers themselves handle system data structure specifics. Both
+ *  struct utmp and struct utmpx have utility functions (see
+ *  construct_utmp*()) to try to make it simpler to add extra systems
+ *  that introduce new features to either structure.
+ *
+ *  While it may seem terribly wasteful to replicate so much similar
+ *  code for each method, experience has shown that maintaining code to
+ *  write both struct utmp and utmpx in one function, whilst maintaining
+ *  support for all systems whether they have library support or not, is
+ *  a difficult and time-consuming task.
+ *
+ *  Lastlog support proceeds similarly. Functions login_get_lastlog()
+ *  (and its OpenSSH-tuned friend login_get_lastlog_time()) call
+ *  getlast_entry(), which tries one of three methods to find the last
+ *  login time. It uses local system lastlog support if it can,
+ *  otherwise it tries wtmp or wtmpx before giving up and returning 0,
+ *  meaning "tilt".
+ *
+ *  Maintenance
+ *  -----------
+ *
+ *  In many cases it's possible to tweak autoconf to select the correct
+ *  methods for a particular platform, either by improving the detection
+ *  code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
+ *  symbols for the platform.
+ *
+ *  Use logintest to check which symbols are defined before modifying
+ *  configure.ac and loginrec.c. (You have to build logintest yourself
+ *  with 'make logintest' as it's not built by default.)
+ *
+ *  Otherwise, patches to the specific method(s) are very helpful!
+ */
 
 #include "includes.h"
 
@@ -157,17 +152,21 @@
 #include "loginrec.h"
 #include "log.h"
 #include "atomicio.h"
-
-RCSID("$Id: loginrec.c,v 1.58 2004/08/15 09:12:52 djm Exp $");
+#include "packet.h"
+#include "canohost.h"
+#include "auth.h"
+#include "buffer.h"
 
 #ifdef HAVE_UTIL_H
-#  include <util.h>
+# include <util.h>
 #endif
 
 #ifdef HAVE_LIBUTIL_H
-#   include <libutil.h>
+# include <libutil.h>
 #endif
 
+RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $");
+
 /**
  ** prototypes for helper functions in this file
  **/
@@ -194,14 +193,17 @@ int lastlog_get_entry(struct logininfo *li);
 int wtmp_get_entry(struct logininfo *li);
 int wtmpx_get_entry(struct logininfo *li);
 
+extern Buffer loginmsg;
+
 /* pick the shortest string */
-#define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) )
+#define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2))
 
 /**
  ** platform-independent login functions
  **/
 
-/* login_login(struct logininfo *)     -Record a login
+/*
+ * login_login(struct logininfo *) - Record a login
  *
  * Call with a pointer to a struct logininfo initialised with
  * login_init_entry() or login_alloc_entry()
@@ -211,14 +213,15 @@ int wtmpx_get_entry(struct logininfo *li);
  *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
  */
 int
-login_login (struct logininfo *li)
+login_login(struct logininfo *li)
 {
         li->type = LTYPE_LOGIN;
-        return login_write(li);
+        return (login_write(li));
 }
 
 
-/* login_logout(struct logininfo *)     - Record a logout
+/*
+ * login_logout(struct logininfo *) - Record a logout
  *
  * Call as with login_login()
  *
@@ -230,10 +233,11 @@ int
 login_logout(struct logininfo *li)
 {
         li->type = LTYPE_LOGOUT;
-        return login_write(li);
+        return (login_write(li));
 }
 
-/* login_get_lastlog_time(int)           - Retrieve the last login time
+/*
+ * login_get_lastlog_time(int) - Retrieve the last login time
  *
  * Retrieve the last login time for the given uid. Will try to use the
  * system lastlog facilities if they are available, but will fall back
@@ -256,12 +260,13 @@ login_get_lastlog_time(const int uid)
         struct logininfo li;
 
         if (login_get_lastlog(&li, uid))
-                return li.tv_sec;
+                return (li.tv_sec);
         else
-                return 0;
+                return (0);
 }
 
-/* login_get_lastlog(struct logininfo *, int)   - Retrieve a lastlog entry
+/*
+ * login_get_lastlog(struct logininfo *, int)   - Retrieve a lastlog entry
  *
  * Retrieve a logininfo structure populated (only partially) with
  * information from the system lastlog data, or from wtmp/wtmpx if no
@@ -272,7 +277,6 @@ login_get_lastlog_time(const int uid)
  * Returns:
  *  >0: A pointer to your struct logininfo if successful
  *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
- *
  */
 struct logininfo *
 login_get_lastlog(struct logininfo *li, const int uid)
@@ -289,20 +293,21 @@ login_get_lastlog(struct logininfo *li, const int uid)
          */
         pw = getpwuid(uid);
         if (pw == NULL)
-                fatal("login_get_lastlog: Cannot find account for uid %i", uid);
+                fatal("%s: Cannot find account for uid %i", __func__, uid);
 
         /* No MIN_SIZEOF here - we absolutely *must not* truncate the
-         * username */
+         * username (XXX - so check for trunc!) */
         strlcpy(li->username, pw->pw_name, sizeof(li->username));
 
         if (getlast_entry(li))
-                return li;
+                return (li);
         else
-                return NULL;
+                return (NULL);
 }
 
 
-/* login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
+/*
+ * login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
  *                                                  a logininfo structure
  *
  * This function creates a new struct logininfo, a data structure
@@ -313,13 +318,13 @@ login_get_lastlog(struct logininfo *li, const int uid)
  */
 struct
 logininfo *login_alloc_entry(int pid, const char *username,
-                             const char *hostname, const char *line)
+    const char *hostname, const char *line)
 {
         struct logininfo *newli;
 
-        newli = (struct logininfo *) xmalloc (sizeof(*newli));
-        (void)login_init_entry(newli, pid, username, hostname, line);
-        return newli;
+        newli = xmalloc(sizeof(*newli));
+        login_init_entry(newli, pid, username, hostname, line);
+        return (newli);
 }
 
 
@@ -341,7 +346,7 @@ login_free_entry(struct logininfo *li)
  */
 int
 login_init_entry(struct logininfo *li, int pid, const char *username,
-                 const char *hostname, const char *line)
+    const char *hostname, const char *line)
 {
         struct passwd *pw;
 
@@ -356,18 +361,21 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
         if (username) {
                 strlcpy(li->username, username, sizeof(li->username));
                 pw = getpwnam(li->username);
-                if (pw == NULL)
-                        fatal("login_init_entry: Cannot find user \"%s\"", li->username);
+                if (pw == NULL) {
+                        fatal("%s: Cannot find user \"%s\"", __func__, 
+                            li->username);
+                }
                 li->uid = pw->pw_uid;
         }
 
         if (hostname)
                 strlcpy(li->hostname, hostname, sizeof(li->hostname));
 
-        return 1;
+        return (1);
 }
 
-/* login_set_current_time(struct logininfo *)    - set the current time
+/* 
+ * login_set_current_time(struct logininfo *)    - set the current time
  *
  * Set the current time in a logininfo structure. This function is
  * meant to eliminate the need to deal with system dependencies for
@@ -387,7 +395,7 @@ login_set_current_time(struct logininfo *li)
 /* copy a sockaddr_* into our logininfo */
 void
 login_set_addr(struct logininfo *li, const struct sockaddr *sa,
-               const unsigned int sa_size)
+    const unsigned int sa_size)
 {
         unsigned int bufsize = sa_size;
 
@@ -395,7 +403,7 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa,
         if (sizeof(li->hostaddr) < sa_size)
                 bufsize = sizeof(li->hostaddr);
 
-        memcpy((void *)&(li->hostaddr.sa), (const void *)sa, bufsize);
+        memcpy(&li->hostaddr.sa, sa, bufsize);
 }
 
 
@@ -404,12 +412,12 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa,
  ** results
  **/
 int
-login_write (struct logininfo *li)
+login_write(struct logininfo *li)
 {
 #ifndef HAVE_CYGWIN
-        if ((int)geteuid() != 0) {
-          logit("Attempt to write login records by non-root user (aborting)");
-          return 1;
+        if (geteuid() != 0) {
+                logit("Attempt to write login records by non-root user (aborting)");
+                return (1);
         }
 #endif
 
@@ -419,9 +427,8 @@ login_write (struct logininfo *li)
         syslogin_write_entry(li);
 #endif
 #ifdef USE_LASTLOG
-        if (li->type == LTYPE_LOGIN) {
+        if (li->type == LTYPE_LOGIN)
                 lastlog_write_entry(li);
-        }
 #endif
 #ifdef USE_UTMP
         utmp_write_entry(li);
@@ -437,10 +444,16 @@ login_write (struct logininfo *li)
 #endif
 #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
         if (li->type == LTYPE_LOGIN && 
-           !sys_auth_record_login(li->username,li->hostname,li->line))
+           !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg))
                 logit("Writing login record failed for %s", li->username);
 #endif
-        return 0;
+#ifdef SSH_AUDIT_EVENTS
+        if (li->type == LTYPE_LOGIN)
+                audit_session_open(li->line);
+        else if (li->type == LTYPE_LOGOUT)
+                audit_session_close(li->line);
+#endif
+        return (0);
 }
 
 #ifdef LOGIN_NEEDS_UTMPX
@@ -461,7 +474,7 @@ login_utmp_only(struct logininfo *li)
 # ifdef USE_WTMPX
         wtmpx_write_entry(li);
 # endif
-        return 0;
+        return (0);
 }
 #endif
 
@@ -478,25 +491,21 @@ getlast_entry(struct logininfo *li)
         return(lastlog_get_entry(li));
 #else /* !USE_LASTLOG */
 
-#ifdef DISABLE_LASTLOG
+#if defined(DISABLE_LASTLOG)
         /* On some systems we shouldn't even try to obtain last login
          * time, e.g. AIX */
-        return 0;
-# else /* DISABLE_LASTLOG */
-        /* Try to retrieve the last login time from wtmp */
-#  if defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
+        return (0);
+# elif defined(USE_WTMP) && \
+    (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
         /* retrieve last login time from utmp */
         return (wtmp_get_entry(li));
-#  else /* defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) */
+# elif defined(USE_WTMPX) && \
+    (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
         /* If wtmp isn't available, try wtmpx */
-#   if defined(USE_WTMPX) && (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
-        /* retrieve last login time from utmpx */
         return (wtmpx_get_entry(li));
-#   else
+# else
         /* Give up: No means of retrieving last login time */
-        return 0;
-#   endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
-#  endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
+        return (0);
 # endif /* DISABLE_LASTLOG */
 #endif /* USE_LASTLOG */
 }
@@ -520,19 +529,21 @@ getlast_entry(struct logininfo *li)
  */
 
 
-/* line_fullname(): add the leading '/dev/' if it doesn't exist make
- * sure dst has enough space, if not just copy src (ugh) */
+/*
+ * line_fullname(): add the leading '/dev/' if it doesn't exist make
+ * sure dst has enough space, if not just copy src (ugh)
+ */
 char *
 line_fullname(char *dst, const char *src, int dstsize)
 {
         memset(dst, '\0', dstsize);
-        if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) {
+        if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
                 strlcpy(dst, src, dstsize);
-        } else {
+        else {
                 strlcpy(dst, "/dev/", dstsize);
                 strlcat(dst, src, dstsize);
         }
-        return dst;
+        return (dst);
 }
 
 /* line_stripname(): strip the leading '/dev' if it exists, return dst */
@@ -544,15 +555,17 @@ line_stripname(char *dst, const char *src, int dstsize)
                 strlcpy(dst, src + 5, dstsize);
         else
                 strlcpy(dst, src, dstsize);
-        return dst;
+        return (dst);
 }
 
-/* line_abbrevname(): Return the abbreviated (usually four-character)
+/* 
+ * line_abbrevname(): Return the abbreviated (usually four-character)
  * form of the line (Just use the last <dstsize> characters of the
  * full name.)
  *
  * NOTE: use strncpy because we do NOT necessarily want zero
- * termination */
+ * termination
+ */
 char *
 line_abbrevname(char *dst, const char *src, int dstsize)
 {
@@ -579,7 +592,7 @@ line_abbrevname(char *dst, const char *src, int dstsize)
                 strncpy(dst, src, (size_t)dstsize);
         }
 
-        return dst;
+        return (dst);
 }
 
 /**
@@ -595,13 +608,11 @@ line_abbrevname(char *dst, const char *src, int dstsize)
 void
 set_utmp_time(struct logininfo *li, struct utmp *ut)
 {
-# ifdef HAVE_TV_IN_UTMP
+# if defined(HAVE_TV_IN_UTMP)
         ut->ut_tv.tv_sec = li->tv_sec;
         ut->ut_tv.tv_usec = li->tv_usec;
-# else
-#  ifdef HAVE_TIME_IN_UTMP
+# elif defined(HAVE_TIME_IN_UTMP)
         ut->ut_time = li->tv_sec;
-#  endif
 # endif
 }
 
@@ -611,7 +622,8 @@ construct_utmp(struct logininfo *li,
 {
 # ifdef HAVE_ADDR_V6_IN_UTMP
         struct sockaddr_in6 *sa6;
-#  endif
+# endif
+
         memset(ut, '\0', sizeof(*ut));
 
         /* First fill out fields used for both logins and logouts */
@@ -647,7 +659,7 @@ construct_utmp(struct logininfo *li,
 
         /* If we're logging out, leave all other fields blank */
         if (li->type == LTYPE_LOGOUT)
-          return;
+                return;
 
         /*
          * These fields are only used when logging in, and are blank
@@ -655,9 +667,11 @@ construct_utmp(struct logininfo *li,
          */
 
         /* Use strncpy because we don't necessarily want null termination */
-        strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
+        strncpy(ut->ut_name, li->username,
+            MIN_SIZEOF(ut->ut_name, li->username));
 # ifdef HAVE_HOST_IN_UTMP
-        strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname));
+        strncpy(ut->ut_host, li->hostname,
+            MIN_SIZEOF(ut->ut_host, li->hostname));
 # endif
 # ifdef HAVE_ADDR_IN_UTMP
         /* this is just a 32-bit IP address */
@@ -692,14 +706,12 @@ construct_utmp(struct logininfo *li,
 void
 set_utmpx_time(struct logininfo *li, struct utmpx *utx)
 {
-# ifdef HAVE_TV_IN_UTMPX
+# if defined(HAVE_TV_IN_UTMPX)
         utx->ut_tv.tv_sec = li->tv_sec;
         utx->ut_tv.tv_usec = li->tv_usec;
-# else /* HAVE_TV_IN_UTMPX */
-#  ifdef HAVE_TIME_IN_UTMPX
+# elif defined(HAVE_TIME_IN_UTMPX)
         utx->ut_time = li->tv_sec;
-#  endif /* HAVE_TIME_IN_UTMPX */
-# endif /* HAVE_TV_IN_UTMPX */
+# endif
 }
 
 void
@@ -709,6 +721,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
         struct sockaddr_in6 *sa6;
 #  endif
         memset(utx, '\0', sizeof(*utx));
+
 # ifdef HAVE_ID_IN_UTMPX
         line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
 # endif
@@ -725,8 +738,10 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
         line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
         set_utmpx_time(li, utx);
         utx->ut_pid = li->pid;
+
         /* strncpy(): Don't necessarily want null termination */
-        strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
+        strncpy(utx->ut_name, li->username,
+            MIN_SIZEOF(utx->ut_name, li->username));
 
         if (li->type == LTYPE_LOGOUT)
                 return;
@@ -737,7 +752,8 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
          */
 
 # ifdef HAVE_HOST_IN_UTMPX
-        strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
+        strncpy(utx->ut_host, li->hostname,
+            MIN_SIZEOF(utx->ut_host, li->hostname));
 # endif
 # ifdef HAVE_ADDR_IN_UTMPX
         /* this is just a 32-bit IP address */
@@ -785,16 +801,17 @@ utmp_write_library(struct logininfo *li, struct utmp *ut)
 {
         setutent();
         pututline(ut);
-
 #  ifdef HAVE_ENDUTENT
         endutent();
 #  endif
-        return 1;
+        return (1);
 }
 # else /* UTMP_USE_LIBRARY */
 
-/* write a utmp entry direct to the file */
-/* This is a slightly modification of code in OpenBSD's login.c */
+/* 
+ * Write a utmp entry direct to the file
+ * This is a slightly modification of code in OpenBSD's login.c
+ */
 static int
 utmp_write_direct(struct logininfo *li, struct utmp *ut)
 {
@@ -805,19 +822,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
         /* FIXME: (ATL) ttyslot() needs local implementation */
 
 #if defined(HAVE_GETTTYENT)
-        register struct ttyent *ty;
+        struct ttyent *ty;
 
         tty=0;
-
         setttyent();
-        while ((struct ttyent *)0 != (ty = getttyent())) {
+        while (NULL != (ty = getttyent())) {
                 tty++;
                 if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line)))
                         break;
         }
         endttyent();
 
-        if((struct ttyent *)0 == ty) {
+        if (NULL == ty) {
                 logit("%s: tty not found", __func__);
                 return (0);
         }
@@ -832,12 +848,12 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
 
                 pos = (off_t)tty * sizeof(struct utmp);
                 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-                        logit("%s: llseek: %s", strerror(errno));
+                        logit("%s: lseek: %s", __func__, strerror(errno));
                         return (0);
                 }
                 if (ret != pos) {
-                        logit("%s: Couldn't seek to tty %s slot in %s", tty,
-                            UTMP_FILE);
+                        logit("%s: Couldn't seek to tty %d slot in %s", 
+                            __func__, tty, UTMP_FILE);
                         return (0);
                 }
                 /*
@@ -846,29 +862,29 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
                  * and ut_line and ut_name match, preserve the old ut_line.
                  */
                 if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
-                        (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
-                        (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
-                        (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
-                        (void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
-                }
+                    (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
+                    (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
+                    (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0))
+                        memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
 
                 if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-                        logit("%s: llseek: %s", __func__, strerror(errno));
+                        logit("%s: lseek: %s", __func__, strerror(errno));
                         return (0);
                 }
                 if (ret != pos) {
-                        logit("%s: Couldn't seek to tty %s slot in %s",
+                        logit("%s: Couldn't seek to tty %d slot in %s",
                             __func__, tty, UTMP_FILE);
                         return (0);
                 }
-                if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut))
+                if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
                         logit("%s: error writing %s: %s", __func__,
                             UTMP_FILE, strerror(errno));
+                }
 
-                (void)close(fd);
-                return 1;
+                close(fd);
+                return (1);
         } else {
-                return 0;
+                return (0);
         }
 }
 # endif /* UTMP_USE_LIBRARY */
@@ -881,16 +897,16 @@ utmp_perform_login(struct logininfo *li)
         construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
         if (!utmp_write_library(li, &ut)) {
-                logit("utmp_perform_login: utmp_write_library() failed");
-                return 0;
+                logit("%s: utmp_write_library() failed", __func__);
+                return (0);
         }
 # else
         if (!utmp_write_direct(li, &ut)) {
-                logit("utmp_perform_login: utmp_write_direct() failed");
-                return 0;
+                logit("%s: utmp_write_direct() failed", __func__);
+                return (0);
         }
 # endif
-        return 1;
+        return (1);
 }
 
 
@@ -902,16 +918,16 @@ utmp_perform_logout(struct logininfo *li)
         construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
         if (!utmp_write_library(li, &ut)) {
-                logit("utmp_perform_logout: utmp_write_library() failed");
-                return 0;
+                logit("%s: utmp_write_library() failed", __func__);
+                return (0);
         }
 # else
         if (!utmp_write_direct(li, &ut)) {
-                logit("utmp_perform_logout: utmp_write_direct() failed");
-                return 0;
+                logit("%s: utmp_write_direct() failed", __func__);
+                return (0);
         }
 # endif
-        return 1;
+        return (1);
 }
 
 
@@ -920,14 +936,14 @@ utmp_write_entry(struct logininfo *li)
 {
         switch(li->type) {
         case LTYPE_LOGIN:
-                return utmp_perform_login(li);
+                return (utmp_perform_login(li));
 
         case LTYPE_LOGOUT:
-                return utmp_perform_logout(li);
+                return (utmp_perform_logout(li));
 
         default:
-                logit("utmp_write_entry: invalid type field");
-                return 0;
+                logit("%s: invalid type field", __func__);
+                return (0);
         }
 }
 #endif /* USE_UTMP */
@@ -958,7 +974,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 #  ifdef HAVE_ENDUTXENT
         endutxent();
 #  endif
-        return 1;
+        return (1);
 }
 
 # else /* UTMPX_USE_LIBRARY */
@@ -967,8 +983,8 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 static int
 utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
 {
-        logit("utmpx_write_direct: not implemented!");
-        return 0;
+        logit("%s: not implemented!", __func__);
+        return (0);
 }
 # endif /* UTMPX_USE_LIBRARY */
 
@@ -980,16 +996,16 @@ utmpx_perform_login(struct logininfo *li)
         construct_utmpx(li, &utx);
 # ifdef UTMPX_USE_LIBRARY
         if (!utmpx_write_library(li, &utx)) {
-                logit("utmpx_perform_login: utmp_write_library() failed");
-                return 0;
+                logit("%s: utmp_write_library() failed", __func__);
+                return (0);
         }
 # else
         if (!utmpx_write_direct(li, &ut)) {
-                logit("utmpx_perform_login: utmp_write_direct() failed");
-                return 0;
+                logit("%s: utmp_write_direct() failed", __func__);
+                return (0);
         }
 # endif
-        return 1;
+        return (1);
 }
 
 
@@ -1011,7 +1027,7 @@ utmpx_perform_logout(struct logininfo *li)
 # else
         utmpx_write_direct(li, &utx);
 # endif
-        return 1;
+        return (1);
 }
 
 int
@@ -1019,12 +1035,12 @@ utmpx_write_entry(struct logininfo *li)
 {
         switch(li->type) {
         case LTYPE_LOGIN:
-                return utmpx_perform_login(li);
+                return (utmpx_perform_login(li));
         case LTYPE_LOGOUT:
-                return utmpx_perform_logout(li);
+                return (utmpx_perform_logout(li));
         default:
-                logit("utmpx_write_entry: invalid type field");
-                return 0;
+                logit("%s: invalid type field", __func__);
+                return (0);
         }
 }
 #endif /* USE_UTMPX */
@@ -1036,8 +1052,10 @@ utmpx_write_entry(struct logininfo *li)
 
 #ifdef USE_WTMP
 
-/* write a wtmp entry direct to the end of the file */
-/* This is a slight modification of code in OpenBSD's logwtmp.c */
+/* 
+ * Write a wtmp entry direct to the end of the file
+ * This is a slight modification of code in OpenBSD's logwtmp.c
+ */
 static int
 wtmp_write(struct logininfo *li, struct utmp *ut)
 {
@@ -1045,19 +1063,19 @@ wtmp_write(struct logininfo *li, struct utmp *ut)
         int fd, ret = 1;
 
         if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
-                logit("wtmp_write: problem writing %s: %s",
+                logit("%s: problem writing %s: %s", __func__,
                     WTMP_FILE, strerror(errno));
-                return 0;
+                return (0);
         }
         if (fstat(fd, &buf) == 0)
                 if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
                         ftruncate(fd, buf.st_size);
-                        logit("wtmp_write: problem writing %s: %s",
+                        logit("%s: problem writing %s: %s", __func__,
                             WTMP_FILE, strerror(errno));
                         ret = 0;
                 }
-        (void)close(fd);
-        return ret;
+        close(fd);
+        return (ret);
 }
 
 static int
@@ -1066,7 +1084,7 @@ wtmp_perform_login(struct logininfo *li)
         struct utmp ut;
 
         construct_utmp(li, &ut);
-        return wtmp_write(li, &ut);
+        return (wtmp_write(li, &ut));
 }
 
 
@@ -1076,7 +1094,7 @@ wtmp_perform_logout(struct logininfo *li)
         struct utmp ut;
 
         construct_utmp(li, &ut);
-        return wtmp_write(li, &ut);
+        return (wtmp_write(li, &ut));
 }
 
 
@@ -1085,17 +1103,18 @@ wtmp_write_entry(struct logininfo *li)
 {
         switch(li->type) {
         case LTYPE_LOGIN:
-                return wtmp_perform_login(li);
+                return (wtmp_perform_login(li));
         case LTYPE_LOGOUT:
-                return wtmp_perform_logout(li);
+                return (wtmp_perform_logout(li));
         default:
-                logit("wtmp_write_entry: invalid type field");
-                return 0;
+                logit("%s: invalid type field", __func__);
+                return (0);
         }
 }
 
 
-/* Notes on fetching login data from wtmp/wtmpx
+/* 
+ * Notes on fetching login data from wtmp/wtmpx
  *
  * Logouts are usually recorded with (amongst other things) a blank
  * username on a given tty line.  However, some systems (HP-UX is one)
@@ -1116,15 +1135,15 @@ static int
 wtmp_islogin(struct logininfo *li, struct utmp *ut)
 {
         if (strncmp(li->username, ut->ut_name,
-                MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
+            MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
 # ifdef HAVE_TYPE_IN_UTMP
                 if (ut->ut_type & USER_PROCESS)
-                        return 1;
+                        return (1);
 # else
-                return 1;
+                return (1);
 # endif
         }
-        return 0;
+        return (0);
 }
 
 int
@@ -1132,41 +1151,43 @@ wtmp_get_entry(struct logininfo *li)
 {
         struct stat st;
         struct utmp ut;
-        int fd, found=0;
+        int fd, found = 0;
 
         /* Clear the time entries in our logininfo */
         li->tv_sec = li->tv_usec = 0;
 
         if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
-                logit("wtmp_get_entry: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                     WTMP_FILE, strerror(errno));
-                return 0;
+                return (0);
         }
         if (fstat(fd, &st) != 0) {
-                logit("wtmp_get_entry: couldn't stat %s: %s",
+                logit("%s: couldn't stat %s: %s", __func__, 
                     WTMP_FILE, strerror(errno));
                 close(fd);
-                return 0;
+                return (0);
         }
 
         /* Seek to the start of the last struct utmp */
         if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) {
                 /* Looks like we've got a fresh wtmp file */
                 close(fd);
-                return 0;
+                return (0);
         }
 
         while (!found) {
                 if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
-                        logit("wtmp_get_entry: read of %s failed: %s",
+                        logit("%s: read of %s failed: %s", __func__, 
                             WTMP_FILE, strerror(errno));
                         close (fd);
-                        return 0;
+                        return (0);
                 }
                 if ( wtmp_islogin(li, &ut) ) {
                         found = 1;
-                        /* We've already checked for a time in struct
-                         * utmp, in login_getlast(). */
+                        /*
+                         * We've already checked for a time in struct
+                         * utmp, in login_getlast()
+                         */
 # ifdef HAVE_TIME_IN_UTMP
                         li->tv_sec = ut.ut_time;
 # else
@@ -1175,24 +1196,24 @@ wtmp_get_entry(struct logininfo *li)
 #  endif
 # endif
                         line_fullname(li->line, ut.ut_line,
-                                      MIN_SIZEOF(li->line, ut.ut_line));
+                            MIN_SIZEOF(li->line, ut.ut_line));
 # ifdef HAVE_HOST_IN_UTMP
                         strlcpy(li->hostname, ut.ut_host,
-                                MIN_SIZEOF(li->hostname, ut.ut_host));
+                            MIN_SIZEOF(li->hostname, ut.ut_host));
 # endif
                         continue;
                 }
                 /* Seek back 2 x struct utmp */
                 if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) {
                         /* We've found the start of the file, so quit */
-                        close (fd);
-                        return 0;
+                        close(fd);
+                        return (0);
                 }
         }
 
         /* We found an entry. Tidy up and return */
         close(fd);
-        return 1;
+        return (1);
 }
 # endif /* USE_WTMP */
 
@@ -1202,8 +1223,10 @@ wtmp_get_entry(struct logininfo *li)
  **/
 
 #ifdef USE_WTMPX
-/* write a wtmpx entry direct to the end of the file */
-/* This is a slight modification of code in OpenBSD's logwtmp.c */
+/*
+ * Write a wtmpx entry direct to the end of the file
+ * This is a slight modification of code in OpenBSD's logwtmp.c
+ */
 static int
 wtmpx_write(struct logininfo *li, struct utmpx *utx)
 {
@@ -1212,24 +1235,24 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
         int fd, ret = 1;
 
         if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
-                logit("wtmpx_write: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                     WTMPX_FILE, strerror(errno));
-                return 0;
+                return (0);
         }
 
         if (fstat(fd, &buf) == 0)
                 if (atomicio(vwrite, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
                         ftruncate(fd, buf.st_size);
-                        logit("wtmpx_write: problem writing %s: %s",
+                        logit("%s: problem writing %s: %s", __func__,
                             WTMPX_FILE, strerror(errno));
                         ret = 0;
                 }
-        (void)close(fd);
+        close(fd);
 
-        return ret;
+        return (ret);
 #else
         updwtmpx(WTMPX_FILE, utx);
-        return 1;
+        return (1);
 #endif
 }
 
@@ -1240,7 +1263,7 @@ wtmpx_perform_login(struct logininfo *li)
         struct utmpx utx;
 
         construct_utmpx(li, &utx);
-        return wtmpx_write(li, &utx);
+        return (wtmpx_write(li, &utx));
 }
 
 
@@ -1250,7 +1273,7 @@ wtmpx_perform_logout(struct logininfo *li)
         struct utmpx utx;
 
         construct_utmpx(li, &utx);
-        return wtmpx_write(li, &utx);
+        return (wtmpx_write(li, &utx));
 }
 
 
@@ -1259,12 +1282,12 @@ wtmpx_write_entry(struct logininfo *li)
 {
         switch(li->type) {
         case LTYPE_LOGIN:
-                return wtmpx_perform_login(li);
+                return (wtmpx_perform_login(li));
         case LTYPE_LOGOUT:
-                return wtmpx_perform_logout(li);
+                return (wtmpx_perform_logout(li));
         default:
-                logit("wtmpx_write_entry: invalid type field");
-                return 0;
+                logit("%s: invalid type field", __func__);
+                return (0);
         }
 }
 
@@ -1275,16 +1298,16 @@ wtmpx_write_entry(struct logininfo *li)
 static int
 wtmpx_islogin(struct logininfo *li, struct utmpx *utx)
 {
-        if ( strncmp(li->username, utx->ut_name,
-                MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) {
+        if (strncmp(li->username, utx->ut_name,
+            MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) {
 # ifdef HAVE_TYPE_IN_UTMPX
                 if (utx->ut_type == USER_PROCESS)
-                        return 1;
+                        return (1);
 # else
-                return 1;
+                return (1);
 # endif
         }
-        return 0;
+        return (0);
 }
 
 
@@ -1299,57 +1322,57 @@ wtmpx_get_entry(struct logininfo *li)
         li->tv_sec = li->tv_usec = 0;
 
         if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
-                logit("wtmpx_get_entry: problem opening %s: %s",
+                logit("%s: problem opening %s: %s", __func__, 
                     WTMPX_FILE, strerror(errno));
-                return 0;
+                return (0);
         }
         if (fstat(fd, &st) != 0) {
-                logit("wtmpx_get_entry: couldn't stat %s: %s",
+                logit("%s: couldn't stat %s: %s", __func__, 
                     WTMPX_FILE, strerror(errno));
                 close(fd);
-                return 0;
+                return (0);
         }
 
         /* Seek to the start of the last struct utmpx */
         if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) {
                 /* probably a newly rotated wtmpx file */
                 close(fd);
-                return 0;
+                return (0);
         }
 
         while (!found) {
                 if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
-                        logit("wtmpx_get_entry: read of %s failed: %s",
+                        logit("%s: read of %s failed: %s", __func__, 
                             WTMPX_FILE, strerror(errno));
                         close (fd);
-                        return 0;
+                        return (0);
                 }
-                /* Logouts are recorded as a blank username on a particular line.
-                 * So, we just need to find the username in struct utmpx */
-                if ( wtmpx_islogin(li, &utx) ) {
+                /*
+                 * Logouts are recorded as a blank username on a particular 
+                 * line. So, we just need to find the username in struct utmpx
+                 */
+                if (wtmpx_islogin(li, &utx)) {
                         found = 1;
-# ifdef HAVE_TV_IN_UTMPX
+# if defined(HAVE_TV_IN_UTMPX)
                         li->tv_sec = utx.ut_tv.tv_sec;
-# else
-#  ifdef HAVE_TIME_IN_UTMPX
+# elif defined(HAVE_TIME_IN_UTMPX)
                         li->tv_sec = utx.ut_time;
-#  endif
 # endif
                         line_fullname(li->line, utx.ut_line, sizeof(li->line));
-# ifdef HAVE_HOST_IN_UTMPX
+# if defined(HAVE_HOST_IN_UTMPX)
                         strlcpy(li->hostname, utx.ut_host,
-                                MIN_SIZEOF(li->hostname, utx.ut_host));
+                            MIN_SIZEOF(li->hostname, utx.ut_host));
 # endif
                         continue;
                 }
                 if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) {
-                        close (fd);
-                        return 0;
+                        close(fd);
+                        return (0);
                 }
         }
 
         close(fd);
-        return 1;
+        return (1);
 }
 #endif /* USE_WTMPX */
 
@@ -1363,15 +1386,12 @@ syslogin_perform_login(struct logininfo *li)
 {
         struct utmp *ut;
 
-        if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) {
-                logit("syslogin_perform_login: couldn't malloc()");
-                return 0;
-        }
+        ut = xmalloc(sizeof(*ut));
         construct_utmp(li, ut);
         login(ut);
         free(ut);
 
-        return 1;
+        return (1);
 }
 
 static int
@@ -1382,19 +1402,18 @@ syslogin_perform_logout(struct logininfo *li)
 
         (void)line_stripname(line, li->line, sizeof(line));
 
-        if (!logout(line)) {
-                logit("syslogin_perform_logout: logout() returned an error");
+        if (!logout(line))
+                logit("%s: logout() returned an error", __func__);
 #  ifdef HAVE_LOGWTMP
-        } else {
+        else
                 logwtmp(line, "", "");
 #  endif
-        }
         /* FIXME: (ATL - if the need arises) What to do if we have
          * login, but no logout?  what if logout but no logwtmp? All
          * routines are in libutil so they should all be there,
          * but... */
 # endif
-        return 1;
+        return (1);
 }
 
 int
@@ -1402,12 +1421,12 @@ syslogin_write_entry(struct logininfo *li)
 {
         switch (li->type) {
         case LTYPE_LOGIN:
-                return syslogin_perform_login(li);
+                return (syslogin_perform_login(li));
         case LTYPE_LOGOUT:
-                return syslogin_perform_logout(li);
+                return (syslogin_perform_logout(li));
         default:
-                logit("syslogin_write_entry: Invalid type field");
-                return 0;
+                logit("%s: Invalid type field", __func__);
+                return (0);
         }
 }
 #endif /* USE_LOGIN */
@@ -1429,7 +1448,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last)
         /* clear the structure */
         memset(last, '\0', sizeof(*last));
 
-        (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
+        line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
         strlcpy(last->ll_host, li->hostname,
                 MIN_SIZEOF(last->ll_host, li->hostname));
         last->ll_time = li->tv_sec;
@@ -1441,16 +1460,16 @@ lastlog_filetype(char *filename)
         struct stat st;
 
         if (stat(LASTLOG_FILE, &st) != 0) {
-                logit("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
-                        strerror(errno));
-                return 0;
+                logit("%s: Couldn't stat %s: %s", __func__,
+                    LASTLOG_FILE, strerror(errno));
+                return (0);
         }
         if (S_ISDIR(st.st_mode))
-                return LL_DIR;
+                return (LL_DIR);
         else if (S_ISREG(st.st_mode))
-                return LL_FILE;
+                return (LL_FILE);
         else
-                return LL_OTHER;
+                return (LL_OTHER);
 }
 
 
@@ -1464,38 +1483,39 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 
         type = lastlog_filetype(LASTLOG_FILE);
         switch (type) {
-                case LL_FILE:
-                        strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file));
-                        break;
-                case LL_DIR:
-                        snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
-                                 LASTLOG_FILE, li->username);
-                        break;
-                default:
-                        logit("lastlog_openseek: %.100s is not a file or directory!",
-                            LASTLOG_FILE);
-                        return 0;
+        case LL_FILE:
+                strlcpy(lastlog_file, LASTLOG_FILE,
+                    sizeof(lastlog_file));
+                break;
+        case LL_DIR:
+                snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
+                    LASTLOG_FILE, li->username);
+                break;
+        default:
+                logit("%s: %.100s is not a file or directory!", __func__,
+                    LASTLOG_FILE);
+                return (0);
         }
 
         *fd = open(lastlog_file, filemode, 0600);
-        if ( *fd < 0) {
-                debug("lastlog_openseek: Couldn't open %s: %s",
+        if (*fd < 0) {
+                debug("%s: Couldn't open %s: %s", __func__,
                     lastlog_file, strerror(errno));
-                return 0;
+                return (0);
         }
 
         if (type == LL_FILE) {
                 /* find this uid's offset in the lastlog file */
                 offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
 
-                if ( lseek(*fd, offset, SEEK_SET) != offset ) {
-                        logit("lastlog_openseek: %s->lseek(): %s",
-                         lastlog_file, strerror(errno));
-                        return 0;
+                if (lseek(*fd, offset, SEEK_SET) != offset) {
+                        logit("%s: %s->lseek(): %s", __func__,
+                            lastlog_file, strerror(errno));
+                        return (0);
                 }
         }
 
-        return 1;
+        return (1);
 }
 
 static int
@@ -1508,18 +1528,18 @@ lastlog_perform_login(struct logininfo *li)
         lastlog_construct(li, &last);
 
         if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
-                return(0);
+                return (0);
 
         /* write the entry */
         if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) {
                 close(fd);
-                logit("lastlog_write_filemode: Error writing to %s: %s",
+                logit("%s: Error writing to %s: %s", __func__,
                     LASTLOG_FILE, strerror(errno));
-                return 0;
+                return (0);
         }
 
         close(fd);
-        return 1;
+        return (1);
 }
 
 int
@@ -1527,10 +1547,10 @@ lastlog_write_entry(struct logininfo *li)
 {
         switch(li->type) {
         case LTYPE_LOGIN:
-                return lastlog_perform_login(li);
+                return (lastlog_perform_login(li));
         default:
-                logit("lastlog_write_entry: Invalid type field");
-                return 0;
+                logit("%s: Invalid type field", __func__);
+                return (0);
         }
 }
 
@@ -1539,7 +1559,7 @@ lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
 {
         line_fullname(li->line, last->ll_line, sizeof(li->line));
         strlcpy(li->hostname, last->ll_host,
-                MIN_SIZEOF(li->hostname, last->ll_host));
+            MIN_SIZEOF(li->hostname, last->ll_host));
         li->tv_sec = last->ll_time;
 }
 
@@ -1576,3 +1596,82 @@ lastlog_get_entry(struct logininfo *li)
         return (0);
 }
 #endif /* USE_LASTLOG */
+
+#ifdef USE_BTMP
+  /*
+   * Logs failed login attempts in _PATH_BTMP if that exists.
+   * The most common login failure is to give password instead of username.
+   * So the _PATH_BTMP file checked for the correct permission, so that
+   * only root can read it.
+   */
+
+void
+record_failed_login(const char *username, const char *hostname,
+    const char *ttyn)
+{
+        int fd;
+        struct utmp ut;
+        struct sockaddr_storage from;
+        size_t fromlen = sizeof(from);
+        struct sockaddr_in *a4;
+        struct sockaddr_in6 *a6;
+        time_t t;
+        struct stat fst;
+
+        if (geteuid() != 0)
+                return;
+        if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) {
+                debug("Unable to open the btmp file %s: %s", _PATH_BTMP,
+                    strerror(errno));
+                return;
+        }
+        if (fstat(fd, &fst) < 0) {
+                logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP,
+                    strerror(errno));
+                goto out;
+        }
+        if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){
+                logit("Excess permission or bad ownership on file %s",
+                    _PATH_BTMP);
+                goto out;
+        }
+
+        memset(&ut, 0, sizeof(ut));
+        /* strncpy because we don't necessarily want nul termination */
+        strncpy(ut.ut_user, username, sizeof(ut.ut_user));
+        strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line));
+
+        time(&t);
+        ut.ut_time = t;     /* ut_time is not always a time_t */
+        ut.ut_type = LOGIN_PROCESS;
+        ut.ut_pid = getpid();
+
+        /* strncpy because we don't necessarily want nul termination */
+        strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
+
+        if (packet_connection_is_on_socket() &&
+            getpeername(packet_get_connection_in(),
+            (struct sockaddr *)&from, &fromlen) == 0) {
+                ipv64_normalise_mapped(&from, &fromlen);
+                if (from.ss_family == AF_INET) {
+                        a4 = (struct sockaddr_in *)&from;
+                        memcpy(&ut.ut_addr, &(a4->sin_addr),
+                            MIN_SIZEOF(ut.ut_addr, a4->sin_addr));
+                }
+#ifdef HAVE_ADDR_V6_IN_UTMP
+                if (from.ss_family == AF_INET6) {
+                        a6 = (struct sockaddr_in6 *)&from;
+                        memcpy(&ut.ut_addr_v6, &(a6->sin6_addr),
+                            MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr));
+                }
+#endif
+        }
+
+        if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut))
+                error("Failed to write to %s: %s", _PATH_BTMP,
+                    strerror(errno));
+
+out:
+        close(fd);
+}
+#endif  /* USE_BTMP */
diff --git a/loginrec.h b/loginrec.h
index 7f932c296..d1a12a853 100644
--- a/loginrec.h
+++ b/loginrec.h
@@ -35,7 +35,7 @@
 #include <netinet/in.h>
 #include <sys/socket.h>
 
-/* RCSID("$Id: loginrec.h,v 1.7 2003/06/03 02:18:50 djm Exp $"); */
+/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */
 
 /**
  ** you should use the login_* calls to work around platform dependencies
@@ -62,7 +62,7 @@ union login_netinfo {
 /* string lengths - set very long */
 #define LINFO_PROGSIZE 64
 #define LINFO_LINESIZE 64
-#define LINFO_NAMESIZE 64
+#define LINFO_NAMESIZE 128
 #define LINFO_HOSTSIZE 256
 
 struct logininfo {
@@ -132,4 +132,6 @@ char *line_fullname(char *dst, const char *src, int dstsize);
 char *line_stripname(char *dst, const char *src, int dstsize);
 char *line_abbrevname(char *dst, const char *src, int dstsize);
 
+void record_failed_login(const char *, const char *, const char *);
+
 #endif /* _HAVE_LOGINREC_H_ */
diff --git a/misc.c b/misc.c
index 8cb411ccc..2e366f81b 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -275,6 +275,48 @@ convtime(const char *s)
         return total;
 }
 
+/*
+ * Search for next delimiter between hostnames/addresses and ports.
+ * Argument may be modified (for termination).
+ * Returns *cp if parsing succeeds.
+ * *cp is set to the start of the next delimiter, if one was found.
+ * If this is the last field, *cp is set to NULL.
+ */
+char *
+hpdelim(char **cp)
+{
+        char *s, *old;
+
+        if (cp == NULL || *cp == NULL)
+                return NULL;
+
+        old = s = *cp;
+        if (*s == '[') {
+                if ((s = strchr(s, ']')) == NULL)
+                        return NULL;
+                else
+                        s++;
+        } else if ((s = strpbrk(s, ":/")) == NULL)
+                s = *cp + strlen(*cp); /* skip to end (see first case below) */
+
+        switch (*s) {
+        case '\0':
+                *cp = NULL;     /* no more fields*/
+                break;
+        
+        case ':':
+        case '/':
+                *s = '\0';      /* terminate */
+                *cp = s + 1;
+                break;
+        
+        default:
+                return NULL;
+        }
+
+        return old;
+}
+
 char *
 cleanhostname(char *host)
 {
@@ -332,3 +374,26 @@ addargs(arglist *args, char *fmt, ...)
         args->list[args->num++] = xstrdup(buf);
         args->list[args->num] = NULL;
 }
+
+/*
+ * Read an entire line from a public key file into a static buffer, discarding
+ * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
+ */
+int
+read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
+   u_long *lineno)
+{
+        while (fgets(buf, bufsz, f) != NULL) {
+                (*lineno)++;
+                if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+                        return 0;
+                } else {
+                        debug("%s: %s line %lu exceeds size limit", __func__,
+                            filename, *lineno);
+                        /* discard remainder of line */
+                        while(fgetc(f) != '\n' && !feof(f))
+                                ;       /* nothing */
+                }
+        }
+        return -1;
+}
diff --git a/misc.h b/misc.h
index ec47a611d..8bbc87f0d 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $  */
+/*      $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,6 +20,7 @@ int	 set_nonblock(int);
 int      unset_nonblock(int);
 void     set_nodelay(int);
 int      a2port(const char *);
+char    *hpdelim(char **);
 char    *cleanhostname(char *);
 char    *colon(char *);
 long     convtime(const char *);
@@ -46,3 +47,5 @@ char	*tilde_expand_filename(const char *, uid_t);
 #define RP_USE_ASKPASS          0x0008
 
 char    *read_passphrase(const char *, int);
+int      ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+int      read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
diff --git a/moduli b/moduli
index 52639d336..a12de2192 100644
--- a/moduli
+++ b/moduli
@@ -1,186 +1,200 @@
-#       $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
-
+#    $OpenBSD: moduli,v 1.3 2005/01/24 10:29:06 dtucker Exp $
 # Time Type Tests Tries Size Generator Modulus
-20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
-20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7
-20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97
-20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7
-20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B
-20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3
-20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3
-20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB
-20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383
-20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F
-20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B
-20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F
-20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B
-20031210005548 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB235892F3
-20031210005700 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB236C3F03
-20031210005841 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB238BC713
-20031210010040 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23B466C3
-20031210010119 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23BB1F8B
-20031210010313 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E03DDB
-20031210010335 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E130AB
-20031210010422 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23EA20A3
-20031210010500 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23F1807B
-20031210010628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2409DC07
-20031210010759 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2425487F
-20031210010906 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24397A3F
-20031210010945 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2440ABF7
-20031210011017 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2445C00B
-20031210011059 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB244E4EBF
-20031210011158 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB245E056B
-20031210011340 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24808F43
-20031210011408 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24834C0B
-20031210011517 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2495148B
-20031210011632 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24A89B27
-20031210014802 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D3B9DD3
-20031210015017 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D463D83
-20031210015524 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D68288B
-20031210015701 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D6C64C3
-20031210020258 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D94316B
-20031210022106 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E1F8453
-20031210022738 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E4BDAC7
-20031210022948 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E5541E7
-20031210023056 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E56464B
-20031210023414 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E695C8B
-20031210024039 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E939ABF
-20031210024457 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EAE295B
-20031210024630 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EB2BDFB
-20031210025118 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772ED059DB
-20031210025540 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EECB4D3
-20031210025956 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F043973
-20031210030256 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F134903
-20031210030415 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F15B5EB
-20031210030717 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F25BF3B
-20031210030826 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F2670D7
-20031210031055 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F31E5F3
-20031210031311 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F3BFE2B
-20031210032243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F83082B
-20031210032437 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F898187
-20031210032703 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F95718B
-20031210032953 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA3F5CB
-20031210033059 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA48FEB
-20031210033247 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FAA6267
-20031210033633 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FC1BE7B
-20031210034313 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF18FA7
-20031210034507 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF84977
-20031210035121 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730233FBF
-20031210035813 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773054E8F3
-20031210035955 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730597847
-20031210040259 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77306A1B57
-20031210040704 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308258FB
-20031210040913 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308A63F7
-20031210042047 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DEEF8F
-20031210042156 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DFE787
-20031210042511 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730F1D3CB
-20031210042907 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773107039B
-20031210043815 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731492E37
-20031210045243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731AB1953
-20031210054833 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C0B0F8B
-20031210055609 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C1CF773
-20031210065401 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1CDD973F
-20031210071146 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D11D9FB
-20031210071754 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D1ED47B
-20031210072552 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D32CE4F
-20031210073644 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D4EC983
-20031210074309 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D5D4F07
-20031210075517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D7DE133
-20031210081718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1DC395C3
-20031210084322 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E1A5567
-20031210085218 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E3127AB
-20031210090542 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E586AD7
-20031210093920 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1EC6C9D3
-20031210100616 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F19C713
-20031210103627 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F7B82B3
-20031210104559 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F95C2EF
-20031210104836 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F969EAF
-20031210110201 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FBEA0DF
-20031210111610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE4C70B
-20031210111837 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE50DBB
-20031210112215 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE964FF
-20031210124102 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F20F33023
-20031210125610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21208AFB
-20031210130630 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F213CBA8B
-20031210132517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21754843
-20031210132855 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2179D39B
-20031210140211 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21E6E73B
-20031210141340 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22068817
-20031210143133 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F223D6017
-20031210143812 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F224A70F3
-20031210150410 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22A24CFB
-20031210153131 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22FAA253
-20031210153718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F23071C7B
-20031210154203 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F230FFC0B
-20031210161808 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2383B65B
-20031210185714 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061924F36F3
-20031210204537 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C04AB3
-20031210205604 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C3734B
-20031210210523 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C58A0B
-20031210233701 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193680D03
-20031211013125 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193E1DD73
-20031211052015 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306194DA94E3
-20031211064439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619531A017
-20031211074935 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195731BAB
-20031211081053 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195830BAB
-20031211123240 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306196A4C097
-20031211160831 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061978B740B
-20031211195847 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619889E1B3
-20031211201456 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619892ED83
-20031211221441 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619910A74B
-20031211223303 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061991D35CB
-20031211235558 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199712CCB
-20031212005818 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199AE96DB
-20031212033251 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619A50DDD3
-20031212053332 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619AB31B57
-20031212084926 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619B8949F7
-20031212130319 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619C84A1A3
-20031212192346 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E1B24BB
-20031212210042 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E7F37FB
-20031213002102 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619F59BABB
-20031213061439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A0D9208F
-20031213071620 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A115D66F
-20031213072644 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1186097
-20031213090613 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A17DACC7
-20031213110037 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1F577E7
-20031213113226 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2113AC3
-20031213120232 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A22A232B
-20031213121926 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A23443D3
-20031213130353 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A25D51E7
-20031213143149 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2B63CBB
-20031213153322 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2F05FC7
-20031213180906 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A39439A3
-20031213183520 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3A7705F
-20031213192228 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3D2DEA7
-20031213125532 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8050C3B
-20031213125653 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8EB2F2B
-20031213125813 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAB66F4B
-20031213125934 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAFE508B
-20031213130055 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EB96812B
-20031213130217 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBB738CB
-20031213130337 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBDB337F
-20031213130458 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECA8B62B
-20031213130619 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECBCE443
-20031213130740 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED1637DB
-20031213130901 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED3EA08F
-20031213131021 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EDC96C6B
-20031213131142 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EEB92FCF
-20031213131303 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F2D2CCF3
-20031213131424 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F6C89BBB
-20031213131545 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F7962EDB
-20031213131706 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F85A4767
-20031213131827 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F8A196C7
-20031213131947 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F94500EF
-20031213132108 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FAF467BF
-20031213132229 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB5A7803
-20031213132350 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB7D5467
-20031213132511 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FC4A16D7
-20031213132632 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FEEDC36F
-20031213132752 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FFA077EF
-20031213132913 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400725B7B
-20031213133034 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400728FFB
-20031213133155 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924011CFA13
-20031213133316 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240165703F
-20031213133436 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240166BA7B
-20031213133557 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924018E41B7
-20031213133718 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992402C07A93
+20040225025212 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7AFFE86A7
+20040225025304 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B01F83CB
+20040225025357 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B03F2B73
+20040225025411 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B041C8C7
+20040225025444 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0546E93
+20040225025458 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0573767
+20040225025522 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0629E73
+20040225025545 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B06CD95B
+20040225025616 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B07C93A3
+20040225025655 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B093C72B
+20040225025710 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B096450B
+20040225025750 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0AF2C83
+20040225025830 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0C7F1FF
+20040225025845 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CB565B
+20040225025858 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CD8557
+20040225025915 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D20473
+20040225025934 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D924F7
+20040225025952 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0DFD8BB
+20040225030015 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0E8E59F
+20040225030039 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0F43B0B
+20040225030104 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0FEB103
+20040225030130 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B10AC3DB
+20040225030149 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1122527
+20040225030214 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B11E494B
+20040225030245 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B12E727B
+20040225030319 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1416743
+20040225030347 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1507F2B
+20040225030404 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1560FE3
+20040225030418 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1591CF7
+20040225030432 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B15B57FF
+20040225030455 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B165D0AF
+20040225030511 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B169C97F
+20040225030551 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B182715B
+20040225030621 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1920737
+20040225030648 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B19FB54B
+20040225030718 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1AFAE87
+20040225030736 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1B5A7AF
+20040225030753 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1BC3C47
+20040225030815 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1C6AF33
+20040225030831 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1CAD9FB
+20040225030902 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1DC6A8F
+20040225035226 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800C47CAB
+20040225035359 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800D3866B
+20040225035635 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800F43DFF
+20040225035846 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448010B4D93
+20040225040147 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013094F3
+20040225040301 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013AA0FB
+20040225040619 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480163EC83
+20040225040718 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448016AEB8F
+20040225041023 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480190871F
+20040225041328 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801B5F1B3
+20040225041740 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801ED6FBB
+20040225041921 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801FEC44F
+20040225042229 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802245FF7
+20040225042513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480246F93B
+20040225042547 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802473F4F
+20040225042707 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480253B03B
+20040225043111 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480287CD9B
+20040225043513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802BC32FB
+20040225043609 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802C2125B
+20040225043847 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E1B733
+20040225043925 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E2E963
+20040225044335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448031AC423
+20040225045303 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803A10E07
+20040225045443 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B0EF43
+20040225045518 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B15033
+20040225045923 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803E58317
+20040225050120 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803F9EB4F
+20040225050333 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448041304B3
+20040225050524 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804279B2F
+20040225050559 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804281047
+20040225050810 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448043F454F
+20040225051113 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804672F1F
+20040225051335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804809CB3
+20040225051442 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480489545F
+20040225052303 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804FE918B
+20040225062215 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9F68B3E7
+20040225063823 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FD47307
+20040225064402 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FF43C0F
+20040225065646 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04740DB
+20040225065825 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04B01BF
+20040225070116 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA056DD47
+20040225074027 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA172E1B3
+20040225080343 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA217422F
+20040225081159 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24927DB
+20040225081331 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24C058B
+20040225082528 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA2993EBF
+20040225084537 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3242BE3
+20040225085012 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA33EF643
+20040225085829 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3729D77
+20040225090710 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3AC0143
+20040225091002 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3B8AE6B
+20040225092648 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA42B65D7
+20040225093120 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4442793
+20040225093517 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA459441F
+20040225094409 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA491BE4B
+20040225095209 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4C4E437
+20040225095548 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4D5D7AB
+20040225100531 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA51404EB
+20040225100644 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5145C87
+20040225101834 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5609CBB
+20040225102317 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA57AC86F
+20040225103220 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B631A3
+20040225103355 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B98D2F
+20040225103756 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5CEBAFB
+20040225104020 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5D77CDF
+20040225104557 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5F6FD9F
+20040225110302 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA66A70DF
+20040225110515 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6721A43
+20040225110913 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6879A53
+20040225111338 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA69FE2FB
+20040225111911 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6C04F47
+20040225112902 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA7007CD3
+20040225143208 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8968A91B
+20040225144922 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8987DF6B
+20040225150309 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD899E0F8B
+20040225161716 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A3A91CF
+20040225163012 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A4CED2B
+20040225175457 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B02C5DB
+20040225182539 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B3E9D13
+20040225194030 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8BDE269B
+20040225201420 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C203553
+20040225203219 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C40B747
+20040225203908 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C46ED83
+20040225210230 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C72586B
+20040225212746 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CA15F2F
+20040225214624 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CC34833
+20040225223007 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8D1B23AB
+20040225234913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DC36C9B
+20040226001353 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DF174B3
+20040226004101 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E24518B
+20040226010652 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E543397
+20040226015415 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EB6152F
+20040226022931 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EFD1773
+20040226025740 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8F3376D7
+20040226053010 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD90786CE3
+20040226054156 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD908AC36B
+20040226081600 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91D61A43
+20040226083039 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91ED4AE3
+20040226092910 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9265F7DB
+20040226112913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93696533
+20040226115826 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93A210A3
+20040226135326 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD949596D7
+20040226145128 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95096CCF
+20040226153142 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95582C7B
+20040226164905 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95FACE7B
+20040226171921 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9633F443
+20040226182347 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD96BAC3A7
+20040226200555 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97972EFB
+20040226202801 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97C0B5C3
+20040226214755 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9868011B
+20040226215843 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9876E7FB
+20040226220422 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD987B4983
+20040226222346 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD989D61D3
+20040227091438 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5737ECF
+20040227101541 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5AE7363
+20040227160657 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7295F4F
+20040227180410 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7A46573
+20040227225950 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC8E6D5E3
+20040227233727 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC9079B33
+20040228032633 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCA006227
+20040228060859 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCAAE6E63
+20040228101703 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCBBC54FB
+20040228192850 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCE191D13
+20040229084451 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD1804AF3
+20040229164933 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD3887E07
+20040229210220 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD49457B7
+20040229222958 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD4EA3223
+20040301003324 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD566C79B
+20040301030228 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD6032D8F
+20040301040042 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD63B1113
+20040301073501 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD71C4A67
+20040301133631 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD8A0BBD3
+20040301165652 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD96E4053
+20040301184021 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD9D662FB
+20040302045553 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDC5FE8E3
+20040302112648 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDDFE9D13
+20040302120026 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE1A5AD3
+20040302130757 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE5E4073
+20040302142004 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEA4AA9B
+20040302145603 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEC2C32B
+20040302212946 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE0652EC7
+20040303003544 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE127CF63
+20040303072925 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE2D793F3
+20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B
+20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933
+20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783
+20040306205350 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E809C413
+20040309221333 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080ED7F9CFB
+20040311222059 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F103209F
+20040312160304 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F247861B
+20040312210904 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F29D939F
+20040316074005 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F8B1F7DB
+20040317113309 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FAAE1F73
+20040317195246 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FB3F2B93
+20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B
+20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF
+20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737
diff --git a/moduli.c b/moduli.c
index 581b03503..8b05248e2 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */
+/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -56,7 +56,7 @@
 #define QTYPE_UNKNOWN           (0)
 #define QTYPE_UNSTRUCTURED      (1)
 #define QTYPE_SAFE              (2)
-#define QTYPE_SCHNOOR           (3)
+#define QTYPE_SCHNORR           (3)
 #define QTYPE_SOPHIE_GERMAIN    (4)
 #define QTYPE_STRONG            (5)
 
@@ -530,7 +530,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
                         break;
                 case QTYPE_UNSTRUCTURED:
                 case QTYPE_SAFE:
-                case QTYPE_SCHNOOR:
+                case QTYPE_SCHNORR:
                 case QTYPE_STRONG:
                 case QTYPE_UNKNOWN:
                         debug2("%10u: (%u)", count_in, in_type);
diff --git a/monitor.c b/monitor.c
index b7463400e..301e150b3 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $");
 
 #include <openssl/dh.h>
 
@@ -143,6 +143,11 @@ int mm_answer_gss_userok(int, Buffer *);
 int mm_answer_gss_checkmic(int, Buffer *);
 #endif
 
+#ifdef SSH_AUDIT_EVENTS
+int mm_answer_audit_event(int, Buffer *);
+int mm_answer_audit_command(int, Buffer *);
+#endif
+
 static Authctxt *authctxt;
 static BIGNUM *ssh1_challenge = NULL;   /* used for ssh1 rsa auth */
 
@@ -186,6 +191,9 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
 #endif
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+#endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
     {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
@@ -211,6 +219,10 @@ struct mon_table mon_dispatch_postauth20[] = {
     {MONITOR_REQ_PTY, 0, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
+#endif
     {0, 0, NULL}
 };
 
@@ -239,6 +251,9 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
 #endif
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+#endif
     {0, 0, NULL}
 };
 
@@ -246,6 +261,10 @@ struct mon_table mon_dispatch_postauth15[] = {
     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef SSH_AUDIT_EVENTS
+    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+    {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command},
+#endif
     {0, 0, NULL}
 };
 
@@ -609,6 +628,9 @@ mm_answer_pwnamallow(int sock, Buffer *m)
         if (options.use_pam)
                 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
 #endif
+#ifdef SSH_AUDIT_EVENTS
+        monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1);
+#endif
 
         return (0);
 }
@@ -810,6 +832,9 @@ mm_answer_pam_account(int sock, Buffer *m)
         ret = do_pam_account();
 
         buffer_put_int(m, ret);
+        buffer_append(&loginmsg, "\0", 1);
+        buffer_put_cstring(m, buffer_ptr(&loginmsg));
+        buffer_clear(&loginmsg);
 
         mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
 
@@ -1297,7 +1322,7 @@ mm_answer_sesskey(int sock, Buffer *m)
         int rsafail;
 
         /* Turn off permissions */
-        monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0);
 
         if ((p = BN_new()) == NULL)
                 fatal("%s: BN_new", __func__);
@@ -1488,6 +1513,50 @@ mm_answer_term(int sock, Buffer *req)
         exit(res);
 }
 
+#ifdef SSH_AUDIT_EVENTS
+/* Report that an audit event occurred */
+int
+mm_answer_audit_event(int socket, Buffer *m)
+{
+        ssh_audit_event_t event;
+
+        debug3("%s entering", __func__);
+
+        event = buffer_get_int(m);
+        buffer_free(m);
+        switch(event) {
+        case SSH_AUTH_FAIL_PUBKEY:
+        case SSH_AUTH_FAIL_HOSTBASED:
+        case SSH_AUTH_FAIL_GSSAPI:
+        case SSH_LOGIN_EXCEED_MAXTRIES:
+        case SSH_LOGIN_ROOT_DENIED:
+        case SSH_CONNECTION_CLOSE:
+        case SSH_INVALID_USER:
+                audit_event(event);
+                break;
+        default:
+                fatal("Audit event type %d not permitted", event);
+        }
+
+        return (0);
+}
+
+int
+mm_answer_audit_command(int socket, Buffer *m)
+{
+        u_int len;
+        char *cmd;
+
+        debug3("%s entering", __func__);
+        cmd = buffer_get_string(m, &len);
+        /* sanity check command, if so how? */
+        audit_run_command(cmd);
+        xfree(cmd);
+        buffer_free(m);
+        return (0);
+}
+#endif /* SSH_AUDIT_EVENTS */
+
 void
 monitor_apply_keystate(struct monitor *pmonitor)
 {
diff --git a/monitor.h b/monitor.h
index 621a4ad18..13ce3e1ca 100644
--- a/monitor.h
+++ b/monitor.h
@@ -59,6 +59,7 @@ enum monitor_reqtype {
         MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
         MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
         MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
+        MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
         MONITOR_REQ_TERM
 };
 
diff --git a/monitor_mm.c b/monitor_mm.c
index ff523a5b1..b0ec37cff 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -92,7 +92,7 @@ mm_create(struct mm_master *mmalloc, size_t size)
         mm->mmalloc = mmalloc;
 
         address = xmmap(size);
-        if (address == MAP_FAILED)
+        if (address == (void *)MAP_FAILED)
                 fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
 
         mm->address = address;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 0d7a0e3bd..e1b6512b4 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -72,6 +72,7 @@ extern struct monitor *pmonitor;
 extern Buffer input, output;
 extern Buffer loginmsg;
 extern ServerOptions options;
+extern Buffer loginmsg;
 
 int
 mm_is_monitor(void)
@@ -716,6 +717,7 @@ mm_do_pam_account(void)
 {
         Buffer m;
         u_int ret;
+        char *msg;
 
         debug3("%s entering", __func__);
         if (!options.use_pam)
@@ -727,6 +729,9 @@ mm_do_pam_account(void)
         mm_request_receive_expect(pmonitor->m_recvfd,
             MONITOR_ANS_PAM_ACCOUNT, &m);
         ret = buffer_get_int(&m);
+        msg = buffer_get_string(&m, NULL);
+        buffer_append(&loginmsg, msg, strlen(msg));
+        xfree(msg);
 
         buffer_free(&m);
 
@@ -1098,6 +1103,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
         return (success);
 }
 
+#ifdef SSH_AUDIT_EVENTS
+void
+mm_audit_event(ssh_audit_event_t event)
+{
+        Buffer m;
+
+        debug3("%s entering", __func__);
+
+        buffer_init(&m);
+        buffer_put_int(&m, event);
+
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
+        buffer_free(&m);
+}
+
+void
+mm_audit_run_command(const char *command)
+{
+        Buffer m;
+
+        debug3("%s entering command %s", __func__, command);
+
+        buffer_init(&m);
+        buffer_put_cstring(&m, command);
+
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
+        buffer_free(&m);
+}
+#endif /* SSH_AUDIT_EVENTS */
+
 #ifdef GSSAPI
 OM_uint32
 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
diff --git a/monitor_wrap.h b/monitor_wrap.h
index e5cf5718c..310b42513 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -74,6 +74,12 @@ int mm_sshpam_respond(void *, u_int, char **);
 void mm_sshpam_free_ctx(void *);
 #endif
 
+#ifdef SSH_AUDIT_EVENTS
+#include "audit.h"
+void mm_audit_event(ssh_audit_event_t);
+void mm_audit_run_command(const char *);
+#endif
+
 struct Session;
 void mm_terminate(void);
 int mm_pty_allocate(int *, int *, char *, int);
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index 5284e1af8..1eeb6953b 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -17,7 +17,7 @@
 #include "includes.h"
 #include "log.h"
 
-RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $");
 
 #ifndef HAVE_ARC4RANDOM
 
@@ -34,7 +34,8 @@ RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $");
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
-unsigned int arc4random(void)
+unsigned int
+arc4random(void)
 {
         unsigned int r = 0;
         static int first_time = 1;
@@ -53,7 +54,8 @@ unsigned int arc4random(void)
         return(r);
 }
 
-void arc4random_stir(void)
+void
+arc4random_stir(void)
 {
         unsigned char rand_buf[SEED_SIZE];
         int i;
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index f630366be..d1f1c059c 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $
+ * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $
  *
  * bsd-cray.c
  *
@@ -171,7 +171,7 @@ cray_access_denied(char *username)
  * record_failed_login: generic "login failed" interface function
  */
 void
-record_failed_login(const char *user, const char *ttyname)
+record_failed_login(const char *user, const char *hostname, const char *ttyname)
 {
         cray_login_failure((char *)user, IA_UDBERR);
 }
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index de6ba1a8d..774eceb5a 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */
+/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */
 
 /*
  * Copyright (c) 2002, Cray Inc.  (Wendy Palm <wendyp@cray.com>)
@@ -42,10 +42,10 @@ void cray_init_job(struct passwd *);
 void cray_job_termination_handler(int);
 void cray_login_failure(char *, int );
 int cray_access_denied(char *);
-#define CUSTOM_FAILED_LOGIN 1
-void record_failed_login(const char *, const char *);
 extern char cray_tmpdir[];
 
+#define CUSTOM_FAILED_LOGIN 1
+
 #ifndef IA_SSHD
 # define IA_SSHD IA_LOGIN
 #endif
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 92cdba6e0..f53abb6e2 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -29,7 +29,7 @@
 
 #include "includes.h"
 
-RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $");
+RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $");
 
 #ifdef HAVE_CYGWIN
 
@@ -38,6 +38,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $");
 #include <sys/utsname.h>
 #include <sys/vfs.h>
 #include <windows.h>
+#include "xmalloc.h"
 #define is_winnt       (GetVersion() < 0x80000000)
 
 #define ntsec_on(c)     ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
@@ -96,7 +97,6 @@ has_capability(int what)
          */
         if (!inited) {
                 struct utsname uts;
-                char *c;
                 
                 if (!uname(&uts)) {
                         int major_high = 0, major_low = 0, minor = 0;
@@ -236,4 +236,54 @@ register_9x_service(void)
         RegisterServiceProcess(0, 1);
 }
 
+#define NL(x) x, (sizeof (x) - 1)
+#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
+
+static struct wenv {
+        const char *name;
+        size_t namelen;
+} wenv_arr[] = {
+        { NL("ALLUSERSPROFILE=") },
+        { NL("COMMONPROGRAMFILES=") },
+        { NL("COMPUTERNAME=") },
+        { NL("COMSPEC=") },
+        { NL("NUMBER_OF_PROCESSORS=") },
+        { NL("OS=") },
+        { NL("PATH=") },
+        { NL("PATHEXT=") },
+        { NL("PROCESSOR_ARCHITECTURE=") },
+        { NL("PROCESSOR_IDENTIFIER=") },
+        { NL("PROCESSOR_LEVEL=") },
+        { NL("PROCESSOR_REVISION=") },
+        { NL("PROGRAMFILES=") },
+        { NL("SYSTEMDRIVE=") },
+        { NL("SYSTEMROOT=") },
+        { NL("TMP=") },
+        { NL("TEMP=") },
+        { NL("WINDIR=") },
+};
+
+char **
+fetch_windows_environment(void)
+{
+        char **e, **p;
+        int i, idx = 0;
+
+        p = xmalloc(WENV_SIZ * sizeof(char *));
+        for (e = environ; *e != NULL; ++e) {
+                for (i = 0; i < WENV_SIZ; ++i) {
+                        if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
+                                p[idx++] = *e;
+                }
+        }
+        p[idx] = NULL;
+        return p;
+}
+
+void
+free_windows_environment(char **p)
+{
+        xfree(p);
+}
+
 #endif /* HAVE_CYGWIN */
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 5ccb0fba2..6719b8a49 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@@ -46,6 +46,8 @@ int binary_pipe(int fd[2]);
 int check_nt_auth(int, struct passwd *);
 int check_ntsec(const char *);
 void register_9x_service(void);
+char **fetch_windows_environment(void);
+void free_windows_environment(char **);
 
 #define open binary_open
 #define pipe binary_pipe
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 1b276b4f4..41f92cce9 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -18,7 +18,7 @@
 #include "includes.h"
 #include "xmalloc.h"
 
-RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $");
+RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $");
 
 #ifndef HAVE___PROGNAME
 char *__progname;
@@ -122,17 +122,6 @@ int truncate(const char *path, off_t length)
 }
 #endif /* HAVE_TRUNCATE */
 
-#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP)
-/*
- * Cygwin setgroups should be a noop.
- */
-int
-setgroups(size_t size, const gid_t *list)
-{
-        return (0);
-}
-#endif 
-
 #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
 int nanosleep(const struct timespec *req, struct timespec *rem)
 {
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 33a1d707f..b61ec4244 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */
+/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
@@ -67,10 +67,6 @@ int utimes(char *, struct timeval *);
 int truncate (const char *, off_t);
 #endif /* HAVE_TRUNCATE */
 
-#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP)
-int setgroups(size_t, const gid_t *);
-#endif
-
 #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
 #ifndef HAVE_STRUCT_TIMESPEC
 struct timespec {
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index daf5f8b81..8eb62b7a8 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
                 return (-1);
         }
 
-#ifndef HAVE_CYGWIN
         /*
          * Try to push the appropriate streams modules, as described 
          * in Solaris pts(7).
@@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
 # ifndef __hpux
         ioctl(*aslave, I_PUSH, "ttcompat");
 # endif /* __hpux */
-#endif /* HAVE_CYGWIN */
 
         return (0);
 
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index e4d8a439a..b5a7ef7a0 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -58,7 +58,7 @@
 
 #include "includes.h"
 
-RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $");
+RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $");
 
 #if defined(BROKEN_SNPRINTF)            /* For those with broken snprintf() */
 # undef HAVE_SNPRINTF
@@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
         if (value == 0) 
                 value = "<NULL>";
 
-        for (strln = 0; value[strln]; ++strln); /* strlen */
+        for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */
         padlen = min - strln;
         if (padlen < 0) 
                 padlen = 0;
diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h
index baea07038..636792ed7 100644
--- a/openbsd-compat/fake-rfc2553.h
+++ b/openbsd-compat/fake-rfc2553.h
@@ -1,4 +1,4 @@
-/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */
+/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */
 
 /*
  * Copyright (C) 2000-2003 Damien Miller.  All rights reserved.
@@ -117,6 +117,7 @@ struct sockaddr_in6 {
 # define EAI_NODATA     1
 # define EAI_MEMORY     2
 # define EAI_NONAME     3
+# define EAI_SYSTEM     4
 #endif
 
 #ifndef HAVE_STRUCT_ADDRINFO
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 660427c1f..4e869c4df 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
 
         /* allocate memory for signatures */
         rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
-        if (rrset->rri_sigs == NULL) {
+        if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) {
                 result = ERRSET_NOMEMORY;
                 goto fail;
         }
diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c
index 7031625b4..47796c370 100644
--- a/openbsd-compat/inet_ntop.c
+++ b/openbsd-compat/inet_ntop.c
@@ -35,9 +35,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
-#ifndef HAVE_CYGWIN
 #include <arpa/nameser.h>
-#endif
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index aff8d2005..969f69580 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -40,11 +40,6 @@
 static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
-#ifdef HAVE_CYGWIN
-#define open binary_open
-extern int binary_open();
-#endif
-
 static int _gettemp(char *, int *, int, int);
 
 int
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 78f4faea3..fa6a4ff7b 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -1,6 +1,7 @@
 /*
  *
  * Copyright (c) 2001 Gert Doering.  All rights reserved.
+ * Copyright (c) 2003,2004 Darren Tucker.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -27,19 +28,15 @@
 #include "auth.h"
 #include "ssh.h"
 #include "log.h"
-#include "servconf.h"
-#include "canohost.h"
 #include "xmalloc.h"
 #include "buffer.h"
 
 #ifdef _AIX
 
 #include <uinfo.h>
+#include <sys/socket.h>
 #include "port-aix.h"
 
-extern ServerOptions options;
-extern Buffer loginmsg;
-
 # ifdef HAVE_SETAUTHDB
 static char old_registry[REGISTRY_SIZE] = "";
 # endif
@@ -51,6 +48,8 @@ static char old_registry[REGISTRY_SIZE] = "";
  * NOTE: TTY= should be set, but since no one uses it and it's hard to
  * acquire due to privsep code.  We will just drop support.
  */
+
+
 void
 aix_usrinfo(struct passwd *pw)
 {
@@ -92,6 +91,59 @@ aix_remove_embedded_newlines(char *p)
 }
 
 /*
+ * Test specifically for the case where SYSTEM == NONE and AUTH1 contains
+ * anything other than NONE or SYSTEM, which indicates that the admin has
+ * configured the account for purely AUTH1-type authentication.
+ *
+ * Since authenticate() doesn't check AUTH1, and sshd can't sanely support
+ * AUTH1 itself, in such a case authenticate() will allow access without
+ * authentation, which is almost certainly not what the admin intends.
+ *
+ * (The native tools, eg login, will process the AUTH1 list in addition to
+ * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods
+ * have been deprecated since AIX 4.2.x and would be very difficult for sshd
+ * to support.
+ *
+ * Returns 0 if an unsupportable combination is found, 1 otherwise.
+ */
+static int
+aix_valid_authentications(const char *user)
+{
+        char *auth1, *sys, *p;
+        int valid = 1;
+
+        if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) {
+                logit("Can't retrieve attribute SYSTEM for %s: %.100s",
+                    user, strerror(errno));
+                return 0;
+        }
+
+        debug3("AIX SYSTEM attribute %s", sys);
+        if (strcmp(sys, "NONE") != 0)
+                return 1;       /* not "NONE", so is OK */
+
+        if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) {
+                logit("Can't retrieve attribute auth1 for %s: %.100s",
+                    user, strerror(errno));
+                return 0;
+        }
+
+        p = auth1;
+        /* A SEC_LIST is concatenated strings, ending with two NULs. */
+        while (p[0] != '\0' && p[1] != '\0') {
+                debug3("AIX auth1 attribute list member %s", p);
+                if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) {
+                        logit("Account %s has unsupported auth1 value '%s'",
+                            user, p);
+                        valid = 0;
+                }
+                p += strlen(p) + 1;
+        }
+
+        return (valid);
+}
+
+/*
  * Do authentication via AIX's authenticate routine.  We loop until the
  * reenter parameter is 0, but normally authenticate is called only once.
  *
@@ -99,7 +151,7 @@ aix_remove_embedded_newlines(char *p)
  * returns 0.
  */
 int
-sys_auth_passwd(Authctxt *ctxt, const char *password)
+sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
 {
         char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
         int authsuccess = 0, expired, reenter, result;
@@ -112,6 +164,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
                     authmsg);
         } while (reenter);
 
+        if (!aix_valid_authentications(name))
+                result = -1;
+
         if (result == 0) {
                 authsuccess = 1;
 
@@ -126,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
                  */
                 expired = passwdexpired(name, &msg);
                 if (msg && *msg) {
-                        buffer_append(&loginmsg, msg, strlen(msg));
+                        buffer_append(loginmsg, msg, strlen(msg));
                         aix_remove_embedded_newlines(msg);
                 }
                 debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
@@ -136,7 +191,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
                         break;
                 case 1: /* expired, password change required */
                         ctxt->force_pwchange = 1;
-                        disable_forwarding();
                         break;
                 default: /* user can't change(2) or other error (-1) */
                         logit("Password can't be changed for user %s: %.100s",
@@ -160,7 +214,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
  * Returns 1 if login is allowed, 0 if not allowed.
  */
 int
-sys_auth_allowed_user(struct passwd *pw)
+sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
 {
         char *msg = NULL;
         int result, permitted = 0;
@@ -187,7 +241,7 @@ sys_auth_allowed_user(struct passwd *pw)
         if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)
                 permitted = 1;
         else if (msg != NULL)
-                buffer_append(&loginmsg, msg, strlen(msg));
+                buffer_append(loginmsg, msg, strlen(msg));
         if (msg == NULL)
                 msg = xstrdup("(none)");
         aix_remove_embedded_newlines(msg);
@@ -200,17 +254,18 @@ sys_auth_allowed_user(struct passwd *pw)
 }
 
 int
-sys_auth_record_login(const char *user, const char *host, const char *ttynm)
+sys_auth_record_login(const char *user, const char *host, const char *ttynm,
+    Buffer *loginmsg)
 {
         char *msg;
         int success = 0;
 
         aix_setauthdb(user);
-        if (loginsuccess((char *)user, host, ttynm, &msg) == 0) {
+        if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
                 success = 1;
                 if (msg != NULL) {
-                        debug("AIX/loginsuccess: msg %s", __func__, msg);
-                        buffer_append(&loginmsg, msg, strlen(msg));
+                        debug("AIX/loginsuccess: msg %s", msg);
+                        buffer_append(loginmsg, msg, strlen(msg));
                         xfree(msg);
                 }
         }
@@ -223,18 +278,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm)
  * record_failed_login: generic "login failed" interface function
  */
 void
-record_failed_login(const char *user, const char *ttyname)
+record_failed_login(const char *user, const char *hostname, const char *ttyname)
 {
-        char *hostname = (char *)get_canonical_hostname(options.use_dns);
-
         if (geteuid() != 0)
                 return;
 
         aix_setauthdb(user);
 #   ifdef AIX_LOGINFAILED_4ARG
-        loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+        loginfailed((char *)user, (char *)hostname, (char *)ttyname,
+            AUDIT_FAIL_AUTH);
 #   else
-        loginfailed((char *)user, hostname, (char *)ttyname);
+        loginfailed((char *)user, (char *)hostname, (char *)ttyname);
 #   endif
         aix_restoreauthdb();
 }
@@ -291,4 +345,33 @@ aix_restoreauthdb(void)
 
 # endif /* WITH_AIXAUTHENTICATE */
 
+# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
+# undef getnameinfo
+/*
+ * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros
+ * IPv6 address into its textual representation ("::"), so we wrap it
+ * with a function that will.
+ */
+int
+sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
+    size_t hostlen, char *serv, size_t servlen, int flags)
+{
+        struct sockaddr_in6 *sa6;
+        u_int32_t *a6;
+
+        if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) &&
+            sa->sa_family == AF_INET6) {
+                sa6 = (struct sockaddr_in6 *)sa;
+                a6 = sa6->sin6_addr.u6_addr.u6_addr32;
+
+                if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) {
+                        strlcpy(host, "::", hostlen);
+                        snprintf(serv, servlen, "%d", sa6->sin6_port);
+                        return 0;
+                }
+        }
+        return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
+}
+# endif /* AIX_GETNAMEINFO_HACK */
+
 #endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 29e9751ce..a05ce9703 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */
 
 /*
  *
@@ -27,6 +27,13 @@
 
 #ifdef _AIX
 
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>    /* for seteuid() */
+#endif
+
 #ifdef WITH_AIXAUTHENTICATE
 # include <login.h>
 # include <userpw.h>
@@ -36,6 +43,28 @@
 # include <usersec.h>
 #endif
 
+#include "buffer.h"
+
+/* These should be in the system headers but are not. */
+int usrinfo(int, char *, int);
+int setauthdb(const char *, char *);
+/* these may or may not be in the headers depending on the version */
+#if (HAVE_DECL_AUTHENTICATE == 0)
+int authenticate(char *, char *, int *, char **);
+#endif
+#if (HAVE_DECL_LOGINFAILED == 0)
+int loginfailed(char *, char *, char *);
+#endif
+#if (HAVE_DECL_LOGINRESTRICTIONS == 0)
+int loginrestrictions(char *, int, char *, char **);
+#endif
+#if (HAVE_DECL_LOGINSUCCESS == 0)
+int loginsuccess(char *, char *, char *, char **);
+#endif
+#if (HAVE_DECL_PASSWDEXPIRED == 0)
+int passwdexpired(char *, char **);
+#endif
+
 /* Some versions define r_type in the above headers, which causes a conflict */
 #ifdef r_type
 # undef r_type
@@ -64,14 +93,23 @@ void aix_usrinfo(struct passwd *);
 #ifdef WITH_AIXAUTHENTICATE
 # define CUSTOM_SYS_AUTH_PASSWD 1
 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1
-int sys_auth_allowed_user(struct passwd *);
+int sys_auth_allowed_user(struct passwd *, Buffer *);
 # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
-int sys_auth_record_login(const char *, const char *, const char *);
+int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
 # define CUSTOM_FAILED_LOGIN 1
-void record_failed_login(const char *, const char *);
 #endif
 
 void aix_setauthdb(const char *);
 void aix_restoreauthdb(void);
 void aix_remove_embedded_newlines(char *);
+
+#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO)
+# ifdef getnameinfo
+#  undef getnameinfo
+# endif
+int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t,
+    char *, size_t, int);
+# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))
+#endif
+
 #endif /* _AIX */
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
index 218fbecb2..7f73bd998 100644
--- a/openbsd-compat/realpath.c
+++ b/openbsd-compat/realpath.c
@@ -37,7 +37,7 @@
 #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $";
+static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -67,17 +67,25 @@ char *
 realpath(const char *path, char *resolved)
 {
         struct stat sb;
-        int fd, n, needslash, serrno = 0;
-        char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN];
+        int fd, n, needslash, serrno;
+        char *p, *q, wbuf[MAXPATHLEN];
         int symlinks = 0;
 
         /* Save the starting point. */
-        getcwd(start,MAXPATHLEN);       
+#ifndef HAVE_FCHDIR
+        char start[MAXPATHLEN];
+        /* this is potentially racy but without fchdir we have no option */
+        if (getcwd(start, sizeof(start)) == NULL) {
+                resolved[0] = '.';
+                resolved[1] = '\0';
+                return (NULL);
+        }
+#endif
         if ((fd = open(".", O_RDONLY)) < 0) {
-                (void)strlcpy(resolved, ".", MAXPATHLEN);
+                resolved[0] = '.';
+                resolved[1] = '\0';
                 return (NULL);
         }
-        close(fd);
 
         /* Convert "." -> "" to optimize away a needless lstat() and chdir() */
         if (path[0] == '.' && path[1] == '\0')
@@ -91,7 +99,10 @@ realpath(const char *path, char *resolved)
          *     if it is a directory, then change to that directory.
          * get the current directory name and append the basename.
          */
-        strlcpy(resolved, path, MAXPATHLEN);
+        if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) {
+                serrno = ENAMETOOLONG;
+                goto err2;
+        }
 loop:
         q = strrchr(resolved, '/');
         if (q != NULL) {
@@ -114,11 +125,10 @@ loop:
         if (*p != '\0' && lstat(p, &sb) == 0) {
                 if (S_ISLNK(sb.st_mode)) {
                         if (++symlinks > MAXSYMLINKS) {
-                                serrno = ELOOP;
+                                errno = ELOOP;
                                 goto err1;
                         }
-                        n = readlink(p, resolved, MAXPATHLEN-1);
-                        if (n < 0)
+                        if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0)
                                 goto err1;
                         resolved[n] = '\0';
                         goto loop;
@@ -134,8 +144,11 @@ loop:
          * Save the last component name and get the full pathname of
          * the current directory.
          */
-        (void)strlcpy(wbuf, p, sizeof wbuf);
-        if (getcwd(resolved, MAXPATHLEN) == 0)
+        if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
+                errno = ENAMETOOLONG;
+                goto err1;
+        }
+        if (getcwd(resolved, MAXPATHLEN) == NULL)
                 goto err1;
 
         /*
@@ -149,23 +162,43 @@ loop:
 
         if (*wbuf) {
                 if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) {
-                        serrno = ENAMETOOLONG;
+                        errno = ENAMETOOLONG;
+                        goto err1;
+                }
+                if (needslash) {
+                        if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) {
+                                errno = ENAMETOOLONG;
+                                goto err1;
+                        }
+                }
+                if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) {
+                        errno = ENAMETOOLONG;
                         goto err1;
                 }
-                if (needslash)
-                        strlcat(resolved, "/", MAXPATHLEN);
-                strlcat(resolved, wbuf, MAXPATHLEN);
         }
 
         /* Go back to where we came from. */
+#ifdef HAVE_FCHDIR
+        if (fchdir(fd) < 0) {
+#else
         if (chdir(start) < 0) {
+#endif
                 serrno = errno;
                 goto err2;
         }
+
+        /* It's okay if the close fails, what's an fd more or less? */
+        (void)close(fd);
         return (resolved);
 
-err1:   chdir(start);
-err2:   errno = serrno;
+err1:   serrno = errno;
+#ifdef HAVE_FCHDIR
+        (void)fchdir(fd);
+#else
+        chdir(start);
+#endif
+err2:   (void)close(fd);
+        errno = serrno;
         return (NULL);
 }
 #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
index c8d59dee0..74e8a8b13 100644
--- a/openbsd-compat/xmmap.c
+++ b/openbsd-compat/xmmap.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */
+/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */
 
 #include "includes.h"
 
@@ -47,7 +47,7 @@ void *xmmap(size_t size)
 # endif
 
 #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
-        if (address == MAP_FAILED) {
+        if (address == (void *)MAP_FAILED) {
                 char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
                 int tmpfd;
                 mode_t old_umask;
diff --git a/packet.c b/packet.c
index b062c0436..e2607b20f 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -995,6 +995,8 @@ packet_read_poll1(void)
                     buffer_len(&compression_buffer));
         }
         type = buffer_get_char(&incoming_packet);
+        if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
+                packet_disconnect("Invalid ssh1 packet type: %d", type);
         return type;
 }
 
@@ -1107,6 +1109,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
          * return length of payload (without type field)
          */
         type = buffer_get_char(&incoming_packet);
+        if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
+                packet_disconnect("Invalid ssh2 packet type: %d", type);
         if (type == SSH2_MSG_NEWKEYS)
                 set_newkeys(MODE_IN);
 #ifdef PACKET_DEBUG
diff --git a/readconf.c b/readconf.c
index aca5b8eff..963b706aa 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -106,7 +106,7 @@ typedef enum {
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
-        oSendEnv, oControlPath, oControlMaster,
+        oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
         oProtocolKeepAlives, oSetupTimeOut,
         oDeprecated, oUnsupported
 } OpCodes;
@@ -198,6 +198,7 @@ static struct {
         { "sendenv", oSendEnv },
         { "controlpath", oControlPath },
         { "controlmaster", oControlMaster },
+        { "hashknownhosts", oHashKnownHosts },
         { "protocolkeepalives", oProtocolKeepAlives },
         { "setuptimeout", oSetupTimeOut },
         { NULL, oBadOption }
@@ -209,21 +210,23 @@ static struct {
  */
 
 void
-add_local_forward(Options *options, u_short port, const char *host,
-                  u_short host_port)
+add_local_forward(Options *options, const Forward *newfwd)
 {
         Forward *fwd;
 #ifndef NO_IPPORT_RESERVED_CONCEPT
         extern uid_t original_real_uid;
-        if (port < IPPORT_RESERVED && original_real_uid != 0)
+        if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
                 fatal("Privileged ports can only be forwarded by root.");
 #endif
         if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
                 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
         fwd = &options->local_forwards[options->num_local_forwards++];
-        fwd->port = port;
-        fwd->host = xstrdup(host);
-        fwd->host_port = host_port;
+
+        fwd->listen_host = (newfwd->listen_host == NULL) ?
+            NULL : xstrdup(newfwd->listen_host);
+        fwd->listen_port = newfwd->listen_port;
+        fwd->connect_host = xstrdup(newfwd->connect_host);
+        fwd->connect_port = newfwd->connect_port;
 }
 
 /*
@@ -232,17 +235,19 @@ add_local_forward(Options *options, u_short port, const char *host,
  */
 
 void
-add_remote_forward(Options *options, u_short port, const char *host,
-                   u_short host_port)
+add_remote_forward(Options *options, const Forward *newfwd)
 {
         Forward *fwd;
         if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
                 fatal("Too many remote forwards (max %d).",
                     SSH_MAX_FORWARDS_PER_DIRECTION);
         fwd = &options->remote_forwards[options->num_remote_forwards++];
-        fwd->port = port;
-        fwd->host = xstrdup(host);
-        fwd->host_port = host_port;
+
+        fwd->listen_host = (newfwd->listen_host == NULL) ?
+            NULL : xstrdup(newfwd->listen_host);
+        fwd->listen_port = newfwd->listen_port;
+        fwd->connect_host = xstrdup(newfwd->connect_host);
+        fwd->connect_port = newfwd->connect_port;
 }
 
 static void
@@ -250,11 +255,15 @@ clear_forwardings(Options *options)
 {
         int i;
 
-        for (i = 0; i < options->num_local_forwards; i++)
-                xfree(options->local_forwards[i].host);
+        for (i = 0; i < options->num_local_forwards; i++) {
+                xfree(options->local_forwards[i].listen_host);
+                xfree(options->local_forwards[i].connect_host);
+        }
         options->num_local_forwards = 0;
-        for (i = 0; i < options->num_remote_forwards; i++)
-                xfree(options->remote_forwards[i].host);
+        for (i = 0; i < options->num_remote_forwards; i++) {
+                xfree(options->remote_forwards[i].listen_host);
+                xfree(options->remote_forwards[i].connect_host);
+        }
         options->num_remote_forwards = 0;
 }
 
@@ -287,11 +296,10 @@ process_config_line(Options *options, const char *host,
                     char *line, const char *filename, int linenum,
                     int *activep)
 {
-        char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
+        char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
         int opcode, *intptr, value;
         size_t len;
-        u_short fwd_port, fwd_host_port;
-        char sfwd_host_port[6];
+        Forward fwd;
 
         /* Strip trailing whitespace */
         for(len = strlen(line) - 1; len > 0; len--) {
@@ -648,30 +656,26 @@ parse_int:
         case oLocalForward:
         case oRemoteForward:
                 arg = strdelim(&s);
-                if (!arg || *arg == '\0')
+                if (arg == NULL || *arg == '\0')
                         fatal("%.200s line %d: Missing port argument.",
                             filename, linenum);
-                if ((fwd_port = a2port(arg)) == 0)
-                        fatal("%.200s line %d: Bad listen port.",
+                arg2 = strdelim(&s);
+                if (arg2 == NULL || *arg2 == '\0')
+                        fatal("%.200s line %d: Missing target argument.",
                             filename, linenum);
-                arg = strdelim(&s);
-                if (!arg || *arg == '\0')
-                        fatal("%.200s line %d: Missing second argument.",
-                            filename, linenum);
-                if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
-                    sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
+
+                /* construct a string for parse_forward */
+                snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+
+                if (parse_forward(&fwd, fwdarg) == 0)
                         fatal("%.200s line %d: Bad forwarding specification.",
                             filename, linenum);
-                if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
-                        fatal("%.200s line %d: Bad forwarding port.",
-                            filename, linenum);
+
                 if (*activep) {
                         if (opcode == oLocalForward)
-                                add_local_forward(options, fwd_port, buf,
-                                    fwd_host_port);
+                                add_local_forward(options, &fwd);
                         else if (opcode == oRemoteForward)
-                                add_remote_forward(options, fwd_port, buf,
-                                    fwd_host_port);
+                                add_remote_forward(options, &fwd);
                 }
                 break;
 
@@ -680,12 +684,25 @@ parse_int:
                 if (!arg || *arg == '\0')
                         fatal("%.200s line %d: Missing port argument.",
                             filename, linenum);
-                fwd_port = a2port(arg);
-                if (fwd_port == 0)
+                memset(&fwd, '\0', sizeof(fwd));
+                fwd.connect_host = "socks";
+                fwd.listen_host = hpdelim(&arg);
+                if (fwd.listen_host == NULL ||
+                    strlen(fwd.listen_host) >= NI_MAXHOST)
+                        fatal("%.200s line %d: Bad forwarding specification.",
+                            filename, linenum);
+                if (arg) {
+                        fwd.listen_port = a2port(arg);
+                        fwd.listen_host = cleanhostname(fwd.listen_host);
+                } else {
+                        fwd.listen_port = a2port(fwd.listen_host);
+                        fwd.listen_host = "";
+                }
+                if (fwd.listen_port == 0)
                         fatal("%.200s line %d: Badly formatted port number.",
                             filename, linenum);
                 if (*activep)
-                        add_local_forward(options, fwd_port, "socks", 0);
+                        add_local_forward(options, &fwd);
                 break;
 
         case oClearAllForwardings:
@@ -762,6 +779,8 @@ parse_int:
                         if (strchr(arg, '=') != NULL)
                                 fatal("%s line %d: Invalid environment name.",
                                     filename, linenum);
+                        if (!*activep)
+                                continue;
                         if (options->num_send_env >= MAX_SEND_ENV)
                                 fatal("%s line %d: too many send env.",
                                     filename, linenum);
@@ -778,6 +797,10 @@ parse_int:
                 intptr = &options->control_master;
                 goto parse_yesnoask;
 
+        case oHashKnownHosts:
+                intptr = &options->hash_known_hosts;
+                goto parse_flag;
+
         case oSetupTimeOut:
                 intptr = &options->setuptimeout;
                 goto parse_int;
@@ -926,6 +949,7 @@ initialize_options(Options * options)
         options->num_send_env = 0;
         options->control_path = NULL;
         options->control_master = -1;
+        options->hash_known_hosts = -1;
 }
 
 /*
@@ -1053,6 +1077,8 @@ fill_default_options(Options * options)
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
                 options->control_master = 0;
+        if (options->hash_known_hosts == -1)
+                options->hash_known_hosts = 0;
         if (options->setuptimeout == -1) {
                 /* in batch mode, default is 5mins */
                 if (options->batch_mode == 1)
@@ -1066,3 +1092,68 @@ fill_default_options(Options * options)
         /* options->host_key_alias should not be set by default */
         /* options->preferred_authentications will be set in ssh */
 }
+
+/*
+ * parse_forward
+ * parses a string containing a port forwarding specification of the form:
+ *      [listenhost:]listenport:connecthost:connectport
+ * returns number of arguments parsed or zero on error
+ */
+int
+parse_forward(Forward *fwd, const char *fwdspec)
+{
+        int i;
+        char *p, *cp, *fwdarg[4];
+
+        memset(fwd, '\0', sizeof(*fwd));
+
+        cp = p = xstrdup(fwdspec);
+
+        /* skip leading spaces */
+        while (*cp && isspace(*cp))
+                cp++;
+
+        for (i = 0; i < 4; ++i)
+                if ((fwdarg[i] = hpdelim(&cp)) == NULL)
+                        break;
+
+        /* Check for trailing garbage in 4-arg case*/
+        if (cp != NULL)
+                i = 0;  /* failure */
+
+        switch (i) {
+        case 3:
+                fwd->listen_host = NULL;
+                fwd->listen_port = a2port(fwdarg[0]);
+                fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
+                fwd->connect_port = a2port(fwdarg[2]);
+                break;
+
+        case 4:
+                fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
+                fwd->listen_port = a2port(fwdarg[1]);
+                fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
+                fwd->connect_port = a2port(fwdarg[3]);
+                break;
+        default:
+                i = 0; /* failure */
+        }
+
+        xfree(p);
+
+        if (fwd->listen_port == 0 && fwd->connect_port == 0)
+                goto fail_free;
+
+        if (fwd->connect_host != NULL &&
+            strlen(fwd->connect_host) >= NI_MAXHOST)
+                goto fail_free;
+
+        return (i);
+
+ fail_free:
+        if (fwd->connect_host != NULL)
+                xfree(fwd->connect_host);
+        if (fwd->listen_host != NULL)
+                xfree(fwd->listen_host);
+        return (0);
+}
diff --git a/readconf.h b/readconf.h
index 2f4908f4e..d26063a0b 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $   */
+/*      $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,9 +21,10 @@
 /* Data structure for representing a forwarding request. */
 
 typedef struct {
-        u_short   port;         /* Port to forward. */
-        char     *host;         /* Host to connect. */
-        u_short   host_port;    /* Port to connect on host. */
+        char     *listen_host;          /* Host (address) to listen on. */
+        u_short   listen_port;          /* Port to forward. */
+        char     *connect_host;         /* Host to connect. */
+        u_short   connect_port;         /* Port to connect on connect_host. */
 }       Forward;
 /* Data structure for representing option data. */
 
@@ -112,17 +113,20 @@ typedef struct {
 
         char    *control_path;
         int     control_master;
+
+        int     hash_known_hosts;
 }       Options;
 
 
 void     initialize_options(Options *);
 void     fill_default_options(Options *);
 int      read_config_file(const char *, const char *, Options *, int);
+int      parse_forward(Forward *, const char *);
 
 int
 process_config_line(Options *, const char *, char *, const char *, int, int *);
 
-void     add_local_forward(Options *, u_short, const char *, u_short);
-void     add_remote_forward(Options *, u_short, const char *, u_short);
+void     add_local_forward(Options *, const Forward *);
+void     add_remote_forward(Options *, const Forward *);
 
 #endif                          /* READCONF_H */
diff --git a/readpass.c b/readpass.c
index eb4f6fdb6..c2bacdcd4 100644
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $");
 
 #include "xmalloc.h"
 #include "misc.h"
@@ -141,3 +141,29 @@ read_passphrase(const char *prompt, int flags)
         memset(buf, 'x', sizeof buf);
         return ret;
 }
+
+int
+ask_permission(const char *fmt, ...)
+{
+        va_list args;
+        char *p, prompt[1024];
+        int allowed = 0;
+
+        va_start(args, fmt);
+        vsnprintf(prompt, sizeof(prompt), fmt, args);
+        va_end(args);
+
+        p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+        if (p != NULL) {
+                /*
+                 * Accept empty responses and responses consisting
+                 * of the word "yes" as affirmative.
+                 */
+                if (*p == '\0' || *p == '\n' ||
+                    strcasecmp(p, "yes") == 0)
+                        allowed = 1;
+                xfree(p);
+        }
+
+        return (allowed);
+}
diff --git a/regress/Makefile b/regress/Makefile
index 9e98e5880..4f47bc3fd 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
+#       $OpenBSD: Makefile,v 1.36 2005/03/04 08:48:46 djm Exp $
 
 REGRESS_TARGETS=        t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:          $(REGRESS_TARGETS)
@@ -34,20 +34,22 @@ LTESTS= 	connect \
                 sftp-cmds \
                 sftp-badcmds \
                 sftp-batch \
+                sftp-glob \
                 reconfigure \
                 dynamic-forward \
                 forwarding \
                 multiplex \
-                reexec
+                reexec \
+                brokenkeys
 
 USER!=          id -un
 CLEANFILES=     t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                 authorized_keys_${USER} known_hosts pidfile \
-                ssh_config ssh_proxy sshd_config sshd_proxy \
+                ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
                 rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
                 rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
                 ls.copy banner.in banner.out empty.in \
-                scp-ssh-wrapper.exe \
+                scp-ssh-wrapper.scp ssh_proxy_envpass \
                 remote_pid
 
 #LTESTS +=      ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
@@ -90,5 +92,5 @@ t-exec:	${LTESTS:=.sh}
         @if [ "x$?" = "x" ]; then exit 0; fi; \
         for TEST in ""$?; do \
                 echo "run test $${TEST}" ... 1>&2; \
-                (sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+                (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
         done
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
index bd79d7cb8..4de2638e4 100644
--- a/regress/agent-ptrace.sh
+++ b/regress/agent-ptrace.sh
@@ -5,7 +5,7 @@ tid="disallow agent ptrace attach"
 
 if have_prog uname ; then
         case `uname` in
-        AIX|CYGWIN*)
+        AIX|CYGWIN*|OSF1)
                 echo "skipped (not supported on this platform)"
                 exit 0
                 ;;
@@ -41,7 +41,7 @@ EOF
         if [ $? -ne 0 ]; then
                 fail "gdb failed: exit code $?"
         fi
-        egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.' >/dev/null ${OBJ}/gdb.out
+        egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out
         r=$?
         rm -f ${OBJ}/gdb.out
         if [ $r -ne 0 ]; then
diff --git a/regress/brokenkeys.sh b/regress/brokenkeys.sh
new file mode 100644
index 000000000..3e70c348a
--- /dev/null
+++ b/regress/brokenkeys.sh
@@ -0,0 +1,23 @@
+#       $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $
+#       Placed in the Public Domain.
+
+tid="broken keys"
+
+KEYS="$OBJ/authorized_keys_${USER}"
+
+start_sshd
+
+mv ${KEYS} ${KEYS}.bak
+
+# Truncated key
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS
+cat ${KEYS}.bak >> ${KEYS}
+cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
+
+${SSH} -2 -F $OBJ/ssh_config somehost true
+if [ $? -ne 0 ]; then
+        fail "ssh connect with protocol $p failed"
+fi
+
+mv ${KEYS}.bak ${KEYS}
+
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh
index 392fc1978..4674a7baf 100644
--- a/regress/dynamic-forward.sh
+++ b/regress/dynamic-forward.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: dynamic-forward.sh,v 1.3 2004/02/28 12:16:57 dtucker Exp $
+#       $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $
 #       Placed in the Public Domain.
 
 tid="dynamic forwarding"
@@ -44,4 +44,7 @@ for p in 1 2; do
         else
                 fail "no pid file: $OBJ/remote_pid"
         fi
+
+        # Must allow time for connection tear-down
+        sleep 2
 done
diff --git a/regress/envpass.sh b/regress/envpass.sh
index 5a7e178d8..af7eafe3d 100644
--- a/regress/envpass.sh
+++ b/regress/envpass.sh
@@ -1,13 +1,20 @@
-#       $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
+#       $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $
 #       Placed in the Public Domain.
 
 tid="environment passing"
 
 # NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
 
+# Prepare a custom config to test for a configuration parsing bug fixed in 4.0
+cat << EOF > $OBJ/ssh_proxy_envpass
+Host test-sendenv-confparse-bug
+        SendEnv *
+EOF
+cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass
+
 trace "pass env, don't accept"
 verbose "test $tid: pass env, don't accept"
-_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \
         sh << 'EOF'
         test -z "$_TEST_ENV"
 EOF
@@ -18,7 +25,7 @@ fi
 
 trace "don't pass env, accept"
 verbose "test $tid: don't pass env, accept"
-${SSH} -F $OBJ/ssh_proxy otherhost \
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \
         sh << 'EOF'
         test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
 EOF
@@ -29,8 +36,8 @@ fi
 
 trace "pass single env, accept single env"
 verbose "test $tid: pass single env, accept single env"
-_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
-        sh << 'EOF'
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \
+    otherhost sh << 'EOF'
         test X"$_XXX_TEST" = X"blah"
 EOF
 r=$?
@@ -41,7 +48,7 @@ fi
 trace "pass multiple env, accept multiple env"
 verbose "test $tid: pass multiple env, accept multiple env"
 _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
-    -F $OBJ/ssh_proxy otherhost \
+    -F $OBJ/ssh_proxy_envpass otherhost \
         sh << 'EOF'
         test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
 EOF
@@ -49,3 +56,5 @@ r=$?
 if [ $r -ne 0 ]; then
         fail "environment not found"
 fi
+
+rm -f $OBJ/ssh_proxy_envpass
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh
index ce6edade5..15a887f74 100644
--- a/regress/login-timeout.sh
+++ b/regress/login-timeout.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
+#       $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $
 #       Placed in the Public Domain.
 
 tid="connect after login grace timeout"
@@ -8,7 +8,7 @@ echo "LoginGraceTime 10s" >> $OBJ/sshd_config
 echo "MaxStartups 1" >> $OBJ/sshd_config
 start_sshd
 
-(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & 
+(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 
 sleep 15
 ${SSH} -F $OBJ/ssh_config somehost true
 if [ $? -ne 0 ]; then
@@ -21,7 +21,7 @@ trace "test login grace without privsep"
 echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
 start_sshd
 
-(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & 
+(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 
 sleep 15
 ${SSH} -F $OBJ/ssh_config somehost true
 if [ $? -ne 0 ]; then
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index dbf2025be..e8cc1ac53 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,17 +1,28 @@
-#       $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
+#       $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
 #       Placed in the Public Domain.
 
 CTL=$OBJ/ctl-sock
 
 tid="connection multiplexing"
 
+if grep "#define.*DISABLE_FD_PASSING" ${BUILDDIR}/config.h >/dev/null 2>&1
+then
+        echo "skipped (not supported on this platform)"
+        exit 0
+fi
+
 DATA=/bin/ls${EXEEXT}
 COPY=$OBJ/ls.copy
+LOG=$TEST_SSH_LOGFILE
 
 start_sshd
 
 trace "start master, fork to background"
-${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
+${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost &
+MASTER_PID=$!
+
+# Wait for master to start and authenticate
+sleep 5
 
 verbose "test $tid: envpass"
 trace "env passing over multiplexed connection"
@@ -38,13 +49,13 @@ cmp ${DATA} ${COPY}		|| fail "ssh -S ctl: corrupted copy of ${DATA}"
 rm -f ${COPY}
 trace "sftp transfer over multiplexed connection and check result"
 echo "get ${DATA} ${COPY}" | \
-        ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
+        ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >$LOG 2>&1
 test -f ${COPY}                 || fail "sftp: failed copy ${DATA}" 
 cmp ${DATA} ${COPY}             || fail "sftp: corrupted copy of ${DATA}"
 
 rm -f ${COPY}
 trace "scp transfer over multiplexed connection and check result"
-${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
+${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1
 test -f ${COPY}                 || fail "scp: failed copy ${DATA}" 
 cmp ${DATA} ${COPY}             || fail "scp: corrupted copy of ${DATA}"
 
@@ -69,6 +80,15 @@ for s in 0 1 4 5 44; do
         fi
 done
 
-# kill master, remove control socket.  ssh -MS will exit when sleep exits
-$SUDO kill `cat $PIDFILE`
-rm -f $CTL
+trace "test check command"
+${SSH} -S $CTL -Ocheck otherhost || fail "check command failed" 
+
+trace "test exit command"
+${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" 
+
+# Wait for master to exit
+sleep 2
+
+ps -p $MASTER_PID >/dev/null && fail "exit command failed" 
+
+cleanup
diff --git a/regress/reexec.sh b/regress/reexec.sh
index 39fffefbc..d69b8c577 100644
--- a/regress/reexec.sh
+++ b/regress/reexec.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
+#       $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $
 #       Placed in the Public Domain.
 
 tid="reexec tests"
@@ -6,36 +6,40 @@ tid="reexec tests"
 DATA=/bin/ls
 COPY=${OBJ}/copy
 SSHD_ORIG=$SSHD
-SSHD_COPY=$OBJ/sshd.copy
+SSHD_COPY=$OBJ/sshd
 
 # Start a sshd and then delete it
-start_sshd_copy_zap ()
+start_sshd_copy ()
 {
         cp $SSHD_ORIG $SSHD_COPY
         SSHD=$SSHD_COPY
         start_sshd
-        rm -f $SSHD_COPY
         SSHD=$SSHD_ORIG
 }
 
+# Do basic copy tests
+copy_tests ()
+{
+        rm -f ${COPY}
+        for p in 1 2; do
+                verbose "$tid: proto $p"
+                ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+                    cat ${DATA} > ${COPY}
+                if [ $? -ne 0 ]; then
+                        fail "ssh cat $DATA failed"
+                fi
+                cmp ${DATA} ${COPY}             || fail "corrupted copy"
+                rm -f ${COPY}
+        done
+}
+
 verbose "test config passing"
-cp $OBJ/sshd_config $OBJ/sshd_config.orig
 
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
 start_sshd
-
 echo "InvalidXXX=no" >> $OBJ/sshd_config
 
-rm -f ${COPY}
-for p in 1 2; do
-        verbose "$tid: proto $p"
-        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
-            cat ${DATA} > ${COPY}
-        if [ $? -ne 0 ]; then
-                fail "ssh cat $DATA failed"
-        fi
-        cmp ${DATA} ${COPY}             || fail "corrupted copy"
-        rm -f ${COPY}
-done
+copy_tests
 
 $SUDO kill `cat $PIDFILE`
 rm -f $PIDFILE
@@ -44,19 +48,10 @@ cp $OBJ/sshd_config.orig $OBJ/sshd_config
 
 verbose "test reexec fallback"
 
-start_sshd_copy_zap
-
-rm -f ${COPY}
-for p in 1 2; do
-        verbose "$tid: proto $p"
-        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
-            cat ${DATA} > ${COPY}
-        if [ $? -ne 0 ]; then
-                fail "ssh cat $DATA failed"
-        fi
-        cmp ${DATA} ${COPY}             || fail "corrupted copy"
-        rm -f ${COPY}
-done
+start_sshd_copy
+rm -f $SSHD_COPY
+
+copy_tests
 
 $SUDO kill `cat $PIDFILE`
 rm -f $PIDFILE
@@ -66,22 +61,12 @@ verbose "test reexec fallback without privsep"
 cp $OBJ/sshd_config.orig $OBJ/sshd_config
 echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
 
-start_sshd_copy_zap
-
-rm -f ${COPY}
-for p in 1 2; do
-        verbose "$tid: proto $p"
-        ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
-            cat ${DATA} > ${COPY}
-        if [ $? -ne 0 ]; then
-                fail "ssh cat $DATA failed"
-        fi
-        cmp ${DATA} ${COPY}             || fail "corrupted copy"
-        rm -f ${COPY}
-done
+start_sshd_copy
+rm -f $SSHD_COPY
+
+copy_tests
 
 $SUDO kill `cat $PIDFILE`
 rm -f $PIDFILE
 
-cp $OBJ/sshd_config.orig $OBJ/sshd_config
 
diff --git a/regress/rekey.sh b/regress/rekey.sh
index 6b7e845ec..3c5f266fc 100644
--- a/regress/rekey.sh
+++ b/regress/rekey.sh
@@ -8,6 +8,7 @@ COPY=${OBJ}/copy
 LOG=${OBJ}/log
 
 rm -f ${COPY} ${LOG} ${DATA}
+touch ${DATA}
 dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1
 
 for s in 16 1k 128k 256k; do
diff --git a/regress/scp.sh b/regress/scp.sh
index 703cc0893..c3034b6e7 100644
--- a/regress/scp.sh
+++ b/regress/scp.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
+#       $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $
 #       Placed in the Public Domain.
 
 tid="scp"
@@ -12,16 +12,16 @@ else
         DIFFOPT="-r"
 fi
 
-DATA=/bin/ls
+DATA=/bin/ls${EXEEXT}
 COPY=${OBJ}/copy
 COPY2=${OBJ}/copy2
 DIR=${COPY}.dd
 DIR2=${COPY}.dd2
 
 SRC=`dirname ${SCRIPT}`
-cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
-chmod 755 ${OBJ}/scp-ssh-wrapper.exe
-scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
+chmod 755 ${OBJ}/scp-ssh-wrapper.scp
+scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp"
 
 scpclean() {
         rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
@@ -64,6 +64,19 @@ cp ${DATA} ${DIR}/copy
 $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
 diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
 
+if [ ! -z "$SUDO" ]; then
+        verbose "$tid: skipped file after scp -p with failed chown+utimes"
+        scpclean
+        cp -p ${DATA} ${DIR}/copy
+        cp -p ${DATA} ${DIR}/copy2
+        cp ${DATA} ${DIR2}/copy
+        chmod 660 ${DIR2}/copy
+        $SUDO chown root ${DIR2}/copy
+        $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
+        diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+        $SUDO rm ${DIR2}/copy
+fi
+
 for i in 0 1 2 3 4; do
         verbose "$tid: disallow bad server #$i"
         SCPTESTMODE=badserver_$i
@@ -79,4 +92,4 @@ for i in 0 1 2 3 4; do
 done
 
 scpclean
-rm -f ${OBJ}/scp-ssh-wrapper.exe
+rm -f ${OBJ}/scp-ssh-wrapper.scp
diff --git a/regress/sftp-glob.sh b/regress/sftp-glob.sh
new file mode 100644
index 000000000..e238356a2
--- /dev/null
+++ b/regress/sftp-glob.sh
@@ -0,0 +1,28 @@
+#       $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $
+#       Placed in the Public Domain.
+
+tid="sftp glob"
+
+BASE=${OBJ}/glob
+DIR=${BASE}/dir
+DATA=${DIR}/file
+
+rm -rf ${BASE}
+mkdir -p ${DIR}
+touch ${DATA}
+
+verbose "$tid: ls file"
+echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \
+        grep ${DATA} >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+        fail "globbed ls file failed"
+fi
+
+verbose "$tid: ls dir"
+echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \
+        grep file >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+        fail "globbed ls dir failed"
+fi
+
+rm -rf ${BASE}
diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh
new file mode 100644
index 000000000..c7a5ef3a6
--- /dev/null
+++ b/regress/sshd-log-wrapper.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+#       $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $
+#       Placed in the Public Domain.
+#
+# simple wrapper for sshd proxy mode to catch stderr output
+# sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile
+
+sshd=$1
+log=$2
+shift
+shift
+
+exec $sshd $@ -e 2>>$log
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 70250acd7..4e53449be 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,8 +1,19 @@
-#       $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
+#       $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $
 #       Placed in the Public Domain.
 
 #SUDO=sudo
 
+# Unbreak GNU head(1)
+_POSIX2_VERSION=199209
+export _POSIX2_VERSION
+
+case `uname -s 2>/dev/null` in
+OSF1*)
+        BIN_SH=xpg4
+        export BIN_SH
+        ;;
+esac
+
 if [ ! -z "$TEST_SSH_PORT" ]; then
         PORT="$TEST_SSH_PORT"
 else
@@ -43,6 +54,8 @@ else
 fi
 unset SSH_AUTH_SOCK
 
+SRC=`dirname ${SCRIPT}`
+
 # defaults
 SSH=ssh
 SSHD=sshd
@@ -83,7 +96,13 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then
 fi
 
 # Path to sshd must be absolute for rexec
-SSHD=`which sshd`
+if [ ! -x /$SSHD ]; then
+        SSHD=`which sshd`
+fi
+
+if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
+        TEST_SSH_LOGFILE=/dev/null
+fi
 
 # these should be used in tests
 export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
@@ -134,6 +153,7 @@ cleanup ()
 
 trace ()
 {
+        echo "trace: $@" >>$TEST_SSH_LOGFILE
         if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
                 echo "$@"
         fi
@@ -141,6 +161,7 @@ trace ()
 
 verbose ()
 {
+        echo "verbose: $@" >>$TEST_SSH_LOGFILE
         if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
                 echo "$@"
         fi
@@ -149,12 +170,14 @@ verbose ()
 
 fail ()
 {
+        echo "FAIL: $@" >>$TEST_SSH_LOGFILE
         RESULT=1
         echo "$@"
 }
 
 fatal ()
 {
+        echo "FATAL: $@" >>$TEST_SSH_LOGFILE
         echon "FATAL: "
         fail "$@"
         cleanup
@@ -174,7 +197,7 @@ cat << EOF > $OBJ/sshd_config
         #ListenAddress          ::1
         PidFile                 $PIDFILE
         AuthorizedKeysFile      $OBJ/authorized_keys_%u
-        LogLevel                QUIET
+        LogLevel                DEBUG
         AcceptEnv               _XXX_TEST_*
         AcceptEnv               _XXX_TEST
         Subsystem       sftp    $SFTPSERVER
@@ -205,7 +228,6 @@ Host *
         ChallengeResponseAuthentication no
         HostbasedAuthentication no
         PasswordAuthentication  no
-        RhostsRSAAuthentication no
         BatchMode               yes
         StrictHostKeyChecking   yes
 EOF
@@ -246,7 +268,7 @@ chmod 644 $OBJ/authorized_keys_$USER
 # create a proxy version of the client config
 (
         cat $OBJ/ssh_config
-        echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy
+        echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy
 ) > $OBJ/ssh_proxy
 
 # check proxy config
@@ -256,7 +278,7 @@ start_sshd ()
 {
         # start sshd
         $SUDO ${SSHD} -f $OBJ/sshd_config -t    || fatal "sshd_config broken"
-        $SUDO ${SSHD} -f $OBJ/sshd_config
+        $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
 
         trace "wait for sshd"
         i=0;
diff --git a/scp.0 b/scp.0
index 01736fe24..f9368e71b 100644
--- a/scp.0
+++ b/scp.0
@@ -73,6 +73,7 @@ DESCRIPTION
                    GlobalKnownHostsFile
                    GSSAPIAuthentication
                    GSSAPIDelegateCredentials
+                   HashKnownHosts
                    Host
                    HostbasedAuthentication
                    HostKeyAlgorithms
@@ -80,6 +81,7 @@ DESCRIPTION
                    HostName
                    IdentityFile
                    IdentitiesOnly
+                   KbdInteractiveDevices
                    LogLevel
                    MACs
                    NoHostAuthenticationForLocalhost
diff --git a/scp.1 b/scp.1
index f346b2ae9..b5191e318 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $
+.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -133,6 +133,7 @@ For full details of the options listed below, and their possible values, see
 .It GlobalKnownHostsFile
 .It GSSAPIAuthentication
 .It GSSAPIDelegateCredentials
+.It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
 .It HostKeyAlgorithms
@@ -140,6 +141,7 @@ For full details of the options listed below, and their possible values, see
 .It HostName
 .It IdentityFile
 .It IdentitiesOnly
+.It KbdInteractiveDevices
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
diff --git a/scp.c b/scp.c
index ef9eaa1a4..f69fd05fc 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.117 2004/08/11 21:44:32 avsm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -108,8 +108,10 @@ pid_t do_cmd_pid = -1;
 static void
 killchild(int signo)
 {
-        if (do_cmd_pid > 1)
+        if (do_cmd_pid > 1) {
                 kill(do_cmd_pid, signo);
+                waitpid(do_cmd_pid, NULL, 0);
+        }
 
         _exit(1);
 }
@@ -726,7 +728,7 @@ sink(int argc, char **argv)
 
 #define atime   tv[0]
 #define mtime   tv[1]
-#define SCREWUP(str)    do { why = str; goto screwup; } while (0)
+#define SCREWUP(str)    { why = str; goto screwup; }
 
         setimes = targisdir = 0;
         mask = umask(0);
diff --git a/servconf.c b/servconf.c
index fae3c658e..2d1a0c362 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $");
 
 #include "ssh.h"
 #include "log.h"
@@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
 static void add_listen_addr(ServerOptions *, char *, u_short);
 static void add_one_listen_addr(ServerOptions *, char *, u_short);
 
-/* AF_UNSPEC or AF_INET or AF_INET6 */
-extern int IPv4or6;
 /* Use of privilege separation or not */
 extern int use_privsep;
 
@@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options)
         options->num_ports = 0;
         options->ports_from_cmdline = 0;
         options->listen_addrs = NULL;
+        options->address_family = -1;
         options->num_host_key_files = 0;
         options->pid_file = NULL;
         options->server_key_bits = -1;
@@ -258,7 +257,8 @@ typedef enum {
         sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
         sKerberosGetAFSToken,
         sKerberosTgtPassing, sChallengeResponseAuthentication,
-        sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
+        sPasswordAuthentication, sKbdInteractiveAuthentication,
+        sListenAddress, sAddressFamily,
         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
         sStrictModes, sEmptyPasswd, sTCPKeepAlive,
@@ -335,6 +335,7 @@ static struct {
         { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
         { "checkmail", sDeprecated },
         { "listenaddress", sListenAddress },
+        { "addressfamily", sAddressFamily },
         { "printmotd", sPrintMotd },
         { "printlastlog", sPrintLastLog },
         { "ignorerhosts", sIgnoreRhosts },
@@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
 
         if (options->num_ports == 0)
                 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+        if (options->address_family == -1)
+                options->address_family = AF_UNSPEC;
         if (port == 0)
                 for (i = 0; i < options->num_ports; i++)
                         add_one_listen_addr(options, addr, options->ports[i]);
@@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
         int gaierr;
 
         memset(&hints, 0, sizeof(hints));
-        hints.ai_family = IPv4or6;
+        hints.ai_family = options->address_family;
         hints.ai_socktype = SOCK_STREAM;
         hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
         snprintf(strport, sizeof strport, "%u", port);
@@ -437,6 +440,7 @@ process_server_config_line(ServerOptions *options, char *line,
         char *cp, **charptr, *arg, *p;
         int *intptr, value, i, n;
         ServerOpCodes opcode;
+        u_short port;
 
         cp = line;
         arg = strdelim(&cp);
@@ -509,39 +513,40 @@ parse_time:
 
         case sListenAddress:
                 arg = strdelim(&cp);
-                if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
-                        fatal("%s line %d: missing inet addr.",
+                if (arg == NULL || *arg == '\0')
+                        fatal("%s line %d: missing address",
                             filename, linenum);
-                if (*arg == '[') {
-                        if ((p = strchr(arg, ']')) == NULL)
-                                fatal("%s line %d: bad ipv6 inet addr usage.",
-                                    filename, linenum);
-                        arg++;
-                        memmove(p, p+1, strlen(p+1)+1);
-                } else if (((p = strchr(arg, ':')) == NULL) ||
-                            (strchr(p+1, ':') != NULL)) {
-                        add_listen_addr(options, arg, 0);
-                        break;
-                }
-                if (*p == ':') {
-                        u_short port;
+                p = hpdelim(&arg);
+                if (p == NULL)
+                        fatal("%s line %d: bad address:port usage",
+                            filename, linenum);
+                p = cleanhostname(p);
+                if (arg == NULL)
+                        port = 0;
+                else if ((port = a2port(arg)) == 0)
+                        fatal("%s line %d: bad port number", filename, linenum);
 
-                        p++;
-                        if (*p == '\0')
-                                fatal("%s line %d: bad inet addr:port usage.",
-                                    filename, linenum);
-                        else {
-                                *(p-1) = '\0';
-                                if ((port = a2port(p)) == 0)
-                                        fatal("%s line %d: bad port number.",
-                                            filename, linenum);
-                                add_listen_addr(options, arg, port);
-                        }
-                } else if (*p == '\0')
-                        add_listen_addr(options, arg, 0);
+                add_listen_addr(options, p, port);
+
+                break;
+
+        case sAddressFamily:
+                arg = strdelim(&cp);
+                intptr = &options->address_family;
+                if (options->listen_addrs != NULL)
+                        fatal("%s line %d: address family must be specified before "
+                            "ListenAddress.", filename, linenum);
+                if (strcasecmp(arg, "inet") == 0)
+                        value = AF_INET;
+                else if (strcasecmp(arg, "inet6") == 0)
+                        value = AF_INET6;
+                else if (strcasecmp(arg, "any") == 0)
+                        value = AF_UNSPEC;
                 else
-                        fatal("%s line %d: bad inet addr usage.",
-                            filename, linenum);
+                        fatal("%s line %d: unsupported address family \"%s\".",
+                            filename, linenum, arg);
+                if (*intptr == -1)
+                        *intptr = value;
                 break;
 
         case sHostKeyFile:
@@ -720,7 +725,23 @@ parse_flag:
 
         case sGatewayPorts:
                 intptr = &options->gateway_ports;
-                goto parse_flag;
+                arg = strdelim(&cp);
+                if (!arg || *arg == '\0')
+                        fatal("%s line %d: missing yes/no/clientspecified "
+                            "argument.", filename, linenum);
+                value = 0;      /* silence compiler */
+                if (strcmp(arg, "clientspecified") == 0)
+                        value = 2;
+                else if (strcmp(arg, "yes") == 0)
+                        value = 1;
+                else if (strcmp(arg, "no") == 0)
+                        value = 0;
+                else
+                        fatal("%s line %d: Bad yes/no/clientspecified "
+                            "argument: %s", filename, linenum, arg);
+                if (*intptr == -1)
+                        *intptr = value;
+                break;
 
         case sUseDNS:
                 intptr = &options->use_dns;
diff --git a/servconf.h b/servconf.h
index ebd056814..f7e56d521 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $       */
+/*      $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -43,6 +43,7 @@ typedef struct {
         u_short ports[MAX_PORTS];       /* Port number to listen on. */
         char   *listen_addr;            /* Address on which the server listens. */
         struct addrinfo *listen_addrs;  /* Addresses on which the server listens. */
+        int     address_family;         /* Address family used by the server. */
         char   *host_key_files[MAX_HOSTKEYS];   /* Files containing host keys. */
         int     num_host_key_files;     /* Number of files for host keys. */
         char   *pid_file;       /* Where to put our pid */
diff --git a/session.c b/session.c
index ee4008acf..b32c9e2ca 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -245,6 +245,10 @@ do_authenticated1(Authctxt *authctxt)
         u_int proto_len, data_len, dlen, compression_level = 0;
 
         s = session_new();
+        if (s == NULL) {
+                error("no more sessions");
+                return;
+        }
         s->authctxt = authctxt;
         s->pw = authctxt->pw;
 
@@ -661,11 +665,15 @@ do_exec(Session *s, const char *command)
                 debug("Forced command '%.900s'", command);
         }
 
-#ifdef GSSAPI
-        if (options.gss_authentication) {
-                temporarily_use_uid(s->pw);
-                ssh_gssapi_storecreds();
-                restore_uid();
+#ifdef SSH_AUDIT_EVENTS
+        if (command != NULL)
+                PRIVSEP(audit_run_command(command));
+        else if (s->ttyfd == -1) {
+                char *shell = s->pw->pw_shell;
+
+                if (shell[0] == '\0')   /* empty shell means /bin/sh */
+                        shell =_PATH_BSHELL;
+                PRIVSEP(audit_run_command(shell));
         }
 #endif
 
@@ -979,7 +987,13 @@ do_setup_env(Session *s, const char *shell)
          * The Windows environment contains some setting which are
          * important for a running system. They must not be dropped.
          */
-        copy_environment(environ, &env, &envsize);
+        {
+                char **p;
+
+                p = fetch_windows_environment();
+                copy_environment(p, &env, &envsize);
+                free_windows_environment(p);
+        }
 #endif
 
 #ifdef GSSAPI
@@ -1080,14 +1094,24 @@ do_setup_env(Session *s, const char *shell)
                 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
 #endif /* _UNICOS */
 
+        /*
+         * Since we clear KRB5CCNAME at startup, if it's set now then it
+         * must have been set by a native authentication method (eg AIX or
+         * SIA), so copy it to the child.
+         */
+        {
+                char *cp;
+
+                if ((cp = getenv("KRB5CCNAME")) != NULL)
+                        child_set_env(&env, &envsize, "KRB5CCNAME", cp);
+        }
+
 #ifdef _AIX
         {
                 char *cp;
 
                 if ((cp = getenv("AUTHSTATE")) != NULL)
                         child_set_env(&env, &envsize, "AUTHSTATE", cp);
-                if ((cp = getenv("KRB5CCNAME")) != NULL)
-                        child_set_env(&env, &envsize, "KRB5CCNAME", cp);
                 read_environment_file(&env, &envsize, "/etc/environment");
         }
 #endif
@@ -1247,6 +1271,13 @@ do_setusercontext(struct passwd *pw)
 # ifdef __bsdi__
                 setpgid(0, 0);
 # endif
+#ifdef GSSAPI
+                if (options.gss_authentication) {
+                        temporarily_use_uid(pw);
+                        ssh_gssapi_storecreds();
+                        restore_uid();
+                }
+#endif
 # ifdef USE_PAM
                 if (options.use_pam) {
                         do_pam_session();
@@ -1277,6 +1308,13 @@ do_setusercontext(struct passwd *pw)
                         exit(1);
                 }
                 endgrent();
+#ifdef GSSAPI
+                if (options.gss_authentication) {
+                        temporarily_use_uid(pw);
+                        ssh_gssapi_storecreds();
+                        restore_uid();
+                }
+#endif
 # ifdef USE_PAM
                 /*
                  * PAM credentials may take the form of supplementary groups.
@@ -1314,7 +1352,12 @@ do_pwchange(Session *s)
         if (s->ttyfd != -1) {
                 fprintf(stderr,
                     "You must change your password now and login again!\n");
+#ifdef PASSWD_NEEDS_USERNAME
+                execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
+                    (char *)NULL);
+#else
                 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
+#endif
                 perror("passwd");
         } else {
                 fprintf(stderr,
@@ -1428,11 +1471,18 @@ do_child(Session *s, const char *command)
                  * generated messages, so if this in an interactive
                  * login then display them too.
                  */
-                if (command == NULL)
+                if (!check_quietlogin(s, command))
                         display_loginmsg();
 #endif /* HAVE_OSF_SIA */
         }
 
+#ifdef USE_PAM
+        if (options.use_pam && !is_pam_session_open()) {
+                display_loginmsg();
+                exit(254);
+        }
+#endif
+
         /*
          * Get the shell from the password data.  An empty shell field is
          * legal, and means /bin/sh.
diff --git a/sftp-client.c b/sftp-client.c
index 0ffacbccc..d894a11f2 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -20,7 +20,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -172,6 +172,7 @@ get_handle(int fd, u_int expected_id, u_int *len)
                 int status = buffer_get_int(&msg);
 
                 error("Couldn't get handle: %s", fx2txt(status));
+                buffer_free(&msg);
                 return(NULL);
         } else if (type != SSH2_FXP_HANDLE)
                 fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
@@ -206,6 +207,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
                         debug("Couldn't stat remote file: %s", fx2txt(status));
                 else
                         error("Couldn't stat remote file: %s", fx2txt(status));
+                buffer_free(&msg);
                 return(NULL);
         } else if (type != SSH2_FXP_ATTRS) {
                 fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
diff --git a/sftp-client.h b/sftp-client.h
index a0e8e44b3..991e05d33 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.12 2004/02/17 05:39:51 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@@ -30,8 +30,8 @@ struct SFTP_DIRENT {
 };
 
 /*
- * Initialiase a SSH filexfer connection. Returns -1 on error or
- * protocol version on success.
+ * Initialiase a SSH filexfer connection. Returns NULL on error or
+ * a pointer to a initialized sftp_conn struct on success.
  */
 struct sftp_conn *do_init(int, int, u_int, u_int);
 
diff --git a/sftp.0 b/sftp.0
index 746a410f2..5b1a2fc69 100644
--- a/sftp.0
+++ b/sftp.0
@@ -22,8 +22,7 @@ DESCRIPTION
      active authentication method is used; otherwise it will do so after suc-
      cessful interactive authentication.
 
-     The third usage format allows the sftp client to start in a remote direc-
-     tory.
+     The third usage format allows sftp to start in a remote directory.
 
      The final usage format allows for automated sessions using the -b option.
      In such cases, it is usually necessary to configure public key authenti-
@@ -78,6 +77,7 @@ DESCRIPTION
                    GlobalKnownHostsFile
                    GSSAPIAuthentication
                    GSSAPIDelegateCredentials
+                   HashKnownHosts
                    Host
                    HostbasedAuthentication
                    HostKeyAlgorithms
@@ -85,6 +85,7 @@ DESCRIPTION
                    HostName
                    IdentityFile
                    IdentitiesOnly
+                   KbdInteractiveDevices
                    LogLevel
                    MACs
                    NoHostAuthenticationForLocalhost
@@ -109,7 +110,7 @@ DESCRIPTION
                    VerifyHostKeyDNS
 
      -P sftp_server_path
-             Connect directly to a local sftp server (rather than via ssh(1))
+             Connect directly to a local sftp server (rather than via ssh(1)).
              This option may be useful in debugging the client and server.
 
      -R num_requests
@@ -131,100 +132,132 @@ DESCRIPTION
 
 INTERACTIVE COMMANDS
      Once in interactive mode, sftp understands a set of commands similar to
-     those of ftp(1).  Commands are case insensitive and pathnames may be en-
-     closed in quotes if they contain spaces.
+     those of ftp(1).  Commands are case insensitive.  Pathnames that contain
+     spaces must be enclosed in quotes.  Any special characters contained
+     within pathnames that are recognized by glob(3) must be escaped with
+     backslashes (`\').
 
-     bye         Quit sftp.
+     bye     Quit sftp.
 
-     cd path     Change remote directory to path.
+     cd path
+             Change remote directory to path.
 
      chgrp grp path
-                 Change group of file path to grp.  grp must be a numeric GID.
+             Change group of file path to grp.  path may contain glob(3) char-
+             acters and may match multiple files.  grp must be a numeric GID.
 
      chmod mode path
-                 Change permissions of file path to mode.
+             Change permissions of file path to mode.  path may contain
+             glob(3) characters and may match multiple files.
 
      chown own path
-                 Change owner of file path to own.  own must be a numeric UID.
+             Change owner of file path to own.  path may contain glob(3) char-
+             acters and may match multiple files.  own must be a numeric UID.
 
-     exit        Quit sftp.
+     exit    Quit sftp.
 
-     get [flags] remote-path [local-path]
-                 Retrieve the remote-path and store it on the local machine.
-                 If the local path name is not specified, it is given the same
-                 name it has on the remote machine.  If the -P flag is speci-
-                 fied, then the file's full permission and access time are
-                 copied too.
+     get [-P] remote-path [local-path]
+             Retrieve the remote-path and store it on the local machine.  If
+             the local path name is not specified, it is given the same name
+             it has on the remote machine.  remote-path may contain glob(3)
+             characters and may match multiple files.  If it does and local-
+             path is specified, then local-path must specify a directory.  If
+             the -P flag is specified, then full file permissions and access
+             times are copied too.
 
-     help        Display help text.
+     help    Display help text.
 
-     lcd path    Change local directory to path.
+     lcd path
+             Change local directory to path.
 
      lls [ls-options [path]]
-                 Display local directory listing of either path or current di-
-                 rectory if path is not specified.
+             Display local directory listing of either path or current direc-
+             tory if path is not specified.  ls-options may contain any flags
+             supported by the local system's ls(1) command.  path may contain
+             glob(3) characters and may match multiple files.
 
      lmkdir path
-                 Create local directory specified by path.
+             Create local directory specified by path.
 
      ln oldpath newpath
-                 Create a symbolic link from oldpath to newpath.
+             Create a symbolic link from oldpath to newpath.
 
-     lpwd        Print local working directory.
+     lpwd    Print local working directory.
 
-     ls [flags] [path]
-                 Display remote directory listing of either path or current
-                 directory if path is not specified.  If the -l flag is speci-
-                 fied, then display additional details including permissions
-                 and ownership information.  The -n flag will produce a long
-                 listing with user and group information presented numerical-
-                 ly.
+     ls [-1aflnrSt] [path]
+             Display a remote directory listing of either path or the current
+             directory if path is not specified.  path may contain glob(3)
+             characters and may match multiple files.
 
-                 By default, ls listings are sorted in lexicographical order.
-                 This may be changed by specifying the -S (sort by file size),
-                 -t (sort by last modification time), or -f (don't sort at
-                 all) flags.  Additionally, the sort order may be reversed us-
-                 ing the -r flag.
+             The following flags are recognized and alter the behaviour of ls
+             accordingly:
+
+             -1      Produce single columnar output.
+
+             -a      List files beginning with a dot (`.').
+
+             -f      Do not sort the listing.  The default sort order is lexi-
+                     cographical.
+
+             -l      Display additional details including permissions and own-
+                     ership information.
+
+             -n      Produce a long listing with user and group information
+                     presented numerically.
+
+             -r      Reverse the sort order of the listing.
+
+             -S      Sort the listing by file size.
+
+             -t      Sort the listing by last modification time.
 
      lumask umask
-                 Set local umask to umask.
+             Set local umask to umask.
 
-     mkdir path  Create remote directory specified by path.
+     mkdir path
+             Create remote directory specified by path.
 
-     progress    Toggle display of progress meter.
+     progress
+             Toggle display of progress meter.
 
-     put [flags] local-path [remote-path]
-                 Upload local-path and store it on the remote machine.  If the
-                 remote path name is not specified, it is given the same name
-                 it has on the local machine.  If the -P flag is specified,
-                 then the file's full permission and access time are copied
-                 too.
+     put [-P] local-path [remote-path]
+             Upload local-path and store it on the remote machine.  If the re-
+             mote path name is not specified, it is given the same name it has
+             on the local machine.  local-path may contain glob(3) characters
+             and may match multiple files.  If it does and remote-path is
+             specified, then remote-path must specify a directory.  If the -P
+             flag is specified, then the file's full permission and access
+             time are copied too.
 
-     pwd         Display remote working directory.
+     pwd     Display remote working directory.
 
-     quit        Quit sftp.
+     quit    Quit sftp.
 
      rename oldpath newpath
-                 Rename remote file from oldpath to newpath.
+             Rename remote file from oldpath to newpath.
 
-     rm path     Delete remote file specified by path.
+     rm path
+             Delete remote file specified by path.
 
-     rmdir path  Remove remote directory specified by path.
+     rmdir path
+             Remove remote directory specified by path.
 
      symlink oldpath newpath
-                 Create a symbolic link from oldpath to newpath.
+             Create a symbolic link from oldpath to newpath.
 
-     version     Display the sftp protocol version.
+     version
+             Display the sftp protocol version.
 
-     ! command   Execute command in local shell.
+     ! command
+             Execute command in local shell.
 
-     !           Escape to local shell.
+     !       Escape to local shell.
 
-     ?           Synonym for help.
+     ?       Synonym for help.
 
 SEE ALSO
-     ftp(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
-     sftp-server(8), sshd(8)
+     ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3),
+     ssh_config(5), sftp-server(8), sshd(8)
 
      T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
      filexfer-00.txt, January 2001, work in progress material.
diff --git a/sftp.1 b/sftp.1
index 3b035b1d4..c89ffc30f 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.57 2004/06/21 22:41:31 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -71,7 +71,9 @@ The second usage format will retrieve files automatically if a non-interactive
 authentication method is used; otherwise it will do so after
 successful interactive authentication.
 .Pp
-The third usage format allows the sftp client to start in a remote directory.
+The third usage format allows
+.Nm
+to start in a remote directory.
 .Pp
 The final usage format allows for automated sessions using the
 .Fl b
@@ -159,6 +161,7 @@ For full details of the options listed below, and their possible values, see
 .It GlobalKnownHostsFile
 .It GSSAPIAuthentication
 .It GSSAPIDelegateCredentials
+.It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
 .It HostKeyAlgorithms
@@ -166,6 +169,7 @@ For full details of the options listed below, and their possible values, see
 .It HostName
 .It IdentityFile
 .It IdentitiesOnly
+.It KbdInteractiveDevices
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
@@ -192,7 +196,7 @@ For full details of the options listed below, and their possible values, see
 .It Fl P Ar sftp_server_path
 Connect directly to a local sftp server
 (rather than via
-.Xr ssh 1 )
+.Xr ssh 1 ) .
 This option may be useful in debugging the client and server.
 .It Fl R Ar num_requests
 Specify how many requests may be outstanding at any one time.
@@ -223,9 +227,13 @@ Once in interactive mode,
 .Nm
 understands a set of commands similar to those of
 .Xr ftp 1 .
-Commands are case insensitive and pathnames may be enclosed in quotes if they
-contain spaces.
-.Bl -tag -width "lmdir path"
+Commands are case insensitive.
+Pathnames that contain spaces must be enclosed in quotes.
+Any special characters contained within pathnames that are recognized by
+.Xr glob 3
+must be escaped with backslashes
+.Pq Sq \e .
+.Bl -tag -width Ds
 .It Ic bye
 Quit
 .Nm sftp .
@@ -237,6 +245,10 @@ Change group of file
 .Ar path
 to
 .Ar grp .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
 .Ar grp
 must be a numeric GID.
 .It Ic chmod Ar mode Ar path
@@ -244,18 +256,26 @@ Change permissions of file
 .Ar path
 to
 .Ar mode .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
 .It Ic chown Ar own Ar path
 Change owner of file
 .Ar path
 to
 .Ar own .
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
 .Ar own
 must be a numeric UID.
 .It Ic exit
 Quit
 .Nm sftp .
 .It Xo Ic get
-.Op Ar flags
+.Op Fl P
 .Ar remote-path
 .Op Ar local-path
 .Xc
@@ -265,9 +285,18 @@ and store it on the local machine.
 If the local
 path name is not specified, it is given the same name it has on the
 remote machine.
+.Ar remote-path
+may contain
+.Xr glob 3
+characters and may match multiple files.
+If it does and
+.Ar local-path
+is specified, then
+.Ar local-path
+must specify a directory.
 If the
 .Fl P
-flag is specified, then the file's full permission and access time are
+flag is specified, then full file permissions and access times are
 copied too.
 .It Ic help
 Display help text.
@@ -280,6 +309,14 @@ Display local directory listing of either
 or current directory if
 .Ar path
 is not specified.
+.Ar ls-options
+may contain any flags supported by the local system's
+.Xr ls 1
+command.
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
 .It Ic lmkdir Ar path
 Create local directory specified by
 .Ar path .
@@ -291,36 +328,44 @@ to
 .It Ic lpwd
 Print local working directory.
 .It Xo Ic ls
-.Op Ar flags
+.Op Fl 1aflnrSt
 .Op Ar path
 .Xc
-Display remote directory listing of either
+Display a remote directory listing of either
 .Ar path
-or current directory if
+or the current directory if
 .Ar path
 is not specified.
-If the
-.Fl l
-flag is specified, then display additional details including permissions
-and ownership information.
-The
-.Fl n
-flag will produce a long listing with user and group information presented
-numerically.
+.Ar path
+may contain
+.Xr glob 3
+characters and may match multiple files.
 .Pp
-By default,
+The following flags are recognized and alter the behaviour of
 .Ic ls
-listings are sorted in lexicographical order.
-This may be changed by specifying the
-.Fl S
-(sort by file size),
-.Fl t
-(sort by last modification time), or
-.Fl f
-(don't sort at all) flags.
-Additionally, the sort order may be reversed using the
-.Fl r
-flag.
+accordingly:
+.Bl -tag -width Ds
+.It Fl 1
+Produce single columnar output.
+.It Fl a
+List files beginning with a dot
+.Pq Sq \&. .
+.It Fl f
+Do not sort the listing.
+The default sort order is lexicographical.
+.It Fl l
+Display additional details including permissions
+and ownership information.
+.It Fl n
+Produce a long listing with user and group information presented
+numerically.
+.It Fl r
+Reverse the sort order of the listing.
+.It Fl S
+Sort the listing by file size.
+.It Fl t
+Sort the listing by last modification time.
+.El
 .It Ic lumask Ar umask
 Set local umask to
 .Ar umask .
@@ -330,7 +375,7 @@ Create remote directory specified by
 .It Ic progress
 Toggle display of progress meter.
 .It Xo Ic put
-.Op Ar flags
+.Op Fl P
 .Ar local-path
 .Op Ar remote-path
 .Xc
@@ -339,6 +384,15 @@ Upload
 and store it on the remote machine.
 If the remote path name is not specified, it is given the same name it has
 on the local machine.
+.Ar local-path
+may contain
+.Xr glob 3
+characters and may match multiple files.
+If it does and
+.Ar remote-path
+is specified, then
+.Ar remote-path
+must specify a directory.
 If the
 .Fl P
 flag is specified, then the file's full permission and access time are
@@ -379,10 +433,12 @@ Synonym for help.
 .El
 .Sh SEE ALSO
 .Xr ftp 1 ,
+.Xr ls 1 ,
 .Xr scp 1 ,
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-keygen 1 ,
+.Xr glob 3 ,
 .Xr ssh_config 5 ,
 .Xr sftp-server 8 ,
 .Xr sshd 8
diff --git a/sftp.c b/sftp.c
index f01c9194c..f8553ed82 100644
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,13 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $");
+
+#ifdef USE_LIBEDIT
+#include <histedit.h>
+#else
+typedef void EditLine;
+#endif
 
 #include "buffer.h"
 #include "xmalloc.h"
@@ -144,8 +150,10 @@ int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
 static void
 killchild(int signo)
 {
-        if (sshpid > 1)
+        if (sshpid > 1) {
                 kill(sshpid, SIGTERM);
+                waitpid(sshpid, NULL, 0);
+        }
 
         _exit(1);
 }
@@ -154,9 +162,11 @@ static void
 cmd_interrupt(int signo)
 {
         const char msg[] = "\rInterrupt  \n";
+        int olderrno = errno;
 
         write(STDERR_FILENO, msg, sizeof(msg) - 1);
         interrupted = 1;
+        errno = olderrno;
 }
 
 static void
@@ -256,7 +266,7 @@ path_strip(char *path, char *strip)
                 return (xstrdup(path));
 
         len = strlen(strip);
-        if (strip != NULL && strncmp(path, strip, len) == 0) {
+        if (strncmp(path, strip, len) == 0) {
                 if (strip[len - 1] != '/' && path[len] == '/')
                         len++;
                 return (xstrdup(path + len));
@@ -738,12 +748,14 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
 {
         glob_t g;
         int i, c = 1, colspace = 0, columns = 1;
-        Attrib *a;
+        Attrib *a = NULL;
 
         memset(&g, 0, sizeof(g));
 
         if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
-            NULL, &g)) {
+            NULL, &g) || (g.gl_pathc && !g.gl_matchc)) {
+                if (g.gl_pathc)
+                        globfree(&g);
                 error("Can't ls: \"%s\" not found", path);
                 return (-1);
         }
@@ -752,19 +764,21 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
                 goto out;
 
         /*
-         * If the glob returns a single match, which is the same as the
-         * input glob, and it is a directory, then just list its contents
+         * If the glob returns a single match and it is a directory,
+         * then just list its contents.
          */
-        if (g.gl_pathc == 1 &&
-            strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
-                if ((a = do_lstat(conn, path, 1)) == NULL) {
+        if (g.gl_matchc == 1) {
+                if ((a = do_lstat(conn, g.gl_pathv[0], 1)) == NULL) {
                         globfree(&g);
                         return (-1);
                 }
                 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
                     S_ISDIR(a->perm)) {
+                        int err;
+
+                        err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag);
                         globfree(&g);
-                        return (do_ls_dir(conn, path, strip_path, lflag));
+                        return (err);
                 }
         }
 
@@ -784,7 +798,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
                 colspace = width / columns;
         }
 
-        for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
+        for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) {
                 char *fname;
 
                 fname = path_strip(g.gl_pathv[i], strip_path);
@@ -801,7 +815,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
                          * that the server returns as well as the filenames.
                          */
                         memset(&sb, 0, sizeof(sb));
-                        a = do_lstat(conn, g.gl_pathv[i], 1);
+                        if (a == NULL)
+                                a = do_lstat(conn, g.gl_pathv[i], 1);
                         if (a != NULL)
                                 attrib_to_stat(a, &sb);
                         lname = ls_file(fname, &sb, 1);
@@ -1206,6 +1221,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
         return (0);
 }
 
+#ifdef USE_LIBEDIT
+static char *
+prompt(EditLine *el)
+{
+        return ("sftp> ");
+}
+#endif
+
 int
 interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
 {
@@ -1214,6 +1237,27 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
         char cmd[2048];
         struct sftp_conn *conn;
         int err;
+        EditLine *el = NULL;
+#ifdef USE_LIBEDIT
+        History *hl = NULL;
+        HistEvent hev;
+        extern char *__progname;
+
+        if (!batchmode && isatty(STDIN_FILENO)) {
+                if ((el = el_init(__progname, stdin, stdout, stderr)) == NULL)
+                        fatal("Couldn't initialise editline");
+                if ((hl = history_init()) == NULL)
+                        fatal("Couldn't initialise editline history");
+                history(hl, &hev, H_SETSIZE, 100);
+                el_set(el, EL_HIST, history, hl);
+
+                el_set(el, EL_PROMPT, prompt);
+                el_set(el, EL_EDITOR, "emacs");
+                el_set(el, EL_TERMINAL, NULL);
+                el_set(el, EL_SIGNAL, 1);
+                el_source(el, NULL);
+        }
+#endif /* USE_LIBEDIT */
 
         conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests);
         if (conn == NULL)
@@ -1230,8 +1274,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
                 if (remote_is_dir(conn, dir) && file2 == NULL) {
                         printf("Changing to: %s\n", dir);
                         snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
-                        if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0)
+                        if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) {
+                                xfree(dir);
+                                xfree(pwd);
                                 return (-1);
+                        }
                 } else {
                         if (file2 == NULL)
                                 snprintf(cmd, sizeof cmd, "get %s", dir);
@@ -1261,17 +1308,29 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
 
                 signal(SIGINT, SIG_IGN);
 
-                printf("sftp> ");
+                if (el == NULL) {
+                        printf("sftp> ");
+                        if (fgets(cmd, sizeof(cmd), infile) == NULL) {
+                                printf("\n");
+                                break;
+                        }
+                        if (batchmode) /* Echo command */
+                                printf("%s", cmd);
+                } else {
+#ifdef USE_LIBEDIT
+                        const char *line;
+                        int count = 0;
 
-                /* XXX: use libedit */
-                if (fgets(cmd, sizeof(cmd), infile) == NULL) {
-                        printf("\n");
-                        break;
+                        if ((line = el_gets(el, &count)) == NULL || count <= 0)
+                                break;
+                        history(hl, &hev, H_ENTER, line);
+                        if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
+                                fprintf(stderr, "Error: input line too long\n");
+                                continue;
+                        }
+#endif /* USE_LIBEDIT */
                 }
 
-                if (batchmode) /* Echo command */
-                        printf("%s", cmd);
-
                 cp = strrchr(cmd, '\n');
                 if (cp)
                         *cp = '\0';
@@ -1420,6 +1479,7 @@ main(int argc, char **argv)
                                 fatal("%s (%s).", strerror(errno), optarg);
                         showprogress = 0;
                         batchmode = 1;
+                        addargs(&args, "-obatchmode yes");
                         break;
                 case 'P':
                         sftp_direct = optarg;
diff --git a/ssh-add.0 b/ssh-add.0
index 7b85995a8..28a2ad222 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -4,7 +4,7 @@ NAME
      ssh-add - adds RSA or DSA identities to the authentication agent
 
 SYNOPSIS
-     ssh-add [-lLdDxXc] [-t life] [file ...]
+     ssh-add [-cDdLlXx] [-t life] [file ...]
      ssh-add -s reader
      ssh-add -e reader
 
@@ -22,37 +22,37 @@ DESCRIPTION
 
      The options are as follows:
 
-     -l      Lists fingerprints of all identities currently represented by the
-             agent.
+     -c      Indicates that added identities should be subject to confirmation
+             before being used for authentication.  Confirmation is performed
+             by the SSH_ASKPASS program mentioned below.  Successful confirma-
+             tion is signaled by a zero exit status from the SSH_ASKPASS pro-
+             gram, rather than text entered into the requester.
 
-     -L      Lists public key parameters of all identities currently repre-
-             sented by the agent.
+     -D      Deletes all identities from the agent.
 
      -d      Instead of adding the identity, removes the identity from the
              agent.
 
-     -D      Deletes all identities from the agent.
+     -e reader
+             Remove key in smartcard reader.
 
-     -x      Lock the agent with a password.
+     -L      Lists public key parameters of all identities currently repre-
+             sented by the agent.
 
-     -X      Unlock the agent.
+     -l      Lists fingerprints of all identities currently represented by the
+             agent.
+
+     -s reader
+             Add key in smartcard reader.
 
      -t life
              Set a maximum lifetime when adding identities to an agent.  The
              lifetime may be specified in seconds or in a time format speci-
              fied in sshd_config(5).
 
-     -c      Indicates that added identities should be subject to confirmation
-             before being used for authentication.  Confirmation is performed
-             by the SSH_ASKPASS program mentioned below.  Successful confirma-
-             tion is signaled by a zero exit status from the SSH_ASKPASS pro-
-             gram, rather than text entered into the requester.
-
-     -s reader
-             Add key in smartcard reader.
+     -X      Unlock the agent.
 
-     -e reader
-             Remove key in smartcard reader.
+     -x      Lock the agent with a password.
 
 ENVIRONMENT
      DISPLAY and SSH_ASKPASS
@@ -61,7 +61,7 @@ ENVIRONMENT
              does not have a terminal associated with it but DISPLAY and
              SSH_ASKPASS are set, it will execute the program specified by
              SSH_ASKPASS and open an X11 window to read the passphrase.  This
-             is particularly useful when calling ssh-add from a .Xsession or
+             is particularly useful when calling ssh-add from a .xsession or
              related script.  (Note that on some machines it may be necessary
              to redirect the input from /dev/null to make this work.)
 
diff --git a/ssh-add.1 b/ssh-add.1
index 6348197b3..1f3df5bec 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $
+.\"     $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -45,7 +45,7 @@
 .Nd adds RSA or DSA identities to the authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl lLdDxXc
+.Op Fl cDdLlXx
 .Op Fl t Ar life
 .Op Ar
 .Nm ssh-add
@@ -77,23 +77,6 @@ to work.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl l
-Lists fingerprints of all identities currently represented by the agent.
-.It Fl L
-Lists public key parameters of all identities currently represented by the agent.
-.It Fl d
-Instead of adding the identity, removes the identity from the agent.
-.It Fl D
-Deletes all identities from the agent.
-.It Fl x
-Lock the agent with a password.
-.It Fl X
-Unlock the agent.
-.It Fl t Ar life
-Set a maximum lifetime when adding identities to an agent.
-The lifetime may be specified in seconds or in a time format
-specified in
-.Xr sshd_config 5 .
 .It Fl c
 Indicates that added identities should be subject to confirmation before
 being used for authentication.
@@ -103,12 +86,30 @@ program mentioned below.
 Successful confirmation is signaled by a zero exit status from the
 .Ev SSH_ASKPASS
 program, rather than text entered into the requester.
-.It Fl s Ar reader
-Add key in smartcard
-.Ar reader .
+.It Fl D
+Deletes all identities from the agent.
+.It Fl d
+Instead of adding the identity, removes the identity from the agent.
 .It Fl e Ar reader
 Remove key in smartcard
 .Ar reader .
+.It Fl L
+Lists public key parameters of all identities currently represented
+by the agent.
+.It Fl l
+Lists fingerprints of all identities currently represented by the agent.
+.It Fl s Ar reader
+Add key in smartcard
+.Ar reader .
+.It Fl t Ar life
+Set a maximum lifetime when adding identities to an agent.
+The lifetime may be specified in seconds or in a time format
+specified in
+.Xr sshd_config 5 .
+.It Fl X
+Unlock the agent.
+.It Fl x
+Lock the agent with a password.
 .El
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
@@ -129,7 +130,7 @@ and open an X11 window to read the passphrase.
 This is particularly useful when calling
 .Nm
 from a
-.Pa .Xsession
+.Pa .xsession
 or related script.
 (Note that on some machines it
 may be necessary to redirect the input from
diff --git a/ssh-agent.c b/ssh-agent.c
index bc4d8d33a..dd7e22ad5 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -168,23 +168,15 @@ lookup_identity(Key *key, int version)
 static int
 confirm_key(Identity *id)
 {
-        char *p, prompt[1024];
+        char *p;
         int ret = -1;
 
         p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
-        snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
-            "Key fingerprint %s.", id->comment, p);
+        if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+            id->comment, p))
+                ret = 0;
         xfree(p);
-        p = read_passphrase(prompt, RP_ALLOW_EOF);
-        if (p != NULL) {
-                /*
-                 * Accept empty responses and responses consisting
-                 * of the word "yes" as affirmative.
-                 */
-                if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
-                        ret = 0;
-                xfree(p);
-        }
+
         return (ret);
 }
 
@@ -1010,9 +1002,7 @@ main(int ac, char **av)
 #ifdef HAVE_SETRLIMIT
         struct rlimit rlim;
 #endif
-#ifdef HAVE_CYGWIN
         int prev_mask;
-#endif
         extern int optind;
         extern char *optarg;
         pid_t pid;
@@ -1124,24 +1114,20 @@ main(int ac, char **av)
         sock = socket(AF_UNIX, SOCK_STREAM, 0);
         if (sock < 0) {
                 perror("socket");
+                *socket_name = '\0'; /* Don't unlink any existing file */
                 cleanup_exit(1);
         }
         memset(&sunaddr, 0, sizeof(sunaddr));
         sunaddr.sun_family = AF_UNIX;
         strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
-#ifdef HAVE_CYGWIN
         prev_mask = umask(0177);
-#endif
         if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
                 perror("bind");
-#ifdef HAVE_CYGWIN
+                *socket_name = '\0'; /* Don't unlink any existing file */
                 umask(prev_mask);
-#endif
                 cleanup_exit(1);
         }
-#ifdef HAVE_CYGWIN
         umask(prev_mask);
-#endif
         if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                 perror("listen");
                 cleanup_exit(1);
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 38e50b121..998b6f1e0 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -14,6 +14,9 @@ SYNOPSIS
      ssh-keygen -l [-f input_keyfile]
      ssh-keygen -B [-f input_keyfile]
      ssh-keygen -D reader
+     ssh-keygen -F hostname [-f known_hosts_file]
+     ssh-keygen -H [-f known_hosts_file]
+     ssh-keygen -R hostname [-f known_hosts_file]
      ssh-keygen -U reader [-f input_keyfile]
      ssh-keygen -r hostname [-f input_keyfile] [-g]
      ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
@@ -67,27 +70,54 @@ DESCRIPTION
              Specifies the number of primality tests to perform when screening
              DH-GEX candidates using the -T command.
 
+     -B      Show the bubblebabble digest of specified private or public key
+             file.
+
      -b bits
              Specifies the number of bits in the key to create.  Minimum is
              512 bits.  Generally, 1024 bits is considered sufficient.  The
              default is 1024 bits.
 
+     -C comment
+             Provides a new comment.
+
      -c      Requests changing the comment in the private and public key
              files.  This operation is only supported for RSA1 keys.  The pro-
              gram will prompt for the file containing the private keys, for
              the passphrase if the key has one, and for the new comment.
 
+     -D reader
+             Download the RSA public key stored in the smartcard in reader.
+
      -e      This option will read a private or public OpenSSH key file and
              print the key in a `SECSH Public Key File Format' to stdout.
              This option allows exporting keys for use by several commercial
              SSH implementations.
 
-     -g      Use generic DNS format when printing fingerprint resource records
-             using the -r command.
+     -F hostname
+             Search for the specified hostname in a known_hosts file, listing
+             any occurrences found.  This option is useful to find hashed host
+             names or addresses and may also be used in conjunction with the
+             -H option to print found keys in a hashed format.
 
      -f filename
              Specifies the filename of the key file.
 
+     -G output_file
+             Generate candidate primes for DH-GEX.  These primes must be
+             screened for safety (using the -T option) before use.
+
+     -g      Use generic DNS format when printing fingerprint resource records
+             using the -r command.
+
+     -H      Hash a known_hosts file, printing the result to standard output.
+             This replaces all hostnames and addresses with hashed representa-
+             tions.  These hashes may be used normally by ssh and sshd, but
+             they do not reveal identifying information should the file's con-
+             tents be disclosed.  This option will not modify existing hashed
+             hostnames and is therefore safe to use on files that mix hashed
+             and non-hashed names.
+
      -i      This option will read an unencrypted private (or public) key file
              in SSH2-compatible format and print an OpenSSH compatible private
              (or public) key to stdout.  ssh-keygen also reads the `SECSH
@@ -98,34 +128,6 @@ DESCRIPTION
              are also supported.  For RSA and DSA keys ssh-keygen tries to
              find the matching public key file and prints its fingerprint.
 
-     -p      Requests changing the passphrase of a private key file instead of
-             creating a new private key.  The program will prompt for the file
-             containing the private key, for the old passphrase, and twice for
-             the new passphrase.
-
-     -q      Silence ssh-keygen.  Used by /etc/rc when creating a new key.
-
-     -y      This option will read a private OpenSSH format file and print an
-             OpenSSH public key to stdout.
-
-     -t type
-             Specifies the type of the key to create.  The possible values are
-             ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto-
-             col version 2.
-
-     -B      Show the bubblebabble digest of specified private or public key
-             file.
-
-     -C comment
-             Provides the new comment.
-
-     -D reader
-             Download the RSA public key stored in the smartcard in reader.
-
-     -G output_file
-             Generate candidate primes for DH-GEX.  These primes must be
-             screened for safety (using the -T option) before use.
-
      -M memory
              Specify the amount of memory to use (in megabytes) when generat-
              ing candidate moduli for DH-GEX.
@@ -136,6 +138,22 @@ DESCRIPTION
      -P passphrase
              Provides the (old) passphrase.
 
+     -p      Requests changing the passphrase of a private key file instead of
+             creating a new private key.  The program will prompt for the file
+             containing the private key, for the old passphrase, and twice for
+             the new passphrase.
+
+     -q      Silence ssh-keygen.  Used by /etc/rc when creating a new key.
+
+     -R hostname
+             Removes all keys belonging to hostname from a known_hosts file.
+             This option is useful to delete hashed hosts (see the -H option
+             above).
+
+     -r hostname
+             Print the SSHFP fingerprint resource record named hostname for
+             the specified public key file.
+
      -S start
              Specify start point (in hex) when generating candidate moduli for
              DH-GEX.
@@ -144,9 +162,10 @@ DESCRIPTION
              Test DH group exchange candidate primes (generated using the -G
              option) for safety.
 
-     -W generator
-             Specify desired generator when testing candidate moduli for DH-
-             GEX.
+     -t type
+             Specifies the type of key to create.  The possible values are
+             ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto-
+             col version 2.
 
      -U reader
              Upload an existing RSA private key into the smartcard in reader.
@@ -156,9 +175,12 @@ DESCRIPTION
              tion.  Multiple -v options increase the verbosity.  The maximum
              is 3.
 
-     -r hostname
-             Print the SSHFP fingerprint resource record named hostname for
-             the specified public key file.
+     -W generator
+             Specify desired generator when testing candidate moduli for DH-
+             GEX.
+
+     -y      This option will read a private OpenSSH format file and print an
+             OpenSSH public key to stdout.
 
 MODULI GENERATION
      ssh-keygen may be used to generate groups for the Diffie-Hellman Group
@@ -170,7 +192,7 @@ MODULI GENERATION
      Generation of primes is performed using the -G option.  The desired
      length of the primes may be specified by the -b option.  For example:
 
-           ssh-keygen -G moduli-2048.candidates -b 2048
+           # ssh-keygen -G moduli-2048.candidates -b 2048
 
      By default, the search for primes begins at a random point in the desired
      length range.  This may be overridden using the -S option, which speci-
@@ -181,13 +203,13 @@ MODULI GENERATION
      ssh-keygen will read candidates from standard input (or a file specified
      using the -f option).  For example:
 
-           ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+           # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
 
      By default, each candidate will be subjected to 100 primality tests.
      This may be overridden using the -a option.  The DH generator value will
      be chosen automatically for the prime under consideration.  If a specific
      generator is desired, it may be requested using the -W option.  Valid
-     generator values are 2, 3 and 5.
+     generator values are 2, 3, and 5.
 
      Screened DH groups may be installed in /etc/moduli.  It is important that
      this file contains moduli of a range of bit lengths and that both ends of
@@ -259,4 +281,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 3.6                   September 25, 1999                             4
+OpenBSD 3.6                   September 25, 1999                             5
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index c0f24dcd0..3987b1e66 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -81,6 +81,15 @@
 .Nm ssh-keygen
 .Fl D Ar reader
 .Nm ssh-keygen
+.Fl F Ar hostname
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
+.Fl H
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
+.Fl R Ar hostname
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
 .Fl U Ar reader
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
@@ -174,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX
 candidates using the
 .Fl T
 command.
+.It Fl B
+Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
 Generally, 1024 bits is considered sufficient.
 The default is 1024 bits.
+.It Fl C Ar comment
+Provides a new comment.
 .It Fl c
 Requests changing the comment in the private and public key files.
 This operation is only supported for RSA1 keys.
 The program will prompt for the file containing the private keys, for
 the passphrase if the key has one, and for the new comment.
+.It Fl D Ar reader
+Download the RSA public key stored in the smartcard in
+.Ar reader .
 .It Fl e
 This option will read a private or public OpenSSH key file and
 print the key in a
@@ -191,12 +207,41 @@ print the key in a
 to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.
+.It Fl F Ar hostname
+Search for the specified
+.Ar hostname
+in a
+.Pa known_hosts
+file, listing any occurrences found.
+This option is useful to find hashed host names or addresses and may also be
+used in conjunction with the
+.Fl H
+option to print found keys in a hashed format.
+.It Fl f Ar filename
+Specifies the filename of the key file.
+.It Fl G Ar output_file
+Generate candidate primes for DH-GEX.
+These primes must be screened for
+safety (using the
+.Fl T
+option) before use.
 .It Fl g
 Use generic DNS format when printing fingerprint resource records using the
 .Fl r
 command.
-.It Fl f Ar filename
-Specifies the filename of the key file.
+.It Fl H
+Hash a
+.Pa known_hosts
+file, printing the result to standard output.
+This replaces all hostnames and addresses with hashed representations.
+These hashes may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
+This option will not modify existing hashed hostnames and is therefore safe
+to use on files that mix hashed and non-hashed names.
 .It Fl i
 This option will read an unencrypted private (or public) key file
 in SSH2-compatible format and print an OpenSSH compatible private
@@ -212,6 +257,13 @@ Private RSA1 keys are also supported.
 For RSA and DSA keys
 .Nm
 tries to find the matching public key file and prints its fingerprint.
+.It Fl M Ar memory
+Specify the amount of memory to use (in megabytes) when generating
+candidate moduli for DH-GEX.
+.It Fl N Ar new_passphrase
+Provides the new passphrase.
+.It Fl P Ar passphrase
+Provides the (old) passphrase.
 .It Fl p
 Requests changing the passphrase of a private key file instead of
 creating a new private key.
@@ -224,11 +276,27 @@ Silence
 Used by
 .Pa /etc/rc
 when creating a new key.
-.It Fl y
-This option will read a private
-OpenSSH format file and print an OpenSSH public key to stdout.
+.It Fl R Ar hostname
+Removes all keys belonging to
+.Ar hostname
+from a
+.Pa known_hosts
+file.
+This option is useful to delete hashed hosts (see the
+.Fl H
+option above).
+.It Fl r Ar hostname
+Print the SSHFP fingerprint resource record named
+.Ar hostname
+for the specified public key file.
+.It Fl S Ar start
+Specify start point (in hex) when generating candidate moduli for DH-GEX.
+.It Fl T Ar output_file
+Test DH group exchange candidate primes (generated using the
+.Fl G
+option) for safety.
 .It Fl t Ar type
-Specifies the type of the key to create.
+Specifies the type of key to create.
 The possible values are
 .Dq rsa1
 for protocol version 1 and
@@ -236,34 +304,6 @@ for protocol version 1 and
 or
 .Dq dsa
 for protocol version 2.
-.It Fl B
-Show the bubblebabble digest of specified private or public key file.
-.It Fl C Ar comment
-Provides the new comment.
-.It Fl D Ar reader
-Download the RSA public key stored in the smartcard in
-.Ar reader .
-.It Fl G Ar output_file
-Generate candidate primes for DH-GEX.
-These primes must be screened for
-safety (using the
-.Fl T
-option) before use.
-.It Fl M Ar memory
-Specify the amount of memory to use (in megabytes) when generating
-candidate moduli for DH-GEX.
-.It Fl N Ar new_passphrase
-Provides the new passphrase.
-.It Fl P Ar passphrase
-Provides the (old) passphrase.
-.It Fl S Ar start
-Specify start point (in hex) when generating candidate moduli for DH-GEX.
-.It Fl T Ar output_file
-Test DH group exchange candidate primes (generated using the
-.Fl G
-option) for safety.
-.It Fl W Ar generator
-Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
@@ -277,10 +317,11 @@ Multiple
 .Fl v
 options increase the verbosity.
 The maximum is 3.
-.It Fl r Ar hostname
-Print the SSHFP fingerprint resource record named
-.Ar hostname
-for the specified public key file.
+.It Fl W Ar generator
+Specify desired generator when testing candidate moduli for DH-GEX.
+.It Fl y
+This option will read a private
+OpenSSH format file and print an OpenSSH public key to stdout.
 .El
 .Sh MODULI GENERATION
 .Nm
@@ -299,7 +340,7 @@ The desired length of the primes may be specified by the
 option.
 For example:
 .Pp
-.Dl ssh-keygen -G moduli-2048.candidates -b 2048
+.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
 .Pp
 By default, the search for primes begins at a random point in the
 desired length range.
@@ -319,7 +360,7 @@ will read candidates from standard input (or a file specified using the
 option).
 For example:
 .Pp
-.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
 .Pp
 By default, each candidate will be subjected to 100 primality tests.
 This may be overridden using the
@@ -330,7 +371,7 @@ prime under consideration.
 If a specific generator is desired, it may be requested using the
 .Fl W
 option.
-Valid generator values are 2, 3 and 5.
+Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
 .Pa /etc/moduli .
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d39e7d881..a9931d4d8 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -27,6 +27,8 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $");
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
+#include "match.h"
+#include "hostfile.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
@@ -50,6 +52,13 @@ int change_comment = 0;
 
 int quiet = 0;
 
+/* Flag indicating that we want to hash a known_hosts file */
+int hash_hosts = 0;
+/* Flag indicating that we want lookup a host in known_hosts file */
+int find_host = 0;
+/* Flag indicating that we want to delete a host from a known_hosts file */
+int delete_host = 0;
+
 /* Flag indicating that we just want to see the key fingerprint */
 int print_fingerprint = 0;
 int print_bubblebabble = 0;
@@ -239,6 +248,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
         } else if (strstr(type, "rsa")) {
                 ktype = KEY_RSA;
         } else {
+                buffer_free(&b);
                 xfree(type);
                 return NULL;
         }
@@ -540,6 +550,201 @@ do_fingerprint(struct passwd *pw)
         exit(0);
 }
 
+static void
+print_host(FILE *f, char *name, Key *public, int hash)
+{
+        if (hash && (name = host_hash(name, NULL, 0)) == NULL)
+                fatal("hash_host failed");
+        fprintf(f, "%s ", name);
+        if (!key_write(public, f))
+                fatal("key_write failed");
+        fprintf(f, "\n");
+}
+
+static void
+do_known_hosts(struct passwd *pw, const char *name)
+{
+        FILE *in, *out = stdout;
+        Key *public;
+        char *cp, *cp2, *kp, *kp2;
+        char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
+        int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
+
+        if (!have_identity) {
+                cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
+                if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
+                    sizeof(identity_file))
+                        fatal("Specified known hosts path too long");
+                xfree(cp);
+                have_identity = 1;
+        }
+        if ((in = fopen(identity_file, "r")) == NULL)
+                fatal("fopen: %s", strerror(errno));
+
+        /*
+         * Find hosts goes to stdout, hash and deletions happen in-place
+         * A corner case is ssh-keygen -HF foo, which should go to stdout
+         */
+        if (!find_host && (hash_hosts || delete_host)) {
+                if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) ||
+                    strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) ||
+                    strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) ||
+                    strlcat(old, ".old", sizeof(old)) >= sizeof(old))
+                        fatal("known_hosts path too long");
+                umask(077);
+                if ((c = mkstemp(tmp)) == -1)
+                        fatal("mkstemp: %s", strerror(errno));
+                if ((out = fdopen(c, "w")) == NULL) {
+                        c = errno;
+                        unlink(tmp);
+                        fatal("fdopen: %s", strerror(c));
+                }
+                inplace = 1;
+        }
+
+        while (fgets(line, sizeof(line), in)) {
+                num++;
+                i = strlen(line) - 1;
+                if (line[i] != '\n') {
+                        error("line %d too long: %.40s...", num, line);
+                        skip = 1;
+                        invalid = 1;
+                        continue;
+                }
+                if (skip) {
+                        skip = 0;
+                        continue;
+                }
+                line[i] = '\0';
+
+                /* Skip leading whitespace, empty and comment lines. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+                        ;
+                if (!*cp || *cp == '\n' || *cp == '#') {
+                        if (inplace)
+                                fprintf(out, "%s\n", cp);
+                        continue;
+                }
+                /* Find the end of the host name portion. */
+                for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++)
+                        ;
+                if (*kp == '\0' || *(kp + 1) == '\0') {
+                        error("line %d missing key: %.40s...",
+                            num, line);
+                        invalid = 1;
+                        continue;
+                }
+                *kp++ = '\0';
+                kp2 = kp;
+
+                public = key_new(KEY_RSA1);
+                if (key_read(public, &kp) != 1) {
+                        kp = kp2;
+                        key_free(public);
+                        public = key_new(KEY_UNSPEC);
+                        if (key_read(public, &kp) != 1) {
+                                error("line %d invalid key: %.40s...",
+                                    num, line);
+                                key_free(public);
+                                invalid = 1;
+                                continue;
+                        }
+                }
+
+                if (*cp == HASH_DELIM) {
+                        if (find_host || delete_host) {
+                                cp2 = host_hash(name, cp, strlen(cp));
+                                if (cp2 == NULL) {
+                                        error("line %d: invalid hashed "
+                                            "name: %.64s...", num, line);
+                                        invalid = 1;
+                                        continue;
+                                }
+                                c = (strcmp(cp2, cp) == 0);
+                                if (find_host && c) {
+                                        printf("# Host %s found: "
+                                            "line %d type %s\n", name,
+                                            num, key_type(public));
+                                        print_host(out, cp, public, 0);
+                                }
+                                if (delete_host && !c)
+                                        print_host(out, cp, public, 0);
+                        } else if (hash_hosts)
+                                print_host(out, cp, public, 0);
+                } else {
+                        if (find_host || delete_host) {
+                                c = (match_hostname(name, cp,
+                                    strlen(cp)) == 1);
+                                if (find_host && c) {
+                                        printf("# Host %s found: "
+                                            "line %d type %s\n", name,
+                                            num, key_type(public));
+                                        print_host(out, cp, public, hash_hosts);
+                                }
+                                if (delete_host && !c)
+                                        print_host(out, cp, public, 0);
+                        } else if (hash_hosts) {
+                                for(cp2 = strsep(&cp, ",");
+                                    cp2 != NULL && *cp2 != '\0';
+                                    cp2 = strsep(&cp, ",")) {
+                                        if (strcspn(cp2, "*?!") != strlen(cp2))
+                                                fprintf(stderr, "Warning: "
+                                                    "ignoring host name with "
+                                                    "metacharacters: %.64s\n",
+                                                    cp2);
+                                        else
+                                                print_host(out, cp2, public, 1);
+                                }
+                                has_unhashed = 1;
+                        }
+                }
+                key_free(public);
+        }
+        fclose(in);
+
+        if (invalid) {
+                fprintf(stderr, "%s is not a valid known_host file.\n",
+                    identity_file);
+                if (inplace) {
+                        fprintf(stderr, "Not replacing existing known_hosts "
+                            "file beacuse of errors");
+                        fclose(out);
+                        unlink(tmp);
+                }
+                exit(1);
+        }
+
+        if (inplace) {
+                fclose(out);
+
+                /* Backup existing file */
+                if (unlink(old) == -1 && errno != ENOENT)
+                        fatal("unlink %.100s: %s", old, strerror(errno));
+                if (link(identity_file, old) == -1)
+                        fatal("link %.100s to %.100s: %s", identity_file, old,
+                            strerror(errno));
+                /* Move new one into place */
+                if (rename(tmp, identity_file) == -1) {
+                        error("rename\"%s\" to \"%s\": %s", tmp, identity_file,
+                            strerror(errno));
+                        unlink(tmp);
+                        unlink(old);
+                        exit(1);
+                }
+
+                fprintf(stderr, "%s updated.\n", identity_file);
+                fprintf(stderr, "Original contents retained as %s\n", old);
+                if (has_unhashed) {
+                        fprintf(stderr, "WARNING: %s contains unhashed "
+                            "entries\n", old);
+                        fprintf(stderr, "Delete this file to ensure privacy "
+                             "of hostnames\n");
+                }
+        }
+
+        exit(0);
+}
+
 /*
  * Perform changing a passphrase.  The argument is the passwd structure
  * for the current user.
@@ -766,6 +971,8 @@ usage(void)
         fprintf(stderr, "  -y          Read private key file and print public key.\n");
         fprintf(stderr, "  -t type     Specify type of key to create.\n");
         fprintf(stderr, "  -B          Show bubblebabble digest of key file.\n");
+        fprintf(stderr, "  -H          Hash names in known_hosts file\n");
+        fprintf(stderr, "  -F hostname Find hostname in known hosts file\n");
         fprintf(stderr, "  -C comment  Provide new comment.\n");
         fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
         fprintf(stderr, "  -P phrase   Provide old passphrase.\n");
@@ -789,7 +996,7 @@ main(int ac, char **av)
 {
         char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
         char out_file[MAXPATHLEN], *reader_id = NULL;
-        char *resource_record_hostname = NULL;
+        char *rr_hostname = NULL;
         Key *private, *public;
         struct passwd *pw;
         struct stat st;
@@ -823,7 +1030,7 @@ main(int ac, char **av)
         }
 
         while ((opt = getopt(ac, av,
-            "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
+            "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
                 switch (opt) {
                 case 'b':
                         bits = atoi(optarg);
@@ -832,6 +1039,17 @@ main(int ac, char **av)
                                 exit(1);
                         }
                         break;
+                case 'F':
+                        find_host = 1;
+                        rr_hostname = optarg;
+                        break;
+                case 'H':
+                        hash_hosts = 1;
+                        break;
+                case 'R':
+                        delete_host = 1;
+                        rr_hostname = optarg;
+                        break;
                 case 'l':
                         print_fingerprint = 1;
                         break;
@@ -863,10 +1081,6 @@ main(int ac, char **av)
                 case 'q':
                         quiet = 1;
                         break;
-                case 'R':
-                        /* unused */
-                        exit(0);
-                        break;
                 case 'e':
                 case 'x':
                         /* export key */
@@ -901,7 +1115,7 @@ main(int ac, char **av)
                         }
                         break;
                 case 'r':
-                        resource_record_hostname = optarg;
+                        rr_hostname = optarg;
                         break;
                 case 'W':
                         generator_wanted = atoi(optarg);
@@ -944,6 +1158,8 @@ main(int ac, char **av)
                 printf("Can only have one of -p and -c.\n");
                 usage();
         }
+        if (delete_host || hash_hosts || find_host)
+                do_known_hosts(pw, rr_hostname);
         if (print_fingerprint || print_bubblebabble)
                 do_fingerprint(pw);
         if (change_passphrase)
@@ -956,8 +1172,8 @@ main(int ac, char **av)
                 do_convert_from_ssh2(pw);
         if (print_public)
                 do_print_public(pw);
-        if (resource_record_hostname != NULL) {
-                do_print_resource_record(pw, resource_record_hostname);
+        if (rr_hostname != NULL) {
+                do_print_resource_record(pw, rr_hostname);
         }
         if (reader_id != NULL) {
 #ifdef SMARTCARD
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index a218fbf2b..4bbfd1483 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -4,7 +4,7 @@ NAME
      ssh-keyscan - gather ssh public keys
 
 SYNOPSIS
-     ssh-keyscan [-v46] [-p port] [-T timeout] [-t type] [-f file]
+     ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type]
                  [host | addrlist namelist] [...]
 
 DESCRIPTION
@@ -22,6 +22,19 @@ DESCRIPTION
 
      The options are as follows:
 
+     -4      Forces ssh-keyscan to use IPv4 addresses only.
+
+     -6      Forces ssh-keyscan to use IPv6 addresses only.
+
+     -f file
+             Read hosts or addrlist namelist pairs from this file, one per
+             line.  If - is supplied instead of a filename, ssh-keyscan will
+             read hosts or addrlist namelist pairs from the standard input.
+
+     -H      Hash all hostnames and addresses in the output.  Hashed names may
+             be used normally by ssh and sshd, but they do not reveal identi-
+             fying information should the file's contents be disclosed.
+
      -p port
              Port to connect to on the remote host.
 
@@ -39,18 +52,9 @@ DESCRIPTION
              be specified by separating them with commas.  The default is
              ``rsa1''.
 
-     -f filename
-             Read hosts or addrlist namelist pairs from this file, one per
-             line.  If - is supplied instead of a filename, ssh-keyscan will
-             read hosts or addrlist namelist pairs from the standard input.
-
      -v      Verbose mode.  Causes ssh-keyscan to print debugging messages
              about its progress.
 
-     -4      Forces ssh-keyscan to use IPv4 addresses only.
-
-     -6      Forces ssh-keyscan to use IPv6 addresses only.
-
 SECURITY
      If a ssh_known_hosts file is constructed using ssh-keyscan without veri-
      fying the keys, users will be vulnerable to man in the middle attacks.
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 9efcf5213..7e846f77c 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $
+.\"     $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -15,11 +15,11 @@
 .Sh SYNOPSIS
 .Nm ssh-keyscan
 .Bk -words
-.Op Fl v46
+.Op Fl 46Hv
+.Op Fl f Ar file
 .Op Fl p Ar port
 .Op Fl T Ar timeout
 .Op Fl t Ar type
-.Op Fl f Ar file
 .Op Ar host | addrlist namelist
 .Op Ar ...
 .Ek
@@ -46,6 +46,33 @@ scanning process involve any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl f Ar file
+Read hosts or
+.Pa addrlist namelist
+pairs from this file, one per line.
+If
+.Pa -
+is supplied instead of a filename,
+.Nm
+will read hosts or
+.Pa addrlist namelist
+pairs from the standard input.
+.It Fl H
+Hash all hostnames and addresses in the output.
+Hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
 .It Fl p Ar port
 Port to connect to on the remote host.
 .It Fl T Ar timeout
@@ -68,30 +95,11 @@ for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
 .Dq rsa1 .
-.It Fl f Ar filename
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
 .It Fl v
 Verbose mode.
 Causes
 .Nm
 to print debugging messages about its progress.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh SECURITY
 If a ssh_known_hosts file is constructed using
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 2f9221605..7d10c6c3e 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $");
 #include "log.h"
 #include "atomicio.h"
 #include "misc.h"
+#include "hostfile.h"
 
 /* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
    Default value is AF_UNSPEC means both IPv4 and IPv6. */
@@ -41,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT;
 
 int get_keytypes = KT_RSA1;     /* Get only RSA1 keys by default */
 
+int hash_hosts = 0;             /* Hash hostname on output */
+
 #define MAXMAXFD 256
 
 /* The number of seconds after which to give up on a TCP connection */
@@ -366,10 +369,14 @@ keygrab_ssh2(con *c)
 static void
 keyprint(con *c, Key *key)
 {
+        char *host = c->c_output_name ? c->c_output_name : c->c_name;
+
         if (!key)
                 return;
+        if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
+                fatal("host_hash failed");
 
-        fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
+        fprintf(stdout, "%s ", host);
         key_write(key, stdout);
         fputs("\n", stdout);
 }
@@ -676,7 +683,7 @@ fatal(const char *fmt,...)
 static void
 usage(void)
 {
-        fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n"
+        fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
             "\t\t   [host | addrlist namelist] [...]\n",
             __progname);
         exit(1);
@@ -700,8 +707,11 @@ main(int argc, char **argv)
         if (argc <= 1)
                 usage();
 
-        while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
+        while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
                 switch (opt) {
+                case 'H':
+                        hash_hosts = 1;
+                        break;
                 case 'p':
                         ssh_port = a2port(optarg);
                         if (ssh_port == 0) {
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 517655790..04597a91d 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -151,7 +151,8 @@ main(int argc, char **argv)
         key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
         key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
 
-        if ((pw = getpwuid(getuid())) == NULL)
+        original_real_uid = getuid();   /* XXX readconf.c needs this */
+        if ((pw = getpwuid(original_real_uid)) == NULL)
                 fatal("getpwuid failed");
         pw = pwcopy(pw);
 
@@ -166,7 +167,6 @@ main(int argc, char **argv)
 #endif
 
         /* verify that ssh-keysign is enabled by the admin */
-        original_real_uid = getuid();   /* XXX readconf.c needs this */
         initialize_options(&options);
         (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
         fill_default_options(&options);
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 86af3893d..d7d8d0f3b 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE        48
@@ -209,6 +209,22 @@ done:
         return rval;
 }
 
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+        debug("trying egd/prngd port %d", PRNGD_PORT);
+        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+                return 0;
+#endif
+#ifdef PRNGD_SOCKET
+        debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+                return 0;
+#endif
+        return -1;
+}
+
 double
 stir_gettimeofday(double entropy_estimate)
 {
@@ -534,10 +550,11 @@ prng_check_seedfile(char *filename)
 void
 prng_write_seedfile(void)
 {
-        int fd;
+        int fd, save_errno;
         unsigned char seed[SEED_FILE_SIZE];
-        char filename[MAXPATHLEN];
+        char filename[MAXPATHLEN], tmpseed[MAXPATHLEN];
         struct passwd *pw;
+        mode_t old_umask;
 
         pw = getpwuid(getuid());
         if (pw == NULL)
@@ -552,7 +569,10 @@ prng_write_seedfile(void)
         snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
             SSH_PRNG_SEED_FILE);
 
-        debug("writing PRNG seed to file %.100s", filename);
+        strlcpy(tmpseed, filename, sizeof(tmpseed));
+        if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >=
+            sizeof(tmpseed))
+                fatal("PRNG seed filename too long");
 
         if (RAND_bytes(seed, sizeof(seed)) <= 0)
                 fatal("PRNG seed extraction failed");
@@ -560,15 +580,31 @@ prng_write_seedfile(void)
         /* Don't care if the seed doesn't exist */
         prng_check_seedfile(filename);
 
-        if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
-                debug("WARNING: couldn't access PRNG seedfile %.100s "
-                    "(%.100s)", filename, strerror(errno));
+        old_umask = umask(0177);
+
+        if ((fd = mkstemp(tmpseed)) == -1) {
+                debug("WARNING: couldn't make temporary PRNG seedfile %.100s "
+                    "(%.100s)", tmpseed, strerror(errno));
         } else {
-                if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))
+                debug("writing PRNG seed to file %.100s", tmpseed);
+                if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) {
+                        save_errno = errno;
+                        close(fd);
+                        unlink(tmpseed);
                         fatal("problem writing PRNG seedfile %.100s "
-                            "(%.100s)", filename, strerror(errno));
+                            "(%.100s)", filename, strerror(save_errno));
+                }
                 close(fd);
+                debug("moving temporary PRNG seed to file %.100s", filename);
+                if (rename(tmpseed, filename) == -1) {
+                        save_errno = errno;
+                        unlink(tmpseed);
+                        fatal("problem renaming PRNG seedfile from %.100s "
+                            "to %.100s (%.100s)", tmpseed, filename, 
+                            strerror(save_errno));
+                }
         }
+        umask(old_umask);
 }
 
 void
@@ -747,7 +783,7 @@ usage(void)
         fprintf(stderr, "Usage: %s [options]\n", __progname);
         fprintf(stderr, "  -v          Verbose; display verbose debugging messages.\n");
         fprintf(stderr, "              Multiple -v increases verbosity.\n");
-        fprintf(stderr, "  -x          Force output in hexidecimal (for debugging)\n");
+        fprintf(stderr, "  -x          Force output in hexadecimal (for debugging)\n");
         fprintf(stderr, "  -X          Force output in binary\n");
         fprintf(stderr, "  -b bytes    Number of bytes to output (default %d)\n",
             OUTPUT_SEED_SIZE);
@@ -815,21 +851,16 @@ main(int argc, char **argv)
         debug("Seeded RNG with %i bytes from system calls",
             (int)stir_from_system());
 
-#ifdef PRNGD_PORT
-        if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#elif defined(PRNGD_SOCKET)
-        if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1)
-                fatal("Entropy collection failed");
-        RAND_add(buf, bytes, bytes);
-#else
-        /* Read in collection commands */
-        if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
-                fatal("PRNG initialisation failed -- exiting.");
-        debug("Seeded RNG with %i bytes from programs",
-            (int)stir_from_programs());
-#endif
+        /* try prngd, fall back to commands if prngd fails or not configured */
+        if (seed_from_prngd(buf, bytes) == 0) {
+                RAND_add(buf, bytes, bytes);
+        } else {
+                /* Read in collection commands */
+                if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+                        fatal("PRNG initialisation failed -- exiting.");
+                debug("Seeded RNG with %i bytes from programs",
+                    (int)stir_from_programs());
+        }
 
 #ifdef USE_SEED_FILES
         prng_write_seedfile();
@@ -857,3 +888,15 @@ main(int argc, char **argv)
 
         return ret == bytes ? 0 : 1;
 }
+
+/*
+ * We may attempt to re-seed during mkstemp if we are using the one in the
+ * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we
+ * need our own seed_rng().  We must also check that we have enough entropy.
+ */
+void
+seed_rng(void)
+{
+        if (!RAND_status())
+                fatal("Not enough entropy in RNG");
+}
diff --git a/ssh.0 b/ssh.0
index c1006e29f..7ef493013 100644
--- a/ssh.0
+++ b/ssh.0
@@ -6,8 +6,10 @@ NAME
 SYNOPSIS
      ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
          [-D port] [-e escape_char] [-F configfile] [-i identity_file]
-         [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]
-         [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]
+         [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
+         [-O ctl_cmd] [-o option] [-p port]
+         [-R [bind_address:]port:host:hostport] [-S ctl_path] [user@]hostname
+         [command]
 
 DESCRIPTION
      ssh (SSH client) is a program for logging into a remote machine and for
@@ -24,27 +26,22 @@ DESCRIPTION
      of a login shell.
 
    SSH protocol version 1
-     First, if the machine the user logs in from is listed in /etc/hosts.equiv
-     or /etc/shosts.equiv on the remote machine, and the user names are the
-     same on both sides, the user is immediately permitted to log in.  Second,
-     if .rhosts or .shosts exists in the user's home directory on the remote
-     machine and contains a line containing the name of the client machine and
-     the name of the user on that machine, the user is permitted to log in.
-     This form of authentication alone is normally not allowed by the server
-     because it is not secure.
-
-     The second authentication method is the rhosts or hosts.equiv method com-
-     bined with RSA-based host authentication.  It means that if the login
-     would be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or
-     /etc/shosts.equiv, and if additionally the server can verify the client's
-     host key (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the
-     FILES section), only then is login permitted.  This authentication method
-     closes security holes due to IP spoofing, DNS spoofing and routing spoof-
-     ing.  [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and
-     the rlogin/rsh protocol in general, are inherently insecure and should be
+     The first authentication method is the rhosts or hosts.equiv method com-
+     bined with RSA-based host authentication.  If the machine the user logs
+     in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
+     machine, and the user names are the same on both sides, or if the files
+     $HOME/.rhosts or $HOME/.shosts exist in the user's home directory on the
+     remote machine and contain a line containing the name of the client ma-
+     chine and the name of the user on that machine, the user is considered
+     for log in.  Additionally, if the server can verify the client's host key
+     (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the FILES
+     section), only then is login permitted.  This authentication method clos-
+     es security holes due to IP spoofing, DNS spoofing and routing spoofing.
+     [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and the
+     rlogin/rsh protocol in general, are inherently insecure and should be
      disabled if security is desired.]
 
-     As a third authentication method, ssh supports RSA based authentication.
+     As a second authentication method, ssh supports RSA based authentication.
      The scheme is based on public-key cryptography: there are cryptosystems
      where encryption and decryption are done using separate keys, and it is
      not possible to derive the decryption key from the encryption key.  RSA
@@ -70,8 +67,7 @@ DESCRIPTION
      directory on the remote machine (the authorized_keys file corresponds to
      the conventional $HOME/.rhosts file, and has one key per line, though the
      lines can be very long).  After this, the user can log in without giving
-     the password.  RSA authentication is much more secure than rhosts authen-
-     tication.
+     the password.
 
      The most convenient way to use RSA authentication may be with an authen-
      tication agent.  See ssh-agent(1) for more information.
@@ -323,16 +319,24 @@ DESCRIPTION
      -k      Disables forwarding (delegation) of GSSAPI credentials to the
              server.
 
-     -L port:host:hostport
+     -L [bind_address:]port:host:hostport
              Specifies that the given port on the local (client) host is to be
              forwarded to the given host and port on the remote side.  This
              works by allocating a socket to listen to port on the local side,
-             and whenever a connection is made to this port, the connection is
-             forwarded over the secure channel, and a connection is made to
-             host port hostport from the remote machine.  Port forwardings can
-             also be specified in the configuration file.  Only root can for-
-             ward privileged ports.  IPv6 addresses can be specified with an
-             alternative syntax: port/host/hostport.
+             optionally bound to the specified bind_address.  Whenever a con-
+             nection is made to this port, the connection is forwarded over
+             the secure channel, and a connection is made to host port
+             hostport from the remote machine.  Port forwardings can also be
+             specified in the configuration file.  IPv6 addresses can be spec-
+             ified with an alternative syntax: [bind_address/]port/host/host-
+             port or by enclosing the address in square brackets.  Only the
+             superuser can forward privileged ports.  By default, the local
+             port is bound in accordance with the GatewayPorts setting.  How-
+             ever, an explicit bind_address may be used to bind the connection
+             to a specific address.  The bind_address of ``localhost'' indi-
+             cates that the listening port be bound for local use only, while
+             an empty address or `*' indicates that the port should be avail-
+             able from all interfaces.
 
      -l login_name
              Specifies the user to log in as on the remote machine.  This also
@@ -359,6 +363,13 @@ DESCRIPTION
              will be put in the background.  (This does not work if ssh needs
              to ask for a password or passphrase; see also the -f option.)
 
+     -O ctl_cmd
+             Control an active connection multiplexing master process.  When
+             the -O option is specified, the ctl_cmd argument is interpreted
+             and passed to the master process.  Valid commands are: ``check''
+             (check that the master process is running) and ``exit'' (request
+             the master to exit).
+
      -o option
              Can be used to give options in the format used in the configura-
              tion file.  This is useful for specifying options for which there
@@ -388,6 +399,7 @@ DESCRIPTION
                    GlobalKnownHostsFile
                    GSSAPIAuthentication
                    GSSAPIDelegateCredentials
+                   HashKnownHosts
                    Host
                    HostbasedAuthentication
                    HostKeyAlgorithms
@@ -395,6 +407,7 @@ DESCRIPTION
                    HostName
                    IdentityFile
                    IdentitiesOnly
+                   KbdInteractiveDevices
                    LocalForward
                    LogLevel
                    MACs
@@ -428,19 +441,29 @@ DESCRIPTION
      -q      Quiet mode.  Causes all warning and diagnostic messages to be
              suppressed.
 
-     -R port:host:hostport
+     -R [bind_address:]port:host:hostport
              Specifies that the given port on the remote (server) host is to
              be forwarded to the given host and port on the local side.  This
              works by allocating a socket to listen to port on the remote
              side, and whenever a connection is made to this port, the connec-
              tion is forwarded over the secure channel, and a connection is
-             made to host port hostport from the local machine.  Port forward-
-             ings can also be specified in the configuration file.  Privileged
-             ports can be forwarded only when logging in as root on the remote
-             machine.  IPv6 addresses can be specified with an alternative
-             syntax: port/host/hostport.
-
-     -S ctl  Specifies the location of a control socket for connection shar-
+             made to host port hostport from the local machine.
+
+             Port forwardings can also be specified in the configuration file.
+             Privileged ports can be forwarded only when logging in as root on
+             the remote machine.  IPv6 addresses can be specified by enclosing
+             the address in square braces or using an alternative syntax:
+             [bind_address/]host/port/hostport.
+
+             By default, the listening socket on the server will be bound to
+             the loopback interface only.  This may be overriden by specifying
+             a bind_address.  An empty bind_address, or the address `*', indi-
+             cates that the remote socket should listen on all interfaces.
+             Specifying a remote bind_address will only succeed if the serv-
+             er's GatewayPorts option is enabled (see sshd_config(5)).
+
+     -S ctl_path
+             Specifies the location of a control socket for connection shar-
              ing.  Refer to the description of ControlPath and ControlMaster
              in ssh_config(5) for details.
 
@@ -473,9 +496,15 @@ DESCRIPTION
              through the forwarded connection.  An attacker may then be able
              to perform activities such as keystroke monitoring.
 
+             For this reason, X11 forwarding is subjected to X11 SECURITY ex-
+             tension restrictions by default.  Please refer to the ssh -Y op-
+             tion and the ForwardX11Trusted directive in ssh_config(5) for
+             more information.
+
      -x      Disables X11 forwarding.
 
-     -Y      Enables trusted X11 forwarding.
+     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
+             subjected to the X11 SECURITY extension controls.
 
 CONFIGURATION FILES
      ssh may additionally obtain configuration data from a per-user configura-
@@ -509,7 +538,7 @@ ENVIRONMENT
               have a terminal associated with it but DISPLAY and SSH_ASKPASS
               are set, it will execute the program specified by SSH_ASKPASS
               and open an X11 window to read the passphrase.  This is particu-
-              larly useful when calling ssh from a .Xsession or related
+              larly useful when calling ssh from a .xsession or related
               script.  (Note that on some machines it may be necessary to
               redirect the input from /dev/null to make this work.)
 
@@ -620,7 +649,8 @@ FILES
              method is used.  By default ssh is not setuid root.
 
      $HOME/.rhosts
-             This file is used in rhosts authentication to list the host/user
+             This file is used in RhostsRSAAuthentication and
+             HostbasedAuthentication authentication to list the host/user
              pairs that are permitted to log in.  (Note that this file is also
              used by rlogin and rsh, which makes using this file insecure.)
              Each line of the file contains a host name (in the canonical form
@@ -632,27 +662,29 @@ FILES
              for anyone else.  The recommended permission for most machines is
              read/write for the user, and not accessible by others.
 
-             Note that by default sshd(8) will be installed so that it re-
-             quires successful RSA host authentication before permitting
-             rhosts authentication.  If the server machine does not have the
-             client's host key in /etc/ssh/ssh_known_hosts, it can be stored
-             in $HOME/.ssh/known_hosts.  The easiest way to do this is to con-
-             nect back to the client from the server machine using ssh; this
-             will automatically add the host key to $HOME/.ssh/known_hosts.
+             Note that sshd(8) allows authentication only in combination with
+             client host key authentication before permitting log in.  If the
+             server machine does not have the client's host key in
+             /etc/ssh/ssh_known_hosts, it can be stored in
+             $HOME/.ssh/known_hosts.  The easiest way to do this is to connect
+             back to the client from the server machine using ssh; this will
+             automatically add the host key to $HOME/.ssh/known_hosts.
 
      $HOME/.shosts
              This file is used exactly the same way as .rhosts.  The purpose
-             for having this file is to be able to use rhosts authentication
-             with ssh without permitting login with rlogin or rsh(1).
+             for having this file is to be able to use RhostsRSAAuthentication
+             and HostbasedAuthentication authentication without permitting lo-
+             gin with rlogin or rsh(1).
 
      /etc/hosts.equiv
-             This file is used during rhosts authentication.  It contains
-             canonical hosts names, one per line (the full format is described
-             in the sshd(8) manual page).  If the client host is found in this
-             file, login is automatically permitted provided client and server
-             user names are the same.  Additionally, successful RSA host au-
-             thentication is normally required.  This file should only be
-             writable by root.
+             This file is used during RhostsRSAAuthentication and
+             HostbasedAuthentication authentication.  It contains canonical
+             hosts names, one per line (the full format is described in the
+             sshd(8) manual page).  If the client host is found in this file,
+             login is automatically permitted provided client and server user
+             names are the same.  Additionally, successful client host key au-
+             thentication is required.  This file should only be writable by
+             root.
 
      /etc/shosts.equiv
              This file is processed exactly as /etc/hosts.equiv.  This file
diff --git a/ssh.1 b/ssh.1
index d08fb0e01..f5df15c04 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
+.\" $OpenBSD: ssh.1,v 1.205 2005/03/07 23:41:54 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -43,40 +43,35 @@
 .Nd OpenSSH SSH client (remote login program)
 .Sh SYNOPSIS
 .Nm ssh
+.Bk -words
 .Op Fl 1246AaCfgkMNnqsTtVvXxY
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
-.Bk -words
 .Op Fl D Ar port
 .Op Fl e Ar escape_char
 .Op Fl F Ar configfile
 .Op Fl i Ar identity_file
-.Oo Fl L Xo
+.Oo Fl L\ \&
 .Sm off
-.Ar port :
-.Ar host :
-.Ar hostport
+.Oo Ar bind_address : Oc
+.Ar port : host : hostport
 .Sm on
-.Xc
 .Oc
-.Ek
 .Op Fl l Ar login_name
 .Op Fl m Ar mac_spec
+.Op Fl O Ar ctl_cmd
 .Op Fl o Ar option
-.Bk -words
 .Op Fl p Ar port
-.Ek
-.Oo Fl R Xo
+.Oo Fl R\ \&
 .Sm off
-.Ar port :
-.Ar host :
-.Ar hostport
+.Oo Ar bind_address : Oc
+.Ar port : host : hostport
 .Sm on
-.Xc
 .Oc
-.Op Fl S Ar ctl
+.Op Fl S Ar ctl_path
 .Oo Ar user Ns @ Oc Ns Ar hostname
 .Op Ar command
+.Ek
 .Sh DESCRIPTION
 .Nm
 (SSH client) is a program for logging into a remote machine and for
@@ -103,35 +98,25 @@ is specified,
 .Ar command
 is executed on the remote host instead of a login shell.
 .Ss SSH protocol version 1
-First, if the machine the user logs in from is listed in
+The first authentication method is the
+.Em rhosts
+or
+.Em hosts.equiv
+method combined with RSA-based host authentication.
+If the machine the user logs in from is listed in
 .Pa /etc/hosts.equiv
 or
 .Pa /etc/shosts.equiv
 on the remote machine, and the user names are
-the same on both sides, the user is immediately permitted to log in.
-Second, if
-.Pa .rhosts
+the same on both sides, or if the files
+.Pa $HOME/.rhosts
 or
-.Pa .shosts
-exists in the user's home directory on the
-remote machine and contains a line containing the name of the client
+.Pa $HOME/.shosts
+exist in the user's home directory on the
+remote machine and contain a line containing the name of the client
 machine and the name of the user on that machine, the user is
-permitted to log in.
-This form of authentication alone is normally not
-allowed by the server because it is not secure.
-.Pp
-The second authentication method is the
-.Em rhosts
-or
-.Em hosts.equiv
-method combined with RSA-based host authentication.
-It means that if the login would be permitted by
-.Pa $HOME/.rhosts ,
-.Pa $HOME/.shosts ,
-.Pa /etc/hosts.equiv ,
-or
-.Pa /etc/shosts.equiv ,
-and if additionally the server can verify the client's
+considered for log in.
+Additionally, if the server can verify the client's
 host key (see
 .Pa /etc/ssh/ssh_known_hosts
 and
@@ -147,7 +132,7 @@ spoofing, DNS spoofing and routing spoofing.
 and the rlogin/rsh protocol in general, are inherently insecure and should be
 disabled if security is desired.]
 .Pp
-As a third authentication method,
+As a second authentication method,
 .Nm
 supports RSA based authentication.
 The scheme is based on public-key cryptography: there are cryptosystems
@@ -195,9 +180,6 @@ file corresponds to the conventional
 file, and has one key
 per line, though the lines can be very long).
 After this, the user can log in without giving the password.
-RSA authentication is much more secure than
-.Em rhosts
-authentication.
 .Pp
 The most convenient way to use RSA authentication may be with an
 authentication agent.
@@ -582,6 +564,7 @@ configuration files).
 Disables forwarding (delegation) of GSSAPI credentials to the server.
 .It Fl L Xo
 .Sm off
+.Oo Ar bind_address : Oc
 .Ar port : host : hostport
 .Sm on
 .Xc
@@ -589,7 +572,9 @@ Specifies that the given port on the local (client) host is to be
 forwarded to the given host and port on the remote side.
 This works by allocating a socket to listen to
 .Ar port
-on the local side, and whenever a connection is made to this port, the
+on the local side, optionally bound to the specified
+.Ar bind_address .
+Whenever a connection is made to this port, the
 connection is forwarded over the secure channel, and a connection is
 made to
 .Ar host
@@ -597,14 +582,30 @@ port
 .Ar hostport
 from the remote machine.
 Port forwardings can also be specified in the configuration file.
-Only root can forward privileged ports.
 IPv6 addresses can be specified with an alternative syntax:
 .Sm off
 .Xo
+.Op Ar bind_address No /
 .Ar port No / Ar host No /
-.Ar hostport .
+.Ar hostport
 .Xc
 .Sm on
+or by enclosing the address in square brackets.
+Only the superuser can forward privileged ports.
+By default, the local port is bound in accordance with the
+.Cm GatewayPorts
+setting.
+However, an explicit
+.Ar bind_address
+may be used to bind the connection to a specific address.
+The
+.Ar bind_address
+of
+.Dq localhost
+indicates that the listening port be bound for local use only, while an
+empty address or
+.Sq *
+indicates that the port should be available from all interfaces.
 .It Fl l Ar login_name
 Specifies the user to log in as on the remote machine.
 This also may be specified on a per-host basis in the configuration file.
@@ -650,6 +651,18 @@ program will be put in the background.
 needs to ask for a password or passphrase; see also the
 .Fl f
 option.)
+.It Fl O Ar ctl_cmd
+Control an active connection multiplexing master process.
+When the
+.Fl O
+option is specified, the
+.Ar ctl_cmd
+argument is interpreted and passed to the master process.
+Valid commands are:
+.Dq check
+(check that the master process is running) and
+.Dq exit
+(request the master to exit).
 .It Fl o Ar option
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
@@ -681,6 +694,7 @@ For full details of the options listed below, and their possible values, see
 .It GlobalKnownHostsFile
 .It GSSAPIAuthentication
 .It GSSAPIDelegateCredentials
+.It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
 .It HostKeyAlgorithms
@@ -688,6 +702,7 @@ For full details of the options listed below, and their possible values, see
 .It HostName
 .It IdentityFile
 .It IdentitiesOnly
+.It KbdInteractiveDevices
 .It LocalForward
 .It LogLevel
 .It MACs
@@ -727,6 +742,7 @@ If a second
 is given then even fatal errors are suppressed.
 .It Fl R Xo
 .Sm off
+.Oo Ar bind_address : Oc
 .Ar port : host : hostport
 .Sm on
 .Xc
@@ -741,17 +757,36 @@ made to
 port
 .Ar hostport
 from the local machine.
+.Pp
 Port forwardings can also be specified in the configuration file.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
-IPv6 addresses can be specified with an alternative syntax:
+IPv6 addresses can be specified by enclosing the address in square braces or
+using an alternative syntax:
 .Sm off
 .Xo
-.Ar port No / Ar host No /
-.Ar hostport .
-.Xc
+.Op Ar bind_address No /
+.Ar host No / Ar port No /
+.Ar hostport
+.Xc .
 .Sm on
-.It Fl S Ar ctl
+.Pp
+By default, the listening socket on the server will be bound to the loopback
+interface only.
+This may be overriden by specifying a
+.Ar bind_address .
+An empty
+.Ar bind_address ,
+or the address
+.Ql * ,
+indicates that the remote socket should listen on all interfaces.
+Specifying a remote
+.Ar bind_address
+will only succeed if the server's
+.Cm GatewayPorts
+option is enabled (see
+.Xr sshd_config 5 ) .
+.It Fl S Ar ctl_path
 Specifies the location of a control socket for connection sharing.
 Refer to the description of
 .Cm ControlPath
@@ -800,10 +835,23 @@ Users with the ability to bypass file permissions on the remote host
 (for the user's X authorization database)
 can access the local X11 display through the forwarded connection.
 An attacker may then be able to perform activities such as keystroke monitoring.
+.Pp
+For this reason, X11 forwarding is subjected to X11 SECURITY extension
+restrictions by default.
+Please refer to the
+.Nm
+.Fl Y
+option and the
+.Cm ForwardX11Trusted
+directive in
+.Xr ssh_config 5
+for more information.
 .It Fl x
 Disables X11 forwarding.
 .It Fl Y
 Enables trusted X11 forwarding.
+Trusted X11 forwardings are not subjected to the X11 SECURITY extension
+controls.
 .El
 .Sh CONFIGURATION FILES
 .Nm
@@ -863,7 +911,7 @@ and open an X11 window to read the passphrase.
 This is particularly useful when calling
 .Nm
 from a
-.Pa .Xsession
+.Pa .xsession
 or related script.
 (Note that on some machines it
 may be necessary to redirect the input from
@@ -1016,7 +1064,9 @@ By default
 is not setuid root.
 .It Pa $HOME/.rhosts
 This file is used in
-.Em rhosts
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication
 authentication to list the
 host/user pairs that are permitted to log in.
 (Note that this file is
@@ -1035,12 +1085,10 @@ The recommended
 permission for most machines is read/write for the user, and not
 accessible by others.
 .Pp
-Note that by default
+Note that
 .Xr sshd 8
-will be installed so that it requires successful RSA host
-authentication before permitting
-.Em rhosts
-authentication.
+allows authentication only in combination with client host key
+authentication before permitting log in.
 If the server machine does not have the client's host key in
 .Pa /etc/ssh/ssh_known_hosts ,
 it can be stored in
@@ -1053,15 +1101,19 @@ will automatically add the host key to
 This file is used exactly the same way as
 .Pa .rhosts .
 The purpose for
-having this file is to be able to use rhosts authentication with
-.Nm
-without permitting login with
+having this file is to be able to use
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication
+authentication without permitting login with
 .Xr rlogin
 or
 .Xr rsh 1 .
 .It Pa /etc/hosts.equiv
 This file is used during
-.Em rhosts
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication
 authentication.
 It contains
 canonical hosts names, one per line (the full format is described in the
@@ -1070,8 +1122,7 @@ manual page).
 If the client host is found in this file, login is
 automatically permitted provided client and server user names are the
 same.
-Additionally, successful RSA host authentication is normally
-required.
+Additionally, successful client host key authentication is required.
 This file should only be writable by root.
 .It Pa /etc/shosts.equiv
 This file is processed exactly as
diff --git a/ssh.c b/ssh.c
index 0a2f8f711..1b03543c3 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -144,6 +144,9 @@ pid_t proxy_command_pid = 0;
 /* fd to control socket */
 int control_fd = -1;
 
+/* Multiplexing control command */
+static u_int mux_command = SSHMUX_COMMAND_OPEN;
+
 /* Only used in control client mode */
 volatile sig_atomic_t control_client_terminate = 0;
 u_int control_server_pid = 0;
@@ -154,10 +157,12 @@ static void
 usage(void)
 {
         fprintf(stderr,
-"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
-"           [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"
-"           [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"
-"           [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n"
+"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
+"           [-D port] [-e escape_char] [-F configfile]\n"
+"           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
+"           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
+"           [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
+"           [user@]hostname [command]\n"
         );
         exit(1);
 }
@@ -174,14 +179,13 @@ int
 main(int ac, char **av)
 {
         int i, opt, exit_status;
-        u_short fwd_port, fwd_host_port;
-        char sfwd_port[6], sfwd_host_port[6];
         char *p, *cp, *line, buf[256];
         struct stat st;
         struct passwd *pw;
         int dummy;
         extern int optind, optreset;
         extern char *optarg;
+        Forward fwd;
 
         __progname = ssh_get_progname(av[0]);
         init_rng();
@@ -236,7 +240,7 @@ main(int ac, char **av)
 
 again:
         while ((opt = getopt(ac, av,
-            "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) {
+            "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) {
                 switch (opt) {
                 case '1':
                         options.protocol = SSH_PROTO_1;
@@ -270,6 +274,14 @@ again:
                 case 'g':
                         options.gateway_ports = 1;
                         break;
+                case 'O':
+                        if (strcmp(optarg, "check") == 0)
+                                mux_command = SSHMUX_COMMAND_ALIVE_CHECK;
+                        else if (strcmp(optarg, "exit") == 0)
+                                mux_command = SSHMUX_COMMAND_TERMINATE;
+                        else
+                                fatal("Invalid multiplex command.");
+                        break;
                 case 'P':       /* deprecated */
                         options.use_privileged_port = 0;
                         break;
@@ -285,7 +297,8 @@ again:
                 case 'i':
                         if (stat(optarg, &st) < 0) {
                                 fprintf(stderr, "Warning: Identity file %s "
-                                    "does not exist.\n", optarg);
+                                    "not accessible: %s.\n", optarg,
+                                    strerror(errno));
                                 break;
                         }
                         if (options.num_identity_files >=
@@ -316,10 +329,10 @@ again:
                                         options.log_level++;
                                 break;
                         }
-                        /* fallthrough */
+                        /* FALLTHROUGH */
                 case 'V':
                         fprintf(stderr, "%s, %s\n",
-                            SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
+                            SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
                         if (opt == 'V')
                                 exit(0);
                         break;
@@ -393,39 +406,51 @@ again:
                         break;
 
                 case 'L':
-                case 'R':
-                        if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
-                            sfwd_port, buf, sfwd_host_port) != 3 &&
-                            sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
-                            sfwd_port, buf, sfwd_host_port) != 3) {
+                        if (parse_forward(&fwd, optarg))
+                                add_local_forward(&options, &fwd);
+                        else {
                                 fprintf(stderr,
-                                    "Bad forwarding specification '%s'\n",
+                                    "Bad local forwarding specification '%s'\n",
                                     optarg);
-                                usage();
-                                /* NOTREACHED */
+                                exit(1);
                         }
-                        if ((fwd_port = a2port(sfwd_port)) == 0 ||
-                            (fwd_host_port = a2port(sfwd_host_port)) == 0) {
+                        break;
+
+                case 'R':
+                        if (parse_forward(&fwd, optarg)) {
+                                add_remote_forward(&options, &fwd);
+                        } else {
                                 fprintf(stderr,
-                                    "Bad forwarding port(s) '%s'\n", optarg);
+                                    "Bad remote forwarding specification "
+                                    "'%s'\n", optarg);
                                 exit(1);
                         }
-                        if (opt == 'L')
-                                add_local_forward(&options, fwd_port, buf,
-                                    fwd_host_port);
-                        else if (opt == 'R')
-                                add_remote_forward(&options, fwd_port, buf,
-                                    fwd_host_port);
                         break;
 
                 case 'D':
-                        fwd_port = a2port(optarg);
-                        if (fwd_port == 0) {
+                        cp = p = xstrdup(optarg);
+                        memset(&fwd, '\0', sizeof(fwd));
+                        fwd.connect_host = "socks";
+                        if ((fwd.listen_host = hpdelim(&cp)) == NULL) {
+                                fprintf(stderr, "Bad dynamic forwarding "
+                                    "specification '%.100s'\n", optarg);
+                                exit(1);
+                        }
+                        if (cp != NULL) {
+                                fwd.listen_port = a2port(cp);
+                                fwd.listen_host = cleanhostname(fwd.listen_host);
+                        } else {
+                                fwd.listen_port = a2port(fwd.listen_host);
+                                fwd.listen_host = "";
+                        }
+
+                        if (fwd.listen_port == 0) {
                                 fprintf(stderr, "Bad dynamic port '%s'\n",
                                     optarg);
                                 exit(1);
                         }
-                        add_local_forward(&options, fwd_port, "socks", 0);
+                        add_local_forward(&options, &fwd);
+                        xfree(p);
                         break;
 
                 case 'C':
@@ -834,14 +859,19 @@ ssh_init_forwarding(void)
 
         /* Initiate local TCP/IP port forwardings. */
         for (i = 0; i < options.num_local_forwards; i++) {
-                debug("Connections to local port %d forwarded to remote address %.200s:%d",
-                    options.local_forwards[i].port,
-                    options.local_forwards[i].host,
-                    options.local_forwards[i].host_port);
+                debug("Local connections to %.200s:%d forwarded to remote "
+                    "address %.200s:%d",
+                    (options.local_forwards[i].listen_host == NULL) ? 
+                    (options.gateway_ports ? "*" : "LOCALHOST") : 
+                    options.local_forwards[i].listen_host,
+                    options.local_forwards[i].listen_port,
+                    options.local_forwards[i].connect_host,
+                    options.local_forwards[i].connect_port);
                 success += channel_setup_local_fwd_listener(
-                    options.local_forwards[i].port,
-                    options.local_forwards[i].host,
-                    options.local_forwards[i].host_port,
+                    options.local_forwards[i].listen_host,
+                    options.local_forwards[i].listen_port,
+                    options.local_forwards[i].connect_host,
+                    options.local_forwards[i].connect_port,
                     options.gateway_ports);
         }
         if (i > 0 && success == 0)
@@ -849,14 +879,17 @@ ssh_init_forwarding(void)
 
         /* Initiate remote TCP/IP port forwardings. */
         for (i = 0; i < options.num_remote_forwards; i++) {
-                debug("Connections to remote port %d forwarded to local address %.200s:%d",
-                    options.remote_forwards[i].port,
-                    options.remote_forwards[i].host,
-                    options.remote_forwards[i].host_port);
+                debug("Remote connections from %.200s:%d forwarded to "
+                    "local address %.200s:%d",
+                    options.remote_forwards[i].listen_host,
+                    options.remote_forwards[i].listen_port,
+                    options.remote_forwards[i].connect_host,
+                    options.remote_forwards[i].connect_port);
                 channel_request_remote_forwarding(
-                    options.remote_forwards[i].port,
-                    options.remote_forwards[i].host,
-                    options.remote_forwards[i].host_port);
+                    options.remote_forwards[i].listen_host,
+                    options.remote_forwards[i].listen_port,
+                    options.remote_forwards[i].connect_host,
+                    options.remote_forwards[i].connect_port);
         }
 }
 
@@ -1032,12 +1065,12 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
                 return;
         debug("remote forward %s for: listen %d, connect %s:%d",
             type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
-            options.remote_forwards[i].port,
-            options.remote_forwards[i].host,
-            options.remote_forwards[i].host_port);
+            options.remote_forwards[i].listen_port,
+            options.remote_forwards[i].connect_host,
+            options.remote_forwards[i].connect_port);
         if (type == SSH2_MSG_REQUEST_FAILURE)
-                logit("Warning: remote port forwarding failed for listen port %d",
-                    options.remote_forwards[i].port);
+                logit("Warning: remote port forwarding failed for listen "
+                    "port %d", options.remote_forwards[i].listen_port);
 }
 
 static void
@@ -1254,10 +1287,20 @@ static void
 control_client(const char *path)
 {
         struct sockaddr_un addr;
-        int i, r, sock, exitval, num_env, addr_len;
+        int i, r, fd, sock, exitval, num_env, addr_len;
         Buffer m;
-        char *cp;
+        char *term;
         extern char **environ;
+        u_int  flags;
+
+        if (stdin_null_flag) {
+                if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
+                        fatal("open(/dev/null): %s", strerror(errno));
+                if (dup2(fd, STDIN_FILENO) == -1)
+                        fatal("dup2: %s", strerror(errno));
+                if (fd > STDERR_FILENO)
+                        close(fd);
+        }
 
         memset(&addr, '\0', sizeof(addr));
         addr.sun_family = AF_UNIX;
@@ -1274,26 +1317,52 @@ control_client(const char *path)
         if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1)
                 fatal("Couldn't connect to %s: %s", path, strerror(errno));
 
-        if ((cp = getenv("TERM")) == NULL)
-                cp = "";
+        if ((term = getenv("TERM")) == NULL)
+                term = "";
+
+        flags = 0;
+        if (tty_flag)
+                flags |= SSHMUX_FLAG_TTY;
+        if (subsystem_flag)
+                flags |= SSHMUX_FLAG_SUBSYS;
 
         buffer_init(&m);
 
-        /* Get PID of controlee */
+        /* Send our command to server */
+        buffer_put_int(&m, mux_command);
+        buffer_put_int(&m, flags);
+        if (ssh_msg_send(sock, /* version */1, &m) == -1)
+                fatal("%s: msg_send", __func__);
+        buffer_clear(&m);
+
+        /* Get authorisation status and PID of controlee */
         if (ssh_msg_recv(sock, &m) == -1)
                 fatal("%s: msg_recv", __func__);
-        if (buffer_get_char(&m) != 0)
+        if (buffer_get_char(&m) != 1)
                 fatal("%s: wrong version", __func__);
-        /* Connection allowed? */
         if (buffer_get_int(&m) != 1)
                 fatal("Connection to master denied");
         control_server_pid = buffer_get_int(&m);
 
         buffer_clear(&m);
-        buffer_put_int(&m, tty_flag);
-        buffer_put_int(&m, subsystem_flag);
-        buffer_put_cstring(&m, cp);
 
+        switch (mux_command) {
+        case SSHMUX_COMMAND_ALIVE_CHECK:
+                fprintf(stderr, "Master running (pid=%d)\r\n", 
+                    control_server_pid);
+                exit(0);
+        case SSHMUX_COMMAND_TERMINATE:
+                fprintf(stderr, "Exit request sent.\r\n");
+                exit(0);
+        case SSHMUX_COMMAND_OPEN:
+                /* continue below */
+                break;
+        default:
+                fatal("silly mux_command %d", mux_command);
+        }
+
+        /* SSHMUX_COMMAND_OPEN */
+        buffer_put_cstring(&m, term);
         buffer_append(&command, "\0", 1);
         buffer_put_cstring(&m, buffer_ptr(&command));
 
@@ -1315,7 +1384,7 @@ control_client(const char *path)
                         }
         }
 
-        if (ssh_msg_send(sock, /* version */0, &m) == -1)
+        if (ssh_msg_send(sock, /* version */1, &m) == -1)
                 fatal("%s: msg_send", __func__);
 
         mm_send_fd(sock, STDIN_FILENO);
@@ -1326,10 +1395,11 @@ control_client(const char *path)
         buffer_clear(&m);
         if (ssh_msg_recv(sock, &m) == -1)
                 fatal("%s: msg_recv", __func__);
-        if (buffer_get_char(&m) != 0)
-                fatal("%s: master returned error", __func__);
+        if (buffer_get_char(&m) != 1)
+                fatal("%s: wrong version", __func__);
         buffer_free(&m);
 
+        signal(SIGHUP, control_client_sighandler);
         signal(SIGINT, control_client_sighandler);
         signal(SIGTERM, control_client_sighandler);
         signal(SIGWINCH, control_client_sigrelay);
diff --git a/ssh.h b/ssh.h
index a3b2ebbb5..07592415b 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */
+/*      $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $        */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,6 +40,13 @@
 #define SSH_MAX_IDENTITY_FILES          100
 
 /*
+ * Maximum length of lines in authorized_keys file.
+ * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * some room for options and comments.
+ */
+#define SSH_MAX_PUBKEY_BYTES            8192
+
+/*
  * Major protocol version.  Different version indicates major incompatibility
  * that prevents communication.
  *
diff --git a/ssh1.h b/ssh1.h
index cc7fbc8b0..1741c229a 100644
--- a/ssh1.h
+++ b/ssh1.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $        */
+/*      $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,6 +18,9 @@
  * for compatibility.  The maximum value is 254; value 255 is reserved for
  * future extension.
  */
+/* Ranges */
+#define SSH_MSG_MIN                             1
+#define SSH_MSG_MAX                             254
 /* Message name */                      /* msg code */  /* arguments */
 #define SSH_MSG_NONE                            0       /* no message */
 #define SSH_MSG_DISCONNECT                      1       /* cause (string) */
diff --git a/ssh_config b/ssh_config
index acd5db21a..67dde0769 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
+#       $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -13,7 +13,9 @@
 # Thus, host-specific definitions should be at the beginning of the
 # configuration file, and defaults at the end.
 
-# Site-wide defaults for various options
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
 
 Host *
 #   ForwardAgent no
diff --git a/ssh_config.0 b/ssh_config.0
index d1a6ab364..9577abc48 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -15,7 +15,7 @@ DESCRIPTION
            3.   system-wide configuration file (/etc/ssh/ssh_config)
 
      For each parameter, the first obtained value will be used.  The configu-
-     ration files contain sections bracketed by ``Host'' specifications, and
+     ration files contain sections separated by ``Host'' specifications, and
      that section is only applied for hosts that match one of the patterns
      given in the specification.  The matched host name is the one given on
      the command line.
@@ -47,8 +47,8 @@ DESCRIPTION
 
      AddressFamily
              Specifies which address family to use when connecting.  Valid ar-
-             guments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use
-             IPv6 only.)
+             guments are ``any'', ``inet'' (use IPv4 only) or ``inet6'' (use
+             IPv6 only).
 
      BatchMode
              If set to ``yes'', passphrase/password querying will be disabled.
@@ -189,10 +189,14 @@ DESCRIPTION
 
      ForwardX11Trusted
              If this option is set to ``yes'' then remote X11 clients will
-             have full access to the original X11 display.  If this option is
-             set to ``no'' then remote X11 clients will be considered untrust-
-             ed and prevented from stealing or tampering with data belonging
-             to trusted X11 clients.
+             have full access to the original X11 display.
+
+             If this option is set to ``no'' then remote X11 clients will be
+             considered untrusted and prevented from stealing or tampering
+             with data belonging to trusted X11 clients.  Furthermore, the
+             xauth(1) token used for the session will be set to expire after
+             20 minutes.  Remote clients will be refused access after this
+             time.
 
              The default is ``no''.
 
@@ -222,6 +226,15 @@ DESCRIPTION
              ``no''.  Note that this option applies to protocol version 2 on-
              ly.
 
+     HashKnownHosts
+             Indicates that ssh should hash host names and addresses when they
+             are added to $HOME/.ssh/known_hosts.  These hashed names may be
+             used normally by ssh and sshd, but they do not reveal identifying
+             information should the file's contents be disclosed.  The default
+             is ``no''.  Note that hashing of names and addresses will not be
+             retrospectively applied to existing known hosts files, but these
+             may be manually hashed using ssh-keygen(1).
+
      HostbasedAuthentication
              Specifies whether to try rhosts based authentication with public
              key authentication.  The argument must be ``yes'' or ``no''.  The
@@ -265,14 +278,26 @@ DESCRIPTION
              ssh-agent offers many different identities.  The default is
              ``no''.
 
+     KbdInteractiveDevices
+             Specifies the list of methods to use in keyboard-interactive au-
+             thentication.  Multiple method names must be comma-separated.
+             The default is to use the server specified list.
+
      LocalForward
              Specifies that a TCP/IP port on the local machine be forwarded
              over the secure channel to the specified host and port from the
              remote machine.  The first argument must be a port number, and
-             the second must be host:port.  IPv6 addresses can be specified
-             with an alternative syntax: host/port.  Multiple forwardings may
-             be specified, and additional forwardings can be given on the com-
-             mand line.  Only the superuser can forward privileged ports.
+             the second must be [bind_address:]host:port.  IPv6 addresses can
+             be specified by enclosing addresses in square brackets or by us-
+             ing an alternative syntax: [bind_address/]host/port.  Multiple
+             forwardings may be specified, and additional forwardings can be
+             given on the command line.  Only the superuser can forward privi-
+             leged ports.  By default, the local port is bound in accordance
+             with the GatewayPorts setting.  However, an explicit bind_address
+             may be used to bind the connection to a specific address.  The
+             bind_address of ``localhost'' indicates that the listening port
+             be bound for local use only, while an empty address or `*' indi-
+             cates that the port should be available from all interfaces.
 
      LogLevel
              Gives the verbosity level that is used when logging messages from
@@ -345,10 +370,18 @@ DESCRIPTION
              Specifies that a TCP/IP port on the remote machine be forwarded
              over the secure channel to the specified host and port from the
              local machine.  The first argument must be a port number, and the
-             second must be host:port.  IPv6 addresses can be specified with
-             an alternative syntax: host/port.  Multiple forwardings may be
-             specified, and additional forwardings can be given on the command
-             line.  Only the superuser can forward privileged ports.
+             second must be [bind_address:]host:port.  IPv6 addresses can be
+             specified by enclosing any addresses in square brackets or by us-
+             ing the alternative syntax: [bind_address/]host/port.  Multiple
+             forwardings may be specified, and additional forwardings can be
+             given on the command line.  Only the superuser can forward privi-
+             leged ports.
+
+             If the bind_address is not specified, the default is to only bind
+             to loopback addresses.  If the bind_address is `*' or an empty
+             string, then the forwarding is requested to listen on all inter-
+             faces.  Specifying a remote bind_address will only succeed if the
+             server's GatewayPorts option is enabled (see sshd_config(5)).
 
      RhostsRSAAuthentication
              Specifies whether to try rhosts based authentication with RSA
diff --git a/ssh_config.5 b/ssh_config.5
index a8767b493..e41b34b15 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -63,7 +63,7 @@ system-wide configuration file
 .Pp
 For each parameter, the first obtained value
 will be used.
-The configuration files contain sections bracketed by
+The configuration files contain sections separated by
 .Dq Host
 specifications, and that section is only applied for hosts that
 match one of the patterns given in the specification.
@@ -120,9 +120,9 @@ Specifies which address family to use when connecting.
 Valid arguments are
 .Dq any ,
 .Dq inet
-(Use IPv4 only) or
+(use IPv4 only) or
 .Dq inet6
-(Use IPv6 only.)
+(use IPv6 only).
 .It Cm BatchMode
 If set to
 .Dq yes ,
@@ -366,11 +366,16 @@ option is also enabled.
 If this option is set to
 .Dq yes
 then remote X11 clients will have full access to the original X11 display.
+.Pp
 If this option is set to
 .Dq no
 then remote X11 clients will be considered untrusted and prevented
 from stealing or tampering with data belonging to trusted X11
 clients.
+Furthermore, the
+.Xr xauth 1
+token used for the session will be set to expire after 20 minutes.
+Remote clients will be refused access after this time.
 .Pp
 The default is
 .Dq yes
@@ -410,6 +415,22 @@ Forward (delegate) credentials to the server.
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
+.It Cm HashKnownHosts
+Indicates that
+.Nm ssh
+should hash host names and addresses when they are added to
+.Pa $HOME/.ssh/known_hosts .
+These hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
+The default is
+.Dq no .
+Note that hashing of names and addresses will not be retrospectively applied
+to existing known hosts files, but these may be manually hashed using
+.Xr ssh-keygen 1 .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -475,16 +496,45 @@ This option is intented for situations where
 offers many different identities.
 The default is
 .Dq no .
+.It Cm KbdInteractiveDevices
+Specifies the list of methods to use in keyboard-interactive authentication.
+Multiple method names must be comma-separated.
+The default is to use the server specified list.
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
 The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
-Multiple forwardings may be specified, and additional
-forwardings can be given on the command line.
+.Xo
+.Sm off
+.Oo Ar bind_address : Oc
+.Ar host : port
+.Sm on
+.Xc .
+IPv6 addresses can be specified by enclosing addresses in square brackets or
+by using an alternative syntax:
+.Sm off
+.Xo
+.Op Ar bind_address No /
+.Ar host No / Ar port
+.Xc .
+.Sm on
+Multiple forwardings may be specified, and additional forwardings can be
+given on the command line.
 Only the superuser can forward privileged ports.
+By default, the local port is bound in accordance with the
+.Cm GatewayPorts
+setting.
+However, an explicit
+.Ar bind_address
+may be used to bind the connection to a specific address.
+The
+.Ar bind_address
+of
+.Dq localhost
+indicates that the listening port be bound for local use only, while an
+empty address or
+.Sq *
+indicates that the port should be available from all interfaces.
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
 .Nm ssh .
@@ -591,12 +641,39 @@ This option applies to protocol version 2 only.
 Specifies that a TCP/IP port on the remote machine be forwarded over
 the secure channel to the specified host and port from the local machine.
 The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
+.Xo
+.Sm off
+.Oo Ar bind_address : Oc
+.Ar host : port
+.Sm on
+.Xc .
+IPv6 addresses can be specified by enclosing any addresses in square brackets
+or by using the alternative syntax:
+.Sm off
+.Xo
+.Op Ar bind_address No /
+.Ar host No / Ar port
+.Xc .
+.Sm on
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.
+.Pp
+If the
+.Ar bind_address
+is not specified, the default is to only bind to loopback addresses.
+If the
+.Ar bind_address
+is
+.Ql *
+or an empty string, then the forwarding is requested to listen on all
+interfaces.
+Specifying a remote
+.Ar bind_address
+will only succeed if the server's
+.Cm GatewayPorts
+option is enabled (see
+.Xr sshd_config 5 ) .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
diff --git a/sshconnect.c b/sshconnect.c
index 5158416f0..f8ebd9875 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");
 
 #include <openssl/bn.h>
 
@@ -304,12 +304,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
  * second).  If proxy_command is non-NULL, it specifies the command (with %h
  * and %p substituted for host and port, respectively) to use to contact
  * the daemon.
- * Return values:
- *    0 for OK
- *    ECONNREFUSED if we got a "Connection Refused" by the peer on any address
- *    ECONNABORTED if we failed without a "Connection refused"
- * Suitable error messages for the connection failure will already have been
- * printed.
  */
 int
 ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
@@ -322,12 +316,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
         struct addrinfo hints, *ai, *aitop;
         struct servent *sp;
-        /*
-         * Did we get only other errors than "Connection refused" (which
-         * should block fallback to rsh and similar), or did we get at least
-         * one "Connection refused"?
-         */
-        int full_failure = 1;
 
         debug2("ssh_connect: needpriv %d", needpriv);
 
@@ -388,8 +376,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                                 memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
                                 break;
                         } else {
-                                if (errno == ECONNREFUSED)
-                                        full_failure = 0;
                                 debug("connect to address %s port %s: %s",
                                     ntop, strport, strerror(errno));
                                 /*
@@ -415,9 +401,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 
         /* Return failure if we didn't get a successful connection. */
         if (attempt >= connection_attempts) {
-                logit("ssh: connect to host %s port %s: %s",
+                error("ssh: connect to host %s port %s: %s",
                     host, strport, strerror(errno));
-                return full_failure ? ECONNABORTED : ECONNREFUSED;
+                return (-1);
         }
 
         debug("Connection established.");
@@ -600,7 +586,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
         char hostline[1000], *hostp, *fp;
         HostStatus host_status;
         HostStatus ip_status;
-        int local = 0, host_ip_differ = 0;
+        int r, local = 0, host_ip_differ = 0;
         int salen;
         char ntop[NI_MAXHOST];
         char msg[1024];
@@ -724,7 +710,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                     "'%.128s' not in list of known hosts.",
                                     type, ip);
                         else if (!add_host_to_hostfile(user_hostfile, ip,
-                            host_key))
+                            host_key, options.hash_known_hosts))
                                 logit("Failed to add the %s host key for IP "
                                     "address '%.128s' to the list of known "
                                     "hosts (%.30s).", type, ip, user_hostfile);
@@ -780,17 +766,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                         if (!confirm(msg))
                                 goto fail;
                 }
-                if (options.check_host_ip && ip_status == HOST_NEW) {
-                        snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
-                        hostp = hostline;
-                } else
-                        hostp = host;
-
                 /*
                  * If not in strict mode, add the key automatically to the
                  * local known_hosts file.
                  */
-                if (!add_host_to_hostfile(user_hostfile, hostp, host_key))
+                if (options.check_host_ip && ip_status == HOST_NEW) {
+                        snprintf(hostline, sizeof(hostline), "%s,%s",
+                            host, ip);
+                        hostp = hostline;
+                        if (options.hash_known_hosts) {
+                                /* Add hash of host and IP separately */
+                                r = add_host_to_hostfile(user_hostfile, host,
+                                    host_key, options.hash_known_hosts) &&
+                                    add_host_to_hostfile(user_hostfile, ip,
+                                    host_key, options.hash_known_hosts);
+                        } else {
+                                /* Add unhashed "host,ip" */
+                                r = add_host_to_hostfile(user_hostfile,
+                                    hostline, host_key,
+                                    options.hash_known_hosts);
+                        }
+                } else {
+                        r = add_host_to_hostfile(user_hostfile, host, host_key,
+                            options.hash_known_hosts);
+                        hostp = host;
+                }
+
+                if (!r)
                         logit("Failed to add the host to the list of known "
                             "hosts (%.500s).", user_hostfile);
                 else
diff --git a/sshd.0 b/sshd.0
index 12f85690f..fe4d29e54 100644
--- a/sshd.0
+++ b/sshd.0
@@ -38,9 +38,9 @@ DESCRIPTION
      tion algorithm to use from those offered by the server.
 
      Next, the server and the client enter an authentication dialog.  The
-     client tries to authenticate itself using .rhosts authentication, .rhosts
-     authentication combined with RSA host authentication, RSA challenge-re-
-     sponse authentication, or password based authentication.
+     client tries to authenticate itself using .rhosts authentication combined
+     with RSA host authentication, RSA challenge-response authentication, or
+     password based authentication.
 
      Regardless of the authentication type, the account is checked to ensure
      that it is accessible.  An account is not accessible if it is locked,
@@ -53,10 +53,8 @@ DESCRIPTION
      field should be set to something other than these values (eg `NP' or
      `*NP*' ).
 
-     rhosts authentication is normally disabled because it is fundamentally
-     insecure, but can be enabled in the server configuration file if desired.
-     System security is not improved unless rshd, rlogind, and rexecd are dis-
-     abled (thus completely disabling rlogin and rsh into the machine).
+     rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin
+     and rsh into the machine).
 
    SSH protocol version 2
      Version 2 works similarly: Each host has a host-specific key (RSA or DSA)
@@ -246,9 +244,10 @@ AUTHORIZED_KEYS FILE FORMAT
      or ``ssh-rsa''.
 
      Note that lines in this file are usually several hundred bytes long (be-
-     cause of the size of the public key encoding).  You don't want to type
-     them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub
-     file and edit it.
+     cause of the size of the public key encoding) up to a limit of 8 kilo-
+     bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
+     kilobits.  You don't want to type them in; instead, copy the
+     identity.pub, id_dsa.pub or the id_rsa.pub file and edit it.
 
      sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
      2 keys of 768 bits.
@@ -346,6 +345,12 @@ SSH_KNOWN_HOSTS FILE FORMAT
      cate negation: if the host name matches a negated pattern, it is not ac-
      cepted (by that line) even if it matched another pattern on the line.
 
+     Alternately, hostnames may be stored in a hashed form which hides host
+     names and addresses should the file's contents be disclosed.  Hashed
+     hostnames start with a `|' character.  Only one hashed hostname may ap-
+     pear on a single line and none of the above negation or wildcard opera-
+     tors may be applied.
+
      Bits, exponent, and modulus are taken directly from the RSA host key;
      they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub.  The optional
      comment field continues to the end of the line, and is not used.
@@ -370,6 +375,10 @@ SSH_KNOWN_HOSTS FILE FORMAT
      closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
      cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 
+     # A hashed hostname
+     |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
+     AAAA1234.....=
+
 FILES
      /etc/ssh/sshd_config
              Contains configuration data for sshd.  The file format and con-
@@ -428,6 +437,15 @@ FILES
              /etc/ssh/ssh_known_hosts should be world-readable, and
              $HOME/.ssh/known_hosts can, but need not be, world-readable.
 
+     /etc/motd
+             See motd(5).
+
+     $HOME/.hushlogin
+             This file is used to suppress printing the last login time and
+             /etc/motd, if PrintLastLog and PrintMotd, respectively, are en-
+             abled.  It does not suppress printing of the banner specified by
+             Banner.
+
      /etc/nologin
              If this file exists, sshd refuses to let anyone except root log
              in.  The contents of the file are displayed to anyone trying to
@@ -439,11 +457,13 @@ FILES
              fined here.  Further details are described in hosts_access(5).
 
      $HOME/.rhosts
-             This file contains host-username pairs, separated by a space, one
-             per line.  The given user on the corresponding host is permitted
-             to log in without a password.  The same file is used by rlogind
-             and rshd.  The file must be writable only by the user; it is rec-
-             ommended that it not be accessible by others.
+             This file is used during RhostsRSAAuthentication and
+             HostbasedAuthentication and contains host-username pairs, sepa-
+             rated by a space, one per line.  The given user on the corre-
+             sponding host is permitted to log in without a password.  The
+             same file is used by rlogind and rshd.  The file must be writable
+             only by the user; it is recommended that it not be accessible by
+             others.
 
              It is also possible to use netgroups in the file.  Either host or
              user name may be of the form +@groupname to specify all hosts or
@@ -455,20 +475,21 @@ FILES
              access using SSH only.
 
      /etc/hosts.equiv
-             This file is used during rhosts authentication.  In the simplest
-             form, this file contains host names, one per line.  Users on
-             those hosts are permitted to log in without a password, provided
-             they have the same user name on both machines.  The host name may
-             also be followed by a user name; such users are permitted to log
-             in as any user on this machine (except root).  Additionally, the
-             syntax ``+@group'' can be used to specify netgroups.  Negated en-
-             tries start with `-'.
+             This file is used during RhostsRSAAuthentication and
+             HostbasedAuthentication authentication.  In the simplest form,
+             this file contains host names, one per line.  Users on those
+             hosts are permitted to log in without a password, provided they
+             have the same user name on both machines.  The host name may also
+             be followed by a user name; such users are permitted to log in as
+             any user on this machine (except root).  Additionally, the syntax
+             ``+@group'' can be used to specify netgroups.  Negated entries
+             start with `-'.
 
              If the client host/user is successfully matched in this file, lo-
              gin is automatically permitted provided the client and server us-
-             er names are the same.  Additionally, successful RSA host authen-
-             tication is normally required.  This file must be writable only
-             by root; it is recommended that it be world-readable.
+             er names are the same.  Additionally, successful client host key
+             authentication is required.  This file must be writable only by
+             root; it is recommended that it be world-readable.
 
              Warning: It is almost never a good idea to use user names in
              hosts.equiv.  Beware that it really means that the named user(s)
diff --git a/sshd.8 b/sshd.8
index c5949dc1a..99e62173c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -106,8 +106,6 @@ to use from those offered by the server.
 Next, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
 .Em .rhosts
-authentication,
-.Em .rhosts
 authentication combined with RSA host
 authentication, RSA challenge-response authentication, or password
 based authentication.
@@ -135,11 +133,6 @@ or
 .Ql \&*NP\&*
 ).
 .Pp
-.Em rhosts
-authentication is normally disabled
-because it is fundamentally insecure, but can be enabled in the server
-configuration file if desired.
-System security is not improved unless
 .Nm rshd ,
 .Nm rlogind ,
 and
@@ -430,7 +423,9 @@ or
 .Dq ssh-rsa .
 .Pp
 Note that lines in this file are usually several hundred bytes long
-(because of the size of the public key encoding).
+(because of the size of the public key encoding) up to a limit of
+8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
+keys up to 16 kilobits.
 You don't want to type them in; instead, copy the
 .Pa identity.pub ,
 .Pa id_dsa.pub
@@ -561,6 +556,14 @@ to indicate negation: if the host name matches a negated
 pattern, it is not accepted (by that line) even if it matched another
 pattern on the line.
 .Pp
+Alternately, hostnames may be stored in a hashed form which hides host names
+and addresses should the file's contents be disclosed.
+Hashed hostnames start with a
+.Ql |
+character.
+Only one hashed hostname may appear on a single line and none of the above
+negation or wildcard operators may be applied.
+.Pp
 Bits, exponent, and modulus are taken directly from the RSA host key; they
 can be obtained, e.g., from
 .Pa /etc/ssh/ssh_host_key.pub .
@@ -592,6 +595,11 @@ and adding the host names at the front.
 closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
+.Bd -literal
+# A hashed hostname
+|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
+AAAA1234.....=
+.Ed
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssh/sshd_config
@@ -660,6 +668,20 @@ These files should be writable only by root/the owner.
 should be world-readable, and
 .Pa $HOME/.ssh/known_hosts
 can, but need not be, world-readable.
+.It Pa /etc/motd
+See
+.Xr motd 5 .
+.It Pa $HOME/.hushlogin
+This file is used to suppress printing the last login time and
+.Pa /etc/motd ,
+if
+.Cm PrintLastLog
+and
+.Cm PrintMotd ,
+respectively,
+are enabled.
+It does not suppress printing of the banner specified by
+.Cm Banner .
 .It Pa /etc/nologin
 If this file exists,
 .Nm
@@ -673,7 +695,11 @@ Access controls that should be enforced by tcp-wrappers are defined here.
 Further details are described in
 .Xr hosts_access 5 .
 .It Pa $HOME/.rhosts
-This file contains host-username pairs, separated by a space, one per
+This file is used during
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication
+and contains host-username pairs, separated by a space, one per
 line.
 The given user on the corresponding host is permitted to log in
 without a password.
@@ -694,7 +720,9 @@ However, this file is
 not used by rlogin and rshd, so using this permits access using SSH only.
 .It Pa /etc/hosts.equiv
 This file is used during
-.Em rhosts
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication
 authentication.
 In the simplest form, this file contains host names, one per line.
 Users on
@@ -713,7 +741,7 @@ Negated entries start with
 If the client host/user is successfully matched in this file, login is
 automatically permitted provided the client and server user names are the
 same.
-Additionally, successful RSA host authentication is normally required.
+Additionally, successful client host key authentication is required.
 This file must be writable only by root; it is recommended
 that it be world-readable.
 .Pp
diff --git a/sshd.c b/sshd.c
index 19071c1bc..a2e0e9320 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.301 2004/08/11 11:50:09 dtucker Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -112,12 +112,6 @@ ServerOptions options;
 char *config_file_name = _PATH_SERVER_CONFIG_FILE;
 
 /*
- * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
- * Default value is AF_UNSPEC means both IPv4 and IPv6.
- */
-int IPv4or6 = AF_UNSPEC;
-
-/*
  * Debug mode flag.  This can be set on the command line.  If debug
  * mode is enabled, extra debugging output will be sent to the system
  * log, the daemon will not go to background, and will exit after processing
@@ -750,7 +744,7 @@ get_hostkey_index(Key *key)
 static int
 drop_connection(int startups)
 {
-        double p, r;
+        int p, r;
 
         if (startups < options.max_startups_begin)
                 return 0;
@@ -761,12 +755,11 @@ drop_connection(int startups)
 
         p  = 100 - options.max_startups_rate;
         p *= startups - options.max_startups_begin;
-        p /= (double) (options.max_startups - options.max_startups_begin);
+        p /= options.max_startups - options.max_startups_begin;
         p += options.max_startups_rate;
-        p /= 100.0;
-        r = arc4random() / (double) UINT_MAX;
+        r = arc4random() % 100;
 
-        debug("drop_connection: p %g, r %g", p, r);
+        debug("drop_connection: p %d, r %d", p, r);
         return (r < p) ? 1 : 0;
 }
 
@@ -774,7 +767,7 @@ static void
 usage(void)
 {
         fprintf(stderr, "%s, %s\n",
-            SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
+            SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
         fprintf(stderr,
 "usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n"
 "            [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n"
@@ -884,7 +877,7 @@ main(int ac, char **av)
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
         char *line;
         int listen_sock, maxfd;
-        int startup_p[2], config_s[2];
+        int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 };
         int startups = 0;
         Key *key;
         Authctxt *authctxt;
@@ -921,10 +914,10 @@ main(int ac, char **av)
         while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
                 switch (opt) {
                 case '4':
-                        IPv4or6 = AF_INET;
+                        options.address_family = AF_INET;
                         break;
                 case '6':
-                        IPv4or6 = AF_INET6;
+                        options.address_family = AF_INET6;
                         break;
                 case 'f':
                         config_file_name = optarg;
@@ -1030,7 +1023,6 @@ main(int ac, char **av)
                 closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 
         SSLeay_add_all_algorithms();
-        channel_set_af(IPv4or6);
 
         /*
          * Force logging to stderr until we have loaded the private host
@@ -1043,13 +1035,13 @@ main(int ac, char **av)
             SYSLOG_FACILITY_AUTH : options.log_facility,
             log_stderr || !inetd_flag);
 
-#ifdef _AIX
         /*
          * Unset KRB5CCNAME, otherwise the user's session may inherit it from
          * root's environment
          */ 
-        unsetenv("KRB5CCNAME");
-#endif /* _AIX */
+        if (getenv("KRB5CCNAME") != NULL)
+                unsetenv("KRB5CCNAME");
+
 #ifdef _UNICOS
         /* Cray can define user privs drop all privs now!
          * Not needed on PRIV_SU systems!
@@ -1080,13 +1072,16 @@ main(int ac, char **av)
         /* Fill in default values for those options not explicitly set. */
         fill_default_server_options(&options);
 
+        /* set default channel AF */
+        channel_set_af(options.address_family);
+
         /* Check that there are no remaining arguments. */
         if (optind < ac) {
                 fprintf(stderr, "Extra argument %s.\n", av[optind]);
                 exit(1);
         }
 
-        debug("sshd version %.100s", SSH_VERSION);
+        debug("sshd version %.100s", SSH_RELEASE);
 
         /* load private host keys */
         sensitive_data.host_keys = xmalloc(options.num_host_key_files *
@@ -1202,7 +1197,7 @@ main(int ac, char **av)
         }
 
         /* Initialize the log (it is reinitialized below in case we forked). */
-        if (debug_flag && !inetd_flag)
+        if (debug_flag && (!inetd_flag || rexeced_flag))
                 log_stderr = 1;
         log_init(__progname, options.log_level, options.log_facility, log_stderr);
 
@@ -1278,10 +1273,12 @@ main(int ac, char **av)
                         if (num_listen_socks >= MAX_LISTEN_SOCKS)
                                 fatal("Too many listen sockets. "
                                     "Enlarge MAX_LISTEN_SOCKS");
-                        if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
+                        if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
                             ntop, sizeof(ntop), strport, sizeof(strport),
-                            NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
-                                error("getnameinfo failed");
+                            NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
+                                error("getnameinfo failed: %.100s",
+                                    (ret != EAI_SYSTEM) ? gai_strerror(ret) :
+                                    strerror(errno));
                                 continue;
                         }
                         /* Create socket for listening. */
@@ -1512,7 +1509,8 @@ main(int ac, char **av)
                                                 sock_in = newsock;
                                                 sock_out = newsock;
                                                 log_init(__progname, options.log_level, options.log_facility, log_stderr);
-                                                close(config_s[0]);
+                                                if (rexec_flag)
+                                                        close(config_s[0]);
                                                 break;
                                         }
                                 }
@@ -1637,6 +1635,9 @@ main(int ac, char **av)
         remote_port = get_remote_port();
         remote_ip = get_remote_ipaddr();
 
+#ifdef SSH_AUDIT_EVENTS
+        audit_connection_from(remote_ip, remote_port);
+#endif
 #ifdef LIBWRAP
         /* Check whether logins are denied from this host. */
         if (packet_connection_is_on_socket()) {
@@ -1673,9 +1674,6 @@ main(int ac, char **av)
 
         packet_set_nonblocking();
 
-        /* prepare buffers to collect authentication messages */
-        buffer_init(&loginmsg);
-
         /* allocate authentication context */
         authctxt = xmalloc(sizeof(*authctxt));
         memset(authctxt, 0, sizeof(*authctxt));
@@ -1683,13 +1681,13 @@ main(int ac, char **av)
         /* XXX global for cleanup, access from other modules */
         the_authctxt = authctxt;
 
+        /* prepare buffer to collect messages to display to user after login */
+        buffer_init(&loginmsg);
+
         if (use_privsep)
                 if (privsep_preauth(authctxt) == 1)
                         goto authenticated;
 
-        /* prepare buffer to collect messages to display to user after login */
-        buffer_init(&loginmsg);
-
         /* perform the key exchange */
         /* authenticate user and start session */
         if (compat20) {
@@ -1709,6 +1707,10 @@ main(int ac, char **av)
         }
 
  authenticated:
+#ifdef SSH_AUDIT_EVENTS
+        audit_event(SSH_AUTH_SUCCESS);
+#endif
+
         /*
          * In privilege separation, we fork another child and prepare
          * file descriptor passing.
@@ -1731,6 +1733,10 @@ main(int ac, char **av)
                 finish_pam();
 #endif /* USE_PAM */
 
+#ifdef SSH_AUDIT_EVENTS
+        PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+#endif
+
         packet_close();
 
         if (use_privsep)
@@ -2022,5 +2028,10 @@ cleanup_exit(int i)
 {
         if (the_authctxt)
                 do_cleanup(the_authctxt);
+#ifdef SSH_AUDIT_EVENTS
+        /* done after do_cleanup so it can cancel the PAM auth 'thread' */
+        if (!use_privsep || mm_is_monitor())
+                audit_event(SSH_CONNECTION_ABANDON);
+#endif
         _exit(i);
 }
diff --git a/sshd_config b/sshd_config
index 65e6f1c32..53ae9942e 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
+#       $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -12,6 +12,7 @@
 
 #Port 22
 #Protocol 2,1
+#AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
diff --git a/sshd_config.0 b/sshd_config.0
index 0528a8c44..1f8763faf 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -28,6 +28,11 @@ DESCRIPTION
              taken in the use of this directive.  The default is not to accept
              any environment variables.
 
+     AddressFamily
+             Specifies which address family should be used by sshd.  Valid ar-
+             guments are ``any'', ``inet'' (use IPv4 only) or ``inet6'' (use
+             IPv6 only).  The default is ``any''.
+
      AllowGroups
              This keyword can be followed by a list of group name patterns,
              separated by spaces.  If specified, login is allowed only for
@@ -135,10 +140,13 @@ DESCRIPTION
              forwarded for the client.  By default, sshd binds remote port
              forwardings to the loopback address.  This prevents other remote
              hosts from connecting to forwarded ports.  GatewayPorts can be
-             used to specify that sshd should bind remote port forwardings to
-             the wildcard address, thus allowing remote hosts to connect to
-             forwarded ports.  The argument must be ``yes'' or ``no''.  The
-             default is ``no''.
+             used to specify that sshd should allow remote port forwardings to
+             bind to non-loopback addresses, thus allowing other hosts to con-
+             nect.  The argument may be ``no'' to force remote port forward-
+             ings to be available to the local host only, ``yes'' to force re-
+             mote port forwardings to bind to the wildcard address, or
+             ``clientspecified'' to allow the client to select the address to
+             which the forwarding is bound.  The default is ``no''.
 
      GSSAPIAuthentication
              Specifies whether user authentication based on GSSAPI is allowed.
@@ -269,14 +277,12 @@ DESCRIPTION
              default is ``no''.
 
      PermitRootLogin
-             Specifies whether root can login using ssh(1).  The argument must
-             be ``yes'', ``without-password'', ``forced-commands-only'' or
-             ``no''.  The default is ``yes''.
+             Specifies whether root can log in using ssh(1).  The argument
+             must be ``yes'', ``without-password'', ``forced-commands-only''
+             or ``no''.  The default is ``yes''.
 
              If this option is set to ``without-password'' password authenti-
-             cation is disabled for root.  Note that other authentication
-             methods (e.g., keyboard-interactive/PAM) may still allow root to
-             login using a password.
+             cation is disabled for root.
 
              If this option is set to ``forced-commands-only'' root login with
              public key authentication will be allowed, but only if the
@@ -284,7 +290,7 @@ DESCRIPTION
              remote backups even if root login is normally not allowed).  All
              other authentication methods are disabled for root.
 
-             If this option is set to ``no'' root is not allowed to login.
+             If this option is set to ``no'' root is not allowed to log in.
 
      PermitUserEnvironment
              Specifies whether ~/.ssh/environment and environment= options in
@@ -302,8 +308,9 @@ DESCRIPTION
              ListenAddress.
 
      PrintLastLog
-             Specifies whether sshd should print the date and time when the
-             user last logged in.  The default is ``yes''.
+             Specifies whether sshd should print the date and time of the last
+             user login when a user logs in interactively.  The default is
+             ``yes''.
 
      PrintMotd
              Specifies whether sshd should print /etc/motd when a user logs in
diff --git a/sshd_config.5 b/sshd_config.5
index 09532fb8d..8d291e61d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.35 2004/06/26 09:14:40 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted
 user environments.
 For this reason, care should be taken in the use of this directive.
 The default is not to accept any environment variables.
+.It Cm AddressFamily
+Specifies which address family should be used by
+.Nm sshd .
+Valid arguments are
+.Dq any ,
+.Dq inet
+(use IPv4 only) or
+.Dq inet6
+(use IPv6 only).
+The default is
+.Dq any .
 .It Cm AllowGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
@@ -245,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports.
 .Cm GatewayPorts
 can be used to specify that
 .Nm sshd
-should bind remote port forwardings to the wildcard address,
-thus allowing remote hosts to connect to forwarded ports.
-The argument must be
+should allow remote port forwardings to bind to non-loopback addresses, thus
+allowing other hosts to connect.
+The argument may be
+.Dq no
+to force remote port forwardings to be available to the local host only,
 .Dq yes
-or
-.Dq no .
+to force remote port forwardings to bind to the wildcard address, or
+.Dq clientspecified
+to allow the client to select the address to which the forwarding is bound.
 The default is
 .Dq no .
 .It Cm GSSAPIAuthentication
@@ -455,7 +469,7 @@ server allows login to accounts with empty password strings.
 The default is
 .Dq no .
 .It Cm PermitRootLogin
-Specifies whether root can login using
+Specifies whether root can log in using
 .Xr ssh 1 .
 The argument must be
 .Dq yes ,
@@ -468,9 +482,7 @@ The default is
 .Pp
 If this option is set to
 .Dq without-password
-password authentication is disabled for root.  Note that other authentication
-methods (e.g., keyboard-interactive/PAM) may still allow root to login using
-a password.
+password authentication is disabled for root.
 .Pp
 If this option is set to
 .Dq forced-commands-only
@@ -484,7 +496,7 @@ All other authentication methods are disabled for root.
 .Pp
 If this option is set to
 .Dq no
-root is not allowed to login.
+root is not allowed to log in.
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment
@@ -516,7 +528,8 @@ See also
 .It Cm PrintLastLog
 Specifies whether
 .Nm sshd
-should print the date and time when the user last logged in.
+should print the date and time of the last user login when a user logs
+in interactively.
 The default is
 .Dq yes .
 .It Cm PrintMotd
diff --git a/survey.sh.in b/survey.sh.in
new file mode 100644
index 000000000..d6075a6b3
--- /dev/null
+++ b/survey.sh.in
@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+# Copyright (c) 2004, 2005 Darren Tucker
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+host="@host@"
+AWK="@AWK@"
+CC="@CC@"
+CPP="@CPP@"
+CFLAGS="@CFLAGS@"
+CPPFLAGS="@CPPFLAGS@"
+LDFLAGS="@LDFLAGS@"
+LIBS="@LIBS@"
+
+# Note format:
+# identifier: [data] CRCR
+
+echo "openssh-survey-version: 1"
+echo
+echo "openssh-version: `./ssh -V 2>&1`"
+echo
+configinv=`$AWK '/^  \\\$.*configure/' config.log | sed 's/^  \\\$ //g'`
+echo "configure-invocation: $configinv"
+echo
+echo "host: $host"
+echo
+echo "uname: `uname`"
+echo
+echo "uname-r: `uname -r`"
+echo
+echo "uname-m: `uname -m`"
+echo
+echo "uname-p: `uname -p`"
+echo
+echo "oslevel: `oslevel 2>/dev/null`"
+echo
+echo "oslevel-r: `oslevel -r 2>/dev/null`"
+echo
+echo "cc: $CC"
+echo
+echo "cflags: $CFLAGS"
+echo
+echo "cppflags: $CPPFLAGS"
+echo
+echo "ldflags: $LDFLAGS"
+echo
+echo "libs: $LIBS"
+echo
+echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`"
+echo
+echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`"
+echo
+echo "cppdefines:"
+${CPP} -dM - </dev/null
+echo
+echo "config.h:"
+egrep '#define|#undef' config.h
+echo
diff --git a/uidswap.c b/uidswap.c
index 44c4cb626..aab7064eb 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -56,10 +56,12 @@ temporarily_use_uid(struct passwd *pw)
         debug("temporarily_use_uid: %u/%u (e=%u/%u)",
             (u_int)pw->pw_uid, (u_int)pw->pw_gid,
             (u_int)saved_euid, (u_int)saved_egid);
+#ifndef HAVE_CYGWIN
         if (saved_euid != 0) {
                 privileged = 0;
                 return;
         }
+#endif
 #else
         if (geteuid() != 0) {
                 privileged = 0;
@@ -200,10 +202,12 @@ permanently_set_uid(struct passwd *pw)
                 fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 #endif
 
+#ifndef HAVE_CYGWIN
         /* Try restoration of GID if changed (test clearing of saved gid) */
-        if (old_gid != pw->pw_gid &&
+        if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
             (setgid(old_gid) != -1 || setegid(old_gid) != -1))
                 fatal("%s: was able to restore old [e]gid", __func__);
+#endif
 
         /* Verify GID drop was successful */
         if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) {
diff --git a/version.h b/version.h
index fb68aba60..4da5f8083 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,9 @@
-/* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */
+/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */
 
-#ifndef SSH_VERSION
-#define SSH_VERSION     "OpenSSH_3.9p1"
-#endif /* SSH_VERSION */
+#define SSH_VERSION     "OpenSSH_4.0"
+
+#define SSH_PORTABLE    "p1"
+#ifndef SSH_EXTRAVERSION
+#define SSH_EXTRAVERSION
+#endif
+#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE SSH_EXTRAVERSION