diff --git a/gsi_openssh/source/.depend b/gsi_openssh/source/.depend index cd38d15f8f..259bf3b2f1 100644 --- a/gsi_openssh/source/.depend +++ b/gsi_openssh/source/.depend @@ -16,20 +16,20 @@ auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth.o: authfile.h monitor_wrap.h compat.h channels.h +auth.o: authfile.h monitor_wrap.h channels.h auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h -auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h +auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h -auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h +auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h -auth2.o: digest.h -auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h -authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h +auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h +auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h digest.h +authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h log.h ssherr.h atomicio.h misc.h authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h @@ -39,22 +39,19 @@ cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-co cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h -cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h -compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h +dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h -ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h +ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h -fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h -ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -63,7 +60,7 @@ hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h -kex.o: match.h misc.h monitor.h sshbuf.h digest.h +kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h @@ -96,8 +93,8 @@ platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/open platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h -readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h -readconf.o: uidswap.h myproposal.h digest.h +readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h uidswap.h +readconf.o: myproposal.h digest.h readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -108,26 +105,26 @@ sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h -servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h -servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h -serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h -serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h -session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h +servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h +servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h +serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h +session.o: hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h +session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h -sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h log.h ssherr.h xmalloc.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h +sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h -ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h +ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -135,8 +132,8 @@ ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbs ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h -ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h -ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h +ssh-keyscan.o: dispatch.h log.h ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h @@ -155,12 +152,12 @@ sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/ sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: authfd.h kex.h mac.h crypto_api.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h +sshconnect.o: kex.h mac.h crypto_api.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h -sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h +sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h @@ -173,7 +170,6 @@ uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compa umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h -verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/gsi_openssh/source/.git_allowed_signers b/gsi_openssh/source/.git_allowed_signers new file mode 100644 index 0000000000..0313c1ecd1 --- /dev/null +++ b/gsi_openssh/source/.git_allowed_signers @@ -0,0 +1,5 @@ +dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG +djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg== +djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg== +djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg== +djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPM4BmUg/fMnsl42JwktTekk/mB8Be3M+yK2ayg6lqYsqEri8yhRx84gey51OHKVk1TwlGbJjcMHI4URreDBEMQAAAAEc3NoOg== diff --git a/gsi_openssh/source/.git_allowed_signers.asc b/gsi_openssh/source/.git_allowed_signers.asc new file mode 100644 index 0000000000..5fc6118ca9 --- /dev/null +++ b/gsi_openssh/source/.git_allowed_signers.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg +YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/ +H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe +GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP +NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38 +BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob +hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y +v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi +BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR +RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv +nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB +u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o= +=kgnS +-----END PGP SIGNATURE----- diff --git a/gsi_openssh/source/.skipped-commit-ids b/gsi_openssh/source/.skipped-commit-ids index c606eaee6c..59e80518ac 100644 --- a/gsi_openssh/source/.skipped-commit-ids +++ b/gsi_openssh/source/.skipped-commit-ids @@ -24,6 +24,9 @@ d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 makefile change +f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update +1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes +e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks Old upstream tree: diff --git a/gsi_openssh/source/ChangeLog b/gsi_openssh/source/ChangeLog index 063b54769d..f1d1b37d58 100644 --- a/gsi_openssh/source/ChangeLog +++ b/gsi_openssh/source/ChangeLog @@ -1,11889 +1,11238 @@ -commit 94eb6858efecc1b4f02d8a6bd35e149f55c814c8 +commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 Author: Damien Miller -Date: Wed Apr 6 10:47:48 2022 +1000 +Date: Thu Mar 16 08:28:19 2023 +1100 - update version numbers for release + depend -commit 8e4a8eadf4fe74e65e6492f34250f8cf7d67e8da +commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e +Author: Damien Miller +Date: Thu Mar 16 08:27:54 2023 +1100 + + crank version + +commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f Author: djm@openbsd.org -Date: Mon Apr 4 22:45:25 2022 +0000 +Date: Wed Mar 15 21:19:57 2023 +0000 - upstream: openssh-9.0 + upstream: openssh-9.3 - OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64 + OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848 -commit a9f23ea2e3227f406880c2634d066f6f50fa5eaa -Author: naddy@openbsd.org -Date: Thu Mar 31 17:58:44 2022 +0000 +commit 6fd4daafb949b66bf555f3100f715a9ec64c3390 +Author: dtucker@openbsd.org +Date: Tue Mar 14 07:28:47 2023 +0000 - upstream: ssh: document sntrup761x25519-sha512@openssh.com as + upstream: Free KRL ptr in addition to its contents. - default KEX + From Coverity CID 291841, ok djm@ - OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171 + OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6 -commit 9ec2713d122af79d66ebb9c1d6d9ae8621a8945f -Author: naddy@openbsd.org -Date: Thu Mar 31 17:27:27 2022 +0000 +commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088 +Author: dtucker@openbsd.org +Date: Tue Mar 14 07:26:25 2023 +0000 - upstream: man pages: add missing commas between subordinate and - - main clauses - - jmc@ dislikes a comma before "then" in a conditional, so leave those - untouched. + upstream: Check pointer for NULL before deref. - ok jmc@ + None of the existing callers seem to do that, but it's worth checking. + From Coverity CID 291834, ok djm@ - OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3 - -commit 3741df98ffaaff92b474ee70d8ef276b5882f85a -Author: Darren Tucker -Date: Mon Apr 4 23:52:11 2022 +1000 - - Disable security key on fbsd6 test host. + OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4 -commit 32c12236f27ae83bfe6d2983b67c9bc67a83a417 -Author: Darren Tucker -Date: Mon Apr 4 15:16:51 2022 +1000 +commit d95af508e78c0cd3dce56b83853baaa59ae295cf +Author: dtucker@openbsd.org +Date: Sun Mar 12 10:40:39 2023 +0000 - Specify TEST_SHELL=bash on AIX. + upstream: Limit number of entries in SSH2_MSG_EXT_INFO - The system shells cause the agent-restrict test to fail due to some - quoting so explicitly specify bash until we can get configure to - autmatically work around that. - -commit 90452c8b69d065b7c7c285ff78b81418a75bcd76 -Author: Darren Tucker -Date: Fri Apr 1 23:38:44 2022 +1100 - - Only return events from ppoll that were requested. + request. This is already constrained by the maximum SSH packet size but this + makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@ - If the underlying system's select() returns bits that were not in the - request set, our ppoll() implementation can return revents for events - not requested, which can apparently cause a hang. Only return revents - for activity in the requested event set. bz#3416, analysis and fix by - yaroslav.kuzmin at vmssoftware com, ok djm@ + OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09 -commit 6c49eb5fabc56f4865164ed818aa5112d09c31a8 -Author: Darren Tucker -Date: Fri Apr 1 23:21:40 2022 +1100 +commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0 +Author: dtucker@openbsd.org +Date: Sun Mar 12 09:41:18 2023 +0000 - Only run regression tests on slow VMs. + upstream: calloc can return NULL but xcalloc can't. + + From Coverity CID 291881, ok djm@ + + OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b -commit f67e47903977b42cb6abcd5565a61bd7293e4dc3 -Author: Darren Tucker -Date: Fri Apr 1 23:21:06 2022 +1100 +commit 83a56a49fd50f4acf900f934279482e4ef329715 +Author: dtucker@openbsd.org +Date: Fri Mar 10 07:17:08 2023 +0000 - Increase test timeout to allow slow VMs to finish + upstream: Explicitly ignore return from fcntl + + (... FD_CLOEXEC) here too. Coverity CID 291853. + + OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5 -commit 02488c1b54065ddc4f25835dbd2618b2a2fe21f5 -Author: Darren Tucker -Date: Fri Apr 1 16:27:38 2022 +1100 +commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047 +Author: Damien Miller +Date: Fri Mar 10 15:59:46 2023 +1100 - Use bash or ksh if available for SH in Makefile. + bounds checking for getrrsetbyname() replacement; + + Spotted by Coverity in CID 405033; ok millert@ -commit 34c7018c316af4773e432066de28d0ef9d0888cd -Author: Darren Tucker -Date: Fri Apr 1 14:56:54 2022 +1100 +commit 89b8df518f21677045599df0ad3e5dd0f39909b5 +Author: dtucker@openbsd.org +Date: Fri Mar 10 04:06:21 2023 +0000 - Set Makefile SHELL as determined by configure. + upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. - This should improve compatibility for users with non-POSIX shells. If - using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL - will need to be specified on the command line (along with MANFMT in that - particular case). ok djm@ + OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac -commit 5b054d76402faab38c48377efd112426469553a0 +commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e Author: Darren Tucker -Date: Fri Apr 1 13:16:47 2022 +1100 +Date: Fri Mar 10 14:46:57 2023 +1100 - Skip slow tests on (very) slow test targets. + Add prototypes for mkstemp replacements. + + Should prevent warnings due to our wrapper function. -commit b275818065b31a865142c48c2acf6a7c1655c542 -Author: Damien Miller -Date: Thu Mar 31 14:11:36 2022 +1100 +commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:01:51 2023 +0000 - depend + upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since + + there's not much we can do anyway. From Coverity CID 291857, ok djm@ + + OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729 -commit 3fa539c3ffaabd6211995512d33e29150f88c5c5 +commit d6d38fd77cbe091c59e1bb720c3a494df4990640 Author: djm@openbsd.org -Date: Thu Mar 31 03:07:03 2022 +0000 +Date: Fri Mar 10 02:32:04 2023 +0000 - upstream: add a sftp client "cp" command that supports server-side + upstream: Like sshd_config, some ssh_config options are not - copying of files. Useful for this task and for testing the copy-data - extension. Patch from Mike Frysinger; ok dtucker@ + first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for + this file - OpenBSD-Commit-ID: 1bb1b950af0d49f0d5425b1f267e197aa1b57444 + OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e -commit 7988bfc4b701c4b3fe9b36c8561a3d1c5d4c9a74 -Author: djm@openbsd.org -Date: Thu Mar 31 03:05:49 2022 +0000 +commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e +Author: dtucker@openbsd.org +Date: Fri Mar 10 02:24:56 2023 +0000 - upstream: add support for the "corp-data" protocol extension to + upstream: Remove no-op (int) > INT_MAX checks - allow server-side copies to be performed without having to go via the client. - Patch by Mike Frysinger, ok dtucker@ + since they can never be true. From Coverity CID 405031, ok djm@ - OpenBSD-Commit-ID: 00aa510940fedd66dab1843b58682de4eb7156d5 + OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84 -commit 32dc1c29a4ac9c592ddfef0a4895eb36c1f567ba -Author: djm@openbsd.org -Date: Wed Mar 30 21:13:23 2022 +0000 +commit 77adde4305542ebe3005dd456122624fe2347b01 +Author: Darren Tucker +Date: Fri Mar 10 13:27:29 2023 +1100 - upstream: select post-quantum KEX - - sntrup761x25519-sha512@openssh.com as the default; ok markus@ + Wrap mkstemp calls with umask set/restore. - OpenBSD-Commit-ID: f02d99cbfce22dffec2e2ab1b60905fbddf48fb9 + glibc versions 2.06 and earlier did not set a umask on files created by + mkstemp created the world-writable. Wrap mkstemp to set and restore + the umask. From Coverity (CIDs 291826 291886 291891), ok djm@ -commit d6556de1db0822c76ba2745cf5c097d9472adf7c -Author: djm@openbsd.org -Date: Wed Mar 30 21:10:25 2022 +0000 +commit 633d3dc2a1e9e2a013d019a0576a0771c8423713 +Author: jcs@openbsd.org +Date: Thu Mar 9 21:06:24 2023 +0000 - upstream: fix poll() spin when a channel's output fd closes without + upstream: modify parentheses in conditionals to make it clearer what is - data in the channel buffer. Introduce more exact packing of channel fds into - the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@ + being assigned and what is being checked - OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10 + ok djm dtucker + + OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8 -commit 8a74a96d25ca4d32fbf298f6c0ac5a148501777d -Author: djm@openbsd.org -Date: Wed Mar 30 04:33:09 2022 +0000 +commit 733030840c4772f858de95d5940ec0c37663e8b0 +Author: dtucker@openbsd.org +Date: Thu Mar 9 07:11:05 2023 +0000 - upstream: ssh is almost out of getopt() characters; note the + upstream: Re-split the merge of the reorder-hostkeys test. - remaining remaining available ones in a comment + In the kex_proposal_populate_entries change I merged the the check for + reordering hostkeys with the actual reordering, but kex_assemble_names + mutates options.hostkeyalgorithms which renders the check ineffective. + Put the check back where it was. Spotted and tested by jsg@, ok djm@ - OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd + OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de -commit 6d4fc51adb9d8a42f67b5474f02f877422379de6 +commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed Author: djm@openbsd.org -Date: Wed Mar 30 04:27:51 2022 +0000 +Date: Thu Mar 9 06:58:26 2023 +0000 - upstream: avoid NULL deref via ssh-keygen -Y find-principals. + upstream: include destination constraints for smartcard keys too. - bz3409, reported by Mateusz Adamowski + Spotted by Luci Stanescu; ok deraadt@ markus@ - OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5 - -commit e937514920335b92b543fd9be79cd6481d1eb0b6 -Author: Darren Tucker -Date: Mon Mar 28 17:51:03 2022 +1100 - - Add AIX 5.1 test target. + OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f -commit 4bbe815ba974b4fd89cc3fc3e3ef1be847a0befe +commit bfd1ad01d974a316b60622759ad17537fa2d92b4 Author: Darren Tucker -Date: Sat Mar 26 22:01:31 2022 +1100 +Date: Thu Mar 9 18:24:54 2023 +1100 - Drop leading "v" from release version identifier. + Limit the number of PAM environment variables. - It's present in the git tags but not in the release tarball names. - Also drop extra "/" from URL path. + xcalloc has its own limits, but these are specific to PAM. From + Coverity CID 405198, ok djm@ -commit f5cdd3b3c275dffaebfca91df782dca29975e9ac +commit a231414970e01a35f45a295d5f93698fa1249b28 Author: Darren Tucker -Date: Sat Mar 26 16:28:04 2022 +1100 +Date: Thu Mar 9 18:19:44 2023 +1100 - Use tarballs when testing LibreSSL releases. + Limit the number of PAM environment variables. - This means they'll still work when the combination of -portable and - openbsd github repos no longer match. + From Coverity CID 405194, tweaks and ok djm@ -commit 24dc37d198f35a7cf71bf4d5384363c7ef4209d4 -Author: Darren Tucker -Date: Sat Mar 26 15:02:45 2022 +1100 +commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03 +Author: dtucker@openbsd.org +Date: Wed Mar 8 06:21:32 2023 +0000 - Remove now-unused passwd variable. + upstream: Plug mem leak. Coverity CID 405196, ok djm@ + + OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2 -commit 5b467ceef2c356f0a77f5e8ab4eb0fac367e4d24 -Author: Darren Tucker -Date: Sat Mar 26 13:15:44 2022 +1100 +commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98 +Author: tb@openbsd.org +Date: Wed Mar 8 05:33:53 2023 +0000 - Missing semicolon. + upstream: ssh-pkcs11: synchronize error messages with errors + + A handful of error messages contained incorrect function names or + otherwise inaccurate descriptions. Fix them to match reality. + + input/ok djm + + OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411 -commit 2923d026e55998133c0f6e5186dca2a3c0fa5ff5 -Author: Darren Tucker -Date: Sat Mar 26 12:49:50 2022 +1100 +commit 51875897b81b5c21b80c256a29597916edbde454 +Author: guenther@openbsd.org +Date: Wed Mar 8 04:43:12 2023 +0000 - Factor out platform-specific locked account check. + upstream: Delete obsolete /* ARGSUSED */ lint comments. - Also fixes an incorrect free on platforms with both libiaf and shadow - passwords (probably only Unixware). Prompted by github PR#284, - originally from @c3h2_ctf and stoeckmann@. + ok miod@ millert@ + + OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c -commit d23efe4b12886ffe416be10bc0a7da6ca8aa72d1 +commit a76085bda883c2104afb33ab0334eca190927362 Author: Darren Tucker -Date: Sat Mar 26 08:13:46 2022 +1100 +Date: Wed Mar 8 17:25:37 2023 +1100 - Add OpenWRT mips and mipsel test targets. + Extra brackets to prevent warning. -commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b +commit 147ae57d4dfa0508109f93b78a7d8b92819e1f83 Author: djm@openbsd.org -Date: Sun Mar 20 08:52:17 2022 +0000 +Date: Wed Mar 8 00:05:58 2023 +0000 - upstream: don't leak argument list; bz3404, reported by Balu + upstream: use RSA/SHA256 when testing usability of private key in - Gajjala ok dtucker@ + agent; with/ok dtucker - OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6 + OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56 -commit a72bde294fe0518c9a44ba63864093a1ef2425e3 +commit 27fd251bc906a763e70ce0f27c8abdf8bbd1e416 Author: djm@openbsd.org -Date: Sun Mar 20 08:51:21 2022 +0000 +Date: Wed Mar 8 00:05:37 2023 +0000 - upstream: make addargs() and replacearg() a little more robust and - - improve error reporting - - make freeargs(NULL) a noop like the other free functions + upstream: use RSA/SHA256 when testing usability of private key; - ok dtucker as part of bz3403 + based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker - OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d + OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba -commit 731087d2619fa7f01e675b23f57af10d745e8af2 +commit eee9f3fc3d52ae7d2106929bb06b7f291fb0b81a Author: djm@openbsd.org -Date: Fri Mar 18 04:04:11 2022 +0000 +Date: Tue Mar 7 21:47:42 2023 +0000 - upstream: don't try to resolve ListenAddress directives in the sshd + upstream: refactor to be more readable top to bottom. Prompted by - re-exec path - we're never going to use the result and if the operation fails - then it can prevent connections from being accepted. Reported by Aaron - Poffenberger; with / ok dtucker@ + Coverity CID 405048 which was a false-positive fd leak; ok dtucker@ - OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60 + OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00 -commit 1c83c082128694ddd11ac05fdf31d70312ff1763 -Author: djm@openbsd.org -Date: Fri Mar 18 02:50:21 2022 +0000 +commit 42a06b29a4c99272bf690f9b3be520b08b448dc5 +Author: Darren Tucker +Date: Tue Mar 7 18:34:41 2023 +1100 - upstream: remove blank line + Add header changes missed in previous. + +commit 4710077096edff2e6926dd5b15bf586491d317db +Author: dtucker@openbsd.org +Date: Tue Mar 7 06:09:14 2023 +0000 + + upstream: Fix mem leak in environment setup. - OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf + From jjelen at redhat.com via bz#2687, ok djm@ + + OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353 -commit 807be68684da7a1fe969c399ddce2fafb7997dcb -Author: djm@openbsd.org -Date: Fri Mar 18 02:32:22 2022 +0000 +commit 03acc50d0ccb78fc91d1570de1cd0fdfea646028 +Author: dtucker@openbsd.org +Date: Mon Mar 6 12:15:47 2023 +0000 - upstream: helpful comment + upstream: Unit test for kex_proposal_populate_entries. - OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7 + OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006 -commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac +commit 3f9231c2e1f374ebb08016ba00ea97b47c0ed20b Author: djm@openbsd.org -Date: Fri Mar 18 02:31:25 2022 +0000 +Date: Tue Mar 7 05:37:26 2023 +0000 - upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV + upstream: fix memory leak in process_read() path; Spotted by James - will ensue. Patch from Mateusz Adamowski via GHPR#307 + Robinson in GHPR363; ok markus@ - OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd + OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8 -commit 5a252d54a63be30d5ba4be76210942d754a531c0 +commit c5e6e890839ec520ab9301a92cba56303749dea2 Author: djm@openbsd.org -Date: Tue Mar 15 05:27:37 2022 +0000 +Date: Tue Mar 7 01:30:52 2023 +0000 - upstream: improve DEBUG_CHANNEL_POLL debugging message + upstream: correct size for array argument when changing - OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f + UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@ + + OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0 -commit ce324cf58ba2840e31afeb996935800780c8fa4b -Author: cheloha@openbsd.org -Date: Sun Mar 13 23:27:54 2022 +0000 +commit 9641753e0fd146204d57b2a4165f552a81afade4 +Author: dtucker@openbsd.org +Date: Mon Mar 6 12:14:48 2023 +0000 - upstream: ssh: xstrdup(): use memcpy(3) + upstream: Refactor creation of KEX proposal. - Copying the given string into the buffer with strlcpy(3) confers no - benefit in this context because we have already determined the - string's length with strlen(3) in order to allocate that buffer. + This adds kex_proposal_populate_entries (and corresponding free) which + populates the KEX proposal array with dynamically allocated strings. + This replaces the previous mix of static and dynamic that has been the + source of previous leaks and bugs. Remove unused compat functions. + With & ok djm@. - Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2 + OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b + +commit aa59d6a489fb20973fa461d0fdb1110db412947b +Author: dtucker@openbsd.org +Date: Sun Mar 5 09:24:35 2023 +0000 + + upstream: Fix mem and FILE leaks in moduli screening. - ok dtucker@ millert@ + If multiple -Ocheckpoint= options are passed, the earlier ones would + be overwritten and leaked. If we use an input file that wasn't stdin, + close that. From Coverity CIDs 291884 and 291894. - OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a + OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b -commit 2893c5e764557f48f9d6a929e224ed49c59545db -Author: Darren Tucker -Date: Fri Mar 11 18:43:58 2022 +1100 +commit 23b8cb41767af99a1aac24589d1882d9c8c2c205 +Author: dtucker@openbsd.org +Date: Sun Mar 5 08:18:58 2023 +0000 - Resync fmt_scaled. with OpenBSD. + upstream: Plug mem leak in moduli checkpoint option parsing. - Fixes underflow reported in bz#3401. + From Coverity CID 291894. + + OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4 -commit 5ae31a0fdd27855af29f48ff027491629fff5979 -Author: Darren Tucker -Date: Wed Mar 9 09:41:56 2022 +1100 +commit fc7f8f2188d4a4fc8ba77eddbe863c7665666db5 +Author: dtucker@openbsd.org +Date: Sun Mar 5 05:34:09 2023 +0000 - Provide killpg implementation. + upstream: Remove unused compat.h includes. - Based on github PR#301 for Tandem NonStop. + We've previously removed a lot of the really old compatibility code, + and with it went the need to include compat.h in most of the files that + have it. + + OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4 -commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae -Author: Darren Tucker -Date: Wed Mar 9 09:29:30 2022 +1100 +commit 6c165c36246d8004c20e1df5cec4961a5ac422d6 +Author: dtucker@openbsd.org +Date: Sat Mar 4 03:22:59 2023 +0000 - Check for missing ftruncate prototype. + upstream: Use time_t for x11 timeout. - From github PR#301 in conjunction with rsbeckerca. - -commit 8cf5275452a950869cb90eeac7d220b01f77b12e -Author: Darren Tucker -Date: Tue Mar 8 20:04:06 2022 +1100 - - Default to not using sandbox when cross compiling. + Use time_t instead of u_int for remaining x11 timeout checks for 64bit + time_t safety. From Coverity CIDs 405197 and 405028, ok djm@ - On most systems poll(2) does not work when the number of FDs is reduced - with setrlimit, so assume it doesn't when cross compiling and we can't - run the test. bz#3398. + OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972 -commit 379b30120da53d7c84aa8299c26b18c51c2a0dac -Author: djm@openbsd.org -Date: Tue Mar 1 01:59:19 2022 +0000 +commit 4a3918f51bd2d968387e7aa87e33b32c78077fb4 +Author: dtucker@openbsd.org +Date: Fri Mar 3 10:23:42 2023 +0000 - upstream: pack pollfd array before server_accept_loop() ppoll() + upstream: Ensure ms_remain is always initialized - call, and terminate sshd if ppoll() returns errno==EINVAL + similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen + at redhat.com. - avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by - Daniel Micay + OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac + +commit e44846a4487d2885ac7f2610be09b1e2bf52249b +Author: dtucker@openbsd.org +Date: Fri Mar 3 09:48:51 2023 +0000 + + upstream: Check for non-NULL before string - feedback/ok deraadt + comparison. From jjelen at redhat.com via bz#2687. - OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 + OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f -commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd -Author: naddy@openbsd.org -Date: Sun Feb 27 01:33:59 2022 +0000 +commit 1842d523fae63b862ce8e60725c9b606cddb86a6 +Author: djm@openbsd.org +Date: Fri Mar 3 05:00:34 2023 +0000 - upstream: include rejected signature algorithm in error message and + upstream: guard against getsockname(-1, ...) from Coverity CID - not the (useless) key type; ok djm@ + 291832 - OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff + OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f -commit f2f3269423618a83157e18902385e720f9776007 -Author: dtucker@openbsd.org -Date: Fri Feb 25 09:46:24 2022 +0000 +commit 78571a5fe9847d40d7f220c92b707574ae9ec4ce +Author: djm@openbsd.org +Date: Fri Mar 3 04:36:20 2023 +0000 - upstream: Remove the char * casts from arguments to do_lstat, + upstream: some options are not first-match-wins. Mention that there - do_readdir and do_stat paths since the underlying functions now take a const - char *. Patch from vapier at gentoo.org. + are exceptions at the start of the manpage and label some of them in the + option description. - OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b + OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4 -commit 4a66dac052c5ff5047161853f36904607649e4f9 +commit d1c1b3272e8895a96c4f5889bd6e07a8525bd9f1 Author: djm@openbsd.org -Date: Fri Feb 25 02:09:27 2022 +0000 +Date: Fri Mar 3 04:34:49 2023 +0000 - upstream: save an unneccessary alloc/free, based on patch from + upstream: actually print "channeltimeout none" in config dump mode; - Martin Vahlensieck; ok dtucker@ + spotted via Coverity CID 405022 - OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f + OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f -commit 6f117cb151efe138ac57bdd8e26165f350328f5f +commit 8bf61e95610b48192d4e1720cc15d9004617301d Author: Darren Tucker -Date: Tue Mar 1 09:02:06 2022 +1100 +Date: Fri Mar 3 14:50:03 2023 +1100 - Remove unused ivbits argument from chacha_keysetup + Add Coverity badges. -commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 -Author: Darren Tucker -Date: Tue Mar 1 09:00:20 2022 +1100 +commit 93291bd723959adf462b1df958106cf07a7734dd +Author: dtucker@openbsd.org +Date: Fri Mar 3 03:12:24 2023 +0000 - Add OPENBSD ORIGINAL marker. + upstream: Check return values of dup2. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b -commit f2ff669347d320532e7c1b63cdf5c62f46e73150 -Author: Darren Tucker -Date: Mon Feb 28 22:21:36 2022 +1100 +commit e37261dff33af23f37202cfce0848d36f5c1055c +Author: dtucker@openbsd.org +Date: Fri Mar 3 02:37:58 2023 +0000 - No unused param warnings for clang-12 and gcc-11. + upstream: Use time_t for x11_refuse_time timeout. We need - These have too many false positives in -Werror tests on the github CI - since we often provide empty stub functions for functionality not needed - for particular configurations. + SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. + Fixes a Coverity warning for 64bit time_t safety, ok djm@ + + OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d -commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 -Author: Darren Tucker -Date: Sat Feb 26 14:10:41 2022 +1100 +commit 32755a98c29114b13f4c9d47454bbb265b932ad7 +Author: dtucker@openbsd.org +Date: Fri Mar 3 02:34:29 2023 +0000 - Add debian-i386 test target. + upstream: Check return value from fctnl and warn on failure. + + Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab -commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 -Author: Darren Tucker -Date: Sat Feb 26 14:06:14 2022 +1100 +commit 5fc60e8246c36b8255f72a937ebe9787b39648c6 +Author: dtucker@openbsd.org +Date: Thu Mar 2 11:10:27 2023 +0000 - Allow ppoll_time64 in seccomp sandbox. + upstream: Remove SUDO in proxy command wrapper. Anything that needs - Should fix sandbox violations on (some? at least i386 and armhf) 32bit - Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at - debian.org via bz#3396. + sudo is already run by it, and it breaks if root isn't in sudoers. + + OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9 -commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 -Author: Darren Tucker -Date: Fri Feb 25 19:47:48 2022 +1100 +commit 0d514659b23a257247491179cfbb53a6dd64e164 +Author: dtucker@openbsd.org +Date: Thu Mar 2 08:24:41 2023 +0000 - Improve handling of _getshort and _getlong. + upstream: Fix breakage on dhgex test. - If the system native ones are exactly as required then use them, - otherwise use the local versions mapped to another name to prevent - name collisions. + This was due to the sshd logs being written to the wrong log file. + While there, make save_debug_logs less verbose, write the name of the + tarball to regress.log and use $SUDO to remove the old symlinks (which + shouldn't be needed, but won't hurt). Initial problem spotted by anton@. + + OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b -commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b -Author: Darren Tucker -Date: Fri Feb 25 15:14:22 2022 +1100 +commit 860201201d4ae655702807966901682cff30a171 +Author: dtucker@openbsd.org +Date: Thu Mar 2 08:14:52 2023 +0000 - Constify utimes in compat library to match specs. + upstream: Quote grep and log message better. - Patch from vapier at chromium.org. + OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4 -commit 1b2920e3b63db2eddebeec7330ffe8b723055573 -Author: Darren Tucker -Date: Fri Feb 25 13:50:56 2022 +1100 +commit 03a03c6002525f5ad9c8fc874a5d5826a35d9858 +Author: dtucker@openbsd.org +Date: Thu Mar 2 06:41:56 2023 +0000 - ANSIfy getshort and getlong. + upstream: Always call fclose on checkpoints. - These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c - which made this change in 2005. + In the case of an fprintf failure we would not call fclose which would + leak the FILE pointer. While we're there, try to clean up the temp file + on failure. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef -commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 -Author: Darren Tucker -Date: Fri Feb 25 13:23:04 2022 +1100 +commit 13fe8f9785e6d90400ce548939a0b0ddc11fcb3c +Author: dtucker@openbsd.org +Date: Wed Mar 1 21:54:50 2023 +0000 - Use PICFLAG instead of hard coding -fPIC. + upstream: Remove old log symlinks + + before creating new ones. In -portable some platforms don't like + overwriting existing symlinks. + + OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f -commit 3016ba47035ac3561aabd48e2be70167fe157d6a +commit 131fcbcaffd1e3bcf5ab766ec497b5d768955310 Author: Darren Tucker -Date: Fri Feb 25 11:37:11 2022 +1100 +Date: Wed Mar 1 23:23:02 2023 +1100 - Add tests for latest releases of {Libre,Open}SSL. + Adjust test jobs for new log directory. -commit f107467179428a0e3ea9e4aa9738ac12ff02822d -Author: Colin Watson -Date: Thu Feb 24 16:04:18 2022 +0000 +commit a6f4ac8a2baf77e5361cfa017d0dc250d1409bec +Author: dtucker@openbsd.org +Date: Wed Mar 1 09:29:32 2023 +0000 - Improve detection of -fzero-call-used-regs=all support + upstream: Rework logging for the regression tests. - GCC doesn't tell us whether this option is supported unless it runs into - the situation where it would need to emit corresponding code. + Previously we would log to ssh.log and sshd.log, but that is insufficient + for tests that have more than one concurent ssh/sshd. + + Instead, we'll log to separate datestamped files in a $OBJ/log/ and + leave a symlink at the previous location pointing at the most recent + instance with an entry in regress.log showing which files were created + at each point. This should be sufficient to reconstruct what happened + even for tests that use multiple instances of each program. If the test + fails, tar up all of the logs for later analysis. + + This will let us also capture the output from some of the other tools + which was previously sent to /dev/null although most of those will be + in future commits. + + OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24 -commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 -Author: djm@openbsd.org -Date: Wed Feb 23 21:21:49 2022 +0000 +commit 8ead62ed5e86c7df597d8604f332f49cd1527b85 +Author: dtucker@openbsd.org +Date: Tue Feb 28 21:31:50 2023 +0000 - upstream: free(3) wants stdlib.h + upstream: fatal out if allocating banner string fails to avoid - OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a + potential null deref later in sscanf. Spotted by Coverity, ok deraadt@ + + OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5 -commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 -Author: djm@openbsd.org -Date: Wed Feb 23 21:21:16 2022 +0000 +commit 44ca56ba0b3f531f1d85730cc701097cd49e6868 +Author: dtucker@openbsd.org +Date: Tue Feb 28 08:45:24 2023 +0000 - upstream: put back the scp manpage changes for SFTP mode too + upstream: Explicitly ignore return from fchmod - OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 + similar to other calls to prevent warning. + + OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a -commit 449bcb8403adfb9724805d02a51aea76046de185 -Author: deraadt@openbsd.org -Date: Wed Feb 23 19:01:00 2022 +0000 +commit 803392933a3a6f09f834aa5f0c2aab06a3b382f4 +Author: dtucker@openbsd.org +Date: Mon Feb 27 22:12:40 2023 +0000 - upstream: and we go back to testing sftp-scp after the 8.9 + upstream: Plug mem leak on globbed ls error path. - release... + Spotted by Coverity, ok deraadt@ - OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c + OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c -commit 166456cedad3962b83b848b1e9caf80794831f0f -Author: Damien Miller -Date: Wed Feb 23 22:31:11 2022 +1100 +commit aa33b4d396abf47a2a45f982f28d054fb1dcb5c3 +Author: Darren Tucker +Date: Mon Feb 27 21:04:22 2023 +1100 - makedepend + Cast time_t's in debug output to long long. + + Should fix Coverity warning about truncation of 64bit time_t. -commit 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 -Author: djm@openbsd.org -Date: Wed Feb 23 11:18:13 2022 +0000 +commit b0fd60a9de62a03189ad57d0c07f0ac51dc00e95 +Author: Darren Tucker +Date: Mon Feb 27 17:28:59 2023 +1100 - upstream: avoid integer overflow of auth attempts (harmless, caught + Do shadow expiry calcs using "long long". - by monitor) - - OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 + Coverity flags these as potentially not 64bit time_t safe so use + long long for the calculations and debug output. ok djm@ -commit 6e0258c64c901753df695e06498b26f9f4812ea6 -Author: djm@openbsd.org -Date: Wed Feb 23 11:17:10 2022 +0000 +commit 01dbeb3084d714bbd001ff9d03b9de542e8cdf58 +Author: Damien Miller +Date: Mon Feb 27 17:07:52 2023 +1100 - upstream: randomise the password used in fakepw + avoid clash between for getopt's struct option - OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947 + Since we don't use getopt_long() nothing outside the getopt() + implementation itself uses this structure, so move it into the + source to remove it from visibility and clashes with libc's + + ok dtucker@ -commit bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 -Author: djm@openbsd.org -Date: Wed Feb 23 11:15:57 2022 +0000 +commit eb88d07c43afe407094e7d609248d85a15e148ef +Author: Darren Tucker +Date: Sat Feb 25 14:45:41 2023 +1100 - upstream: use asprintf to construct .rhosts paths + Revert explicit chmods on private keys. - OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b + This should no longer be needed on Cygwin test runners due to previous + commit. -commit c07e154fbdc7285e9ec54e78d8a31f7325d43537 -Author: djm@openbsd.org -Date: Wed Feb 23 11:07:09 2022 +0000 +commit 52b75db61030a6c8baf66b73644380cf3f58e26a +Author: Darren Tucker +Date: Sat Feb 25 14:43:28 2023 +1100 - upstream: openssh-8.9 + Remove extended ACLs from working dirs. - OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e + This should allow umask to work as expected and prevent tests from + failing due to excessive permissions on private keys. -commit bc16667b4a1c3cad7029304853c143a32ae04bd4 +commit 0c5d4c843df5605b043a758d69f9a611ef63c479 Author: Darren Tucker -Date: Tue Feb 22 15:29:22 2022 +1100 +Date: Fri Feb 24 13:44:13 2023 +1100 - Extend select+rlimit sanbox test to include poll. + Explicitly set permissions on user and host keys. - POSIX specifies that poll() shall fail if "nfds argument is greater - than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero - so this causes poll() to fail in the preauth privsep process. + On cygwin, the umask might not be sufficient. Should fix tests on + Github runners. + +commit 6c9fc9d7a9f7abf82c3294d74e6d4a25735862ce +Author: djm@openbsd.org +Date: Wed Feb 22 03:56:43 2023 +0000 + + upstream: fix progressmeter corruption on wide displays; bz3534 - This is likely the underlying cause for the previously observed similar - behaviour of select() on plaforms where it is implement in userspace on - top of poll(). + feedback/ok dtucker@ + + OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3 -commit 6520c488de95366be031d49287ed243620399e23 -Author: Darren Tucker -Date: Tue Feb 22 13:08:59 2022 +1100 +commit fe0bd3cde9665d364e5eedd2c2c2e60d4cdc3786 +Author: dtucker@openbsd.org +Date: Tue Feb 21 06:48:18 2023 +0000 - Add Alpine Linux test VM. + upstream: fseek to end of known_hosts before writing to it. + + POSIX and ANSI C require that applications call fseek or similar between + read and writing to a RW file. OpenBSD doesn't enforce this, but some + (System V derived) platforms need this to prevent it from writing a + spurious extra byte (in this case, a newline). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137 -commit a4b325a3fc82d11e0f5d61f62e7fde29415f7afb +commit 357fb8ae14c07cd025eeed66e73de91bab569849 Author: Darren Tucker -Date: Tue Feb 22 12:27:07 2022 +1100 +Date: Tue Feb 21 17:51:09 2023 +1100 - Include sys/param.h if present. + Also run unit tests on AIX VMs. - Needed for howmany() on MUSL systems such as Alpine. + In the past these tests took too long, but these days it only adds + about 5 min to the run. -commit 5a102e9cb287a43bd7dfe594b775a89a8e94697c +commit 17781aaa5188ee1477f7779b280d105512e3dbed Author: Darren Tucker -Date: Tue Feb 22 12:25:52 2022 +1100 +Date: Tue Feb 21 17:38:55 2023 +1100 - Only include sys/poll.h if we don't have poll.h. - - Prevents warnings on MUSL based systems such as Alpine. + Wrap stdint.h inside ifdef. -commit 7c0d4ce911d5c58b6166b2db754a4e91f352adf5 -Author: Damien Miller -Date: Tue Feb 22 11:14:51 2022 +1100 +commit ef798bad38505f7bf1b5fa5c0843dfc5a2b192b9 +Author: Mayank Sharma +Date: Mon Feb 20 17:37:15 2023 +0530 - disable agent-restrict test on minix3 - - Minix seems to have a platform-wide limit on the number of - select(2) syscalls that can be concurrently issued. This test - seems to exceed this limit. + Add includes to ptimeout test. - Refer to: - - https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114 - https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31 + Fixes test failures on AIX due to type mismatches. -commit 81d33d8e3cf7ea5ce3a5653c6102b623e019428a +commit ab69dda05d5268454209f529fa80f477e60d846a Author: Darren Tucker -Date: Mon Feb 21 21:27:20 2022 +1100 +Date: Mon Feb 20 18:24:39 2023 +1100 - Skip agent-getpeereid when running as root. + Always use the openssl binary configure tells us. + + This fixes tests on platforms that do not have the openssl tool + installed at all. -commit fbd772570a25436a33924d91c164d2b24021f010 +commit 2a7e3449908571af601a4c2d12ab140096442e47 Author: dtucker@openbsd.org -Date: Sun Feb 20 03:47:26 2022 +0000 +Date: Fri Feb 17 04:22:50 2023 +0000 - upstream: Aproximate realpath on the expected output by deduping + upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code - leading slashes. Fixes test failure when user's home dir is / which is - possible in some portable configurations. + to set this was removed in OpenSSH 7.7 when support for SSH implementations + dating back to before RFC standardization were removed. "burn it all" djm@ - OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63 + OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda -commit 336685d223a59f893faeedf0a562e053fd84058e -Author: Darren Tucker -Date: Sun Feb 20 13:30:52 2022 +1100 +commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 +Author: dtucker@openbsd.org +Date: Fri Feb 17 03:06:18 2023 +0000 - Really move DSA to end of list. + upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This - In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to - the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net. + was previously set for OpenSSH 2.3 (released in 2000) but this check was + removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af -commit 63bf4f49ed2fdf2da6f97136c9df0c8168546eb3 -Author: Darren Tucker -Date: Fri Feb 18 12:12:21 2022 +1100 +commit c81c2bea6e828d52b62b448b4ffdd3c163177975 +Author: Damien Miller +Date: Fri Feb 17 10:12:40 2023 +1100 - Add test configs for MUSL C library. + whitespace fixes -commit f7fc6a43f1173e8b2c38770bf6cee485a562d03b +commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 Author: Damien Miller -Date: Thu Feb 17 22:54:19 2022 +1100 +Date: Fri Feb 17 10:02:08 2023 +1100 - minix needs BROKEN_POLL too; chokes on /dev/null + whitespace at EOL -commit 667fec5d4fe4406745750a32f69b5d2e1a75e94b -Author: djm@openbsd.org -Date: Thu Feb 17 10:58:27 2022 +0000 +commit 68350152406339170721c15e97afdf827a5e4001 +Author: dtucker@openbsd.org +Date: Thu Feb 16 10:10:00 2023 +0000 - upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught + upstream: Remove SSH_BUG_PASSWORDPAD compat bit - by dtucker's minix3 vm :) ok dtucker@ + since it's no longer used. ok markus@ - OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361 + OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b -commit 41417dbda9fb55a0af49a8236e3ef9d50d862644 -Author: Darren Tucker -Date: Thu Feb 17 22:05:29 2022 +1100 - - Comment hurd test, the VM is currently broken. - -commit b2aee35a1f0dc798339b3fcf96136da71b7e3f6d -Author: Damien Miller -Date: Thu Feb 17 21:15:16 2022 +1100 +commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 +Author: dtucker@openbsd.org +Date: Thu Feb 16 07:55:15 2023 +0000 - find sk-dummy.so when build_dir != src_dir + upstream: Remove SSH_BUG_IGNOREMSG compat flag - spotted by Corinna Vinschen; feedback & ok dtucker@ + since it's only applicable to SSH1 and thus no longer used. ok markus@ + "kill it with fire" djm@ + + OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab -commit 62a2d4e50b2e89f2ef04576931895d5139a5d037 -Author: Damien Miller -Date: Wed Feb 16 16:26:17 2022 +1100 +commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 +Author: jmc@openbsd.org +Date: Fri Feb 10 06:41:53 2023 +0000 - update versions in preparation for 8.9 release + upstream: space between macro and punctuation; sort usage(); + + OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c -commit dd6d3dded721ac653ea73c017325e5bfeeec837f -Author: djm@openbsd.org -Date: Tue Feb 15 05:13:36 2022 +0000 +commit d39a96f70f81878c77336ed35f5c648c1804b71a +Author: jmc@openbsd.org +Date: Fri Feb 10 06:40:48 2023 +0000 - upstream: document the unbound/host-bound options to - - PubkeyAuthentication; spotted by HARUYAMA Seigo + upstream: space between macro and punctuation; - OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981 + OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e -commit df93529dd727fdf2fb290700cd4f1adb0c3c084b -Author: Darren Tucker -Date: Mon Feb 14 14:19:40 2022 +1100 +commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 +Author: jmc@openbsd.org +Date: Fri Feb 10 06:39:27 2023 +0000 - Test if sshd accidentally acquires controlling tty + upstream: sort SYNOPSIS; - When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour - in the STREAMS code before activating the workaround. ok djm@ + OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e -commit 766176cfdbfd7ec38bb6118dde6e4daa0df34888 +commit d9685121ff6d57b8797411f3cb123884a4b96e30 Author: Darren Tucker -Date: Sat Feb 12 10:24:56 2022 +1100 +Date: Sat Feb 11 12:32:19 2023 +1100 - Add cygwin-release test config. + Improve seccomp compat on older systems. - This tests the flags used to build the cygwin release binaries. + Check if flags to mmap and madvise are defined before using them. + Should fix problems building on older Linux systems that don't have + these. bz#3537, with & ok djm@. -commit b30698662b862f5397116d23688aac0764e0886e -Author: Darren Tucker -Date: Fri Feb 11 21:00:35 2022 +1100 +commit 6180b0fa4f7996687678702806257e661fd5931e +Author: djm@openbsd.org +Date: Fri Feb 10 05:06:03 2023 +0000 - Move SSHD_ACQUIRES_CTTY workaround into compat. + upstream: test -Ohashalg=... and that the default output contains both - On some (most? all?) SysV based systems with STREAMS based ptys, - sshd could acquire a controlling terminal during pty setup when - it pushed the "ptem" module, due to what is probably a bug in - the STREAMS driver that's old enough to vote. Because it was the - privileged sshd's controlling terminal, it was not available for - the user's session, which ended up without one. This is known to - affect at least Solaris <=10, derivatives such as OpenIndiana and - several other SysV systems. See bz#245 for the backstory. + specified hash algorithms; prompted by dtucker@ - In the we past worked around that by not calling setsid in the - privileged sshd child, which meant it was not a session or process - group leader. This solved controlling terminal problem because sshd - was not eligble to acquire one, but had other side effects such as - not cleaning up helper subprocesses in the SIGALRM handler since it - was not PG leader. Recent cleanups in the signal handler uncovered - this, resulting in the LoginGraceTime timer not cleaning up privsep - unprivileged processes. + OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 + +commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a +Author: djm@openbsd.org +Date: Fri Feb 10 04:56:30 2023 +0000 + + upstream: let ssh-keygen and ssh-keyscan accept - This change moves the workaround into the STREAMS pty allocation code, - by allocating a sacrificial pty to act as sshd's controlling terminal - before allocating user ptys, so those are still available for users' - sessions. + -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm + selection. bz3493 ok dtucker@ - On the down side: - - this will waste a pty per ssh connection on affected platforms. + OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d + +commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 +Author: djm@openbsd.org +Date: Fri Feb 10 04:47:19 2023 +0000 + + upstream: add a `sshd -G` option that parses and prints the - On the up side: - - it makes the process group behaviour consistent between platforms. + effective configuration without attempting to load private keys and perform + other checks. This allows usage of the option before keys have been + generated. - - it puts the workaround nearest the code that actually causes the - problem and competely out of the mainline code. + bz3460 feedback/ok dtucker@ - - the workaround is only activated if you use the STREAMS code. If, - say, Solaris 11 has the bug but also a working openpty() it doesn't - matter that we defined SSHD_ACQUIRES_CTTY. + OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 + +commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 +Author: djm@openbsd.org +Date: Fri Feb 10 04:40:28 2023 +0000 + + upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says - - the workaround is only activated when the fist pty is allocated, - ie in the post-auth privsep monitor. This means there's no risk - of fd leaks to the unprivileged processes, and there's no effect on - sessions that do not allocate a pty. + it should bz3532 - Based on analysis and work by djm@, ok djm@ + OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc -commit cd00b48cf10f3565936a418c1e6d7e48b5c36140 +commit d3b8d4198b6595f23b5859d43dc8fc701f97429b Author: Darren Tucker -Date: Fri Feb 11 20:09:32 2022 +1100 +Date: Fri Feb 10 14:26:44 2023 +1100 - Simplify handling of --with-ssl-dir. + Add CentOS 7 test targets. + +commit 22efb01e355bba4755b730ed417f91c081445bfc +Author: dtucker@openbsd.org +Date: Thu Feb 9 09:55:33 2023 +0000 + + upstream: Test adding terminating newline to known_hosts. - ok djm@ + OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 -commit ea13fc830fc0e0dce2459f1fab2ec5099f73bdf0 -Author: Darren Tucker -Date: Fri Feb 11 13:39:29 2022 +1100 +commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 +Author: dtucker@openbsd.org +Date: Wed Feb 8 08:06:03 2023 +0000 - Stop testing OpenBSD HEAD on 6.9 and 7.0. + upstream: ssh-agent doesn't actually take -v, - HEAD is not guaranteed to work on previous stable branches, and at the - moment is broken due to libfido API changes. + so the recently-added ones will result in the test not cleaning up + after itself. Patch from cjwatson at debian.org vi bz#3536. + + OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a -commit 50b9e4a4514697ffb9592200e722de6b427cb9ff +commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 Author: dtucker@openbsd.org -Date: Fri Feb 11 00:43:56 2022 +0000 +Date: Thu Feb 9 09:54:11 2023 +0000 - upstream: Always initialize delim before passing to hpdelim2 which + upstream: Ensure that there is a terminating newline when adding a new - might not set it. Found by the Valgrind tests on github, ok deraadt@ + entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ + markus@ - OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d + OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 -commit 6ee53064f476cf163acd5521da45b11b7c57321b +commit 95b6bbd2553547260b324b39d602061c88b774bc Author: Darren Tucker -Date: Fri Feb 11 10:03:06 2022 +1100 +Date: Tue Feb 7 08:43:47 2023 +1100 - Fix helper include path and remove excess code. + Replace 9.1 with 9.2 on CI status page. + +commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf +Author: Damien Miller +Date: Fri Feb 3 16:33:09 2023 +1100 + + harden Linux seccomp sandbox - Looks like test_hpdelim.c was imported twice into the same file. - Spotted by kevin.brott at gmail com and chris at cataclysmal org. + Linux mmap(2) and madvise(2) syscalls support quite a number of funky + flags that we don't expect that sshd/libc will ever need. We can + exclude this kernel attack surface by filtering the mmap(2) flags + and the madvise(2) advice arguments. + + Similarly, the sandboxed process in sshd is a single-threaded program + that does not use shared memory for synchronisation or communication. + Therefore, there should be no reason for the advanced priority + inheritance futex(2) operations to be necessary. These can also be + excluded. + + Motivated by Jann Horn pointing out that there have been kernel bugs + in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and + CVE-2022-42703. + + Feedback Jann Horn, ok dtucker@ -commit 9fa63a19f68bc87452d3cf5c577cafad2921b7a4 -Author: Darren Tucker -Date: Thu Feb 10 23:27:02 2022 +1100 +commit 6dfb65de949cdd0a5d198edee9a118f265924f33 +Author: Damien Miller +Date: Thu Feb 2 23:21:54 2023 +1100 - Put poll.h inside ifdef. + crank versions in RPM specs -commit 3ac00dfeb54b252c15dcbf1971582e9e3b946de6 -Author: Darren Tucker -Date: Thu Feb 10 22:17:31 2022 +1100 +commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 +Author: Damien Miller +Date: Thu Feb 2 23:21:45 2023 +1100 - We now support POLLPRI so actually define it. + update version in README -commit 25bd659cc72268f2858c5415740c442ee950049f -Author: dtucker@openbsd.org -Date: Sun Feb 6 22:58:33 2022 +0000 +commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 +Author: Damien Miller +Date: Thu Feb 2 23:17:49 2023 +1100 - upstream: Add test for empty hostname with port. + adapt compat_kex_proposal() test to portable + +commit 903c556b938fff2d7bff8da2cc460254430963c5 +Author: djm@openbsd.org +Date: Thu Feb 2 12:12:52 2023 +0000 + + upstream: test compat_kex_proposal(); by dtucker@ - OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3 + OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 -commit a29af853cff41c0635f0378c00fe91bf9c91dea4 +commit 405fba71962dec8409c0c962408e09049e5624b5 Author: dtucker@openbsd.org -Date: Fri Feb 4 07:53:44 2022 +0000 +Date: Thu Jan 19 07:53:45 2023 +0000 - upstream: Add unit tests for hpdelim. + upstream: Check if we can copy sshd or need to use sudo to do so - OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018 + during reexec test. Skip test if neither can work. Patch from anton@, tweaks + from me. + + OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d -commit 9699151b039ecc5fad9ac6c6c02e9afdbd26f15f +commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 Author: djm@openbsd.org -Date: Thu Feb 10 04:12:38 2022 +0000 +Date: Thu Feb 2 12:10:22 2023 +0000 - upstream: revert for imminent OpenSSH release, which wil ship with - - scp in RCP mode. - - > revision 1.106 - > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; - > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP - > protocol for copying. Let's get back to testing the SFTP protocol. - - This will be put back once the OpenSSH release is done. + upstream: openssh-9.2 - OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768 + OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 -commit 45279abceb37c3cbfac8ba36dde8b2c8cdd63d32 -Author: dtucker@openbsd.org -Date: Tue Feb 8 08:59:12 2022 +0000 +commit 12da7823336434a403f25c7cc0c2c6aed0737a35 +Author: djm@openbsd.org +Date: Thu Feb 2 12:10:05 2023 +0000 - upstream: Switch hpdelim interface to accept only ":" as delimiter. + upstream: fix double-free caused by compat_kex_proposal(); bz3522 - Historicallly, hpdelim accepted ":" or "/" as a port delimiter between - hosts (or addresses) and ports. These days most of the uses for "/" - are no longer accepted, so there are several places where it checks the - delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 - in the other cases. ok djm@ + by dtucker@, ok me - OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102 + OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 -commit a1bcbf04a7c2d81944141db7ecd0ba292d175a66 -Author: pedro martelletto -Date: Mon Feb 7 09:09:59 2022 +0100 +commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e +Author: Darren Tucker +Date: Wed Feb 1 17:17:26 2023 +1100 - fix typos in previous + Skip connection-timeout test on minix3. + + Minix 3's Unix domain sockets don't seem to work the way we expect, so + skip connection-timeout test on that platform. While there, group + together all similarly skipped tests and explicitly comment. -commit 56192518e329b39f063487bc2dc4d796f791eca0 +commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a Author: Damien Miller -Date: Mon Feb 7 12:53:47 2022 +1100 +Date: Wed Feb 1 12:12:05 2023 +1100 - compat code for fido_assert_set_clientdata() + fix libfido2 detection without pkg-config + + Place libfido2 before additional libraries (that it may depend upon) + and not after. bz3530 from James Zhang; ok dtucker@ -commit d6b5aa08fdcf9b527f8b8f932432941d5b76b7ab -Author: djm@openbsd.org -Date: Mon Feb 7 01:25:12 2022 +0000 +commit 358e300fed5e6def233a2c06326e51e20ebed621 +Author: deraadt@openbsd.org +Date: Wed Jan 18 20:56:36 2023 +0000 - upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead - - of manually hashing data outselves. Saves a fair bit of code and makes life - easier for some -portable platforms. + upstream: delete useless dependency - OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0 + OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad -commit 86cc93fd3c26b2e0c7663c6394995fb04ebfbf3b -Author: jsg@openbsd.org -Date: Sun Feb 6 00:29:03 2022 +0000 +commit a4cb9be1b021b511e281ee55c356f964487d9e82 +Author: deraadt@openbsd.org +Date: Wed Jan 18 20:43:15 2023 +0000 - upstream: remove please from manual pages ok jmc@ sthen@ millert@ + upstream: Create and install sshd random relink kit. - OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa + ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't + be too fragile, we'll see if we need a different approach. The resulting sshd + binary is tested with the new sshd -V option before installation. As the + binary layout is now semi-unknown (meaning relative, fixed, and gadget + offsets are not precisely known), change the filesystem permissions to 511 to + prevent what I call "logged in BROP". I have ideas for improving this further + but this is a first step ok djm + + OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 -commit ad16a84e64a8cf1c69c63de3fb9008320a37009c -Author: dtucker@openbsd.org -Date: Fri Feb 4 02:49:17 2022 +0000 +commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 +Author: jmc@openbsd.org +Date: Wed Jan 18 06:55:32 2023 +0000 - upstream: Since they are deprecated, move DSA to the end of the + upstream: tweak previous; ok djm - default list of public keys so that they will be tried last. From github - PR#295 from "ProBackup-nl", ok djm@ + OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 + +commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 +Author: Darren Tucker +Date: Tue Jan 31 19:35:44 2023 +1100 + + Skip connection-timeout test under Valgrind. - OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0 + Valgrind slows things down so much that the timeout test fails. Skip + this test until we figure out if we can make it work. -commit 253de42753de85dde266e061b6fec12ca6589f7d -Author: Damien Miller -Date: Wed Feb 2 16:52:07 2022 +1100 +commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f +Author: Darren Tucker +Date: Wed Jan 25 21:58:40 2023 +1100 - portable-specific string array constification + Skip connection-timeout when missing FD passing. - from Mike Frysinger + This tests uses multiplexing which uses file descriptor passing, so + skip it if we don't have that. Fixes test failures on Cygwin. -commit dfdcc2220cf359c492d5d34eb723370e8bd8a19e +commit 35253af01d8c0ab444c8377402121816e71c71f5 Author: djm@openbsd.org -Date: Tue Feb 1 23:37:15 2022 +0000 +Date: Wed Jan 18 02:00:10 2023 +0000 - upstream: test 'ssh-keygen -Y find-principals' with wildcard + upstream: when restoring non-blocking mode to stdio fds, restore - principals; from Fabian Stelzer + exactly the flags that ssh started with and don't just clobber them with + zero, as this could also remove the append flag from the set; - OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40 + bz3523; ok dtucker@ + + OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 -commit 968e508967ef42480cebad8cf3172465883baa77 -Author: dtucker@openbsd.org -Date: Fri Jan 21 02:54:41 2022 +0000 +commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 +Author: millert@openbsd.org +Date: Wed Jan 18 01:50:21 2023 +0000 - upstream: Enable all supported ciphers and macs in the server + upstream: Add a -V (version) option to sshd like the ssh client - before trying to benchmark them. Increase the data file size to get more - signal. + has. OK markus@ deraadt@ - OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6 + OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e -commit 15b7199a1fd37eff4c695e09d573f3db9f4274b7 -Author: djm@openbsd.org -Date: Tue Feb 1 23:34:47 2022 +0000 +commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 +Author: millert@openbsd.org +Date: Tue Jan 17 18:52:44 2023 +0000 - upstream: allow 'ssh-keygen -Y find-principals' to match wildcard + upstream: For "ssh -V" always exit 0, there is no need to check opt - principals in allowed_signers files; from Fabian Stelzer + again. This was missed when the fallthrough in the switch case above it was + removed. OK deraadt@ - OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098 + OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 -commit 541667fe6dc26d7881e55f0bb3a4baa6f3171645 +commit 12492c0abf1eb415d08a897cc1d8b9e789888230 Author: djm@openbsd.org -Date: Tue Feb 1 23:32:51 2022 +0000 +Date: Tue Jan 17 10:15:10 2023 +0000 - upstream: mark const string array contents const too, i.e. static + upstream: also check that an active session inhibits - const char *array => static const char * const array from Mike Frysinger + UnusedConnectionTimeout idea markus@ - OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1 + OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 -commit 8cfa73f8a2bde4c98773f33f974c650bdb40dd3c +commit cef2593c33ac46a58238ff998818754eabdf64ff Author: djm@openbsd.org -Date: Tue Feb 1 23:11:11 2022 +0000 +Date: Tue Jan 17 10:02:34 2023 +0000 - upstream: better match legacy scp behaviour: show un-expanded paths + upstream: regression test for UnusedConnectionTimeout - in error messages. Spotted by and ok tb@ - - OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7 + OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 -commit 4e62c13ab419b4b224c8bc6a761e91fcf048012d -Author: dtucker@openbsd.org -Date: Tue Feb 1 07:57:32 2022 +0000 +commit aff9493a89c71d6a080419b49ac64eead9730491 +Author: djm@openbsd.org +Date: Mon Jan 16 04:11:29 2023 +0000 - upstream: Remove explicit kill of privsep preauth child's PID in + upstream: unbreak test: cannot access shell positional parameters - SIGALRM handler. It's no longer needed since the child will get terminated by - the SIGTERM to the process group that cleans up any auth helpers, it - simplifies the signal handler and removes the risk of a race when updating - the PID. Based on analysis by HerrSpace in github PR#289, ok djm@ + past $9 without wrapping the position in braces (i.e. need ${10}, etc.) - OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663 + OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac -commit 2a7ccd2ec4022917b745af7186f514f365b7ebe9 -Author: guenther@openbsd.org -Date: Fri Jan 28 06:18:42 2022 +0000 +commit 0293c19807f83141cdf33b443154459f9ee471f6 +Author: djm@openbsd.org +Date: Tue Jan 17 09:44:48 2023 +0000 - upstream: When it's the possessive of 'it', it's spelled "its", + upstream: Add a sshd_config UnusedConnectionTimeout option to terminate - without the apostrophe. + client connections that have no open channels for some length of time. This + complements the recently-added ChannelTimeout option that terminates inactive + channels after a timeout. - OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7 + ok markus@ + + OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 -commit 8a0848cdd3b25c049332cd56034186b7853ae754 -Author: Alex James -Date: Sun Jan 30 16:13:36 2022 -0600 +commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab +Author: djm@openbsd.org +Date: Sun Jan 15 23:35:10 2023 +0000 - sandbox-seccomp-filter: allow gettid - - Some allocators (such as Scudo) use gettid while tracing allocations [1]. - Allow gettid in preauth to prevent sshd from crashing with Scudo. + upstream: adapt to ed25519 changes in src/usr.bin/ssh - [1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46 + OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 -commit b30d32159dc3c7052f4bfdf36357996c905af739 +commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b Author: djm@openbsd.org -Date: Sat Jan 22 00:49:34 2022 +0000 +Date: Sun Jan 15 23:05:32 2023 +0000 - upstream: add a ssh_packet_process_read() function that reads from - - a fd directly into the transport input buffer. + upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP - Use this in the client and server mainloops to avoid unnecessary - copying. It also lets us use a more greedy read size without penalty. - - Yields a 2-3% performance gain on cipher-speed.sh (in a fairly - unscientific test tbf) + (20221122) and change the import approach to the same one we use for + Streamlined NTRUPrime: use a shell script to extract the bits we need from + SUPERCOP, make some minor adjustments and squish them all into a single file. - feedback dtucker@ ok markus@ + ok tb@ tobhe@ - OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632 + OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b -commit a1a8efeaaa9cccb15cdc0a2bd7c347a149a3a7e3 -Author: djm@openbsd.org -Date: Sat Jan 22 00:45:31 2022 +0000 +commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 +Author: Darren Tucker +Date: Sat Jan 14 22:02:44 2023 +1100 - upstream: Use sshbuf_read() to read directly into the channel input - - buffer rather than into a stack buffer that needs to be copied again; - Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok - markus@ + Allow writev is seccomp sandbox. - OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572 + This seems to be used by recent glibcs at least in some configurations. + From bz#3512, ok djm@ -commit 29a76994e21623a1f84d68ebb9dc5a3c909fa3a7 -Author: Damien Miller -Date: Tue Jan 25 11:52:34 2022 +1100 +commit 923c3f437f439cfca238fba37e97a7041782f615 +Author: dtucker@openbsd.org +Date: Sat Jan 14 10:05:54 2023 +0000 - depend + upstream: Shell syntax fix. From ren mingshuai vi github PR#369. + + OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 -commit 754e0d5c7712296a7a3a83ace863812604c7bc4f -Author: djm@openbsd.org -Date: Sat Jan 22 00:43:43 2022 +0000 +commit 4d87a00f704e0365e11c3c38b170c1275ec461fc +Author: dtucker@openbsd.org +Date: Sat Jan 14 09:57:08 2023 +0000 - upstream: Add a sshbuf_read() that attempts to read(2) directly in + upstream: Instead of skipping the all-tokens test if we don't have - to a sshbuf; ok markus@ + OpenSSL (since we use it to compute the hash), put the hash at the end and + just omit it if we don't have it. Prompted by bz#3521. - OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b + OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea -commit c7964fb9829d9ae2ece8b51a76e4a02e8449338d -Author: djm@openbsd.org -Date: Fri Jan 21 07:04:19 2022 +0000 +commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb +Author: jmc@openbsd.org +Date: Fri Jan 13 07:13:40 2023 +0000 - upstream: add a helper for writing an error message to the - - stderr_buf and setting quit_pending; no functional change but saves a bunch - of boilerplate + upstream: fix double phrase in previous; - OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d + OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 -commit d23b4f7fdb1bd87e2cd7a9ae7c198ae99d347916 -Author: djm@openbsd.org -Date: Fri Jan 21 06:58:06 2022 +0000 +commit 40564812b659c530eb1f4b62d09e85612aef3107 +Author: dtucker@openbsd.org +Date: Fri Jan 13 03:16:29 2023 +0000 - upstream: correct comment and use local variable instead of long + upstream: Document "UserKnownHostsFile none". ok djm@ - indirection; spotted by dtucker@ - - OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965 + OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 -commit d069b020a02b6e3935080204ee44d233e8158ebb -Author: deraadt@openbsd.org -Date: Fri Jan 21 00:53:40 2022 +0000 +commit d03e245e034019a37388f6f5f893ce848ab6d2e2 +Author: Darren Tucker +Date: Fri Jan 13 23:02:34 2023 +1100 - upstream: When poll(2) returns -1, for some error conditions + Retry package installation 3 times. - pfd[].revents is not cleared. There are subtle errors in various programs. - In this particular case, the program should error out. ok djm millert - - OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c + When setting up the CI environment, retry package installation 3 times + before going up. Should help prevent spurious failures during + infrastructure issues. -commit e204b34337a965feb439826157c191919fd9ecf8 -Author: Damien Miller -Date: Sat Jan 22 11:38:21 2022 +1100 +commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 +Author: dtucker@openbsd.org +Date: Fri Jan 13 04:47:34 2023 +0000 - restore tty force-read hack + upstream: Move scp path setting to a helper function. The previous - This portable-specific hack fixes a hang on exit for ttyful sessions - on Linux and some SysVish Unix variants. It was accidentally disabled - in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion). + commit to add scp to the test sshd's path causes the t-envpass test to fail + when the test scp is given using a fully qualified path. Put this in a + helper function and only call it from the scp tests. - Spotted by John in bz3383 + OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 -commit 68085066b6bad43643b43f5957fcc5fd34782ccd -Author: Corinna Vinschen -Date: Fri Jan 21 03:22:56 2022 +1100 +commit 6e6f88647042b3cde54a628545c2f5fb656a9327 +Author: dtucker@openbsd.org +Date: Fri Jan 13 04:23:00 2023 +0000 - Fix signedness bug in Cygwin code + upstream: Add scp's path to test sshd's PATH. - The Cygwin-specific pattern match code has a bug. It checks - the size_t value returned by mbstowcs for being < 0. The right - thing to do is to check against (size_t) -1. Fix that. + If the scp we're testing is fully qualified (eg it's not in the system + PATH) then add its path to the under-test sshd's PATH so we can find + it. Prompted by bz#3518. - Signed-off-by: Corinna Vinschen + OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 -commit 2e5cfed513e84444483baf1d8b31c40072b05103 +commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 Author: Darren Tucker -Date: Thu Jan 20 13:26:27 2022 +1100 +Date: Fri Jan 13 15:49:48 2023 +1100 - Improve compatibility of early exit trap handling. + Remove skipping test when scp not in path. - Dash (as used by the github runners) has some differences in its trap - builtin: - - it doesn't have -p (which is fine, that's not in posix). - - it doesn't work in a subshell (which turns out to be in compliance - with posix, which means bash isn't). - - it doesn't work in a pipeline, ie "trap|cat" produces no output. - -commit 3fe6800b6027add478e648934cbb29d684e51943 -Author: Darren Tucker -Date: Thu Jan 20 00:49:57 2022 +1100 - - Move more tests out of valgrind-1 runner. + An upcoming change renders this obsolete by adding scp's path to the + test sshd's PATH, and removing this first will make the subsequent sync + easier. -commit 20da6ed136dd76e6a0b229ca3036ef9c7c7ef798 -Author: Darren Tucker -Date: Wed Jan 19 15:37:39 2022 +1100 +commit 41f36dd896c8fb8337d403fcf476762986976e9d +Author: dtucker@openbsd.org +Date: Fri Jan 13 02:58:20 2023 +0000 - Invoke EXIT handler early when using Valgrind. + upstream: Add a "Host" line to the output of ssh -G showing the - When using Valgrind, we need to wait for all invoked programs to - complete before checking their valgrind logs. Some tests, notably - agent-restrict, set an EXIT trap handler to clean up things like - ssh-agent, but those do not get invoked until test-exec.sh exits. - This causes the Valgrind wait to deadlock, so if present invoke - the EXIT handler before checking the Valgrind logs. - -commit ad2e0580c87b0714cf166bca9d926a95ddeee1c8 -Author: Darren Tucker -Date: Tue Jan 18 12:55:21 2022 +1100 - - Remove line leftover from upstream sync. + original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, + ok djm@ + + OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 -commit d1051c0f11a6b749027e26bbeb61b07df4b67e15 +commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e Author: djm@openbsd.org -Date: Mon Jan 17 22:56:04 2022 +0000 +Date: Fri Jan 13 02:44:02 2023 +0000 - upstream: when decompressing zlib compressed packets, use - - Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually - specified as a valid mode for inflate(). There should be no practical change - in behaviour as the compression side ensures a flush that should make all - data available to the receiver in all cases. + upstream: avoid printf("%s", NULL) if using ssh - repoted by lamm AT ibm.com via bz3372; ok markus + -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file + changes; ok dtucker@ - OpenBSD-Commit-ID: 67cfc1fa8261feae6d2cc0c554711c97867cc81b + OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 -commit d5981b1883746b1ae178a46229c26b53af99e37a +commit 93fc7c576563e3d88a1dc019dd213f65607784cc Author: djm@openbsd.org -Date: Mon Jan 17 21:41:04 2022 +0000 +Date: Wed Jan 11 05:39:38 2023 +0000 - upstream: make most of the sftp errors more idiomatic, following + upstream: clamp the minimum buffer lengths and number of inflight - the general form of "[local/remote] operation path: error message"; ok markus + requests too - OpenBSD-Commit-ID: 61364cd5f3a9fecaf8d63b4c38a42c0c91f8b571 + OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 -commit ac7c9ec894ed0825d04ef69c55babb49bab1d32e +commit 48bf234322e639d279c5a28435eae50155e9b514 Author: djm@openbsd.org -Date: Mon Jan 17 21:39:51 2022 +0000 +Date: Wed Jan 11 05:36:50 2023 +0000 - upstream: when transferring multiple files in SFTP mode, create the + upstream: ignore bogus upload/download buffer lengths in the limits - destination directory if it doesn't already exist to match olde-scp(1) - behaviour. noticed by deraadt@ ok markus@ + extension - OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407 + OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 -commit 39d17e189f8e72c34c722579d8d4e701fa5132da +commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 Author: djm@openbsd.org -Date: Fri Jan 14 03:43:48 2022 +0000 +Date: Wed Jan 11 02:13:52 2023 +0000 - upstream: allow pin-required FIDO keys to be added to ssh-agent(1). - - ssh-askpass will be used to request the PIN at authentication time. - - From Pedro Martelletto, ok djm + upstream: remove whitespace at EOL from code extracted from SUPERCOP - OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950 + OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 -commit 52423f64e13db2bdc31a51b32e999cb1bfcf1263 +commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 Author: djm@openbsd.org -Date: Fri Jan 14 03:35:10 2022 +0000 +Date: Wed Jan 11 00:51:27 2023 +0000 - upstream: ssh-sk: free a resident key's user id + upstream: rewrite this test to use a multiplexed ssh session so we can - From Pedro Martelletto; ok dtucker & me + control its lifecycle without risk of race conditions; fixes some of the + Github integration tests for openssh-portable - OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9 + OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 -commit 014e2f147a2788bfb3cc58d1b170dcf2bf2ee493 -Author: djm@openbsd.org -Date: Fri Jan 14 03:34:00 2022 +0000 +commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 +Author: Damien Miller +Date: Wed Jan 11 11:45:17 2023 +1100 - upstream: sshsk_load_resident: don't preallocate resp - - resp is allocated by client_converse(), at which point we lose - the original pointer. - - From Pedro Martelletto; ok dtucker & me + remove buffer len workaround for NetBSD 4.x - OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1 + Switching to from pipes to a socketpair for communicating with the + ssh process avoids the (kernel bug?) problem. -commit c88265f207dfe0e8bdbaf9f0eda63ed6b33781cf -Author: djm@openbsd.org -Date: Fri Jan 14 03:32:52 2022 +0000 +commit f5154d2aac3e6a32a1b13dec23a701a087850cdc +Author: Damien Miller +Date: Wed Jan 11 11:44:19 2023 +1100 - upstream: sshsk_sign: trim call to sshkey_fingerprint() - - the resulting fingerprint doesn't appear to be used for anything, - and we end up leaking it. - - from Pedro Martelletto; ok dtucker & me + add back use of pipes in scp.c under USE_PIPES - OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7 + This matches sftp.c which prefers socketpair but uses pipes on + some older platforms. -commit 1cd1b2eac39661b849d5a4b4b56363e22bb5f61e -Author: djm@openbsd.org -Date: Fri Jan 14 03:31:52 2022 +0000 +commit eec737b59cf13841de46134967a206607000acd4 +Author: millert@openbsd.org +Date: Tue Jan 10 23:22:15 2023 +0000 - upstream: use status error message to communicate ~user expansion + upstream: Switch scp from using pipes to a socketpair for - failures; provides better experience for scp in sftp mode, where ~user paths - are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & - markus + communication with it's ssh sub-processes. We no longer need to reserve two + descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is + handled by sanitise_stdfd() in main(). Based on an original diff from djm@. + OK deraadt@ djm@ - (forgot to include this file in previous commit) + OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d + +commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 +Author: jmc@openbsd.org +Date: Fri Jan 6 08:44:11 2023 +0000 + + upstream: tweak previous; ok djm - OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b + OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 -commit a1d42a6ce0398da3833bedf374ef2571af7fea50 +commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 Author: Damien Miller -Date: Fri Jan 14 13:49:32 2022 +1100 +Date: Mon Jan 9 16:33:56 2023 +1100 - fix edge case in poll(2) wrapper + try to improve logging for dynamic-forward test - Correct handling of select(2) exceptfds. These should only be consulted - for POLLPRI flagged pfds and not unconditionally converted to POLLERR. - - with and ok dtucker@ + previously the logs from the ssh used to exercise the forwarding + channel would clobber the logs from the ssh actually doing the + forwarding -commit 976b9588b4b5babcaceec4767a241c11a67a5ccb +commit 715bc25dcfccf9fb2bee820155fe071d01a618db Author: Darren Tucker -Date: Fri Jan 14 13:46:35 2022 +1100 +Date: Sat Jan 7 23:24:50 2023 +1100 - Wrap OpenSSL includes in unit tests in ifdef. + Skip dynamic-forward test on minix3. - Fixes unit test on systems that do not have OpenSSL headers installed. + This test relies on loopback addresses which minix does not have. + Previously the test would not run at all since it also doesn't have + netcat, but now we use our own netcat it tries and fails. -commit c171879374b2e8b07157503f5639ed0bce59ce89 -Author: Darren Tucker -Date: Thu Jan 13 15:53:33 2022 +1100 +commit dd1249bd5c45128a908395c61b26996a70f82205 +Author: Damien Miller +Date: Sun Jan 8 12:08:59 2023 +1100 - Remove sort wrapper. - - agent-restrict now takes care of this itself. + don't test IPv6 addresses if platform lacks support -commit 9cc2654403f1a686bb26c07a6ac790edf334cef5 +commit d77fc611a62f2dfee0b654c31a50a814b13310dd Author: dtucker@openbsd.org -Date: Thu Jan 13 04:53:16 2022 +0000 +Date: Fri Jan 6 12:33:33 2023 +0000 - upstream: Set LC_ALL in both local and remote shells so that sorted + upstream: When OpenSSL is not available, skip parts of percent test - output matches regardless of what the user's shell sets it to. ok djm@ + that require it. Based on github pr#368 from ren mingshuai. - OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f + OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 -commit 7a75f748cb2dd2f771bf70ea72698aa027996ab1 -Author: dtucker@openbsd.org -Date: Thu Jan 13 04:22:10 2022 +0000 +commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf +Author: Darren Tucker +Date: Sat Jan 7 23:01:11 2023 +1100 - upstream: Avoid %'s in commands (not used in OpenBSD, but used in - - -portable's Valgrind test) being interpretted as printf format strings. + Use our own netcat for dynamic-forward test. - OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043 + That way we can be surer about its behaviour rather than trying to + second-guess the behaviour of various netcat implementations. -commit 6c435bd4994d71442192001483a1cdb846e5ffcd +commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 Author: Darren Tucker -Date: Wed Jan 12 16:58:13 2022 +1100 +Date: Sat Jan 7 14:30:43 2023 +1100 - Stop on first test failure to minimize logs. + Use autoconf to find openssl binary. + + It's possible to install an OpenSSL in a path not in the system's + default library search path. OpenSSH can still use this (eg if you + specify an rpath) but the openssl binary there may not work. If one is + available on the system path just use that. -commit 4bc2ba6095620a4484b708ece12842afd8c7685b -Author: dtucker@openbsd.org -Date: Wed Jan 12 07:18:37 2022 +0000 +commit 5532e010a0eeb6aa264396514f9aed7948471538 +Author: Darren Tucker +Date: Sat Jan 7 10:34:18 2023 +1100 - upstream: Use egrep when searching for an anchored string. - - OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4 + Check openssl_bin path is executable before using. -commit 6bf2efa2679da1e8e60731f41677b2081dedae2c +commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 Author: Darren Tucker -Date: Wed Jan 12 18:25:06 2022 +1100 +Date: Fri Jan 6 23:19:07 2023 +1100 - Add "rev" command replacement if needed. + Set OPENSSL_BIN from OpenSSL directory. -commit 72bcd7993dadaf967bb3d8564ee31cbf38132b5d +commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 Author: dtucker@openbsd.org -Date: Wed Jan 12 03:30:32 2022 +0000 +Date: Fri Jan 6 08:50:33 2023 +0000 - upstream: Don't log NULL hostname in restricted agent code, - - printf("%s", NULL) is not safe on all platforms. with & ok djm + upstream: Save debug logs from ssh for debugging purposes. - OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02 + OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 -commit acabefe3f8fb58c867c99fed9bbf84dfa1771727 +commit e1ef172646f7f49c80807eea90225ef5e0be55a8 Author: djm@openbsd.org -Date: Tue Jan 11 22:33:16 2022 +0000 +Date: Fri Jan 6 08:07:39 2023 +0000 - upstream: remove hardcoded domain and use window.location.host, so this - - can be run anywhere + upstream: regression test for ChannelTimeout - OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92 + OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 -commit 96da0946e44f34adc0397eb7caa6ec35a3e79891 -Author: dtucker@openbsd.org -Date: Tue Jan 11 02:56:19 2022 +0000 +commit 2393ea8daf25853459eb07a528d7577688847777 +Author: djm@openbsd.org +Date: Fri Jan 6 07:18:18 2023 +0000 - upstream: "void" functions should not return anything. From Tim Rice + upstream: fix typo in verbose logging - via -portable. - - OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a + OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 -commit a882a09722c9f086c9edb65d0c4022fd965ec1ed +commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 Author: djm@openbsd.org -Date: Tue Jan 11 01:26:47 2022 +0000 +Date: Fri Jan 6 02:59:50 2023 +0000 - upstream: suppress "Connection to xxx closed" messages at LogLevel >= - - error bz3378; ok dtucker@ + upstream: unit tests for misc.c:ptimeout_* API - OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c + OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 -commit 61a1a6af22e17fc94999a5d1294f27346e6c4668 -Author: Damien Miller -Date: Wed Jan 12 08:57:49 2022 +1100 +commit 018d671d78145f03d6f07ae9d64d51321da70325 +Author: tb@openbsd.org +Date: Wed Jan 4 22:48:57 2023 +0000 - OS X poll(2) is broken; use compat replacement + upstream: Copy bytes from the_banana[] rather than banana() - Darwin's poll(2) implementation is broken. For character-special - devices like /dev/null, it returns POLLNVAL when polled with - POLLIN. + Fixes test failure due to segfault seen on arm64 with xonly snap. - Apparently this is Apple bug 3710161, which is AFAIK not public, - but a websearch will find other OSS projects rediscovering it - periodically since it was first identified in 2005 (!!) - -commit 613a6545fc5a9542753b503cbe5906538a640b60 -Author: Darren Tucker -Date: Tue Jan 11 20:56:01 2022 +1100 - - libhardended_malloc.so moved into out dir. - -commit 61761340be5e11046556623f8f5412b236cefa95 -Author: Tim Rice -Date: Mon Jan 10 11:07:04 2022 -0800 - - Make USL compilers happy - UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value - -commit 3ef403f351e80a59b6f7e9d43cb82c181855483c -Author: Darren Tucker -Date: Mon Jan 10 21:07:38 2022 +1100 - - Add wrapper for "sort" to set LC_ALL=C. + ok djm - Found by djm, this should make sorts stable and reduce test flakiness. + OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 -commit bd69e29f5716090181dbe0b8272eb7eab1a383bb -Author: dtucker@openbsd.org -Date: Sat Jan 8 07:55:26 2022 +0000 +commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 +Author: Damien Miller +Date: Fri Jan 6 19:13:36 2023 +1100 - upstream: Remove errant "set -x" left over from debugging. + unbreak scp on NetBSD 4.x - OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc - -commit 1a7c88e26fd673813dc5f61c4ac278564845e004 -Author: dtucker@openbsd.org -Date: Sat Jan 8 07:01:13 2022 +0000 - - upstream: Enable all supported hostkey algorithms (but no others). + e555d5cad5 effectively increased the default copy buffer size for SFTP + transfers. This caused NetBSD 4.x to hang during the "copy local file to + remote file in place" scp.sh regression test. - Allows hostbased test to pass when built without OpenSSL. + This puts back the original 32KB copy buffer size until we can properly + figure out why. - OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562 + lots of debugging assistance from dtucker@ -commit 12b457c2a42ff271e7967d9bedd068cebb048db9 +commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c Author: djm@openbsd.org -Date: Sat Jan 8 07:37:32 2022 +0000 +Date: Fri Jan 6 02:47:18 2023 +0000 - upstream: use status error message to communicate ~user expansion + upstream: Implement channel inactivity timeouts - failures; provides better experience for scp in sftp mode, where ~user paths - are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & - markus + This adds a sshd_config ChannelTimeouts directive that allows channels that + have not seen traffic in a configurable interval to be automatically closed. + Different timeouts may be applied to session, X11, agent and TCP forwarding + channels. - OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f - -commit 63670d4e9030bcee490d5a9cce561373ac5b3b23 -Author: djm@openbsd.org -Date: Sat Jan 8 07:36:11 2022 +0000 - - upstream: fix some corner-case bugs in scp sftp-mode handling of + Note: this only affects channels over an opened SSH connection and not + the connection itself. Most clients close the connection when their channels + go away, with a notable exception being ssh(1) in multiplexing mode. - ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus + ok markus dtucker - OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222 + OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 -commit e14940bbec57fc7d3ce0644dbefa35f5a8ec97d0 +commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 Author: djm@openbsd.org -Date: Sat Jan 8 07:34:57 2022 +0000 +Date: Fri Jan 6 02:42:34 2023 +0000 - upstream: more idiomatic error messages; spotted by jsg & deraadt + upstream: Add channel_set_xtype() - ok jsg & markus + This sets an "extended" channel type after channel creation (e.g. + "session:subsystem:sftp") that will be used for setting channel inactivity + timeouts. - OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8 + ok markus dtucker + + OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca -commit 9acddcd5918c623f7ebf454520ffe946a8f15e90 +commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18 Author: djm@openbsd.org -Date: Sat Jan 8 07:33:54 2022 +0000 +Date: Fri Jan 6 02:41:49 2023 +0000 - upstream: add a variant of send_status() that allows overriding the + upstream: tweak channel ctype names - default, generic error message. feedback/ok markus & jsg + These are now used by sshd_config:ChannelTimeouts to specify timeouts by + channel type, so force them all to use a similar format without whitespace. - OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f + ok dtucker markus + + OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 -commit 961411337719d4cd78f1ab33e4ac549f3fa22f50 +commit c60438158ad4b2f83d8504257aba1be7d0b0bb4b Author: djm@openbsd.org -Date: Sat Jan 8 07:32:45 2022 +0000 +Date: Fri Jan 6 02:39:59 2023 +0000 - upstream: refactor tilde_expand_filename() and make it handle ~user + upstream: Add channel_force_close() - paths with no trailing slash; feedback/ok markus and jsg + This will forcibly close an open channel by simulating read/write errors, + draining the IO buffers and calling the detach function. - OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d - -commit dc38236ab6827dec575064cac65c8e7035768773 -Author: dtucker@openbsd.org -Date: Thu Jan 6 22:14:25 2022 +0000 - - upstream: Don't explicitly set HostbasedAuthentication in + Previously the detach function was only ever called during channel garbage + collection, but there was no way to signal the user of a channel (e.g. + session.c) that its channel was being closed deliberately (vs. by the + usual state-machine logic). So this adds an extra "force" argument to the + channel cleanup callback to indicate this condition. - sshd_config. It defaults to "no", and not explicitly setting it allows us to - enable it for the (optional) hostbased test. + ok markus dtucker - OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c + OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b -commit e12d912ddf1c873cb72e5de9a197afbe0b6622d2 -Author: dtucker@openbsd.org -Date: Thu Jan 6 21:46:56 2022 +0000 +commit d478cdc7ad6edd4b1bcd1e86fb2f23194ff33d5a +Author: djm@openbsd.org +Date: Fri Jan 6 02:38:23 2023 +0000 - upstream: Add test for hostbased auth. It requires some external + upstream: replace manual poll/ppoll timeout math with ptimeout API - setup (see comments at the top) and thus is disabled unless - TEST_SSH_HOSTBASED_AUTH and SUDO are set. + feedback markus / ok markus dtucker - OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a - -commit a48533a8da6a0f4f05ecd055dc8048047e53569e -Author: Damien Miller -Date: Fri Jan 7 09:24:26 2022 +1100 - - depend + OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 -commit d9dbb5d9a0326e252d3c7bc13beb9c2434f59409 +commit 4adf3817a24efe99b06e62630577d683c7cd8065 Author: djm@openbsd.org -Date: Thu Jan 6 22:06:51 2022 +0000 +Date: Fri Jan 6 02:37:04 2023 +0000 - upstream: allow hostbased auth to select RSA keys when only + upstream: add ptimeout API for keeping track of poll/ppoll - RSA/SHA2 are configured (this is the default case); ok markus@ + timeouts; ok dtucker markus - OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827 + OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead -commit fdb1d58d0d3888b042e5a500f6ce524486aaf782 +commit 8c7c69d32375d2f3ce9da0109c9bffc560842316 Author: djm@openbsd.org -Date: Thu Jan 6 22:05:42 2022 +0000 +Date: Thu Jan 5 05:49:13 2023 +0000 - upstream: add a helper function to match a key type to a list of - - signature algorithms. RSA keys can make signatures with multiple algorithms, - so some special handling is required. ok markus@ + upstream: suppress "Connection closed" message when in quiet mode - OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff + OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f -commit 11e8c4309a5086a45fbbbc87d0af5323c6152914 +commit 845ceecea2ac311b0c267f9ecbd34862e1876fc6 Author: djm@openbsd.org -Date: Thu Jan 6 22:04:20 2022 +0000 +Date: Mon Jan 2 07:03:57 2023 +0000 - upstream: log some details on hostkeys that ssh loads for + upstream: regression test for PermitRemoteOpen - hostbased authn ok markus@ - - OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38 + OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c -commit c6706f661739514a34125aa3136532a958929510 +commit b3daa8dc582348d6ab8150bc1e571b7aa08c5388 Author: djm@openbsd.org -Date: Thu Jan 6 22:03:59 2022 +0000 +Date: Mon Jan 2 07:03:30 2023 +0000 - upstream: log signature algorithm during verification by monitor; + upstream: fix bug in PermitRemoteOpen which caused it to ignore its - ok markus + first argument unless it was one of the special keywords "any" or "none". - OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc + Reported by Georges Chaudy in bz3515; ok dtucker@ + + OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 -commit 8832402bd500d1661ccc80a476fd563335ef6cdc -Author: djm@openbsd.org -Date: Thu Jan 6 22:02:52 2022 +0000 +commit 0872663a7be0301bcc3d49acdbc9b740a3d972d4 +Author: jmc@openbsd.org +Date: Mon Dec 26 19:16:03 2022 +0000 - upstream: piece of UpdateHostkeys client strictification: when + upstream: spelling fixes; from paul tagliamonte amendments to his - updating known_hosts with new keys, ignore NULL keys (forgot to include in - prior commit) + diff are noted on tech - OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08 + OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a -commit c2d9ced1da0276961d86690b3bd7ebdaca7fdbf7 +commit 797da2812a71785b34890bb6eb44767a7d09cd34 Author: djm@openbsd.org -Date: Thu Jan 6 22:01:14 2022 +0000 +Date: Fri Dec 16 07:13:22 2022 +0000 - upstream: include rejected signature algorithm in error message + upstream: Mention that scp uses the SFTP protocol and remove - and not the (useless) key type; ok markus + reference to legacy flag. Spotted by, feedback and ok jmc@ - OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023 + OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 -commit 7aa7b096cf2bafe2777085abdeed5ce00581f641 +commit 93f2ce8c050a7a2a628646c00b40b9b53fef93ef Author: djm@openbsd.org -Date: Thu Jan 6 22:00:18 2022 +0000 +Date: Fri Dec 16 06:56:47 2022 +0000 - upstream: make ssh-keysign use the requested signature algorithm + upstream: Clear signal mask early in main(); sshd may have been - and not the default for the keytype. Part of unbreaking hostbased auth for - RSA/SHA2 keys. ok markus@ + started with one or more signals masked (sigprocmask(2) is not cleared + on fork/exec) and this could interfere with various things, e.g. the + login grace timer. - OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc - -commit 291721bc7c840d113a49518f3fca70e86248b8e8 -Author: djm@openbsd.org -Date: Thu Jan 6 21:57:28 2022 +0000 - - upstream: stricter UpdateHostkey signature verification logic on + Execution environments that fail to clear the signal mask before running + sshd are clearly broken, but apparently they do exist. - the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when - RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 + Reported by Sreedhar Balasubramanian; ok dtucker@ - ok markus@ + OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae + +commit 4acfaabfae41badb9d334a2ee88c5c6ad041c0d5 +Author: jmc@openbsd.org +Date: Fri Dec 16 06:52:48 2022 +0000 + + upstream: add -X to usage(); - OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29 + OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 -commit 0fa33683223c76289470a954404047bc762be84c +commit e555d5cad5afae7d5ef2bbc02ca591178fe16fed Author: djm@openbsd.org -Date: Thu Jan 6 21:55:23 2022 +0000 +Date: Fri Dec 16 03:40:03 2022 +0000 - upstream: Fix signature algorithm selection logic for + upstream: add a -X option to both scp(1) and sftp(1) to allow - UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 - for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 - signatures for RSA keys if the client proposed these algorithms in initial - KEX. bz3375 + control over some SFTP protocol knobs: the copy buffer length and + the number of inflight requests, both of which are used during + upload/download. - Mostly by Dmitry Belyavskiy with some tweaks by me. + Previously these could be controlled in sftp(1) using the -b/-R options. + This makes them available in both SFTP protocol clients using the same + option character sequence. - ok markus@ + ok dtucker@ - OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029 + OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c -commit 17877bc81db3846e6e7d4cfb124d966bb9c9296b -Author: djm@openbsd.org -Date: Thu Jan 6 21:48:38 2022 +0000 +commit 5a7a7acab2f466dc1d7467b5d05d35268c3137aa +Author: deraadt@openbsd.org +Date: Thu Dec 15 18:20:39 2022 +0000 - upstream: convert ssh, sshd mainloops from select() to poll(); + upstream: The idiomatic way of coping with signed char vs unsigned - feedback & ok deraadt@ and markus@ has been in snaps for a few months + char (which did not come from stdio read functions) in the presence of + ctype macros, is to always cast to (unsigned char). casting to (int) + for a "macro" which is documented to take int, is weird. And sadly wrong, + because of the sing extension risk.. same diff from florian - OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c + OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea -commit 5c79952dfe1aa36105c93b3f383ce9be04dee384 -Author: djm@openbsd.org -Date: Thu Jan 6 21:46:23 2022 +0000 +commit b0b58222c7cc62efd8212c4fb65a545f58ebb22d +Author: Darren Tucker +Date: Mon Dec 19 18:49:51 2022 +1100 - upstream: prepare for conversion of ssh, sshd mainloop from + Simply handling of SSH_CONNECTION PAM env var. - select() to poll() by moving FD_SET construction out of channel handlers into - separate functions. ok markus - - OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027 + Prompted by bz#3508: there's no need to cache the value of + sshpam_conninfo so remove the global. While there, add check of + return value from pam_putenv. ok djm@ -commit 24c5187edfef4651a625b7d5d692c8c7e794f71f -Author: djm@openbsd.org -Date: Wed Jan 5 21:54:37 2022 +0000 +commit ed8444572ae684fdb892f97bae342c6cb6456f04 +Author: Darren Tucker +Date: Mon Dec 19 18:42:34 2022 +1100 - upstream: add a comment so I don't make this mistake again - - OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e + Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. -commit 7369900441929058263a17f56aa67e05ff7ec628 -Author: djm@openbsd.org -Date: Wed Jan 5 21:50:00 2022 +0000 +commit abb9a8aaddfcacbd12641f6e4f203da0fa85a287 +Author: Darren Tucker +Date: Sun Dec 18 21:36:25 2022 +1100 - upstream: fix cut-and-pasto in error message - - OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198 + Use sudo when resetting perms on directories. -commit 294c11b1c7d56d3fb61e329603a782315ed70c62 -Author: djm@openbsd.org -Date: Wed Jan 5 08:25:05 2022 +0000 +commit 2f5664c5908d84697cbe91302d5d5c4d83cb2121 +Author: Darren Tucker +Date: Sun Dec 18 21:19:33 2022 +1100 - upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, - - not just RSA-SHA1 + Set group perms on regress dir. - OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8 + This ensures that the tests don't fail due to StrictMode checks. -commit 2ea1108c30e3edb6f872dfc1e6da10b041ddf2c0 -Author: djm@openbsd.org -Date: Wed Jan 5 04:56:15 2022 +0000 +commit 137196300fc1540affadde880210f02ba6cb4abf +Author: Darren Tucker +Date: Sun Dec 18 21:13:42 2022 +1100 - upstream: regress test both sshsig message hash algorithms, possible - - now because the algorithm is controllable via the CLI - - OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f + Fetch regress logs from obj dir. -commit 2327c306b5d4a2b7e71178e5a4d139af9902c2b0 -Author: djm@openbsd.org -Date: Wed Jan 5 04:50:11 2022 +0000 +commit 5f93c4836527d9fda05de8944a1c7b4a205080c7 +Author: Darren Tucker +Date: Tue Dec 13 20:59:54 2022 +1100 - upstream: allow selection of hash at sshsig signing time; code + obsdsnap test VMs runs-on libvirt too. + +commit 8386886fb1ab7fda73069fb0db1dbe0e5a52f758 +Author: Darren Tucker +Date: Tue Dec 13 20:55:37 2022 +1100 + + Run upstream obsdsnap tests on ephemeral runners. + +commit b6e01459b55ece85d7f296b2bc719d1841e1009e +Author: Darren Tucker +Date: Tue Dec 13 20:48:56 2022 +1100 + + Move obsdsnap test VMs to ephemeral runners. + +commit ea6fdf9a1aa71a411f7db218a986392c4fb55693 +Author: Damien Miller +Date: Fri Dec 9 18:00:21 2022 +1100 + + use calloc for allocating arc4random structs - already supported either sha512 (default) or sha256, but plumbing wasn't - there mostly by Linus Nordberg + ok dtucker + +commit 4403b62f5548e91389cb3339d26a9d0c4bb07b34 +Author: dtucker@openbsd.org +Date: Fri Dec 9 00:22:29 2022 +0000 + + upstream: Warn if no host keys for hostbased auth can be loaded. - OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd + OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 -commit 56e941d0a00d6d8bae88317717d5e1b7395c9529 -Author: djm@openbsd.org -Date: Wed Jan 5 04:27:54 2022 +0000 +commit a6183e25e3f1842e21999fe88bc40bb99b121dc3 +Author: dtucker@openbsd.org +Date: Fri Dec 9 00:17:40 2022 +0000 - upstream: add missing -O option to usage() for ssh-keygen -Y sign; + upstream: Add server debugging for hostbased auth. - from Linus Nordberg + auth_debug_add queues messages about the auth process which is sent to + the client after successful authentication. This also sends those to + the server debug log to aid in debugging. From bz#3507, ok djm@ - OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0 + OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a -commit 141a14ec9b0924709c98df2dd8013bde5d8d12c7 -Author: djm@openbsd.org -Date: Wed Jan 5 04:27:01 2022 +0000 +commit b85c3581c16aaf6e83b9a797c80705a56b1f312e +Author: cheloha@openbsd.org +Date: Sun Dec 4 23:50:49 2022 +0000 - upstream: move sig_process_opts() to before sig_sign(); no + upstream: remove '?' from getopt(3) loops - functional code change + userspace: remove vestigial '?' cases from top-level getopt(3) loops - OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9 + getopt(3) returns '?' when it encounters a flag not present in the in + the optstring or if a flag is missing its option argument. We can + handle this case with the "default" failure case with no loss of + legibility. Hence, remove all the redundant "case '?':" lines. + + Prompted by dlg@. With help from dlg@ and millert@. + + Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 + + ok naddy@ millert@ dlg@ + + OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e -commit 37a14249ec993599a9051731e4fb0ac5e976aec1 -Author: djm@openbsd.org -Date: Wed Jan 5 04:10:39 2022 +0000 +commit 9a067e8d28a2249fd73f004961e30c113ee85e5d +Author: dtucker@openbsd.org +Date: Wed Dec 7 11:45:43 2022 +0000 - upstream: regression test for find-principals NULL deref; from Fabian - - Stelzer + upstream: Fix comment typo. - OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5 + OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 -commit eb1f042142fdaba93f6c9560cf6c91ae25f6884a -Author: djm@openbsd.org -Date: Wed Jan 5 04:02:42 2022 +0000 +commit ce3c3e78ce45d68a82c7c8dc89895f297a67f225 +Author: Darren Tucker +Date: Wed Dec 7 18:58:25 2022 +1100 - upstream: NULL deref when using find-principals when matching an + Add SANDBOX_DEBUG to the kitchensink test build. + +commit bc234605fa3eb10f56bf0d74c8ecb0d91ada9d05 +Author: Damien Miller +Date: Wed Dec 7 18:38:25 2022 +1100 + + disable SANDBOX_SECCOMP_FILTER_DEBUG - allowed_signers line that contains a namespace restriction, but no - restriction specified on the command-line; report and fix from Fabian Stelzer + It was mistakenly enabled in 2580916e4872 - OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145 + Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net -commit 8f3b18030579f395eca2181da31a5f945af12a59 +commit b087c5cfa011b27992e01589314fec830266f99d +Author: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue Nov 29 15:12:54 2022 -0500 + + Update autotools + + Regenerate config files using latest autotools + +commit d63f5494978a185c7421d492b9c2f6f05bb54138 +Author: Darren Tucker +Date: Tue Dec 6 12:22:36 2022 +1100 + + Fix typo in comment. Spotted by tim@ + +commit 73dcca12115aa12ed0d123b914d473c384e52651 Author: dtucker@openbsd.org -Date: Tue Jan 4 08:38:53 2022 +0000 +Date: Sun Dec 4 11:03:11 2022 +0000 - upstream: Log command invocation while debugging. + upstream: Remove duplicate includes. - This will aid in manually reproducing failing commands. + Patch from AtariDreams via github PR#364. - OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a + OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea -commit bbf285164df535f0d38c36237f007551bbdae27f -Author: Darren Tucker -Date: Sun Dec 26 10:31:15 2021 +1100 +commit 3cec15543010bc8d6997d896b1717a650afb7e92 +Author: djm@openbsd.org +Date: Fri Dec 2 04:40:27 2022 +0000 - Always save config.h as build artifact. + upstream: make struct sshbuf private - Should allow better comparison between failing and succeeding test - platforms. + and remove an unused field; ok dtucker + + OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 -commit 03bd4ed0db699687c5cd83405d26f81d2dc28d22 +commit 5796bf8ca9535f9fa7d01829a540d2550e05c860 Author: Darren Tucker -Date: Sat Dec 25 16:42:51 2021 +1100 +Date: Fri Dec 2 11:43:36 2022 +1100 - Add OpenBSD 7.0 target. Retire 6.8. + Restore ssh-agent permissions on exit. + + ...enough that subsequent builds can overwrite ssh-agent if necessary. -commit c45a752f0de611afd87755c2887c8a24816d08ee -Author: jsg@openbsd.org -Date: Sat Jan 1 05:55:06 2022 +0000 +commit ccf5a13868cbb4659107458cac1e017c98abcbda +Author: dtucker@openbsd.org +Date: Thu Dec 1 02:22:13 2022 +0000 - upstream: spelling + upstream: Clean up ssh-add and ssh-agent logs. - OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62 + OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c -commit c672f83a89a756564db0d3af9934ba0e1cf8fa3e -Author: djm@openbsd.org -Date: Tue Jan 4 07:20:33 2022 +0000 +commit 7a8b40cf6a5eda80173140cc6750a6db8412fa87 +Author: dtucker@openbsd.org +Date: Thu Dec 1 02:19:29 2022 +0000 - upstream: unbreak test: was picking up system ssh-add instead of the + upstream: Log output of ssh-agent and ssh-add - one supposedly being tested. Spotted by dtucker and using his VM zoo (which - includes some systems old enough to lack ed25519 key support) + This should make debugging easier. - OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5 + OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 -commit a23698c3082ffe661abed14b020eac9b0c25eb9f -Author: djm@openbsd.org -Date: Sat Jan 1 04:18:06 2022 +0000 +commit 4a1805d532616233dd6072e5cd273b96dd3062e6 +Author: dtucker@openbsd.org +Date: Tue Nov 29 22:41:14 2022 +0000 - upstream: fix memleak in process_extension(); oss-fuzz issue #42719 + upstream: Add void to client_repledge args to fix compiler warning. ok djm@ - OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e + OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 -commit cb885178f36b83d0f14cfe9f345d2068103feed0 -Author: jsg@openbsd.org -Date: Sat Jan 1 01:55:30 2022 +0000 +commit 815c4704930aa449edf6e812e99d69e9ffd31f01 +Author: djm@openbsd.org +Date: Mon Nov 28 01:38:22 2022 +0000 - upstream: spelling ok dtucker@ + upstream: tighten pledge(2) after session establishment - OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19 + feedback, ok & testing in snaps deraadt@ + + OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 -commit 6b977f8080a32c5b3cbb9edb634b9d5789fb79be +commit f7cebbbf407d772ed71403d314343766782fe540 Author: djm@openbsd.org -Date: Sun Dec 26 23:34:41 2021 +0000 +Date: Mon Nov 28 01:37:36 2022 +0000 - upstream: split method list search functionality from - - authmethod_lookup() into a separate authmethod_byname(), for cases where we - don't need to check whether a method is enabled, etc. + upstream: New EnableEscapeCommandline ssh_config(5) option - use this to fix the "none" authentication method regression reported - by Nam Nguyen via bugs@ + This option (default "no") controls whether the ~C escape is available. + Turning it off by default means we will soon be able to use a stricter + default pledge(2) in the client. - ok deraadt@ + feedback deraadt@ dtucker@; tested in snaps for a while - OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17 + OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a -commit 0074aa2c8d605ee7587279a22cdad4270b4ddd07 -Author: jmc@openbsd.org -Date: Wed Dec 22 06:56:41 2021 +0000 +commit d323f7ecf52e3d4ec1f4939bf31693e02f891dca +Author: mbuhl@openbsd.org +Date: Fri Nov 18 19:47:40 2022 +0000 - upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text; + upstream: In channel_request_remote_forwarding the parameters for - ok djm + permission_set_add are leaked as they are also duplicated in the call. Found + by CodeChecker. ok djm - OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965 + OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e -commit 1c9853a68b2319f2e5f929179735e8fbb9988a67 +commit 62cc33e6eed847aafdc29e34aa69e9bd82a0ee16 Author: Darren Tucker -Date: Wed Dec 22 19:33:10 2021 +1100 +Date: Wed Nov 30 11:23:11 2022 +1100 - Use SHA.*_HMAC_BLOCK_SIZE if needed. + Use -fzero-call-used-regs=used on clang 15. - If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH - but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter. - Should fix --without-openssl build on Solaris. + clang 15 seems to have a problem with -fzero-call-used-reg=all which + causes spurious "incorrect signature" failures with ED25519. On those + versions, use -fzero-call-used-regs=used instead. (We may add exceptions + later if specific versions prove to be OK). Also move the GCC version + check to match. + + Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround + suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ -commit 715c892f0a5295b391ae92c26ef4d6a86ea96e8e -Author: Damien Miller -Date: Wed Dec 22 09:02:50 2021 +1100 +commit f84b9cffd52c9c5c359a54a1929f9948e803ab1d +Author: Darren Tucker +Date: Mon Nov 28 21:09:28 2022 +1100 - remove sys/param.h in -portable, after upstream + Skip unit tests on slow riscv64 hardware. -commit 7a7c69d8b4022b1e5c0afb169c416af8ce70f3e8 -Author: Damien Miller -Date: Mon Dec 20 13:05:20 2021 +1100 +commit 9f2747e0bed3faca92679eae69aef10c95dc82f5 +Author: Darren Tucker +Date: Sun Nov 27 15:26:22 2022 +1100 - add agent-restrict.sh file, missed in last commit + Rework how selfhosted tests interact with runners. + + Previously there was one runner per test target (mostly VMs). This had + a few limitations: + - multiple tests that ran on the same target (eg multiple build + configs) were serialized on availability or that runner. + - it needed manual balancing of VMs over host machines. + + To address this, make VMs that use ephemeral disks (ie most of them) + all use a pool of runners with the "libvirt" label. This requires that + we distinguish between "host" and "target" for those. Native runners + and VMs with persistent disks (eg the constantly-updated snapshot ones) + specify the same host and target. + + This should improve test throughput. -commit f539136ca51a4976644db5d0be8158cc1914c72a -Author: djm@openbsd.org -Date: Sun Dec 19 22:20:12 2021 +0000 +commit d664ddaec87bdc7385be8ef7f1337793e1679d48 +Author: Darren Tucker +Date: Sun Nov 27 12:19:37 2022 +1100 - upstream: regression test for destination restrictions in ssh-agent + Run vmstartup from temp dir. - OpenBSD-Regress-ID: 3c799d91e736b1753b4a42d80c42fc40de5ad33d + This will allow us to create ephemeral disk images per-runner. -commit 6e4980eb8ef94c04874a79dd380c3f568e8416d6 -Author: anton@openbsd.org -Date: Sat Dec 18 06:53:59 2021 +0000 +commit 0fa16e952b1fc1c4cf65e3dd138b0e87003e2e45 +Author: Darren Tucker +Date: Sun Nov 27 12:14:00 2022 +1100 - upstream: Make use of ntests variable, pointed out by clang 13. + Make "config" in matrix singular and pass in env. - OpenBSD-Regress-ID: 4241a3d21bdfa1630ed429b6d4fee51038d1be72 + This will allow the startup scripts to adapt their behaviour based on + the type and config. -commit 3eead8158393b697f663ec4301e3c7b6f24580b1 -Author: deraadt@openbsd.org -Date: Tue Dec 14 21:25:27 2021 +0000 +commit e8857043af54809187be1e8b06749db61112899f +Author: Darren Tucker +Date: Sun Nov 27 11:42:22 2022 +1100 - upstream: sys/param.h cleanup, mostly using MINIMUM() and - - ok dtucker - - OpenBSD-Regress-ID: 172a4c45d3bcf92fa6cdf6c4b9db3f1b3abe4db0 + Add "libvirt" label to dfly30. -commit 266678e19eb0e86fdf865b431b6e172e7a95bf48 -Author: djm@openbsd.org -Date: Sun Dec 19 22:15:42 2021 +0000 +commit 9775473d84902dc37753686cd10ae71fbe67efda +Author: Darren Tucker +Date: Sun Nov 27 09:28:20 2022 +1100 - upstream: document host-bound publickey authentication + Rename "os" in matrix to "target". - OpenBSD-Commit-ID: ea6ed91779a81f06d961e30ecc49316b3d71961b + This is in preparation to distinguish this from the host that the runner + runs on in case where they are separate (eg VMs). -commit 3d00024b3b156aa9bbd05d105f1deb9cb088f6f7 -Author: djm@openbsd.org -Date: Sun Dec 19 22:15:21 2021 +0000 +commit 04fd00ceff39f4544ced6f5342060abe584835d0 +Author: Darren Tucker +Date: Sun Nov 27 09:23:04 2022 +1100 - upstream: document agent protocol extensions + Remove unused self-hosted test targets. + +commit c9d9fcad2a11c1cd1550a541f44091d65f0b5584 +Author: Darren Tucker +Date: Sun Nov 27 09:16:15 2022 +1100 + + Remove explicit "default" test config argument. - OpenBSD-Commit-ID: 09e8bb391bbaf24c409b75a4af44e0cac65405a7 + Not specifying the test config implicitly selects default args. -commit c385abf76511451bcba78568167b1cd9e90587d5 -Author: djm@openbsd.org -Date: Sun Dec 19 22:14:47 2021 +0000 +commit 15a01cf15f396f87c6d221c5a6af98331c818962 +Author: Darren Tucker +Date: Wed Nov 23 13:18:54 2022 +1100 - upstream: PubkeyAuthentication=yes|no|unbound|host-bound + Add fallback for old platforms w/out MAP_ANON. + +commit 6b9bbbfe8b26db6e9a30a7e08c223e85421aed98 +Author: Darren Tucker +Date: Wed Nov 23 13:09:11 2022 +1100 + + If we haven't found it yet, recheck for sys/stat.h. - Allow control over which pubkey methods are used. Added out of - concern that some hardware devices may have difficulty signing - the longer pubkey authentication challenges. This provides a - way for them to disable the extension. It's also handy for - testing. + On some very old platforms, sys/stat.h needs sys/types.h, however + autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the + opposite order, which in combination with modern autoconf's + "present but cannot be compiled" behaviour causes it to not be + detected. + +commit 8926956f22639132a9f2433fcd25224e01b900f5 +Author: Darren Tucker +Date: Fri Nov 11 11:25:37 2022 +1100 + + Add dfly62 test target. + +commit 650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8 +Author: dtucker@openbsd.org +Date: Thu Nov 10 23:03:10 2022 +0000 + + upstream: Handle dynamic remote port forwarding in escape commandline's - feedback / ok markus@ + -R processing. bz#3499, ok djm@ - OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a + OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 -commit 34b1e9cc7654f41cd4c5b1cc290b999dcf6579bb -Author: djm@openbsd.org -Date: Sun Dec 19 22:14:12 2021 +0000 +commit 5372db7e7985ba2c00f20fdff8942145ca99e033 +Author: Darren Tucker +Date: Thu Nov 10 12:44:51 2022 +1100 - upstream: document destination-constrained keys + Remove seed passing over reexec. - feedback / ok markus@ + This was added for the benefit of platforms using ssh-rand-helper to + prevent a delay on each connection as sshd reseeded itself. - OpenBSD-Commit-ID: cd8c526c77268f6d91c06adbee66b014d22d672e + ssh-random-helper is long gone, and since the re-exec happens before the + chroot the re-execed sshd can reseed itself normally. ok djm@ -commit a6d7677c4abcfba268053e5867f2acabe3aa371b -Author: djm@openbsd.org -Date: Sun Dec 19 22:13:55 2021 +0000 +commit ca98d3f8c64cfc51af81e1b01c36a919d5947ec2 +Author: Darren Tucker +Date: Wed Nov 9 20:59:20 2022 +1100 - upstream: Use hostkey parsed from hostbound userauth request - - Require host-bound userauth requests for forwarded SSH connections. + Skip reexec test on OpenSSL 1.1.1 specifically. - The hostkey parsed from the host-bound userauth request is now checked - against the most recently bound session ID / hostkey on the agent socket - and the signature refused if they do not match. + OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip + that test. See bz#3483 for details. + +commit 5ec4ebc2548e5f7f1b55b2a5cef5b67bdca8146f +Author: dtucker@openbsd.org +Date: Wed Nov 9 09:04:12 2022 +0000 + + upstream: Fix typo in fatal error message. - ok markus@ + Patch from vapier at chromium.org. - OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02 + OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf -commit baaff0ff4357cc5a079621ba6e2d7e247b765061 -Author: djm@openbsd.org -Date: Sun Dec 19 22:13:33 2021 +0000 +commit e6abafe9a6d809422d3432b95b3f9747b0acaa71 +Author: dtucker@openbsd.org +Date: Wed Nov 9 09:01:52 2022 +0000 - upstream: agent support for parsing hostkey-bound signatures + upstream: Remove errant colon and simplify format - Allow parse_userauth_request() to work with blobs from - publickey-hostbound-v00@openssh.com userauth attempts. + string in error messages. Patch from vapier at chromium.org. - Extract hostkey from these blobs. + OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 + +commit db2027a687516f87c3fb141e87154bb3d8a7807c +Author: djm@openbsd.org +Date: Wed Nov 9 01:37:44 2022 +0000 + + upstream: rename client_global_hostkeys_private_confirm() to - ok markus@ + client_global_hostkeys_prove_confirm(), as it handles the + "hostkeys-prove00@openssh.com" message; no functional change - OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8 + OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d -commit 3e16365a79cdeb2d758cf1da6051b1c5266ceed7 +commit 1c2be7c2004cf1abcd172fee9fe3eab57cd4c426 Author: djm@openbsd.org -Date: Sun Dec 19 22:13:12 2021 +0000 +Date: Wed Nov 9 00:15:59 2022 +0000 - upstream: EXT_INFO negotiation of hostbound pubkey auth + upstream: typo in comment - the EXT_INFO packet gets a new publickey-hostbound@openssh.com to - advertise the hostbound public key method. + OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a + +commit cf1a9852d7fc93e4abc4168aed09529a57427cdc +Author: Darren Tucker +Date: Wed Nov 9 09:23:47 2022 +1100 + + Defer seed_rng until after closefrom call. - Client side support to parse this feature flag and set the kex->flags - indicator if the expected version is offered (currently "0"). + seed_rng will initialize OpenSSL, and some engine providers (eg Intel's + QAT) will open descriptors for their own use. bz#3483, patch from + joel.d.schuetze at intel.com, ok djm@ + +commit dffa64480163fbf76af7e4fb62c26bb0dd6642aa +Author: Darren Tucker +Date: Wed Nov 9 08:27:47 2022 +1100 + + Fix comment text. From emaste at freebsd.org. + +commit d9df5689c29823ab830ec4f54c83c6cc3c0077ad +Author: Pierre Ossman +Date: Wed Jul 6 13:52:10 2022 +0200 + + Avoid assuming layout of fd_set - ok markus@ + POSIX doesn't specify the internal layout of the fd_set object, so let's + not assume it is just a bit mask. This increases compatibility with + systems that have a different layout. - OpenBSD-Commit-ID: 4cdb2ca5017ec1ed7a9d33bda95c1d6a97b583b0 + The assumption is also worthless as we already refuse to use file + descriptors over FD_SETSIZE anyway. Meaning that the default size of + fd_set is quite sufficient. -commit 94ae0c6f0e35903b695e033bf4beacea1d376bb1 -Author: djm@openbsd.org -Date: Sun Dec 19 22:12:54 2021 +0000 +commit 419aa8a312e8d8f491933ca3d5933e602cb05aae +Author: Darren Tucker +Date: Tue Nov 8 12:42:52 2022 +1100 - upstream: client side of host-bound pubkey authentication + Shutdown any VM before trying to check out repo. - Add kex->flags member to enable the publickey-hostbound-v00@openssh.com - authentication method. + In the case where the previous run did not clean up, the checkout will + fail as it'll leave a stale mount. + +commit a32c07cbb78f65d8527642b96474a83b413f8108 +Author: Darren Tucker +Date: Tue Nov 8 11:33:25 2022 +1100 + + Run vm startup and shutdown from runner temp dir. - Use the new hostbound method in client if the kex->flags flag was set, - and include the inital KEX hostkey in the userauth request. + Should work even if the github workspace dir is on a stale sshfs mount. + +commit 2b40a7dfcdb8e616155b9504145aa52b271455aa +Author: Darren Tucker +Date: Tue Nov 8 11:03:31 2022 +1100 + + Add valrind-5 test here too. + +commit 2ea03d1f6d0a05ee2b63ed2dc0f2d54f1e4655a1 +Author: Darren Tucker +Date: Tue Nov 8 09:21:10 2022 +1100 + + Update checkout and upload actions. - Note: nothing in kex.c actually sets the new flag yet + Update actions/checkout and actions/upload-artifact to main branch for + compatibility with node.js v16. + +commit 4e316ff0f18a118232bb9ac6512ee62773a9e8ea +Author: Darren Tucker +Date: Tue Nov 8 09:17:04 2022 +1100 + + Split out rekey test since it runs the longest. + +commit 21625a6424258a92a96a3bb73ae6aabc5ed8a6b4 +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:09:28 2022 +0000 + + upstream: The IdentityFile option in ssh_config can also be used to - ok markus@ + specify a public key file, as documented in ssh.1 for the -i option. Document + this also for IdentityFile in ssh_config.5, for documentation completeness. + From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ - OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d + OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b -commit 288fd0218dbfdcb05d9fbd1885904bed9b6d42e6 -Author: djm@openbsd.org -Date: Sun Dec 19 22:12:30 2021 +0000 +commit 747691604d3325ed2b62bad85b6fd8563ad32f6c +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:05:38 2022 +0000 - upstream: sshd side of hostbound public key auth + upstream: Remove some set but otherwise unused variables, spotted - This is identical to the standard "publickey" method, but it also includes - the initial server hostkey in the message signed by the client. + in -portable by clang 16's -Wunused-but-set-variable. ok djm@ - feedback / ok markus@ - - OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862 + OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 -commit dbb339f015c33d63484261d140c84ad875a9e548 -Author: djm@openbsd.org -Date: Sun Dec 19 22:12:07 2021 +0000 +commit 1d78d25653805aefc7a8dd9d86cd7359ada3823c +Author: dtucker@openbsd.org +Date: Mon Nov 7 10:02:59 2022 +0000 - upstream: prepare for multiple names for authmethods - - allow authentication methods to have one additional name beyond their - primary name. - - allow lookup by this synonym - - Use primary name for authentication decisions, e.g. for - PermitRootLogin=publickey + upstream: Check for and disallow MaxStartups values less than or - Pass actual invoked name to the authmethods, so they can tell whether they - were requested via the their primary name or synonym. - - ok markus@ + equal to zero during config parsing, rather than faling later at runtime. + bz#3489, ok djm@ - OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559 + OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b -commit 39f00dcf44915f20684160f0a88d3ef8a3278351 +commit a00f59a645072e5f5a8d207af15916a7b23e2642 Author: djm@openbsd.org -Date: Sun Dec 19 22:11:39 2021 +0000 +Date: Mon Nov 7 04:04:40 2022 +0000 - upstream: ssh-agent side of destination constraints + upstream: fix parsing of hex cert expiry time; was checking whether the - Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com - constraints and to apply them to keys. - - Check constraints against the hostkeys recorded for a SocketEntry when - attempting a signature, adding, listing or deleting keys. Note that - the "delete all keys" request will remove constrained keys regardless of - location. + start time began with "0x", not the expiry time. - feedback Jann Horn & markus@ - ok markus@ + from Ed Maste - OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319 + OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 -commit ce943912df812c573a33d00bf9e5435b7fcca3f7 -Author: djm@openbsd.org -Date: Sun Dec 19 22:11:06 2021 +0000 +commit f58acaf8c7315483f4ac87d46a1aa2142a713cd8 +Author: Darren Tucker +Date: Mon Nov 7 15:10:59 2022 +1100 - upstream: ssh-add side of destination constraints - - Have ssh-add accept a list of "destination constraints" that allow - restricting where keys may be used in conjunction with a ssh-agent/ssh - that supports session ID/hostkey binding. - - Constraints are specified as either "[user@]host-pattern" or - "host-pattern>[user@]host-pattern". - - The first form permits a key to be used to authenticate as the - specified user to the specified host. - - The second form permits a key that has previously been permitted - for use at a host to be available via a forwarded agent to an - additional host. - - For example, constraining a key with "user1@host_a" and - "host_a>host_b". Would permit authentication as "user1" at - "host_a", and allow the key to be available on an agent forwarded - to "host_a" only for authentication to "host_b". The key would not - be visible on agent forwarded to other hosts or usable for - authentication there. - - Internally, destination constraints use host keys to identify hosts. - The host patterns are used to obtain lists of host keys for that - destination that are communicated to the agent. The user/hostkeys are - encoded using a new restrict-destination-v00@openssh.com key - constraint. - - host keys are looked up in the default client user/system known_hosts - files. It is possible to override this set on the command-line. - - feedback Jann Horn & markus@ - ok markus@ - - OpenBSD-Commit-ID: 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 + Fix merge conflict. -commit 5e950d765727ee0b20fc3d2cbb0c790b21ac2425 -Author: djm@openbsd.org -Date: Sun Dec 19 22:10:24 2021 +0000 +commit 162e5741020a8d996c0c12b988b118e71ed728e6 +Author: Darren Tucker +Date: Mon Nov 7 15:04:33 2022 +1100 - upstream: ssh-add side of destination constraints - - Have ssh-add accept a list of "destination constraints" that allow - restricting where keys may be used in conjunction with a ssh-agent/ssh - that supports session ID/hostkey binding. - - Constraints are specified as either "[user@]host-pattern" or - "host-pattern>[user@]host-pattern". - - The first form permits a key to be used to authenticate as the - specified user to the specified host. - - The second form permits a key that has previously been permitted - for use at a host to be available via a forwarded agent to an - additional host. - - For example, constraining a key with "user1@host_a" and - "host_a>host_b". Would permit authentication as "user1" at - "host_a", and allow the key to be available on an agent forwarded - to "host_a" only for authentication to "host_b". The key would not - be visible on agent forwarded to other hosts or usable for - authentication there. + Branch-specific links for master status badges. + +commit e4b7c12ab24579312aa3ed38ce7041a439ec2d56 +Author: Darren Tucker +Date: Mon Nov 7 14:46:38 2022 +1100 + + Add CIFuzz status badge. + +commit b496b9f831acd1e5bcd875e26e797488beef494a +Author: Darren Tucker +Date: Mon Nov 7 14:45:16 2022 +1100 + + Do not run CIFuzz on selfhosted tree. - Internally, destination constraints use host keys to identify hosts. - The host patterns are used to obtain lists of host keys for that - destination that are communicated to the agent. The user/hostkeys are - encoded using a new restrict-destination-v00@openssh.com key - constraint. + We already run it on the regular tree, no need to double up. + +commit 2138b1c4ddb300129a41a5104627b0d561184c7b +Author: Darren Tucker +Date: Mon Nov 7 14:41:58 2022 +1100 + + Whitespace change to trigger CIFuzz workflow. + +commit 4670b97ef87c7b0f21283c9b07c7191be88dda05 +Author: Darren Tucker +Date: Mon Nov 7 14:34:04 2022 +1100 + + Run cifuzz workflow on the actions as regular CI. + +commit 79391e66ce851ace1baf3c6a35e83a23f08ec2ba +Author: David Korczynski +Date: Tue Nov 30 11:45:20 2021 +0000 + + Add CIFuzz integration + +commit c1893364a0be243270014d7d34362a8101d55112 +Author: dtucker@openbsd.org +Date: Mon Nov 7 02:21:22 2022 +0000 + + upstream: Import regenerated moduli. - host keys are looked up in the default client user/system known_hosts - files. It is possible to override this set on the command-line. + OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f + +commit 5c3f18fb994ef27e685b205ee2351851b80fdbd1 +Author: dtucker@openbsd.org +Date: Mon Nov 7 01:53:01 2022 +0000 + + upstream: Fix typo. From pablomh via -portable github PR#344. - feedback Jann Horn & markus@ - ok markus@ + OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 + +commit e1c6fcc142066417c9832e634463faa3dd5d116c +Author: Darren Tucker +Date: Mon Nov 7 12:46:58 2022 +1100 + + Link to branch-specific queries for V_9_1 status. + +commit 4f4a5fad6d8892c3f8ee9cd81ec7de6458210c9f +Author: Darren Tucker +Date: Sun Nov 6 10:55:59 2022 +1100 + + Use "prohibit-password" in -portable comments. - OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e + "without-password" is the deprecated alias for "prohibit-password", + so we should reference the latter. From emaste at freebsd.org. -commit 4c1e3ce85e183a9d0c955c88589fed18e4d6a058 -Author: djm@openbsd.org -Date: Sun Dec 19 22:09:23 2021 +0000 +commit 0f7e1eba55259ec037f515000b4c4afbf446230a +Author: Darren Tucker +Date: Sun Nov 6 10:50:01 2022 +1100 - upstream: ssh-agent side of binding + Fix tracing disable on FreeBSD. - record session ID/hostkey/forwarding status for each active socket. + Some versions of FreeBSD do not support using id 0 to refer to the + current pid for procctl, so pass getpid() explicitly. From + emaste at freebsd.org. + +commit 32fddb982fd61b11a2f218a115975a87ab126d43 +Author: Darren Tucker +Date: Mon Nov 7 10:39:01 2022 +1100 + + Fix setres*id checks to work with clang-16. - Attempt to parse data-to-be-signed at signature request time and extract - session ID from the blob if it is a pubkey userauth request. + glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, + and clang 16 will error out on implicit function definitions, so add + _GNU_SOURCE and the required headers to the configure checks. From + sam at @gentoo.org via bz#3497. + +commit 12af712d116f42164bcfa56db901d06e4fa27199 +Author: Sam James +Date: Sun Nov 6 04:52:38 2022 +0000 + + configure.ac: Fix -Wstrict-prototypes - ok markus@ + Clang 16 now warns on this and it'll be removed in C23, so let's + just be future proof. It also reduces noise when doing general + Clang 16 porting work (which is a big job as it is). github PR#355. - OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318 + Signed-off-by: Sam James -commit e9497ecf73f3c16667288bce48d4e3d7e746fea1 -Author: djm@openbsd.org -Date: Sun Dec 19 22:08:48 2021 +0000 +commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5 +Author: Sam James +Date: Sun Nov 6 04:47:35 2022 +0000 - upstream: ssh client side of binding + configure.ac: Add include for openpty - send session ID, hostkey, signature and a flag indicating whether the - agent connection is being forwarded to ssh agent each time a connection - is opened via a new "session-bind@openssh.com" agent extension. + Another Clang 16ish fix (which makes -Wimplicit-function-declaration + an error by default). github PR#355. - ok markus@ + See: 2efd71da49b9cfeab7987058cf5919e473ff466b + See: be197635329feb839865fdc738e34e24afd1fca8 + +commit 6b17e128879ec6cc32ca2c28b5d894b4aa72e32d +Author: Rochdi Nassah +Date: Fri Oct 28 01:26:31 2022 +0100 + + Fix broken zlib link. + +commit 99500df246ccb736ddbdd04160dcc82165d81a77 +Author: Darren Tucker +Date: Fri Nov 4 16:59:26 2022 +1100 + + Don't run openbsd-compat tests on Cygwin. - OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135 + Add "compat-tests" to the default TEST_TARGET so we can override as + necessary. Override TEST_TARGET for Cygwin as the tests don't currently + compile there. -commit b42c61d6840d16ef392ed0f365e8c000734669aa +commit 3cae9f92a31897409666aa1e6f696f779759332b Author: djm@openbsd.org -Date: Sun Dec 19 22:08:06 2021 +0000 +Date: Thu Nov 3 21:59:20 2022 +0000 - upstream: Record session ID, host key and sig at intital KEX - - These will be used later for agent session ID / hostkey binding + upstream: replace recently-added valid_domain() check for hostnames - ok markus@ + going to known_hosts with a more relaxed check for bad characters; previous + commit broke address literals. Reported by/feedback from florian@ - OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe + OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 -commit 26ca33d186473d58a32d812e19273ce078b6ffff -Author: djm@openbsd.org -Date: Tue Dec 7 22:06:45 2021 +0000 +commit 9655217231c9056200bea7ae2dffcc9c0c3eb265 +Author: Darren Tucker +Date: Thu Nov 3 23:07:50 2022 +1100 - upstream: better error message for FIDO keys when we can't match + Rerun tests on changes to Makefile.in in any dir. + +commit 3500f0405a3ab16b59a26f3508c4257a3fc3bce6 +Author: Darren Tucker +Date: Thu Nov 3 23:04:08 2022 +1100 + + Link libssh into compat tests. - them to a token + The cygwin compat code uses xmalloc, so add libssh.a so pick up that. + +commit ec59effcf65b8a4c85d47ff5a271123259dd0ab8 +Author: Darren Tucker +Date: Thu Nov 3 21:44:23 2022 +1100 + + Fix compat regress to work with non-GNU make. + +commit 73550a218e7dfbbd599534cbf856309bc924f6fd +Author: Darren Tucker +Date: Thu Nov 3 13:41:16 2022 +1100 + + Increase selfhosted job timeout. - OpenBSD-Commit-ID: 58255c2a1980088f4ed144db67d879ada2607650 + The default job timeout of 360 (6h) is not enough to complete the + regress tests for some of the slow VMs depending on the load on the host. + Increase to 600 (10h). -commit adb0ea006d7668190f0c42aafe3a2864d352e34a +commit db97d8d0b90c6ce52b94b153d6f8f5f7d3b11777 Author: Darren Tucker -Date: Wed Dec 15 10:50:33 2021 +1100 +Date: Thu Nov 3 10:00:43 2022 +1100 - Correct value for IPTOS_DSCP_LE. + Only run opensslver tests if built with OpenSSL. + +commit ba053709638dff2f6603df0c1f340352261d63ea +Author: Darren Tucker +Date: Wed Nov 2 14:16:04 2022 +1100 + + Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. + +commit edd24101c7e17d1a8f6576e1aaf62233b47ad6f5 +Author: Darren Tucker +Date: Thu Nov 3 08:17:39 2022 +1100 + + Run compat regress tests too. + +commit fe88d67e7599b0bc73f6e4524add28d743e7f977 +Author: Darren Tucker +Date: Thu Nov 3 08:14:05 2022 +1100 + + Compat tests need libcrypto. - It needs to allow for the preceeding two ECN bits. From daisuke.higashi - at gmail.com via OpenSSH bz#3373, ok claudio@, job@, djm@. + This was moved to CHANNELLIBS during the libs refactor. Spotted by + rapier at psc.edu. -commit 3dafd3fe220bd9046f11fcf5191a79ec8800819f +commit 96b519726b7944eee3c23a54eee3d5c031ba1533 Author: Darren Tucker -Date: Fri Dec 10 11:57:30 2021 +1100 +Date: Thu Nov 3 04:24:39 2022 +1100 - Increase timeout for test step. + Include time.h when defining timegm. + + Fixes build on some platforms eg recent AIX. -commit 5aefb05cd5b843e975b191d6ebb7ddf8de35c112 +commit da6038bd5cd55eb212eb2aec1fc8ae79bbf76156 Author: Darren Tucker -Date: Fri Dec 10 10:27:27 2021 +1100 +Date: Tue Nov 1 19:10:30 2022 +1100 - Update the list of tests that don't work on Minix. + Always use compat getentropy. - While there, remove CC (configure will now find clang) and make the test - list easier to update via cut and paste. + Have it call native getentropy and fall back as required. Should fix + issues of platforms where libc has getentropy but it is not implemented + in the kernel. Based on github PR#354 from simsergey. -commit 1c09bb1b2e207d091cec299c49416c23d24a1b31 +commit 5ebe18cab6be3247b44c807ac145164010465b82 Author: Darren Tucker -Date: Fri Dec 10 10:12:57 2021 +1100 +Date: Wed Nov 2 10:51:48 2022 +1100 - Add minix host tuple. + Check for sockaddr_in.sin_len. - Define SETEUID_BREAKS_SETUID for it which should make privsep work. + If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan + tests on platforms with this (eg old NetBSD). -commit a2188579032cf080213a78255373263466cb90cc -Author: jsg@openbsd.org -Date: Sun Dec 5 12:28:27 2021 +0000 +commit a1febadf426536612c2734168d409147c392e7cf +Author: dtucker@openbsd.org +Date: Sun Oct 30 18:42:07 2022 +0000 - upstream: fix unintended sizeof pointer in debug path ok markus@ + upstream: Use variable for diff options - OpenBSD-Commit-ID: b9c0481ffc0cd801e0840e342e6a282a85aac93c + instead of unconditionally specifying "-rN". This will make life easier + in -portable where not all diff's understand -N. + + OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 -commit da40355234068c82f1a36196f2d18dd2d81aaafd -Author: naddy@openbsd.org -Date: Sat Dec 4 00:05:39 2021 +0000 +commit f6d3ed9a8a9280cbb68d6a499850cfe810e92bd0 +Author: Darren Tucker +Date: Mon Oct 31 05:13:02 2022 +1100 - upstream: RSA/SHA-1 is not used by default anymore on the server + OpenSSL dev branch is 302 not 320. - OpenBSD-Commit-ID: 64abef6cfc3e53088225f6b8a1dcd86d52dc8353 + While there, also accept 301 which it shat it was previously. -commit e9c71498a083a8b502aa831ea931ce294228eda0 +commit 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 Author: djm@openbsd.org -Date: Thu Dec 2 23:45:36 2021 +0000 +Date: Fri Oct 28 02:47:04 2022 +0000 - upstream: hash full host:port when asked to hash output, fixes hashes + upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak - for non- default ports. bz3367 ok dtucker@ + OPENSSL=no builds - OpenBSD-Commit-ID: 096021cc847da7318ac408742f2d0813ebe9aa73 + OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e -commit b5601202145a03106012c22cb8980bcac2949f0b +commit 1192588546c29ceec10775125f396555ea71850f Author: djm@openbsd.org -Date: Thu Dec 2 23:23:13 2021 +0000 +Date: Fri Oct 28 02:29:34 2022 +0000 - upstream: improve the testing of credentials against inserted FIDO + upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. - keys a little more: ask the token whether a particular key belongs to it in - cases where the token support on-token user- verification (e.g. biometrics) - rather than just assuming that it will accept it. + ssh-keyscan 192.168.0.0/24 - Will reduce spurious "Confirm user presence" notifications for key - handles that relate to FIDO keys that are not currently inserted in at - least some cases. + If a CIDR range is passed, then it will be expanded to all possible + addresses in the range including the all-0s and all-1s addresses. - Motivated by bz3366; by Pedro Martelletto + bz#976 feedback/ok markus@ - OpenBSD-Commit-ID: ffac7f3215842397800e1ae2e20229671a55a63d + OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b -commit ca709e27c41c90f4565b17282c48dca7756e083c +commit 64af4209309461c79c39eda2d13f9d77816c6398 +Author: Damien Miller +Date: Fri Oct 28 12:54:35 2022 +1100 + + fix merge botch + +commit 27267642699342412964aa785b98afd69d952c88 Author: djm@openbsd.org -Date: Thu Dec 2 22:40:05 2021 +0000 +Date: Fri Oct 28 00:44:44 2022 +0000 - upstream: move check_sk_options() up so we can use it earlier + upstream: refactor sshkey_private_deserialize - OpenBSD-Commit-ID: 67fe98ba1c846d22035279782c4664c1865763b4 + feedback/ok markus@ + + OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f -commit b711bc01a7ec76bb6a285730990cbce9b8ca5773 -Author: dtucker@openbsd.org -Date: Thu Dec 2 22:35:05 2021 +0000 +commit 2519a7077a9332f70935e5242ba91ee670ed6b87 +Author: djm@openbsd.org +Date: Fri Oct 28 00:44:17 2022 +0000 - upstream: ssh-rsa is no longer in the default for + upstream: refactor sshkey_private_serialize_opt() - PubkeyAcceptedAlgorithms. + feedback/ok markus@ - OpenBSD-Commit-ID: 34a9e1bc30966fdcc922934ae00f09f2596cd73c + OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd -commit dc91ceea33cd4a9f05be953e8d8062f732db5c8a +commit 11a768adf98371fe4e43f3b06014024c033385d5 Author: djm@openbsd.org -Date: Thu Dec 2 02:44:44 2021 +0000 +Date: Fri Oct 28 00:43:30 2022 +0000 - upstream: don't put the tty into raw mode when SessionType=none, avoids + upstream: refactor certify - ^c being unable to kill such a session. bz3360; ok dtucker@ + feedback/ok markus@ - OpenBSD-Commit-ID: 83960c433052303b643b4c380ae2f799ac896f65 + OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 -commit e6e7d2654a13ba10141da7b42ea683ea4eeb1f38 -Author: Damien Miller -Date: Mon Nov 29 14:11:03 2021 +1100 +commit 3fbc58bb249d967cc43ebdc554f6781bb73d4a58 +Author: djm@openbsd.org +Date: Fri Oct 28 00:43:08 2022 +0000 - previous commit broke bcrypt_pbkdf() + upstream: refactor sshkey_sign() and sshkey_verify() - Accidentally reverted part of the conversion to use SHA512 from SUPERCOP - instead of OpenBSD-style libc SHA512. - -commit c0459588b8d00b73e506c6095958ecfe62a4a7ba -Author: Darren Tucker -Date: Mon Nov 29 14:03:19 2021 +1100 - - Fix typo in Neils' name. + feedback/ok markus@ + + OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc -commit 158bf854e2a22cf09064305f4a4e442670562685 -Author: Damien Miller -Date: Mon Nov 29 12:30:22 2021 +1100 +commit a1deb6cdbbe6afaab74ecb08fcb62db5739267be +Author: djm@openbsd.org +Date: Fri Oct 28 00:41:52 2022 +0000 - sync bcrypt-related files with OpenBSD + upstream: refactor sshkey_from_blob_internal() - The main change is that Niels Provos kindly agreed to rescind the - BSD license advertising clause, shifting them to the 3-term BSD - license. + feedback/ok markus@ - This was the last thing in OpenSSH that used the advertising clause. + OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 -commit e8976d92a42883ff6b8991438f07df60c2c0d82d -Author: Damien Miller -Date: Mon Nov 29 12:29:29 2021 +1100 +commit 7d00799c935271ce89300494c5677190779f6453 +Author: djm@openbsd.org +Date: Fri Oct 28 00:41:17 2022 +0000 - depend + upstream: refactor sshkey_from_private() + + feedback/ok markus@ + + OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 -commit 8249afeec013e557fe7491a72ca3285de03e25b1 +commit 262647c2e920492ca57f1b9320d74f4a0f6e482b Author: djm@openbsd.org -Date: Sun Nov 28 07:21:26 2021 +0000 +Date: Fri Oct 28 00:39:29 2022 +0000 - upstream: sshsig: return "key not found" when searching empty files + upstream: factor out key generation - rather than "internal error" + feedback/ok markus@ - OpenBSD-Commit-ID: e2ccae554c78d7a7cd33fc5d217f35be7e2507ed + OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb -commit 9e3227d4dbb5ad9c9091b4c14982cab4bba87b4d +commit 401c74e7dc15eab60540653d2f94d9306a927bab Author: djm@openbsd.org -Date: Sun Nov 28 07:15:10 2021 +0000 +Date: Fri Oct 28 00:38:58 2022 +0000 - upstream: ssh-keygen -Y match-principals doesn't accept any -O + upstream: refactor and simplify sshkey_read() - options at present, so don't say otherwise in SYNOPSIS; spotted jmc@ + feedback/ok markus@ - OpenBSD-Commit-ID: 9cc43a18f4091010741930b48b3db2f2e4f1d35c + OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 -commit 56db1f4a4cf5039fc3b42e84c4b16291fdff32b1 +commit 591fed94e66a016acf87f4b7cd416ce812f2abe8 Author: djm@openbsd.org -Date: Sun Nov 28 07:14:29 2021 +0000 +Date: Fri Oct 28 00:37:24 2022 +0000 - upstream: fix indenting in last commit + upstream: factor out public key serialization - OpenBSD-Commit-ID: 8b9ba989815d0dec1fdf5427a4a4b58eb9cac4d2 + feedback/ok markus@ + + OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 -commit 50bea24a9a9bdebad327c76e700def3261f5694e +commit 1e78844ae2b2dc01ba735d5ae740904c57e13685 Author: djm@openbsd.org -Date: Sun Nov 28 07:10:18 2021 +0000 +Date: Fri Oct 28 00:36:31 2022 +0000 - upstream: missing initialisation for oerrno + upstream: factor out sshkey_equal_public() - OpenBSD-Commit-ID: 05d646bba238080259bec821c831a6f0b48d2a95 + feedback/ok markus@ + + OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 -commit 5a0f4619041d09cd29f3a08da41db5040372bdd1 -Author: Darren Tucker -Date: Sun Nov 28 15:31:37 2021 +1100 +commit 25de1c01a8b9a2c8ab9b1da22444a03e89c982de +Author: djm@openbsd.org +Date: Fri Oct 28 00:35:40 2022 +0000 - Correct ifdef to activate poll() only if needed. + upstream: begin big refactor of sshkey + + Move keytype data and some of the type-specific code (allocation, + cleanup, etc) out into each key type's implementation. Subsequent + commits will move more, with the goal of having each key-*.c file + owning as much of its keytype's implementation as possible. + + lots of feedback + ok markus@ + + OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec -commit d4035c81a71237f690edd7eda32bef7d63fd9528 +commit 445363433ba20b8a3e655b113858c836da46a1cb Author: djm@openbsd.org -Date: Sat Nov 27 07:23:35 2021 +0000 +Date: Mon Oct 24 22:43:36 2022 +0000 - upstream: whitespac e + upstream: Be more paranoid with host/domain names coming from the - OpenBSD-Regress-ID: b9511d41568056bda489e13524390167889908f8 + never write a name with bad characters to a known_hosts file. + + reported by David Leadbeater, ok deraadt@ + + OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad -commit a443491e6782ef0f5a8bb87a5536c8ee4ff233a1 +commit 7190154de2c9fe135f0cc1ad349cb2fa45152b89 Author: djm@openbsd.org -Date: Sat Nov 27 07:20:58 2021 +0000 +Date: Mon Oct 24 21:52:50 2022 +0000 - upstream: regression test for match-principals. Mostly by Fabian + upstream: regress test for unmatched glob characters; fails before - Stelzer + previous commit but passes now. bz3488; prodded by dtucker@ - OpenBSD-Regress-ID: ced0bec89af90935103438986bbbc4ad1df9cfa7 + OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd -commit 78230b3ec8cbabc1e7de68732dc5cbd4837c6675 +commit a4821a592456c3add3cd325db433110cdaaa3e5c Author: djm@openbsd.org -Date: Sat Nov 27 07:14:46 2021 +0000 +Date: Mon Oct 24 21:51:55 2022 +0000 - upstream: Add ssh-keygen -Y match-principals operation to perform + upstream: when scp(1) is using the SFTP protocol for transport (the - matching of principals names against an allowed signers file. + default), better match scp/rcp's handling of globs that don't match the + globbed characters but do match literally (e.g. trying to transfer + "foo.[1]"). - Requested by and mostly written by Fabian Stelzer, towards a TOFU - model for SSH signatures in git. Some tweaks by me. + Previously scp(1) in SFTP mode would not match these pathnames but + legacy scp/rcp mode would. - "doesn't bother me" deraadt@ + Reported by Michael Yagliyan in bz3488; ok dtucker@ - OpenBSD-Commit-ID: 8d1b71f5a4127bc5e10a880c8ea6053394465247 + OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 -commit 15db86611baaafb24c40632784dabf82e3ddb1a7 -Author: djm@openbsd.org -Date: Thu Nov 25 23:02:24 2021 +0000 +commit 18376847b8043ba967eabbe23692ef74c9a3fddc +Author: jsg@openbsd.org +Date: Thu Oct 13 09:09:28 2022 +0000 - upstream: debug("func: ...") -> debug_f("...") + upstream: use correct type with sizeof ok djm@ - OpenBSD-Commit-ID: d58494dc05c985326a895adfbe16fbd5bcc54347 + OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 -commit b7ffbb17e37f59249c31f1ff59d6c5d80888f689 -Author: Darren Tucker -Date: Fri Nov 19 18:53:46 2021 +1100 +commit 4a4883664d6b4e9e4e459a8cdc16bd8d4b735de9 +Author: jmc@openbsd.org +Date: Fri Oct 7 06:00:58 2022 +0000 - Allow for fd = -1 in compat ppoll overflow check. + upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, - Fixes tests on at least FreeBSD 6, possibly others. - -commit 04b172da5b96a51b0d55c905b423ababff9f4e0b -Author: Darren Tucker -Date: Fri Nov 19 16:01:51 2021 +1100 - - Don't auto-enable Capsicum sandbox on FreeBSD 9/10. + wrap a long line - Since we changed from select() to ppoll() tests have been failing. - This seems to be because FreeBSD 10 (and presumably 9) do not allow - ppoll() in the privsep process and sshd will fail with "Not permitted in - capability mode". Setting CAP_EVENT on the FDs doesn't help, but weirdly, - poll() works without that. Those versions are EOL so this situation is - unlikely to change. + ssh-agent.c: + - add -O to usage() + + OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 -commit a823f39986e7b879f26412e64c15630e1cfa0dc5 +commit 9fd2441113fce2a83fc7470968c3b27809cc7f10 Author: djm@openbsd.org -Date: Thu Nov 18 03:53:48 2021 +0000 +Date: Fri Oct 7 04:06:26 2022 +0000 - upstream: regression test for ssh-keygen -Y find-principals fix; from + upstream: document "-O no-restrict-websafe"; spotted by Ross L - Fabian Stelzer ok djm markus + Richardson - OpenBSD-Regress-ID: 34fe4088854c1a2eb4c0c51cc4676ba24096bac4 + OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b -commit 199c4df66c0e39dd5c3333b162af274678c0501d -Author: djm@openbsd.org -Date: Thu Nov 18 21:32:11 2021 +0000 +commit 614252b05d70f798a0929b1cd3d213030ad4d007 +Author: Darren Tucker +Date: Tue Oct 18 06:29:16 2022 +1100 - upstream: less confusing debug message; bz#3365 - - OpenBSD-Commit-ID: 836268d3642c2cdc84d39b98d65837f5241e4a50 + OpenSSL dev branch now identifies as 3.2.0. -commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836 -Author: djm@openbsd.org -Date: Thu Nov 18 21:11:01 2021 +0000 +commit 195e5a65fd793a738ea8451ebfdd1919db5aff3e +Author: Damien Miller +Date: Mon Oct 17 09:41:47 2022 +1100 - upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we + revert c64b62338b4 and guard POLL* defines instead - already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries - that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364 + c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) + Spotted by dtucker + +commit bc2e480d99613bd59720edae244d1764636544c4 +Author: Damien Miller +Date: Fri Oct 14 14:52:22 2022 +1100 + + undef _get{short,long} before redefining + +commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb +Author: Harmen Stoppels +Date: Thu Oct 13 16:08:46 2022 +0200 + + Fix snprintf configure test for clang 15 - OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d + Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. + A handful of tests have "main(..." and not "int main(..." which caused + the tests to produce incorrect results. -commit c74aa0eb73bd1edf79947d92d9c618fc3424c4a6 +commit c64b62338b46ffa08839f05f21ad69fa6234dc17 +Author: Damien Miller +Date: Mon Oct 10 12:32:43 2022 +1100 + + skip bsd-poll.h if poll.h found; ok dtucker + +commit 5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be Author: djm@openbsd.org -Date: Thu Nov 18 03:50:41 2021 +0000 +Date: Thu Oct 6 22:42:37 2022 +0000 - upstream: ssh-keygen -Y find-principals was verifying key validity + upstream: honour user's umask if it is more restrictive then the ssh - when using ca certs but not with simple key lifetimes within the allowed - signers file. - - Since it returns the first keys principal it finds this could - result in a principal with an expired key even though a valid - one is just below. - - patch from Fabian Stelzer; feedback/ok djm markus + default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ - OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905 + OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d -commit d902d728dfd81622454260e23bc09d5e5a9a795e +commit a75cffc2700cebd3e2dd9093f7f7388d2be95cb7 Author: Darren Tucker -Date: Thu Nov 18 23:44:07 2021 +1100 +Date: Fri Oct 7 03:54:56 2022 +1100 - Correct calculation of tv_nsec in poll(). + Add LibreSSL 3.6.0 to test suite. + + While there, bump OpenSSL to latest 1.1.1q release. -commit 21dd5a9a3fb35e8299a1fbcf8d506f1f6b752b85 +commit fcc0f0c0e96a30076683fea9a7c9eedc72931742 Author: Darren Tucker -Date: Thu Nov 18 23:11:37 2021 +1100 +Date: Thu Oct 6 21:18:16 2022 +1100 - Add compat implementation of ppoll using pselect. + Add 9.1 branch to CI status page. -commit b544ce1ad4afb7ee2b09f714aa63efffc73fa93a +commit ef211eee63821d894a8bf81f22bfba9f6899d0fe Author: Darren Tucker -Date: Thu Nov 18 23:05:34 2021 +1100 +Date: Tue Oct 4 23:20:23 2022 +1100 - Put poll.h inside ifdef HAVE_POLL_H. + Test commits to all branches of portable. + + Only test OpenBSD upstream on commits to master since that's what it + tracks. -commit 875408270c5a7dd69ed5449e5d85bd7120c88f70 -Author: djm@openbsd.org -Date: Thu Nov 18 03:31:44 2021 +0000 +commit fe646de03cafb6593ff4e4954bca9ec4b4b753a8 +Author: Damien Miller +Date: Wed Oct 5 03:47:26 2022 +1100 - upstream: check for POLLHUP wherever we check for POLLIN - - OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5 + whitespace at EOL -commit 36b5e37030d35bbaa18ba56825b1af55971d18a0 -Author: djm@openbsd.org -Date: Thu Nov 18 03:07:59 2021 +0000 +commit a6e1852d10c63a830196e82168dadd957aaf28ec +Author: Damien Miller +Date: Wed Oct 5 03:40:01 2022 +1100 - upstream: fd leak in sshd listen loop error path; from Gleb - - Smirnoff + mention libfido2 autodetection + +commit 7360c2c206f33d309edbaf64036c96fadf74d640 +Author: Damien Miller +Date: Wed Oct 5 03:37:36 2022 +1100 + + remove mention of --with-security-key-builtin - OpenBSD-Commit-ID: a7a2be27a690a74bf2381bc16cea38e265657412 + it is enabled by default when libfido2 is installed -commit b99498d0c93f1edd04857b318308a66b28316bd8 +commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c +Author: Damien Miller +Date: Tue Oct 4 01:51:42 2022 +1100 + + update .depend + +commit 657e676ff696c7bb787bffb0e249ea1be3b474e1 +Author: Damien Miller +Date: Tue Oct 4 01:45:52 2022 +1100 + + update release notes URL + +commit f059da2b29840c0f048448809c317ce2ae014da7 +Author: Damien Miller +Date: Tue Oct 4 01:45:41 2022 +1100 + + crank versions in RPM spec files + +commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557 Author: djm@openbsd.org -Date: Thu Nov 18 03:07:20 2021 +0000 +Date: Mon Sep 26 22:18:40 2022 +0000 - upstream: check for POLLHUP as well as POLLIN in sshd listen loop; + upstream: openssh-9.1 - ok deraadt millert + OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 + +commit 4cf8d0c0f3030f594a238bab21a0695735515487 +Author: dtucker@openbsd.org +Date: Wed Sep 21 22:26:50 2022 +0000 + + upstream: Fix typo. From AlexanderStohr via github PR#343. - OpenBSD-Commit-ID: a4f1244c5a9c2b08dac4f3b1dc22e9d1dc60c587 + OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 -commit 1f3055d788e8cf80851eb1728b535d57eb0dba6a +commit 8179fed3264d5919899900ed8881d5f9bb57ca33 Author: djm@openbsd.org -Date: Thu Nov 18 03:06:03 2021 +0000 +Date: Mon Sep 19 21:39:16 2022 +0000 - upstream: check for POLLHUP as well as POLLIN, handle transient IO + upstream: add RequiredRSASize to the list of keywords accepted by - errors as well as half-close on the output side; ok deraadt millert + -o; spotted by jmc@ - OpenBSD-Commit-ID: de5c5b9939a37476d256328cbb96305bdecf511e + OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e -commit 9778a15fa6dbdac6a95bf15865c2688b4bd6944e +commit 5f954929e9f173dd1e279e07d0e8b14fa845814d Author: Damien Miller -Date: Thu Nov 18 10:16:55 2021 +1100 +Date: Mon Sep 19 20:59:34 2022 +1000 - adjust seccomp filter for select->poll conversion + no need for glob.h here - Needed to add ppoll syscall but also to relax the fallback rlimit - sandbox. Linux poll() fails with EINVAL if npfds > RLIMIT_NOFILE, - so we have to allow a single fd in the rlimit. + it also causes portability problems -commit fcd8d895bbb849c64f0aed934e3303d37f696f5d +commit 03d94a47207d58b3db37eba4f87eb6ae5a63168a Author: Damien Miller -Date: Thu Nov 18 10:16:44 2021 +1100 +Date: Mon Sep 19 20:59:04 2022 +1000 - update depends + avoid Wuninitialized false positive in gcc-12ish -commit 76292787a1e93e668f10e36b4bf59ce0ae28e156 -Author: Damien Miller -Date: Thu Nov 18 09:26:20 2021 +1100 +commit 9d952529113831fb3071ab6e408d2726fd72e771 +Author: djm@openbsd.org +Date: Mon Sep 19 10:46:00 2022 +0000 - compat for timespecsub() and friends + upstream: use users-groups-by-id@openssh.com sftp-server extension + + (when available) to fill in user/group names for directory listings. + Implement a client-side cache of see uid/gid=>user/group names. ok markus@ + + OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e -commit fd7e7de4ddb4399c7e929b44f2bbfc118eddfcf8 +commit 8ff680368b0bccf88ae85d4c99de69387fbad7a6 Author: djm@openbsd.org -Date: Wed Nov 17 21:06:39 2021 +0000 +Date: Mon Sep 19 10:43:12 2022 +0000 - upstream: set num_listen_socks to 0 on close-all instead of -1, + upstream: sftp client library support for - which interferes with the new poll()-based listen loop; spotted and debugged - by anton@+deraadt@ + users-groups-by-id@openssh.com; ok markus@ - OpenBSD-Commit-ID: f7ab8ab124f615a2e0c45fee14c38d2f2abbabbd + OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de -commit fd9343579afac30a971f06643a669733d9acb407 -Author: deraadt@openbsd.org -Date: Sun Nov 14 18:47:43 2021 +0000 +commit 488f6e1c582212c2374a4bf8cd1b703d2e70fb8b +Author: djm@openbsd.org +Date: Mon Sep 19 10:41:58 2022 +0000 - upstream: use ppoll() instead of pselect() with djm + upstream: extend sftp-common.c:extend ls_file() to support supplied - OpenBSD-Commit-ID: 980f87c9564d5d2ad55722b7a6f44f21284cd215 + user/group names; ok markus@ + + OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 -commit 092d29b232ef1a19609a5316ed7e4d896bb2e696 -Author: deraadt@openbsd.org -Date: Sun Nov 14 06:15:36 2021 +0000 +commit 74b77f7497dba3a58315c8f308883de448078057 +Author: djm@openbsd.org +Date: Mon Sep 19 10:40:52 2022 +0000 - upstream: match .events with .fd better + upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" - OpenBSD-Commit-ID: 77eef212ca0add905949532af390164489c5984b + extension request that allows the client to obtain user/group names that + correspond to a set of uids/gids. + + Will be used to make directory listings more useful and consistent + in sftp(1). + + ok markus@ + + OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 -commit 8d642c9a90fa4ed5a3effd785fb3591e14de00cd -Author: deraadt@openbsd.org -Date: Sun Nov 14 03:25:10 2021 +0000 +commit 231a346c0c67cc7ca098360f9a554fa7d4f1eddb +Author: djm@openbsd.org +Date: Mon Sep 19 08:49:50 2022 +0000 - upstream: convert select() to poll() ok djm + upstream: better debugging for connect_next() - OpenBSD-Commit-ID: b53e4940ff10dd24f8d16e8db8ef1970015d7ead + OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 -commit 6582a31c388968f4073af2bd8621880735c3d42b -Author: deraadt@openbsd.org -Date: Sat Nov 13 21:14:13 2021 +0000 +commit 1875042c52a3b950ae5963c9ca3774a4cc7f0380 +Author: djm@openbsd.org +Date: Sat Sep 17 10:34:29 2022 +0000 - upstream: replace select() with ppoll(), including converting + upstream: Add RequiredRSASize for sshd(8); RSA keys that fall - timeval's to timespec's to make things easier. back and forth and ok; djm + beneath this limit will be ignored for user and host-based authentication. - OpenBSD-Commit-ID: 89d3b23c60875da919e7820f9de6213286ffbec9 + Feedback deraadt@ ok markus@ + + OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 -commit 7c025c005550c86a40200a2bcdd355d09413d61a -Author: deraadt@openbsd.org -Date: Sat Nov 13 17:26:13 2021 +0000 +commit 54b333d12e55e6560b328c737d514ff3511f1afd +Author: djm@openbsd.org +Date: Sat Sep 17 10:33:18 2022 +0000 - upstream: It really looks like pledge "stdio dns" is possible + upstream: add a RequiredRSASize for checking RSA key length in - earlier. Discussed with mestre + ssh(1). User authentication keys that fall beneath this limit will be + ignored. If a host presents a host key beneath this limit then the connection + will be terminated (unfortunately there are no fallbacks in the protocol for + host authentication). - OpenBSD-Commit-ID: 610873de63a593e0ac7bbbcb7a0f2894d36f4c01 + feedback deraadt, Dmitry Belyavskiy; ok markus@ + + OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a -commit 06acb04c20ee483fe4757bd12aec870cc4bb1076 -Author: deraadt@openbsd.org -Date: Fri Nov 12 05:23:49 2021 +0000 +commit 07d8771bacfefbcfb37fa8a6dc6103bcc097e0ab +Author: djm@openbsd.org +Date: Sat Sep 17 10:30:45 2022 +0000 - upstream: aggressively pre-fill the pollfd array with fd=-1 + upstream: Add a sshkey_check_rsa_length() call for checking the - OpenBSD-Commit-ID: c2a525de8f83c1a04405bd79122c424140552a5b + length of an RSA key; ok markus@ + + OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 -commit 7eec76793dec06e8f06b6cf71f9473141c69d109 -Author: deraadt@openbsd.org -Date: Thu Nov 11 15:32:32 2021 +0000 +commit 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 +Author: djm@openbsd.org +Date: Sat Sep 17 10:11:29 2022 +0000 - upstream: Convert from select() to ppoll(). Along the way, I + upstream: actually hook up restrict_websafe; the command-line flag - observed that the select() code was using exceptfds incorrectly.. ok millert + was never actually used. Spotted by Matthew Garrett - OpenBSD-Commit-ID: 548e05bfc31b2af02319eb3d051286d4128dec96 + OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 -commit e665ed2d0c24fe11d5470ce72fa1e187377d3fc4 -Author: Darren Tucker -Date: Fri Nov 12 22:55:27 2021 +1100 +commit 30b2a7e4291fb9e357f80a237931ff008d686d3b +Author: djm@openbsd.org +Date: Fri Sep 16 06:55:37 2022 +0000 - Switch from LibreSSL 3.4.0 to 3.4.1. + upstream: correct error value - The LibreSSL 3.4.0 release has an OPENBSD_BRANCH that points to - "master" and that branch no longer has the files LibreSSL expects - and thus it will no longer build, breaking the test. + OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 -commit 21b6b5a06c8c53c548d25e6074c5240e88e2ef34 +commit ac1ec9545947d9f9657259f55d04cb49d3a94c8a Author: djm@openbsd.org -Date: Wed Nov 10 06:29:25 2021 +0000 +Date: Fri Sep 16 03:33:14 2022 +0000 - upstream: add the sntrup761x25519-sha512@openssh.com hybrid + upstream: sftp: Be a bit more clever about completions - ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default - KEXAlgorithms list (after the ECDH methods but before the prime-group DH - ones). + There are commands (e.g. "get" or "put") that accept two + arguments, a local path and a remote path. However, the way + current completion is written doesn't take this distinction into + account and always completes remote or local paths. - ok markus@ + By expanding CMD struct and "cmds" array this distinction can be + reflected and with small adjustment to completer code the correct + path can be completed. - OpenBSD-Commit-ID: 22b77e27a04e497a10e22f138107579652854210 + By Michal Privoznik, ok dtucker@ + + OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b -commit 239da797cbf07a640d7b1ea02d3f99ace3ef792d +commit 590db83384f9d99fc51c84505792d26d1ef60df9 Author: djm@openbsd.org -Date: Wed Nov 10 06:25:08 2021 +0000 +Date: Fri Sep 16 03:13:34 2022 +0000 - upstream: fix ssh-keysign for KEX algorithms that use SHA384/512 + upstream: sftp: Don't attempt to complete arguments for - exchange hashes; feedback/ok markus@ + non-existent commands - OpenBSD-Commit-ID: 09a8fda1c081f5de1e3128df64f28b7bdadee239 + If user entered a non-existent command (e.g. because they made a + typo) there is no point in trying to complete its arguments. Skip + calling complete_match() if that's the case. + + From Michal Privoznik + + OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a -commit 6997a592ecb1013df0c6d7f8df3e6517827aef11 +commit ff9809fdfd1d9a91067bb14a77d176002edb153c Author: djm@openbsd.org -Date: Mon Nov 8 21:32:49 2021 +0000 +Date: Wed Sep 14 00:14:37 2022 +0000 - upstream: improve error message when trying to expand a ~user path + upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag - for a user that doesn't exist; better matches what the shell does + from response - ok deraadt@ + Now that all FIDO signing calls attempt first without PIN and then + fall back to trying PIN only if that attempt fails, we can remove the + hack^wtrick that removed the UV flag from the keys returned during + enroll. - OpenBSD-Commit-ID: 1ddefa3c3a78b69ce13d1b8f67bc9f2cefd23ad6 - -commit 10b899a15c88eb40eb5f73cd0fa84ef0966f79c9 -Author: Darren Tucker -Date: Wed Nov 10 12:34:25 2021 +1100 - - Don't trust closefrom() on Linux. + By Corinna Vinschen - glibc's closefrom implementation does not work in a chroot when the kernel - does not have close_range. It tries to read from /proc/self/fd and when - that fails dies with an assertion of sorts. Instead, call close_range - ourselves from our compat code and fall back if that fails. bz#3349, - with william.wilson at canonical.com and fweimer at redhat.com. + OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f -commit eb1f63195a9a38b519536a5b398d9939261ec081 -Author: dtucker@openbsd.org -Date: Sat Nov 6 10:13:39 2021 +0000 +commit 940dc10729cb5a95b7ee82c10184e2b9621c8a1d +Author: djm@openbsd.org +Date: Wed Sep 14 00:13:13 2022 +0000 - upstream: Plug a couple of minor mem leaks. From beldmit at - - gmail.com via github PR#283, ok markus@ + upstream: a little extra debugging - OpenBSD-Commit-ID: ec1fa7d305d46226861c3ca6fb9c9beb2ada2892 + OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a -commit e4f501bf1d3b53f1cc23d9521fd7c5163307b760 +commit 4b5f91cb959358141181b934156513fcb8a6c1e3 Author: djm@openbsd.org -Date: Fri Nov 5 03:10:58 2021 +0000 +Date: Wed Sep 14 00:02:03 2022 +0000 - upstream: move cert_filter_principals() to earlier in the file for + upstream: ssh-agent: attempt FIDO key signing without PIN and use - reuse; no code change + the error to determine whether a PIN is required and prompt only if + necessary. from Corinna Vinschen - OpenBSD-Commit-ID: 598fa9528b656b2f38bcc3cf5b6f3869a8c115cf + OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd -commit 59c60f96fee321c7f38f00372826d37f289534af -Author: deraadt@openbsd.org -Date: Wed Nov 3 22:00:56 2021 +0000 +commit 113523bf0bc33600b07ebb083572c8c346b6fdf4 +Author: jmc@openbsd.org +Date: Sun Sep 11 06:38:11 2022 +0000 - upstream: Many downstreams expect ssh to compile as non-C99... + upstream: .Li -> .Vt where appropriate; from josiah frentsos, - OpenBSD-Commit-ID: e6aa3e08bda68e5fb838fc8a49b1d2dfc38ee783 - -commit 7a78fe63b0b28ef7231913dfefe9d08f9bc41c61 -Author: Darren Tucker -Date: Sat Nov 6 21:07:03 2021 +1100 - - Skip getline() on HP-UX 10.x. + tweaked by schwarze - HP-UX 10.x has a getline() implementation in libc that does not behave - as we expect so don't use it. With correction from Thorsten Glaser and - typo fix from Larkin Nickle. + ok schwarze + + OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed -commit 343ae252ebb35c6ecae26b447bf1551a7666720e -Author: Damien Miller -Date: Wed Nov 3 12:08:21 2021 +1100 +commit 86af013b56cecb5ee58ae0bd9d495cd586fc5918 +Author: jsg@openbsd.org +Date: Sat Sep 10 08:50:53 2022 +0000 - basic SECURITY.md (refers people to the website) + upstream: fix repeated words ok miod@ jmc@ + + OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 -commit ed45a0168638319e0a710633f6085b96b9cec656 +commit 0ba39b93b326a7d5dfab776cc9b9d326161a9b16 Author: djm@openbsd.org -Date: Tue Nov 2 22:57:27 2021 +0000 +Date: Fri Sep 9 03:31:42 2022 +0000 - upstream: crank SSH_SK_VERSION_MAJOR to match recent change in + upstream: notifier_complete(NULL, ...) is a noop, so no need to test - usr/bin/ssh + that ctx!=NULL; from Corinna Vinschen - OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552 + OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a -commit f3c34df860c4c1ebddacb973954e58167d9dbade -Author: djm@openbsd.org -Date: Tue Nov 2 22:56:40 2021 +0000 +commit be197635329feb839865fdc738e34e24afd1fca8 +Author: Sam James +Date: Thu Sep 8 02:49:29 2022 +0100 - upstream: Better handle FIDO keys on tokens that provide user - - verification (UV) on the device itself, including biometric keys. - - Query the token during key creation to determine whether it supports - on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag - in the key so that ssh(1) doesn't automatically prompty for PIN later. + openbsd-compat/bsd-asprintf: add include for vsnprintf - When making signatures with the key, query the token's capabilities - again and check whether the token is able (right now) to perform user- - verification without a PIN. If it is then the PIN prompt is bypassed - and user verification delegated to the token. If not (e.g. the token - is biometric capable, but no biometric are enrolled), then fall back - to user verification via the usual PIN prompt. + Fixes the following build failure with Clang 15 on musl: + ``` + bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o + do not support + implicit function declarations [-Wimplicit-function-declaration] + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + ^ + bsd-asprintf.c:51:8: note: include the header or explicitly provide a declaration for 'vsnprintf' + 1 error generated. + ``` + +commit 6cb6f660bb35f77a0456dd2581ddf39c29398a5e +Author: Darren Tucker +Date: Fri Sep 2 16:43:27 2022 +1000 + + Remove DEF_WEAK, it's already in defines.h. + +commit ce39e7d8b70c4726defde5d3bc4cb7d40d131153 +Author: Darren Tucker +Date: Fri Sep 2 14:28:14 2022 +1000 + + Resync arc4random with OpenBSD. - Work by Pedro Martelletto; ok myself and markus@ + This brings us up to current, including djm's random-reseeding change, + as prompted by logan at cyberstorm.mu in bz#3467. It brings the + platform-specific hooks from LibreSSL Portable, simplified to match our + use case. ok djm@. + +commit beaddde26f30e2195b8aa4f3193970e140e17305 +Author: Darren Tucker +Date: Fri Sep 2 14:20:04 2022 +1000 + + Move OPENBSD ORIGINAL marker. - NB. cranks SSH_SK_VERSION_MAJOR + Putting this after the copyright statement (which doesn't change) + instead of before the version identifier (which does) prevents merge + conflicts when resyncing changes. + +commit c83e467ead67a8cb48ef4bec8085d6fb880a2ff4 +Author: Darren Tucker +Date: Fri Sep 2 14:17:28 2022 +1000 + + Remove arc4random_uniform from arc4random.c - OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27 + This was previously moved into its own file (matching OpenBSD) which + prematurely committed in commit 73541f2. -commit 0328a081f38c09d2d4d650e94461a47fb5eef536 +commit 5f45c2395c60865e59fa44152ff1d003a128c5bc Author: djm@openbsd.org -Date: Fri Oct 29 03:03:06 2021 +0000 +Date: Fri Sep 2 04:20:02 2022 +0000 - upstream: sshsig: add tests for signing key validity and - - find-principals - - - adds generic find-principals tests (this command had none before) - - tests certs with a timeboxed validity both with and without a - restriced lifetime for the CA - - test for a revoked CA cert + upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV - by Fabian Stelzer + explicitly test whether the token performs built-in UV (e.g. biometric + tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 - OpenBSD-Regress-ID: 9704b2c6df5b8ccfbdf2c06c5431f5f8cad280c9 + OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd -commit ccd358e1e25e25c13f0825996283cbf7a1647a3b -Author: djm@openbsd.org -Date: Fri Oct 29 02:48:19 2021 +0000 +commit 03277a4aa49b80af541a3e691f264c0c0d8f9cec +Author: Darren Tucker +Date: Wed Aug 31 20:26:30 2022 +1000 - upstream: avoid signedness warning; spotted in -portable - - OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6 + Move sftp from valgrind-2 to 3 to rebalance. -commit 2741f52beb11490d7033a25e56ed0496f0c78006 +commit fcf5365da69c516817321ba89c3a91df98d098df Author: djm@openbsd.org -Date: Fri Oct 29 03:20:46 2021 +0000 +Date: Wed Aug 31 02:56:40 2022 +0000 - upstream: ssh-keygen: make verify-time argument parsing optional - - From Fabian Stelzer + upstream: whitespace - OpenBSD-Commit-ID: 1ff35e4c366a45a073663df90381be6a8ef4d370 + OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 -commit a1217d363b88b32cfe54c4f02c6c1cf4bdefdd23 +commit e60136a3d7a223dd8e84ba8a6895bc3142360993 Author: Damien Miller -Date: Fri Oct 29 13:48:34 2021 +1100 +Date: Mon Aug 29 13:27:45 2022 +1000 - unbreak fuzz harness for recent changes + additional keys -commit 68e522ed8183587c9367fa3842c5b75f64f3d12b -Author: Darren Tucker -Date: Fri Oct 29 13:32:24 2021 +1100 +commit 2b02dcb505288c462d1b5dd1ac04e603d01340eb +Author: Damien Miller +Date: Mon Aug 29 13:23:43 2022 +1000 - Use -Wbitwise-instead-of-logical if supported. + cross-sign allowed_signers with PGP key + + Provides continuity of trust from legacy PGP release key to + the SSHSIG signing keys that we will use henceforth for git + signing. -commit be28b23012aa3fa323be7ec84863cf238927c078 -Author: Damien Miller -Date: Thu Oct 28 16:24:53 2021 +1100 +commit 51b345f177ae981b8755f6bdf8358b1cc5e83d67 +Author: Darren Tucker +Date: Sat Aug 27 21:49:27 2022 +1000 - use -Wmisleading-indentation cflag if available + Add libcrypt-devel to cygwin-release deps. - ok dtucker@ + Based on feedback from vinschen at redhat.com. -commit 2e6f5f24dd2f9217f4ab8b737ed428d5d5278f91 -Author: Damien Miller -Date: Thu Oct 28 16:24:44 2021 +1100 +commit 9f81736cf16dd8dda1c8942f1973a5f80b8cd78c +Author: Darren Tucker +Date: Sat Aug 27 09:37:40 2022 +1000 - depend + Add Windows 2022 test targets. -commit a5ab4882348d26addc9830a44e053238dfa2cb58 -Author: Damien Miller -Date: Thu May 6 10:08:30 2021 +1000 +commit 85e1a69243f12be8520438ad6a3cfdc0b7fcbb2d +Author: Darren Tucker +Date: Fri Aug 26 16:26:06 2022 +1000 - remove built-in support for md5crypt() - - Users of MD5-hashed password should arrange for ./configure to link - against libxcrypt or similar. Though it would be better to avoid use - of MD5 password hashing entirely, it's arguably worse than DEScrypt. + Add cygwin-release test target. - feedback and ok dtucker@ + This also moves the cygwin package install from the workflow file to + setup_ci.sh so that we can install different sets of Cygwin packages + for different test configs. -commit c5de1fffa6328b8246b87da28fa9df05813f76a3 +commit 92382dbe8bf9ea1225b16858f9b9b208c15c7e8d Author: djm@openbsd.org -Date: Thu Oct 28 02:55:30 2021 +0000 +Date: Fri Aug 26 08:16:27 2022 +0000 - upstream: increment SSH_SK_VERSION_MAJOR to match last change + upstream: whitespace - OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0 + OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 -commit 0001d04e55802d5bd9d6dece1081a99aa4ba2828 +commit 70a5de0a50e84d7250eb4e4537f765599f64c4af Author: djm@openbsd.org -Date: Thu Oct 28 02:54:18 2021 +0000 +Date: Fri Aug 26 08:12:56 2022 +0000 - upstream: When downloading resident keys from a FIDO token, pass + upstream: whitespace - back the user ID that was used when the key was created and append it to the - filename the key is written to (if it is not the default). + OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 + +commit 3a683a19fd116ea15ebf8aa13d02646cceb302a9 +Author: Damien Miller +Date: Fri Aug 26 14:23:55 2022 +1000 + + initial list of allowed signers + +commit 6851f4b8c3fc1b3e1114c56106e4dc31369c8513 +Author: Darren Tucker +Date: Fri Aug 19 17:22:18 2022 +1000 + + Install Cygwin packages based on OS not config. + +commit f96480906893ed93665df8cdf9065865c51c1475 +Author: djm@openbsd.org +Date: Fri Aug 19 06:07:47 2022 +0000 + + upstream: attemp FIDO key signing without PIN and use the error - Avoids keys being clobbered if the user created multiple - resident keys with the same application string but different - user IDs. + code returned to fall back only if necessary. Avoids PIN prompts for FIDO + tokens that don't require them; part of GHPR#302 - feedback Pedro Martelletto; ok markus + OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e + +commit 5453333b5d28e313284cb9aae82899704103f98d +Author: djm@openbsd.org +Date: Fri Aug 19 05:53:28 2022 +0000 + + upstream: remove incorrect check that can break enrolling a - NB. increments SSH_SK_VERSION_MAJOR + resident key (introduced in r1.40) - OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3 + OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01 -commit d4bed5445646e605c383a4374fa962e23bf9e3a3 -Author: deraadt@openbsd.org -Date: Sun Oct 24 21:24:17 2021 +0000 +commit ff89b1bed80721295555bd083b173247a9c0484e +Author: dtucker@openbsd.org +Date: Fri Aug 19 04:02:46 2022 +0000 - upstream: For open/openat, if the flags parameter does not contain + upstream: Strictly enforce the maximum allowed SSH2 banner size in - O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers - in the past have passed mode_t (0, 044, 0644, or such), which might lead - future people to copy this broken idiom, and perhaps even believe this - parameter has some meaning or implication or application. Delete them all. - This comes out of a conversation where tb@ noticed that a strange (but - intentional) pledge behaviour is to always knock-out high-bits from mode_t on - a number of system calls as a safety factor, and his bewilderment that this - appeared to be happening against valid modes (at least visually), but no - sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok - millert + ssh-keyscan and prevent a one-byte buffer overflow. Patch from Qualys, ok + djm@ - OpenBSD-Commit-ID: 503d11633497115688c0c6952686524f01f53121 + OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4 -commit d575cf44895104e0fcb0629920fb645207218129 +commit 1b470b9036639cef4f32fb303bb35ea0b711178d Author: Darren Tucker -Date: Fri Oct 22 23:27:41 2021 +1100 +Date: Fri Aug 19 15:18:09 2022 +1000 - kitchensink test target now needs krb5. + Fix cygwin conditional steps. -commit 4ae39cada214e955bcfd3448ff28f0ed18886706 +commit fd6ee741ab16714b7035d60aca924123ba28135a Author: Darren Tucker -Date: Fri Oct 22 22:54:33 2021 +1100 +Date: Fri Aug 19 15:12:57 2022 +1000 - Test both MIT KRB5 and Heimdal. + Add a bit more debug output. -commit 22b2681d88619e5247dc53c9f112058a7e248d48 -Author: dtucker@openbsd.org -Date: Fri Oct 22 10:51:57 2021 +0000 +commit a9305c4c739f4d91a3d3a92c0b6d4949404a36c5 +Author: Darren Tucker +Date: Fri Aug 12 15:08:47 2022 +1000 - upstream: Plug mem addrinfo mem leaks. + Add Cygwin (on windows-2019) test target. - Prevent mem leaks in the (unlikely) event that getaddrinfo returns - no addresses. ALso, remove an unneeded NULL check in addr_ntop. From - khaleesicodes via github PR#281, ok deraadt@ + In addition to installing the requisite Cygwin packages, we also need to + explicitly invoke "sh" for steps that run other scripts since the runner + environment doesn't understand #! paths. + +commit 5062ad48814b06162511c4f5924a33d97b6b2566 +Author: djm@openbsd.org +Date: Fri Aug 19 03:06:30 2022 +0000 + + upstream: double free() in error path; from Eusgor via GHPR333 - OpenBSD-Commit-ID: e8a5afc686376637c355c5f7e122dc4b080b9c1a + OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4 -commit 27c8c343b610263f83ac2328735feeb881c6c92f -Author: dtucker@openbsd.org -Date: Fri Oct 22 09:22:04 2021 +0000 +commit 5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e +Author: Darren Tucker +Date: Thu Aug 18 21:36:39 2022 +1000 - upstream: Remove unnecessary semicolons + Check for perms to run agent-getpeereid test. - ... in case statements. From khaleesicodes via github PR#280. + Ubuntu 22.04 defaults to private home dirs which prevents "nobody" + running ssh-add during the agent-getpeereid test. Check for this and + add the necessary permissions. + +commit cd06a76b7ccc706e2bb4f1cc4aa9e9796a28a812 +Author: Damien Miller +Date: Wed Aug 17 16:04:16 2022 +1000 + + on Cygwin, prefer WinHello FIDO device - OpenBSD-Commit-ID: e1e89360b65775cff83e77ce040b342015caf4ed + If no FIDO device was explictly specified, then prefer the + windows://hello FIDO device. An exception to this is when + probing resident FIDO keys, in which case hardware FIDO + devices are preferred. -commit e7eb73b8d1fe1008d92433ea949491ce654bfaba -Author: dtucker@openbsd.org -Date: Fri Oct 22 09:19:34 2021 +0000 +commit 47f72f534ac5cc2cd3027675a3df7b00a8f77575 +Author: djm@openbsd.org +Date: Wed Aug 17 06:01:57 2022 +0000 - upstream: Fix typos in comments. + upstream: add an extra flag to sk_probe() to indicate whether we're - From khaleesicodes via github PR#280. + probing for a FIDO resident key or not. Unused here, but will make like + easier for portable - OpenBSD-Commit-ID: 26fdd83652c40f098bf7c685e8ebb9eb72cc45fc + OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832 -commit 052a9d8494175e24312daa6c132665e58c17fe6e -Author: deraadt@openbsd.org -Date: Fri Oct 15 14:46:46 2021 +0000 +commit edb0bcb3c79b16031dc87a8e57aecc3c4a3414f0 +Author: jmc@openbsd.org +Date: Tue Aug 16 20:24:08 2022 +0000 - upstream: switch scp(1) back to sftp protocol. - - openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP - protocol for copying. Let's get back to testing the SFTP protocol. + upstream: use .Cm for "sign"; from josiah frentsos - OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30 + OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4 -commit a07664646bf6d293f5bbd45a5de54f3c36bb85da -Author: Darren Tucker -Date: Fri Oct 22 14:00:05 2021 +1100 +commit cccb011e130cbbac538b1689d10e4a067298df8b +Author: Corinna Vinschen +Date: Thu Aug 11 20:19:35 2022 +0200 - Source configs script so setup_ci can use settings + Revert "check_sk_options: add temporary WinHello workaround" + + Cygwin now comes with libfido2 1.11.0, so this workaround + isn't required anymore. + + This reverts commit 242c044ab111a37aad3b0775727c36a4c5f0102c. + + Signed-off-by: Corinna Vinschen -commit 34df52c201c6b47e5a46b50c215e4d98a8bf6587 -Author: Darren Tucker -Date: Fri Oct 22 09:42:14 2021 +1100 +commit 9468cd7cf9d989dfa2ac20e2a0268ba6e93bfa5a +Author: Corinna Vinschen +Date: Thu Aug 11 20:18:17 2022 +0200 - Install libedit and pam based on config flags. + fido_dev_is_winhello: return 0, not "false" + + "false" is not used anywhere in OpenSSH, so return 0 like + everywhere else. + + Signed-off-by: Corinna Vinschen -commit 8c626cc563e8d21d844d06f9971a9ee01de6aa2a -Author: Darren Tucker -Date: Thu Oct 21 16:53:39 2021 +1100 +commit 730a80609472ee0451c99482d75c9c41f3ebc42d +Author: djm@openbsd.org +Date: Fri Aug 12 05:20:28 2022 +0000 - Don't use 'here string", it's not POSIX. + upstream: sftp-server: support home-directory request + + Add support to the sftp-server for the home-directory extension defined + in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the + existing expand-path@openssh.com, but uses a more official protocol name, + and so is a bit more likely to be implemented by non-OpenSSH clients. + + From Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab -commit 086a4b5977472aefa3de918b88efad0faf83b2b1 +commit 5e820bf79ce3ce99ef7e98b0ab642b0a0a4f396c Author: Darren Tucker -Date: Thu Oct 21 15:33:27 2021 +1100 +Date: Fri Aug 12 14:56:55 2022 +1000 - Remove -Werror from compiler package to install. + Replace deprecated ubuntu-18.04 runners with 22.04 -commit 5a7a4687507d057f9b5e7497f3d3f82e64753c02 +commit 87b0d9c1b789d3ff958ec45df2ac912e24461bae Author: Darren Tucker -Date: Thu Oct 21 15:00:53 2021 +1100 +Date: Thu Aug 11 22:48:23 2022 +1000 - Build with -Werror on most recent gcc and clang. + Add a timegm implementation from Heimdal via Samba. + + Fixes build on (at least Solaris 10). -commit 4d2cbdb525d673acf941d48a7044fcf03125611a +commit d0c4fa58594577994921b593f10037c5282597ca Author: Darren Tucker -Date: Fri Oct 15 12:59:06 2021 +1100 +Date: Thu Aug 11 14:23:58 2022 +1000 - Include string.h and stdio.h for strerror. + Rerun tests if any .github config file changes. -commit fff13aaa262b7b3ec83ed21e29674cbf331780a7 +commit 113fe6c77ab43769fc61e953d07cb619fd7ea54b Author: Darren Tucker -Date: Fri Oct 15 12:43:36 2021 +1100 +Date: Thu Aug 11 13:33:51 2022 +1000 - Include error reason if trace disabling fails. + Skip hostbased during Valgrind tests. + + Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip + it during the Valgrind based tests. + + See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this + (ironically there the problematic binary was ssh(1) back when it could + still be setuid). -commit d4b38144c02f3faa5271e5fb35df93507e06f1b4 -Author: Darren Tucker -Date: Tue Oct 12 22:55:51 2021 +1100 +commit b98a42afb69d60891eb0488935990df6ee571c4d +Author: djm@openbsd.org +Date: Thu Aug 11 01:57:50 2022 +0000 - Add tcmalloc test target. + upstream: add some tests for parse_absolute_time(), including cases + + where it is forced to the UTC timezone. bz3468 ok dtucker + + OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759 -commit 002d65b0a30063c6e49bf8a53e709d8d5a0d45c1 -Author: dtucker@openbsd.org -Date: Sat Oct 9 10:52:42 2021 +0000 +commit ec1ddb72a146fd66d18df9cd423517453a5d8044 +Author: djm@openbsd.org +Date: Thu Aug 11 01:56:51 2022 +0000 - upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and + upstream: allow certificate validity intervals, sshsig verification - PubkeyAuthOptions can be used in a Match block. Patch from eehakkin via - github PR#277. + times and authorized_keys expiry-time options to accept dates in the UTC time + zone in addition to the default of interpreting them in the system time zone. + YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if + suffixed with a 'Z' character. - OpenBSD-Commit-ID: c0a63f5f52e918645967ac022b28392da4b866aa + Also allow certificate validity intervals to be specified in raw + seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This + is intended for use by regress tests and other tools that call + ssh-keygen as part of a CA workflow. + + bz3468 ok dtucker + + OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13 -commit 40bd3709dddaae3a1b6113748bec3faa6a607531 +commit 4df246ec75751da7eb925e1880498300d8bda187 Author: Darren Tucker -Date: Thu Oct 7 15:55:49 2021 +1100 +Date: Thu Aug 11 10:23:55 2022 +1000 - Skip SK unit tests when built without security-key + Fix conditional for running hostbased tests. -commit 482f73be10f10b93f818df19fcc8a912c0c371fc -Author: Darren Tucker -Date: Thu Oct 7 15:55:04 2021 +1100 +commit 2580916e48721802220c61ce9e0df1297c00bc07 +Author: Damien Miller +Date: Thu Aug 11 08:58:28 2022 +1000 - Include relevant env vars on command line. - - Makes it easier to reproduce a build by cut/pasting the configure line. + fix SANDBOX_SECCOMP_FILTER_DEBUG -commit ef5916b8acd9b1d2f39fad4951dae03b00dbe390 +commit fdbd5bf507fc271ff813714fab8a72ff2c6cb5ca Author: Darren Tucker -Date: Thu Oct 7 14:28:02 2021 +1100 +Date: Wed Aug 10 17:35:52 2022 +1000 - Only enable sk-* key types if ENABLE_SK is defined + Test hostbased auth on github runners. -commit 52d4232b493a9858fe616e28a8bbcc89afa2ad4d +commit 7e2f51940ba48a1c0fae1107801ea643fa83c971 Author: Darren Tucker -Date: Wed Oct 6 18:14:37 2021 +1100 +Date: Wed Aug 10 17:25:24 2022 +1000 - Disable security key on minix3. + Rename our getentropy to prevent possible loops. - The test doesn't work so disable. + Since arc4random seeds from getentropy, and we use OpenSSL for that + if enabled, there's the possibility that if we build on a system that + does not have getentropy then run on a system that does have it, then + OpenSSL could end up calling our getentropy and getting stuck in a loop. + Pointed out by deraadt@, ok djm@ -commit 7cd062c3a29669b8d7dc2a97e6575f4dcb7d35a2 +commit 7a01f61be8d0aca0e975e7417f26371495fe7674 Author: Darren Tucker -Date: Wed Oct 6 17:45:28 2021 +1100 +Date: Mon Aug 8 12:17:04 2022 +1000 - Add USE_LIBC_SHA2 for (at least) NetBSD 9. + Actually put HAVE_STDINT_H around the stdint.h. -commit 639c440f6c3c2a8216a5eb9455ef13bf4204089c +commit 73541f29f0b50480da6c20dceb7a7191bd8ea7d3 Author: Darren Tucker -Date: Wed Oct 6 17:09:31 2021 +1100 +Date: Mon Aug 8 10:30:34 2022 +1000 - Define OPENSSL_NO_SHA including OpenSSL from test. + Give unused param a name. - We don't use SHA256 from OpenSSL in the sk-dummy module and the - definitions can conflict with system sha2.h (eg on NetBSD) so define - OPENSSL_NO_SHA so we don't attempt to redefine them. + Fixes builds on platforms that do have fido2 but don't have + fido_dev_is_winhello. -commit 8f4be526a338d06624f146fa26007bb9dd3a4f7b -Author: Darren Tucker -Date: Wed Oct 6 15:40:58 2021 +1100 +commit 2a108c0ea960381bd9b14ee0d84e818a23df4482 +Author: djm@openbsd.org +Date: Fri Aug 5 05:01:40 2022 +0000 - Disable security key on NetBSD4 test. + upstream: don't prompt for FIDO passphrase before attempting to enroll - sk-dummy used for the security key test includes both sha2.h and OpenSSL - causing the definitions conflict so disable security key support on this - platform. - -commit 3b353ae58aa07a1cbbeb1da3ace21fc0dcccd66a -Author: Damien Miller -Date: Wed Oct 6 15:07:01 2021 +1100 - - clean regress/misc/sk-dummy in cleandir target + the credential, just let the enroll operating fail and we'll attempt to get a + PIN anyway. Might avoid some unneccessary PIN prompts. + + Part of GHPR#302 from Corinna Vinschen; ok dtucker@ + + OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2 -commit 57680a2ab43518c5ccbd8242c40482106cde6ac1 -Author: dtucker@openbsd.org -Date: Sat Oct 2 03:17:01 2021 +0000 +commit 2886975c0ad9244e60dc5e4be34fde3aa573a4b5 +Author: Corinna Vinschen +Date: Fri Feb 11 14:33:41 2022 +0100 - upstream: Dynamically allocate encoded HashKnownHosts and free as + sk_sign: set FIDO2 uv attribute explicitely for WinHello - appropriate. Saves 1k of static storage and prevents snprintf "possible - truncation" warnings from newer compilers (although in this case it's false - positive since the actual sizes are limited by the output size of the SHA1). - ok djm@ + WinHello via libfido2 performs user verification by default. + However, if we stick to that, there's no way to differentiate + between keys created with or without "-O verify-required". + Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check + if user verification has been requested. - OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4 + Signed-off-by: Corinna Vinschen -commit e3e62deb549fde215b777d95276c304f84bf00c6 -Author: djm@openbsd.org -Date: Wed Oct 6 03:35:13 2021 +0000 +commit 242c044ab111a37aad3b0775727c36a4c5f0102c +Author: Corinna Vinschen +Date: Tue Feb 15 11:28:08 2022 +0100 - upstream: use libc SHA256 functions; make this work when compiled + check_sk_options: add temporary WinHello workaround - !WITH_OPENSSL + Up to libfido 1.10.0, WinHello advertises "clientPin" rather + than "uv" capability. This is fixed in 1.11.0. For the time + being, workaround it here. - OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890 + Signed-off-by: Corinna Vinschen -commit 12937d867019469ebce83c2ff614cdc6688fc2d8 -Author: dtucker@openbsd.org -Date: Fri Oct 1 05:20:20 2021 +0000 +commit 78774c08cc4b4997382975b0f414a86e06b6780c +Author: Corinna Vinschen +Date: Thu Feb 10 18:19:29 2022 +0100 - upstream: Add test for ssh hashed known_hosts handling. + compat code for fido_dev_is_winhello() - OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf + Signed-off-by: Corinna Vinschen -commit 5a37cc118f464416d08cd0291a9b1611d8de9943 -Author: Damien Miller -Date: Wed Oct 6 13:16:21 2021 +1100 +commit 3d3a932a019aedfb891e0779bb4990cd5008a390 +Author: Darren Tucker +Date: Fri Aug 5 13:12:27 2022 +1000 - fix broken OPENSSL_HAS_ECC test + Factor out getrnd() and rename to getentropy(). - spotted by dtucker + Factor out the arc4random seeding into its own file and change the + interface to match getentropy. Use native getentropy if available. + This will make it easier to resync OpenBSD changes to arc4random. + Prompted by bz#3467, ok djm@. -commit 16a25414f303cd6790eb967aeb962040e32c9c7a -Author: Damien Miller -Date: Fri Oct 1 22:40:06 2021 +1000 +commit 9385d277b787403be9dfcb229cf372202496d2f3 +Author: Darren Tucker +Date: Thu Aug 4 18:55:48 2022 +1000 - make sk-dummy.so work without libcrypto installed + Include CHANNEL and FIDO2 libs in configure output -commit dee22129bbc61e25b1003adfa2bc584c5406ef2d -Author: Damien Miller -Date: Fri Oct 1 16:35:49 2021 +1000 +commit 141535b904b6fba01724444f38193a8599201f82 +Author: djm@openbsd.org +Date: Mon Aug 1 11:09:26 2022 +0000 - make OPENSSL_HAS_ECC checks more thorough + upstream: avoid double-free in error path introduced in r1.70; report - ok dtucker - -commit 872595572b6c9a584ed754165e8b7c4c9e7e1d61 -Author: Damien Miller -Date: Fri Oct 1 16:35:05 2021 +1000 - - fix FIDO key support for !OPENSSL_HAS_ECC case + and fix based on GHPR#332 by v-rzh ok dtucker@ - ok dtucker + OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f -commit 489741dc68366940d369ac670b210b4834a6c272 -Author: Damien Miller -Date: Fri Oct 1 14:51:37 2021 +1000 +commit dba7099ffcba3ca07b3946f017ba6a4c3158d9b1 +Author: Darren Tucker +Date: Wed Jul 27 18:40:12 2022 +1000 - enable security key support for --without-openssl + Remove deprecated MacOS 10.15 runners. -commit c978565c8589acfe4ea37ab5099d39c84158c713 -Author: Damien Miller -Date: Fri Oct 1 13:27:50 2021 +1000 +commit 722a56439aa5972c830e4a9a724cf52aff4a950a +Author: Darren Tucker +Date: Wed Jul 27 18:31:14 2022 +1000 - need stdlib.h for free(3) + Move stale-configure check as early as possible. + + We added a check in Makefile to catch the case where configure needs to + be rebuilt, however this did not happen until a build was attempted in + which case all of the work done by configure was wasted. Move this check + to the start of configure to catch it as early as possible. ok djm@ -commit 76a398edfb51951b2d65d522d7b02c72304db300 -Author: dtucker@openbsd.org -Date: Thu Sep 30 05:26:26 2021 +0000 +commit 099d6b56288b421ba38531d26dc1bd6bb685e311 +Author: Darren Tucker +Date: Fri Jul 22 10:47:19 2022 +1000 - upstream: Fix up whitespace left by previous - - change removing privsep. No other changes. + Move libcrypto into CHANNELLIBS. - OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15 + This will result in sftp, sftp-server and scp no longer being linked + against libcrypto. ok djm@ -commit ddcb53b7a7b29be65d57562302b2d5f41733e8dd -Author: dtucker@openbsd.org -Date: Thu Sep 30 05:20:08 2021 +0000 +commit 1bdf86725b77733bb5f17c54888b88a10b2f6538 +Author: Darren Tucker +Date: Fri Jul 22 10:45:47 2022 +1000 - upstream: Remove references to privsep. - - This removes several do..while loops but does not change the - indentation of the now-shallower loops, which will be done in a separate - whitespace-only commit to keep changes of style and substance separate. + Remove seed_rng calls from scp, sftp, sftp-server. - OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7 + These binaries don't use OpenSSL's random functions. The next step + will be to stop linking them against libcrypto. ok djm@ -commit ece2fbe486164860de8df3f8b943cccca3085eff -Author: dtucker@openbsd.org -Date: Thu Sep 30 04:22:50 2021 +0000 +commit d73f77b8cb9b422f1ac4facee7890aa10ff2bc21 +Author: Darren Tucker +Date: Fri Jul 22 09:51:51 2022 +1000 - upstream: Use "skip" instead of "fatal" - - if SUDO isn't set for the *-command tests. This means running "make tests" - without SUDO set will perform all of the tests that it can instead of - failing on the ones it cannot run. + Group libcrypto and PRNGD checks together. - OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a + They're related more than the libcrypt or libiaf checks which are + currently between them. ok djm@ -commit bb754b470c360e787a99fb4e88e2668198e97b41 -Author: djm@openbsd.org -Date: Fri Oct 1 04:50:36 2021 +0000 +commit f117e372b3f42f2fbdb0a578d063b2609ab58e1f +Author: Darren Tucker +Date: Fri Jul 22 09:24:45 2022 +1000 - upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; - - ok dtucker@ + Do not link scp, sftp and sftp-server w/ zlib. - OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709 + Some of our binaries (eg sftp, sftp-server, scp) do not interact with + the channels code and thus do use libraries such as zlib and libcrypto + although they are linked with them. This adds a CHANNELLIBS and starts + by moving zlib into it, which means the aformentioned binaries are no + longer linked against zlib. ok djm@ -commit 207648d7a6415dc915260ca75850404dbf9f0a0b +commit 800c2483e68db38bd1566ff69677124be974aceb Author: Darren Tucker -Date: Wed Sep 29 20:03:58 2021 +1000 +Date: Mon Jul 25 21:49:04 2022 +1000 - Include stdlib.h for arc4random_uniform prototype. + Remove workarounds for OpenSSL missing AES-CTR. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES CTR mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have CTR, so this is no longer needed. ok djm@ -commit 696aadc854582c164d5fc04933d2f3e212dc0e06 +commit b7c56b65c12f51fe0dbae798d19c8f58224a5d95 Author: Darren Tucker -Date: Wed Sep 29 20:00:30 2021 +1000 +Date: Mon Jul 25 21:43:00 2022 +1000 - Look for clang after cc and gcc. + Remove workarounds for OpenSSL missing AES-GCM. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES GCM mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have GCM, so this is no longer needed. ok djm@ -commit a3c6375555026d85dbf811fab566b9f76f196144 -Author: Darren Tucker -Date: Wed Sep 29 19:30:59 2021 +1000 +commit 5a4a9f7a968fbf92cc1eac519c65638e79ae9f1f +Author: dtucker@openbsd.org +Date: Mon Jul 25 07:12:45 2022 +0000 - Use backticks instead of $(..) for portability. + upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test. - Older shells (eg /bin/sh on Solaris 10) don't support $() syntax. + OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0 -commit 958aaa0387133d51f84fe9c8f30bca03025f2867 -Author: Darren Tucker -Date: Wed Sep 29 18:53:32 2021 +1000 +commit 0ff886be132299386cc29d87c2aa16ff68a1aa08 +Author: dtucker@openbsd.org +Date: Sun Jul 24 23:29:10 2022 +0000 - Skip file-based tests by default on Mac OS. + upstream: Test TEST_SSH_ELAPSED_TIMES for empty string not - The file-based tests need OpenSSL so skip them. + executable. No-op on most platforms but should prevent warnings in -portable + on systems that don't have 'date %s'. + + OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4 -commit 55c8bdf6e9afb0f9fa8e4f10c25c7f0081b48fd0 +commit f69319ad8ad1dd50f90bbcf5912e11cc8ed3e037 Author: Darren Tucker -Date: Wed Sep 29 18:42:47 2021 +1000 +Date: Sat Jul 23 14:38:22 2022 +1000 - Build without OpenSSL on Mac OS. + Convert "have_prog" function into "which". - Modern versions don't ship enough libcrypto to build against. + "which" and its behaviour is not standardized, so convert the existing + have_prog function into "which" so we can rely on it being available + and what its semantics are. Add a have_prog wrapper that maintains the + existing behaviour. -commit c9172193ea975415facf0afb356d87df21535f88 +commit ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43 Author: Darren Tucker -Date: Wed Sep 29 18:33:38 2021 +1000 +Date: Sat Jul 23 14:36:38 2022 +1000 - Remove TEST_SSH_ECC. + Skip scp3 test if there's no scp on remote path. - Convert the only remaining user of it to runtime detection using ssh -Q. + scp -3 ends up using the scp that's in the remote path and will fail if + one is not available. Based on a patch from rapier at psc.edu. -commit 5e6d28b7874b0deae95d2c68947c45212d32e599 -Author: Darren Tucker -Date: Wed Sep 29 17:48:09 2021 +1000 +commit c46f6fed419167c1671e4227459e108036c760f8 +Author: Damien Miller +Date: Wed Jul 20 13:39:14 2022 +1000 - Split c89 test openssl setting out. + crank SSH_SK_VERSION_MAJOR in sk-dummy.so -commit c4ac7f98e230e83c015678dc958b1ffe828564ad -Author: Darren Tucker -Date: Wed Sep 29 17:40:50 2021 +1000 +commit f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d +Author: djm@openbsd.org +Date: Wed Jul 20 03:33:22 2022 +0000 - Expand TEST_SHELL consistently with other vars. + upstream: ssh-keygen: fix touch prompt, pin retries; + + part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8 -commit cfe5f7b0eb7621bfb0a756222de0431315c2ab8b -Author: Darren Tucker -Date: Wed Sep 29 17:26:50 2021 +1000 +commit 8638a2ce7e90c8a51d9af3143404282126c524f8 +Author: djm@openbsd.org +Date: Wed Jul 20 03:31:42 2022 +0000 - Replace `pwd` with make variable in regress cmd. + upstream: sk-usbhid: preserve error code returned by key_lookup() + + it conveys useful information, such as the supplied pin being wrong. + + Part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: c0647eb9290f793add363d81378439b273756c1b -commit 899be59da5fbc3372444bd0fbe74af48313bed33 +commit 9ab929ca2d820520327b41929372bcb9e261534c +Author: djm@openbsd.org +Date: Wed Jul 20 03:29:14 2022 +0000 + + upstream: when enrolling a resident key on a security token, check + + if a credential with matching application and user ID strings already exists. + if so, prompt the user for confirmation before overwriting the credential. + + patch from Pedro Martelletto via GHPR329 + + NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware + implementations will need to adjust + + OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4 + +commit 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da +Author: djm@openbsd.org +Date: Wed Jul 20 03:13:04 2022 +0000 + + upstream: pull passphrase reading and confirmation into a separate + + function so it can be used for FIDO2 PINs; no functional change + + OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f + +commit eb679e2959bdb15454eb94751930eb4c9110da94 Author: Darren Tucker -Date: Wed Sep 29 17:14:33 2021 +1000 +Date: Fri Jul 15 21:31:48 2022 +1000 - Get BUILDDIR from autoconf. + Move vmshutdown to first step. - Use this to replace `pwd`s in regress test command line. + If a previous run on a physical runner has failed to clean up, the next + run will fail because it'll try to check out the code to a broken + directory mount. Make cleanup the first step. -commit c8d92d3d4f7d560146f2f936156ec4dac3fc5811 +commit 46b91b70ff3cb9c147e2875ef5dc609fd64c0c96 Author: Darren Tucker -Date: Wed Sep 29 13:28:56 2021 +1000 +Date: Fri Jul 15 20:25:27 2022 +1000 - Add make clean step to tests. + Rename bbone test target to ARM. -commit 360fb41ef8359619ab90b0d131c914494e55d3dd +commit 751d22cdeffed9fe921db78eedc32a29f9e80510 Author: Darren Tucker -Date: Wed Sep 29 11:36:13 2021 +1000 +Date: Fri Jul 15 13:37:29 2022 +1000 - Test all available clang and gcc versions. + Add AUDIT_ARCH_PPC to supported seccomp arches. + + Patch from dries.deschout at dodeco.eu. -commit 4fb49899d7da22952d35a4bc4c9bdb2311087893 -Author: djm@openbsd.org -Date: Wed Sep 29 01:32:21 2021 +0000 +commit a061792a6e8d235fc40a9b5d4c22a1762bb75a7b +Author: Darren Tucker +Date: Thu Jul 14 19:20:24 2022 +1000 - upstream: Test certificate hostkeys held in ssh-agent too. Would have + Remove unintended changes. - caught regression fixed in sshd r1.575 + I inadvertently included a couple of local changes with the OpenSSL + 3.0.4 change. Revert, anything that should be there will be committed + separately. + +commit 527cb43fa1b4e55df661feabbac51b8e608b6519 +Author: Darren Tucker +Date: Thu Jul 14 11:22:08 2022 +1000 + + Return ERANGE from getcwd() if buffer size is 1. - ok markus@ + If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it + could result in a nul byte being written out of array bounds. POSIX says + it should return ERANGE if the path will not fit in the available buffer + (with terminating nul). 1 byte cannot fit any possible path with its nul, + so immediately return ERANGE in that case. - OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed + OpenSSH never uses getcwd() with this buffer size, and all current + (and even quite old) platforms that we are currently known to work + on have a native getcwd() so this code is not used on those anyway. + Reported by Qualys, ok djm@ -commit ce4854e12e749a05646e5775e9deb8cfaf49a755 -Author: djm@openbsd.org -Date: Wed Sep 29 01:33:32 2021 +0000 +commit 36857fefd8849c4b0e877cfd9d1eb22f79b76650 +Author: Darren Tucker +Date: Thu Jul 14 10:02:35 2022 +1000 - upstream: add some debug output showing how many key file/command lines + Split README.platform into its own line. - were processed. Useful to see whether a file or command actually has keys - present + README.platform has general platform-specific information, having it + following text about FIDO2 on the same line could imply that it only + has information about FIDO2. + +commit 00a496c6c14f2d41f2a9365714d494dd5f3aac9f +Author: Darren Tucker +Date: Thu Jul 14 09:56:01 2022 +1000 + + Clarify README.md text. - OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c + Clarify the text about the implications of building without OpenSSL, and + prefix the "configure --help" example command with a "./" so it's likely + to work as-is in more shells. From bz#3461. -commit 15abdd523501c349b703d9a27e2bb4252ad921ef -Author: dtucker@openbsd.org -Date: Tue Sep 28 11:14:50 2021 +0000 +commit f40b52f21fbc52eb513279168a49d3285c65256c +Author: Darren Tucker +Date: Tue Jul 12 19:48:44 2022 +1000 - upstream: Make prototype for rijndaelEncrypt match function + Remove special casing of crypt(). - including the bounds. Fixes error in portable where GCC>=11 takes notice of - the bounds. ok deraadt@ + Configure goes to some lengths to pick crypt() from either libcrypt + or OpenSSL's libcrypto because they can more or less featureful (eg + supporting md5-style passwords). - OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6 + OpenSSL removed its crypt() interface in 2002: + https://github.com/openssl/openssl/commit/69deec58 so these hijinks + should no longer be necessary. This also only links sshd with libcrypt + which is the only thing that needs it. ok djm@ -commit d1d29ea1d1ef1a1a54b209f062ec1dcc8399cf03 -Author: dtucker@openbsd.org -Date: Tue Sep 28 11:10:05 2021 +0000 +commit 76f4e48631d7b09fb243b47d7b393d100d3741b7 +Author: Darren Tucker +Date: Wed Jul 13 13:17:47 2022 +1000 - upstream: Import regenerated moduli. + Only refuse to use OpenSSL 3.0.4 on x86_64. - OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1 + The potential RCE only impacts x86_64, so only refuse to use it if we're + targetting a potentially impacted architecture. ok djm@ -commit 39f2111b1d5f00206446257377dcce58cc72369f +commit e75bbc1d88491fa85e61b2cc8783d4bbd00cd131 Author: Darren Tucker -Date: Wed Sep 29 10:53:55 2021 +1000 +Date: Tue Jul 12 14:37:15 2022 +1000 - Add new compiler hardening flags. + Capture stderr output from configure. + +commit d9eaea4bea6271bcee6a2b9428f1271faf2d033b +Author: Darren Tucker +Date: Tue Jul 12 12:54:49 2022 +1000 + + Refuse to use OpenSSL 3.0.4 due to potential RCE. - Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of - compiler hardening flags that configure checks for. These are supported - by clang and gcc, and make ROP gadgets less useful and mitigate - stack-based infoleaks respectively. ok djm@ + OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) + so refuse to use that specific version. -commit bf944e3794eff5413f2df1ef37cddf96918c6bde -Author: Damien Miller -Date: Mon Sep 27 00:03:19 2021 +1000 +commit fb2f3a61bf3d28fff285524535f7ffcd177c9235 +Author: Darren Tucker +Date: Tue Jul 12 12:54:24 2022 +1000 - initgroups needs grp.h + Move unset to before we set anything. -commit 8c5b5655149bd76ea21026d7fe73ab387dbc3bc7 -Author: djm@openbsd.org -Date: Sun Sep 26 14:01:11 2021 +0000 +commit c483a5c0fb8e8b8915fad85c5f6113386a4341ca +Author: Darren Tucker +Date: Wed Jul 6 11:52:54 2022 +1000 - upstream: openssh-8.8 - - OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4 + Test against openssl-3.0.5. -commit f3cbe43e28fe71427d41cfe3a17125b972710455 -Author: djm@openbsd.org -Date: Sun Sep 26 14:01:03 2021 +0000 +commit 669a56bcfe73f8b985f2bba476ba834d55253acf +Author: Darren Tucker +Date: Tue Jul 5 18:35:53 2022 +1000 - upstream: need initgroups() before setresgid(); reported by anton@, - - ok deraadt@ + Update sanitizer test targets: - OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce + - remove clang-sanitize-memory for now. It takes so long that the test + times out. + - add gcc sanitize-address and sanitize-undefined test targets. -commit 8acaff41f7518be40774c626334157b1b1c5583c -Author: Damien Miller -Date: Sun Sep 26 22:16:36 2021 +1000 +commit 48cc68b69118b3ce8d07fd4f82e00d58667d5379 +Author: Darren Tucker +Date: Tue Jul 5 16:23:28 2022 +1000 - update version numbers for release + Add GCC address sanitizer build/test. -commit d39039ddc0010baa91c70a0fa0753a2699bbf435 -Author: kn@openbsd.org -Date: Sat Sep 25 09:40:33 2021 +0000 +commit 55c60bdd39b82457e92efa77da8d16cfa6a49391 +Author: Darren Tucker +Date: Tue Jul 5 12:02:33 2022 +1000 - upstream: RSA/SHA-1 is not used by default anymore + Move sanitizer logs into regress for collection. + +commit 35ef2b3b6ef198f8574904a45780487ec2f17858 +Author: dtucker@openbsd.org +Date: Mon Jul 4 09:10:31 2022 +0000 + + upstream: Add TEST_REGRESS_CACHE_DIR. - OK dtucker deraadt djm + If set, it is used to cache regress test names that have succeeded and + skip those on a re-run. - OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6 + OpenBSD-Regress-ID: a7570dd29a58df59f2cca647c3c2ec989b49f247 -commit 9b2ee74e3aa8c461eb5552a6ebf260449bb06f7e +commit 7394ed80c4de8b228a43c8956cf2fa1b9c6b2622 Author: Darren Tucker -Date: Fri Sep 24 11:08:03 2021 +1000 +Date: Sun Jul 3 21:46:44 2022 +1000 - Move the fgrep replacement to hostkey-rotate.sh. + Add clang sanitizer tests. + +commit bfce0e66b6017a9bfab450b9dc7d4b16f90de817 +Author: Darren Tucker +Date: Sun Jul 3 18:14:09 2022 +1000 + + Skip all rlimit tests when sandboxing disabled. - The fgrep replacement for buggy greps doesn't work in the sftp-glob test - so move it to just where we know it's needed. + The rlimit tests can hang when being run with some compiler sanitizers + so skip all of them if sandbox=no. -commit f7039541570d4b66d76e6f574544db176d8d5c02 +commit 6208d611520f9ea94d5369f9da404b709930029d Author: Darren Tucker -Date: Fri Sep 24 08:04:14 2021 +1000 +Date: Sun Jul 3 17:54:49 2022 +1000 - Replacement function for buggy fgrep. + Move checks for pollfd.fd and nfds_t. - GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will - occasionally fail to find ssh host keys in the hostkey-rotate test. - If we have those versions, use awk instead. + Move the checks for struct pollfd.fd and nfds_t to before the sandboxing + checks. This groups all the sandbox checks together so we can skip them + all when sandboxing is disabled. -commit f6a660e5bf28a01962af87568e118a2d2e79eaa0 -Author: David Manouchehri -Date: Thu Sep 23 17:03:18 2021 -0400 +commit 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b +Author: dtucker@openbsd.org +Date: Fri Jul 1 05:08:23 2022 +0000 - Don't prompt for yes/no questions. + upstream: Remove leftover line. + + Remove extra line leftover from merge conflict. ok djm@ + + OpenBSD-Commit-ID: 460e2290875d7ae64971a7e669c244b1d1c0ae2e -commit 7ed1a3117c09f8c3f1add35aad77d3ebe1b85b4d +commit 7ec81daad0e03a64e8d91c5590960c48c1a899a3 Author: djm@openbsd.org -Date: Mon Sep 20 06:53:56 2021 +0000 +Date: Fri Jul 1 04:45:50 2022 +0000 - upstream: fix missing -s in SYNOPSYS and usage() as well as a + upstream: use consistent field names (s/char/byte) - capitalisation mistake; spotted by jmc@ + in format description - OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710 + OpenBSD-Commit-ID: 3de33572733ee7fcfd7db33d37db23d2280254f0 -commit 8c07170135dde82a26886b600a8bf6fb290b633d -Author: dtucker@openbsd.org -Date: Mon Sep 20 04:02:13 2021 +0000 +commit 32e82a392d9f263485effdd606ff5862d289a4a0 +Author: Darren Tucker +Date: Fri Jul 1 13:55:19 2022 +1000 - upstream: Fix "Allocated port" debug message - - for unix domain sockets. From peder.stray at gmail.com via github PR#272, - ok deraadt@ + Skip select+rlimit check if sandboxing is disabled - OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e + It's not needed in that case, and the test can fail when being built + with some compiler memory sanitizer flags. bz#3441 -commit 277d3c6adfb128b4129db08e3d65195d94b55fe7 +commit 4be7184ebe2a2ccef175983517a35ee06766e1b4 Author: djm@openbsd.org -Date: Mon Sep 20 01:55:42 2021 +0000 +Date: Fri Jul 1 03:52:57 2022 +0000 - upstream: Switch scp back to use the old protocol by default, ahead of + upstream: bump up loglevel from debug to info when unable to open - release. We'll wait a little longer for people to pick up sftp-server(8) that - supports the extension that scp needs for ~user paths to continue working in - SFTP protocol mode. Discussed with deraadt@ + authorized keys/principals file for errno != ENOENT; bz2042 ok dtucker - OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871 + OpenBSD-Commit-ID: e79aa550d91ade6a80f081bda689da24c086d66b -commit ace19b34cc15bea3482be90450c1ed0cd0dd0669 -Author: djm@openbsd.org -Date: Sat Sep 18 02:03:25 2021 +0000 +commit 6c31ba10e97b6953c4f325f526f3e846dfea647a +Author: dtucker@openbsd.org +Date: Fri Jul 1 03:39:44 2022 +0000 - upstream: better error message for ~user failures when the + upstream: Don't leak the strings allocated by order_hostkeyalgs() - sftp-server lacks the expand-path extension; ok deraadt@ + and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of + github PR#324 from ZoltanFridrich, ok djm@ - OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc + This is a roll-forward of the previous rollback now that the required + changes in compat.c have been done. + + OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb -commit 6b1238ba971ee722a310d95037b498ede5539c03 -Author: djm@openbsd.org -Date: Thu Sep 16 15:22:22 2021 +0000 +commit 486c4dc3b83b4b67d663fb0fa62bc24138ec3946 +Author: dtucker@openbsd.org +Date: Fri Jul 1 03:35:45 2022 +0000 - upstream: make some more scp-in-SFTP mode better match Unix idioms + upstream: Always return allocated strings from the kex filtering so - suggested by deraadt@ + that we can free them later. Fix one leak in compat_kex_proposal. Based on + github PR#324 from ZoltanFridrich with some simplications by me. ok djm@ - OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87 + OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4 -commit e694f8ac4409931e67d08ac44ed251b20b10a957 +commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c Author: djm@openbsd.org -Date: Thu Sep 16 15:11:19 2021 +0000 +Date: Fri Jul 1 00:36:30 2022 +0000 - upstream: allow log_stderr==2 to prefix log messages with argv[0] + upstream: ignore SIGPIPE earlier in main(), specifically before - use this to make scp's SFTP mode error messages more scp-like + muxclient() which performs operations that could cause one; Reported by Noam + Lewis via bz3454, ok dtucker@ - prompted by and ok deraadt@ + OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47 + +commit 33efac790f6b09d54894ba6c3e17dfb08b6fc7e1 +Author: jmc@openbsd.org +Date: Tue Jun 28 06:09:14 2022 +0000 + + upstream: reflect the update to -D arg name in usage(); - OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733 + OpenBSD-Commit-ID: abdcde4f92b1ef094ae44210ee99d3b0155aad9c -commit 8a7a06ee505cb833e613f74a07392e9296286c30 +commit c71a1442d02f0a3586109dfe2cb366de36dee08e Author: Darren Tucker -Date: Fri Sep 17 13:03:31 2021 +1000 +Date: Wed Jun 29 18:28:47 2022 +1000 - Test against LibreSSL 3.2.6, 3.3.4, 3.4.0. + Update OpenSSL tests to the most recent releases. -commit c25c84074a47f700dd6534995b4af4b456927150 +commit 2a822f29300b2de7335fbff65f0b187a0c582304 Author: djm@openbsd.org -Date: Thu Sep 16 05:36:03 2021 +0000 +Date: Mon Jun 27 21:41:55 2022 +0000 - upstream: missing space character in ssh -G output broke the + upstream: allow arguments to sftp -D option, e.g. sftp -D - t-sshcfgparse regression test; spotted by anton@ + "/usr/libexec/sftp-server -el debug3" - OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0 + ok markus@ + + OpenBSD-Commit-ID: 5a002b9f3a7aef2731fc0ffa9c921cf15f38ecce -commit a4bee1934bf5e5575fea486628f4123d6a29dff8 -Author: djm@openbsd.org -Date: Wed Sep 15 06:56:01 2021 +0000 +commit 2369a2810187e08f2af5d58b343956062fb96ee8 +Author: dtucker@openbsd.org +Date: Fri Jun 24 10:45:06 2022 +0000 - upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; ok + upstream: Roll back previous KEX changes as they aren't safe until - markus@ + compat_pkalg_proposal and friends always allocate their returned strings. + Reported by Qualys. - OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623 + OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0 -commit d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd -Author: mbuhl@openbsd.org -Date: Tue Sep 14 11:04:21 2021 +0000 +commit 646686136c34c2dbf6a01296dfaa9ebee029386d +Author: dtucker@openbsd.org +Date: Fri Jun 24 04:37:00 2022 +0000 - upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT + upstream: Don't leak the strings allocated by order_hostkeyalgs() - OK mfriedl@ + and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of + github PR#324 from ZoltanFridrich, ok djm@ - OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798 + OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b -commit 19b3d846f06697c85957ab79a63454f57f8e22d6 -Author: schwarze@openbsd.org -Date: Sat Sep 11 09:05:50 2021 +0000 +commit 193c6d8d905dde836b628fc07a7b9cf2d347e2a3 +Author: Darren Tucker +Date: Sat Jun 25 12:16:15 2022 +1000 - upstream: Do not ignore SIGINT while waiting for input if editline(3) + Zero out LIBFIDO2 when SK support not usable. - is not used. Instead, in non-interactive mode, exit sftp(1), like for other - serious errors. As pointed out by dtucker@, when compiled without editline(3) - support in portable OpenSSH, the el == NULL branch is also used for - interactive mode. In that case, discard the input line and provide a fresh - prompt to the user just like in the case where editline(3) is used. OK djm@ + Prevents us from trying to link them into ssh-sk-helper and failing to + build. + +commit 40f5d849d25c60b4ae21261e78484d435f5cfd51 +Author: Darren Tucker +Date: Sat Jun 25 11:47:28 2022 +1000 + + Disable SK support if FIDO libs not found. + +commit 5fd922ade1b25880fe8a8249f5c0385e413108f9 +Author: Damien Miller +Date: Fri Jun 24 14:43:54 2022 +1000 + + fix broken case statement in previous + +commit f51423bdaf0008d46b6af082bcfd7a22a87375f0 +Author: Damien Miller +Date: Fri Jun 24 14:40:42 2022 +1000 + + request 1.1x API compatibility for OpenSSL >=3.x - OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393 + idea/patch from Pedro Martelletto via GHPR#322; ok dtucker@ -commit ba61123eef9c6356d438c90c1199a57a0d7bcb0a +commit 455cee8d6c2e4c48c5af9faead3599c49948411e Author: djm@openbsd.org -Date: Sat Sep 11 00:40:24 2021 +0000 +Date: Fri Jun 24 04:27:14 2022 +0000 - upstream: when using SFTP protocol, continue transferring files after a + upstream: make it clear that RekeyLimit applies to both transmitted - transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@ + and received data. GHPR#328 from Jan Pazdziora - OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa + OpenBSD-Commit-ID: d180a905fec9ff418a75c07bb96ea41c9308c3f9 -commit b0ec59a708b493c6f3940336b1a537bcb64dd2a7 -Author: dtucker@openbsd.org -Date: Fri Sep 10 11:38:38 2021 +0000 +commit 17904f05802988d0bb9ed3c8d1d37411e8f459c3 +Author: tobhe@openbsd.org +Date: Tue Jun 21 14:52:13 2022 +0000 - upstream: Document that non-interactive commands are run via the user's + upstream: Make sure not to fclose() the same fd twice in case of an - shell using the -c flag. ok jmc@ + error. - OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477 + ok dtucker@ + + OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99 -commit 66a658b5d9e009ea11f8a0ca6e69c7feb2d851ea +commit f29d6cf98c25bf044079032d22c1a57c63ab9d8e Author: dtucker@openbsd.org -Date: Fri Sep 10 10:26:02 2021 +0000 +Date: Sat Jun 18 02:17:16 2022 +0000 - upstream: Document behaviour of arguments following non-interactive + upstream: Don't attempt to fprintf a null identity comment. From - commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ + Martin Vahlensieck via tech@. - OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a + OpenBSD-Commit-ID: 4c54d20a8e8e4e9912c38a7b4ef5bfc5ca2e05c2 -commit 1d47e28e407d1f95fdf8f799be23f48dcfa5206b +commit ad1762173bb38716a106e8979806149fd0f2753e Author: dtucker@openbsd.org -Date: Fri Sep 10 07:11:11 2021 +0000 +Date: Fri Jun 17 01:00:03 2022 +0000 - upstream: Clarify which file's attributes -p preserves, and that + upstream: Log an error if pipe() fails while accepting a - it's specifically the file mode bits. bz#3340 from calestyo at scientia.net, - ok djm@ jmc@ + connection. bz#3447, from vincent-openssh at vinc17 net, ok djm@ - OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884 + OpenBSD-Commit-ID: 9d59f19872b94900a5c79da2d57850241ac5df94 -commit b344db7a413478e4c21e4cadba4a970ad3e6128a -Author: djm@openbsd.org -Date: Fri Sep 10 05:46:09 2021 +0000 +commit 9c59e7486cc8691401228b43b96a3edbb06e0412 +Author: Damien Miller +Date: Fri Jun 24 14:20:43 2022 +1000 - upstream: openssh-7.4 was incorrectly listed twice; spotted by + automatically enable built-in FIDO support - Dmitry Belyavskiy, ok dtucker@ + If libfido2 is found and usable, then enable the built-in + security key support unless --without-security-key-builtin + was requested. - OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef + ok dtucker@ -commit 9136d6239ad7a4a293e0418a49b69e70c76d58b8 -Author: jmc@openbsd.org -Date: Thu Sep 9 06:17:39 2021 +0000 +commit 7d25b37fb2a5ff4dadabcbdac6087a97479434f5 +Author: Damien Miller +Date: Fri Jun 24 13:46:39 2022 +1000 - upstream: - move CAVEATS to its correct order - use the term - - "legacy" protocol rather than "original", as the latter made the text - misleading - uppercase SCP - - ok djm + fix possible NULL deref when built without FIDO - OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0 + Analysis/fix from kircher in bz3443; ok dtucker@ -commit 2d678c5e3bdc2f5c99f7af5122e9d054925d560d -Author: David Carlier -Date: Wed Sep 8 19:49:54 2021 +0100 +commit f5ba85daddfc2da6a8dab6038269e02c0695be44 +Author: djm@openbsd.org +Date: Wed Jun 15 16:08:25 2022 +0000 - Disable tracing on FreeBSD using procctl. + upstream: make sure that UseDNS hostname lookup happens in the monitor - Placed at the start of platform_disable_tracing() to prevent declaration - after code errors from strict C89 compilers (in the unlikely event that - more than one method is enabled). + and not in the pledge(2)'d unprivileged process; fixes regression caused by + recent refactoring spotted by henning@ + + OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d -commit 73050fa38fb36ae3326d768b574806352b97002d +commit acb2059febaddd71ee06c2ebf63dcf211d9ab9f2 Author: djm@openbsd.org -Date: Wed Sep 8 23:31:39 2021 +0000 +Date: Fri Jun 3 04:47:21 2022 +0000 - upstream: Use the SFTP protocol by default. The original scp/rcp - - protocol remains available via the -O flag. + upstream: move auth_openprincipals() and auth_openkeyfile() over to - Note that ~user/ prefixed paths in SFTP mode require a protocol extension - that was first shipped in OpenSSH 8.7. - - ok deraadt, after baking in snaps for a while without incident + auth2-pubkeyfile.c too; they make more sense there. - OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c + OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee -commit c4565e69ffa2485cff715aa842ea7a350296bfb6 -Author: Darren Tucker -Date: Wed Sep 8 21:09:49 2021 +1000 +commit 3d9b0845f34510111cc693bb99a667662ca50cd8 +Author: djm@openbsd.org +Date: Fri Jun 3 04:31:54 2022 +0000 - Really fix test on OpenSSL 1.1.1 stable. + upstream: test setenv in both client and server, test first-match-wins + + too + + OpenBSD-Regress-ID: 4c8804f9db38a02db480b9923317457b377fe34b -commit 79f1bb5f56cef3ae9276207316345b8309248478 -Author: Darren Tucker -Date: Wed Sep 8 18:51:39 2021 +1000 +commit 22e1a3a71ad6d108ff0c5f07f93c3fcbd30f8b40 +Author: djm@openbsd.org +Date: Fri Jun 3 04:30:46 2022 +0000 - Correct OpenSSL 1.1.1 stable identifier. + upstream: Make SetEnv directives first-match-wins in both + + sshd_config and sshd_config; previously if the same name was reused then the + last would win (which is the opposite to how the config is supposed to work). + + While there, make the ssh_config parsing more like sshd_config. + + bz3438, ok dtucker + + OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b -commit b6255593ed5ccbe5e7d3d4b26b2ad31ad4afc232 -Author: Darren Tucker -Date: Wed Sep 8 18:39:44 2021 +1000 +commit 38ed6c57e9e592c08e020fa6e82b45b4e1040970 +Author: dtucker@openbsd.org +Date: Fri Jun 3 04:00:15 2022 +0000 - Increment nfds when coming from startup_pipe. + upstream: Add missing *-sk types to ssh-keyscan manpage. From - If we have to increase nfds because startup_pipe[0] is above any of the - descriptors passed in the fd_sets, we also need to add 1 to nfds since - select takes highest FD number plus one. bz#3345 from yaroslav.kuzmin - at vmssoftware.com. + skazi0 via github PR#294. + + OpenBSD-Commit-ID: fda2c869cdb871f3c90a89fb3f985370bb5d25c0 -commit a3e92a6794817df6012ac8546aea19652cc91b61 -Author: Darren Tucker -Date: Wed Sep 8 13:45:10 2021 +1000 +commit ea97ec98c41ec2b755dfab459347db674ff9a5de +Author: dtucker@openbsd.org +Date: Fri Jun 3 03:21:09 2022 +0000 - Tests for OpenSSL 3.0.0 release & 1.1.1 branch. + upstream: Add period at end of "not known by any other names" + + message. github PR#320 from jschauma, ok djm@ + + OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2 -commit 4afe431da98ec1cf6a2933fe5658f4fd68dee9e2 -Author: djm@openbsd.org -Date: Wed Sep 8 03:23:44 2021 +0000 +commit 88e376fcd67478ad1660d94bc73ab348ac9f4527 +Author: dtucker@openbsd.org +Date: Fri Jun 3 03:17:42 2022 +0000 - upstream: correct my mistake in previous fix; spotted by halex + upstream: ssh-keygen -A: do not generate DSA keys by default. - OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183 + Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@ + djm@ + + OpenBSD-Commit-ID: 5c4c57bdd7063ff03381cfb6696659dd3f9f5b9f -commit ca0e455b9331213ff9505a21b94c38e34faa2bba -Author: djm@openbsd.org -Date: Tue Sep 7 06:03:51 2021 +0000 +commit 6b3fb624675082a1e5aa615d1b8479873d8b5731 +Author: naddy@openbsd.org +Date: Tue May 31 14:05:12 2022 +0000 - upstream: avoid NULL deref in -Y find-principals. Report and fix + upstream: ssh-keygen: implement "verify-required" certificate option. - from Carlo Marcelo Arenas Belón - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + This was already documented when support for user-verified FIDO + keys was added, but the ssh-keygen(1) code was missing. - OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0 + ok djm@ + + OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06 -commit 37616807f150fb46610bbd5031c31af4857ad1e9 -Author: millert@openbsd.org -Date: Mon Sep 6 00:36:01 2021 +0000 +commit b7f86ffc301be105bba9a3e0618b6fab3ae379bd +Author: jmc@openbsd.org +Date: Sat May 28 05:57:56 2022 +0000 - upstream: revision 1.381 neglected to remove + upstream: keywords ref ssh_config.5; - sChallengeResponseAuthentication from the enum. Noticed by - christos@zoulas.com. OK dtucker@ + from caspar schutijser - OpenBSD-Commit-ID: b533283a4dd6d04a867da411a4c7a8fbc90e34ff + OpenBSD-Commit-ID: f146a19d7d5c9374c3b9c520da43b2732d7d1a4e -commit 7acb3578cdfec0b3d34501408071f7a96c1684ea -Author: Darren Tucker -Date: Sun Sep 5 20:45:42 2021 +1000 +commit dc7bc52372f2744fa39191577be5306ee57aacd4 +Author: Damien Miller +Date: Mon May 30 09:29:09 2022 +1000 - Correct version_num for OpenSSL dev branch. + fix some bugs in the fuzzer -commit 65bb01111320dfd0d25e21e1fd4d3f2b77532669 +commit 1781f507c113667613351c19898efaf1e311a865 Author: Darren Tucker -Date: Sun Sep 5 19:37:39 2021 +1000 +Date: Fri May 27 18:19:48 2022 +1000 - Test against OpenSSL 3 branch as well as dev. - - Now that OpenSSL development has moved to 3.1, test against the most - recent version of the openssl-3.0 branch too. + Test against OpenSSL 1.1.1o and 3.0.3. -commit 864ed0d5e04a503b97202c776b7cf3f163f3eeaa +commit c53906e0c59e569691b4095d3e8db79cf78fa058 Author: Darren Tucker -Date: Sun Sep 5 19:33:22 2021 +1000 +Date: Fri May 27 18:18:31 2022 +1000 - OpenSSL development is now 3.1.* + Test against LibreSSL 3.5.3. -commit a60209a586a928f92ab323bf23bd07f57093342e -Author: dtucker@openbsd.org -Date: Fri Sep 3 07:43:23 2021 +0000 +commit 9b3ad432ad2f19319bcc089370e356c6315d682f +Author: Damien Miller +Date: Fri May 27 17:00:43 2022 +1000 - upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list for + fuzzer for authorized_keys parsing - consistency. Patch from scop via github PR#257, ok jmc@ + mostly redundant to authopt_fuzz, but it's sensitive code so IMO it + makes sense to test this layer too + +commit c83d8c4d6f3ccceef84d46de107f6b71cda06359 +Author: djm@openbsd.org +Date: Fri May 27 05:02:46 2022 +0000 + + upstream: split the low-level file handling functions out from - OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872 + auth2-pubkey.c + + Put them in a new auth2-pubkeyfile.c to make it easier to refer to them + (e.g. in unit/fuzz tests) without having to refer to everything else + pubkey auth brings in. + + ok dtucker@ + + OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217 -commit 8d1d9eb6de37331e872700e9e399a3190cca1242 -Author: dtucker@openbsd.org -Date: Fri Sep 3 07:27:03 2021 +0000 +commit 3b0b142d2a0767d8cd838e2f3aefde8a0aaa41e1 +Author: djm@openbsd.org +Date: Fri May 27 05:01:25 2022 +0000 - upstream: Mention using ssh -i for specifying the public key file + upstream: refactor authorized_keys/principals handling - in the case where the private key is loaded into ssh-agent but is not present - locally. Based on patch from rafork via github PR#215, ok jmc@ + remove "struct ssh *" from arguments - this was only used to pass the + remote host/address. These can be passed in instead and the resulting + code is less tightly coupled to ssh_api.[ch] - OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2 + ok dtucker@ + + OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d -commit eb4362e5e3aa7ac26138b11e44d8c191910aff64 +commit 2c334fd36f80cb91cc42e4b978b10aa35e0df236 Author: dtucker@openbsd.org -Date: Fri Sep 3 05:25:50 2021 +0000 +Date: Fri May 27 04:29:40 2022 +0000 - upstream: Refer to KEX "algorithms" instead of "methods" to match + upstream: f sshpkt functions fail, then password is not cleared - other references and improve consistency. Patch from scop via github PR#241, - ok djm@ + with freezero. Unconditionally call freezero to guarantee that password is + removed from RAM. - OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c + From tobias@ and c3h2_ctf via github PR#286, ok djm@ + + OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd -commit b3318946ce5725da43c4bf7eeea1b73129c47d2a +commit 5d3a77f4c5ae774c6796387266503f52c7cdc7c2 Author: dtucker@openbsd.org -Date: Fri Sep 3 05:12:25 2021 +0000 +Date: Fri May 27 04:27:49 2022 +0000 - upstream: Remove redundant attrib_clear in upload_dir_internal. + upstream: Avoid kill with -1 argument. The out_ctx label can be - The subsequent call to stat_to_attrib clears the struct as its first step - anyway. From pmeinhardt via github PR#220, ok djm@ + reached before fork has been called. If this happens, then kill -1 would be + called, sending SIGTERM to all processes reachable by the current process. - OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e + From tobias@ and c3h2_ctf via github PR#286, ok djm@ + + OpenBSD-Commit-ID: 6277af1207d81202f5daffdccfeeaed4c763b1a8 -commit 7cc3fe28896e653956a6a2eed0a25d551b83a029 +commit 533b31cd08e4b97f455466f91c36915e2924c15a Author: dtucker@openbsd.org -Date: Fri Sep 3 04:11:13 2021 +0000 +Date: Fri May 27 04:13:24 2022 +0000 - upstream: Add test for client termination status on signal. + upstream: Note that ProxyJump also accepts the same tokens as - Based on patch from Alexxz via github PR#235 with some tweaks, to - match patch in bz#3281. + ProxyCommand. From pallxk via github PR#305. - OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2 + OpenBSD-Commit-ID: 7115ac351b129205f1f1ffa6bbfd62abd76be7c5 -commit 5428b0d239f6b516c81d1dd15aa9fe9e60af75d4 -Author: deraadt@openbsd.org -Date: Thu Sep 2 21:03:54 2021 +0000 +commit 9d8c80f8a304babe61ca28f2e3fb5eb6dc9c39bf +Author: djm@openbsd.org +Date: Wed May 25 06:03:44 2022 +0000 - upstream: sys/param.h is not needed for any visible reason + upstream: revert previous; it was broken (spotted by Theo) - OpenBSD-Commit-ID: 8bdea2d0c75692e4c5777670ac039d4b01c1f368 + OpenBSD-Commit-ID: 457c79afaca2f89ec2606405c1059b98b30d8b0d -commit 1ff38f34b4c4545eb28106629cafa1e0496bc726 -Author: Shchelkunov Artem -Date: Wed Aug 11 18:07:58 2021 +0500 +commit 9e0d02ef7ce88b67643bfb1c2272c9f5f04cc680 +Author: djm@openbsd.org +Date: Wed May 25 00:31:13 2022 +0000 - Fix memory leak in error path. + upstream: make SSHBUF_DBG/SSHBUF_TELL (off by default and only enabled - *info is allocated via xstrdup but was leaked in the PAM_AUTH_ERR path. - From github PR#266. + via #define) dump to stderr rather than stdout + + OpenBSD-Commit-ID: 10298513ee32db8390aecb0397d782d68cb14318 -commit cb37e2f0c0ca4fef844ed7edc5d0e3b7d0e83f6a -Author: dtucker@openbsd.org -Date: Wed Sep 1 03:16:06 2021 +0000 +commit 2487163630f28be28b7e2396b4bd6511b98f1d3e +Author: Tim Rice +Date: Tue May 24 10:21:25 2022 -0700 - upstream: Fix ssh-rsa fallback for old PuTTY interop tests. - - OpenBSD-Regress-ID: a19ac929da604843a5b5f0f48d2c0eb6e0773d37 + configure.ac: Add missing AC_DEFINE for caph_cache_tzdata test causing + HAVE_CAPH_CACHE_TZDATA to be missing from config.h.in. + Spotted by Bryan Drewery -commit 8b02ef0f28dc24cda8cbcd8b7eb02bda8f8bbe59 -Author: dtucker@openbsd.org -Date: Wed Sep 1 00:50:27 2021 +0000 +commit bedb93415b60db3dfd704a3d525e82adb14a2481 +Author: djm@openbsd.org +Date: Sun May 15 23:48:07 2022 +0000 - upstream: Add a function to skip remaining tests. + upstream: regress test for in-place transfers and clobbering larger - Many tests skip tests for various reasons but not in a consistent way and - don't always clean up, so add that and switch the tests that do that over. + files with smaller ones; would have caught last regression in scp(1) - OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735 + OpenBSD-Regress-ID: 19de4e88dd3a4f7e5c1618c9be3c32415bd93bc2 -commit d486845c07324c04240f1674ac513985bd356f66 -Author: dtucker@openbsd.org -Date: Tue Aug 31 07:13:59 2021 +0000 +commit b4f0d719c2548cb74da509fb65f384dada4ebd37 +Author: anton@openbsd.org +Date: Fri Apr 22 05:08:43 2022 +0000 - upstream: Specify path to PuTTY keys. + upstream: Only run agent-ptrace.sh if gdb is available as all - Portable needs this and it makes no difference on OpenBSD, so resync - them. (Id sync only, Portable already had this.) + architectures do not ship with gdb. - OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162 + OpenBSD-Regress-ID: ec53e928803e6b87f9ac142d38888ca79a45348d -commit d22b299115e27606e846b23490746f69fdd4fb38 -Author: dtucker@openbsd.org -Date: Tue Aug 31 06:13:23 2021 +0000 +commit 9b73345f80255a7f3048026462f2c0c6a241eeac +Author: djm@openbsd.org +Date: Sun May 15 23:47:21 2022 +0000 - upstream: Better compat tests with old PuTTY. + upstream: fix in-place copies; r1.163 incorrectly skipped truncation in - When running PuTTY interop tests and using a PuTTY version older than - 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants - of RSA were added some time between 0.73 and 0.76). + all cases, not just at the start of a transfer. This could cause overwrites + of larger files to leave junk at the end. Spotted by tb@ - OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1 + OpenBSD-Commit-ID: b189f19cd68119548c8e24e39c79f61e115bf92c -commit 87ad70d605c3e39c9b8aa275db27120d7cc09b77 -Author: Darren Tucker -Date: Tue Aug 31 17:04:50 2021 +1000 +commit 56a0697fe079ff3e1ba30a2d5c26b5e45f7b71f8 +Author: djm@openbsd.org +Date: Fri May 13 06:31:50 2022 +0000 - Resync PuTTY interop tests. + upstream: arrange for scp, when in sftp mode, to not ftruncate(3) files - Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD. + early + + previous behavious of unconditionally truncating the destination file + would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to + delete all the contents of their destination. + + spotted by solene@ sthen@, also bz3431; ok dtucker@ + + OpenBSD-Commit-ID: ca39fdd39e0ec1466b9666f15cbcfddea6aaa179 -commit e47b82a7bf51021afac218bf59a3be121827653d +commit fbcef70c2832712f027bccea1aa9bc4b4103da93 Author: dtucker@openbsd.org -Date: Tue Aug 31 01:25:27 2021 +0000 +Date: Mon May 9 08:25:27 2022 +0000 - upstream: Specify hostkeyalgorithms in SSHFP test. - - Specify host key algorithms in sshd's default set for the SSHFP test, - from djm@. Make the reason for when the test is skipped a bit clearer. + upstream: Remove errant apostrophe. From haruyama at queen-ml org. - OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea + OpenBSD-Commit-ID: dc6b294567cb84b384ad6ced9ca469f2bbf0bd10 -commit 7db3e0a9e8477c018757b59ee955f7372c0b55fb +commit 0086a286ea6bbd11ca9b664ac3bb12b27443d6eb Author: djm@openbsd.org -Date: Mon Aug 30 01:15:45 2021 +0000 +Date: Mon May 9 03:09:53 2022 +0000 - upstream: adapt to RSA/SHA1 deprectation + upstream: Allow existing -U (use agent) flag to work with "-Y sign" - OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb + operations, where it will be interpreted to require that the private keys is + hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@ + + OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f -commit 2344750250247111a6c3c6a4fe84ed583a61cc11 +commit cb010744cc98f651b1029bb09efa986eb54e4ccf Author: djm@openbsd.org -Date: Sun Aug 29 23:53:10 2021 +0000 +Date: Sun May 8 22:58:35 2022 +0000 - upstream: After years of forewarning, disable the RSA/SHA-1 - - signature algorithm by default. It is feasible to create colliding SHA1 - hashes, so we need to deprecate its use. - - RSA/SHA-256/512 remains available and will be transparently selected - instead of RSA/SHA1 for most SSH servers released in the last five+ - years. There is no need to regenerate RSA keys. + upstream: improve error message when 'ssh-keygen -Y sign' is unable to - The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the - PubkeyAcceptedAlgorithms directives on the client and server. + load a private key; bz3429, reported by Adam Szkoda ok dtucker@ - ok dtucker deraadt + OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74 + +commit aa61fc82c63d309a90c22ca74fb1da6c6f4372fd +Author: Tobias Heider +Date: Mon May 9 02:00:01 2022 +0200 + + Remove duplicate bcrypt_pbkdf.o from Makefile - OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5 + bcrypt_pbkdf.o is duplicated in the openbsd-compat Makefile's object + file list. -commit 56c4455d3b54b7d481c77c82115c830b9c8ce328 +commit deb506d00da8d11fb04c1e7b9b1e1cc379c1705c Author: djm@openbsd.org -Date: Sun Aug 29 23:44:07 2021 +0000 +Date: Sun May 8 22:32:36 2022 +0000 - upstream: wrap at 80 columns + upstream: When performing operations that glob(3) a remote path, ensure - OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0 + that the implicit working directory used to construct that path escapes + glob(3) characters. + + This prevents glob characters from being processed in places they + shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation + treat the path "/tmp/a*" literally and not attempt to expand it. + + Reported by Lusia Kundel; ok markus@ + + OpenBSD-Commit-ID: 4f647f58482cbad3d58b1eab7f6a1691433deeef -commit 95401eea8503943449f712e5f3de52fc0bc612c5 +commit f38cf74f20b5da113cfa823afd5bfb5c6ba65f3d Author: Darren Tucker -Date: Fri Aug 20 18:14:13 2021 +1000 +Date: Fri May 6 14:50:18 2022 +1000 - Replace shell function with ssh-keygen -A. - - Prevents the init script in the SysV package from trying (and failing) - to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. - ok tim@ + Also retest OpenBSD upstream on .yml changes. -commit d83ec9ed995a76ed1d5c65cf10b447222ec86131 +commit f87a132800ba3710ab130d703448a31ef1128d77 Author: Darren Tucker -Date: Fri Aug 20 15:39:05 2021 +1000 +Date: Fri May 6 14:46:09 2022 +1000 - Remove obsolete Redhat PAM config and init script. + Note that, for now, we need variadic macros. -commit e1a596186c81e65a34ce13076449712d3bf97eb4 -Author: Damien Miller -Date: Fri Aug 20 14:03:49 2021 +1000 +commit 217b518e0f7c52c4b909e935141a55344c61e644 +Author: Darren Tucker +Date: Fri May 6 14:39:34 2022 +1000 - depend + Add ubsan minimal testcase on OpenBSD. + + As suggested by djm@. -commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1 -Author: Damien Miller -Date: Fri Aug 20 13:59:43 2021 +1000 +commit 457dce2cfef6a48f5442591cd8b21c7e8cba13f8 +Author: djm@openbsd.org +Date: Thu May 5 01:04:14 2022 +0000 - update version numbers + upstream: sshkey_unshield_private() contains a exact duplicate of + + the code in private2_check_padding(). Pull private2_check_padding() up so the + code can be reused. From Martin Vahlensieck, ok deraadt@ + + OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85 -commit feee2384ab8d694c770b7750cfa76a512bdf8246 +commit 0e44db4d9cb313e68a59a44d27884af66c02356e Author: djm@openbsd.org -Date: Fri Aug 20 03:22:55 2021 +0000 +Date: Thu May 5 00:56:58 2022 +0000 - upstream: openssh-8.7 + upstream: channel_new no longer frees remote_name. So update the - OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd + comment accordingly. As remote_name is not modified, it can be const as + well. From Martin Vahlensieck + + OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a -commit 9a2ed62173cc551b2b5f479460bb015b19499de8 -Author: Darren Tucker -Date: Fri Aug 20 10:48:13 2021 +1000 +commit 37b62fd5caf19c85a48241535277cefff65adace +Author: djm@openbsd.org +Date: Thu May 5 00:55:11 2022 +0000 - Also check pid in pselect_notify_setup. + upstream: mux.c: mark argument as const; from Martin Vahlensieck - Spotted by djm@. + OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341 -commit deaadcb93ca15d4f38aa38fb340156077792ce87 -Author: Darren Tucker -Date: Fri Aug 20 08:39:33 2021 +1000 +commit f4e67c0ad259b4cf10177277a5827fa5545bac53 +Author: markus@openbsd.org +Date: Wed May 4 07:31:22 2022 +0000 - Prefix pselect functions to clarify debug messages + upstream: make sure stdout is non-blocking; ok djm@ + + OpenBSD-Commit-ID: 64940fffbd1b882eda2d7c8c7a43c79368309c0d -commit 10e45654cff221ca60fd35ee069df67208fcf415 -Author: Darren Tucker -Date: Fri Aug 20 08:30:42 2021 +1000 +commit e5c036d2092c00bef395e9161dc5ce42d4be9565 +Author: florian@openbsd.org +Date: Tue May 3 07:42:27 2022 +0000 - Fix race in pselect replacement code. + upstream: Add FIDO AUTHENTICATOR section and explain a bit how FIDO - On the second and subsequent calls to pselect the notify_pipe was not - added to the select readset, opening up a race that om G. Christensen - discovered on multiprocessor Solaris <=9 systems. + works. The wording came mostly from the 8.2 OpenSSH release notes, addapted + to fit the man page. Then move the -O bits into the new section as is already + done for CERTIFICATES and MODULI GENERATION. Finally we can explain the + trade-offs of resident keys. While here, consistently refer to the FIDO + thingies as "FIDO authenticators", not "FIDO tokens". - Also reinitialize notify_pipe if the pid changes. This will prevent a - parent and child from using the same FD, although this is not an issue - in the current structure it might be in future. + input & OK jmc, naddy + + OpenBSD-Commit-ID: dd98748d7644df048f78dcf793b3b63db9ab1d25 -commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f -Author: Darren Tucker -Date: Wed Aug 18 12:51:30 2021 +1000 +commit 575771bf79bef7127be6aaccddc46031ea15529e +Author: jmc@openbsd.org +Date: Mon May 2 05:40:37 2022 +0000 - Check compiler for c99 declarations after code. + upstream: remove an obsolete rsa1 format example from an example; - The sntrup761 reference code contains c99-style declarations after code - so don't try to build that if the compiler doesn't support it. + from megan batty + ok djm + + OpenBSD-Commit-ID: db2c89879c29bf083df996bd830abfb1e70d62bf -commit 7d878679a4b155a359d32104ff473f789501748d -Author: Darren Tucker -Date: Tue Aug 17 15:12:04 2021 +1000 +commit 0bc6b4c8f04e292577bdb44d5dc6b630d3448087 +Author: djm@openbsd.org +Date: Sun May 1 23:20:30 2022 +0000 - Remove trailing backslash on regress-unit-binaries + upstream: fix some integer overflows in sieve_large() that show up when + + trying to generate modp groups > 16k bits. Reported via GHPR#306 by Bertram + Felgenhauer, but fixed in a different way. feedback/ok tb@ + + OpenBSD-Commit-ID: 81cbc6dd3a21c57bd6fadea10e44afe37bca558e -commit b71b2508f17c68c5d9dbbe537686d81cedb9a781 -Author: Darren Tucker -Date: Tue Aug 17 07:59:27 2021 +1000 +commit a45615cb172bc827e21ec76750de39dfb30ecc05 +Author: djm@openbsd.org +Date: Fri Apr 29 04:55:07 2022 +0000 - Put stdint.h inside HAVE_STDINT_H. + upstream: be stricter in which characters will be accepted in - From Tom G. Christensen. + specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok + dtucker@ + + OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2 -commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c +commit 4835544d2dd31de6ffc7dba59f92093aea98155b Author: Darren Tucker -Date: Mon Aug 16 14:13:02 2021 +1000 +Date: Sat Apr 30 10:56:41 2022 +1000 - Improve github test driver script. - - - use a trap to always output any failed regress logs (since the script - sets -e, the existing log output is never invoked). - - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg. - UsePAM). + Add Mac OS X 12 test target. -commit b467cf13705f59ed348b620722ac098fe31879b7 +commit 97a6a8b8c1f2da09712d0e72d0ef800e4edd34cd Author: Darren Tucker -Date: Mon Aug 16 11:32:23 2021 +1000 +Date: Fri Apr 29 18:27:34 2022 +1000 - Remove deprecated ubuntu-16.04 test targets. + Only run tests when source files change. - Github has deprecated ubuntu-16.04 and it will be removed on 20 - September. + Also run tests on changes to V_9_0 branch. -commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4 +commit 6d0392b9ff4b50a56ac5685d1b9392e2cd432ca3 Author: Darren Tucker -Date: Sun Aug 15 23:25:26 2021 +1000 +Date: Fri Apr 29 18:22:34 2022 +1000 - Skip agent ptrace test on hurd. + Remove now-empty int32_minmax.inc. -commit 7c9115bbbf958fbf85259a061c1122e2d046aabf -Author: Darren Tucker -Date: Sun Aug 15 19:37:22 2021 +1000 +commit af59463553b5ad52d3b42c4455ee3c5600158bb7 +Author: djm@openbsd.org +Date: Fri Apr 29 03:24:30 2022 +0000 - Add hurd test target. + upstream: mention that the helpers are used by ssh(1), ssh-agent(1) + + and ssh-keygen(1). Previously only ssh(1) was mentioned. From Pedro + Martelletto + + OpenBSD-Commit-ID: 30f880f989d4b329589c1c404315685960a5f153 -commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3 -Author: Darren Tucker -Date: Sun Aug 15 12:45:10 2021 +1000 +commit 3e26b3a6eebcee27be177207cc0846fb844b7a56 +Author: dtucker@openbsd.org +Date: Fri Apr 29 03:16:48 2022 +0000 - Skip scp3 tests on all dfly58 and 60 configs. + upstream: Don't leak SK device. Patch from Pedro Martelletto via + + github PR#316. ok djm@ + + OpenBSD-Commit-ID: 17d11327545022e727d95fd08b213171c5a4585d -commit e65198e52cb03534e8c846d1bca74c310b1526de -Author: Tim Rice -Date: Sat Aug 14 13:08:07 2021 -0700 +commit 247082b5013f0d4fcae8f97453f2a2f01bcda811 +Author: djm@openbsd.org +Date: Fri Apr 29 03:13:32 2022 +0000 - openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h - to get sigset_t from signal.h needed for the pselect replacement. + upstream: fix memleak on session-bind path; from Pedro Martelletto, ok + + dtucker@ + + OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e -commit e50635640f79920d9375e0155cb3f4adb870eee5 -Author: Darren Tucker -Date: Fri Aug 13 13:21:00 2021 +1000 +commit e05522008092ceb86a87bdd4ad7878424315db89 +Author: djm@openbsd.org +Date: Thu Apr 28 02:53:31 2022 +0000 - Test OpenSSH from OpenBSD head on 6.8 and 6.9. + upstream: avoid printing hash algorithm twice; from lucas AT sexy.is + + OpenBSD-Commit-ID: 9d24671e10a84141b7c504396cabad600e47a941 -commit e0ba38861c490c680117b7fe0a1d61a181cd00e7 -Author: Darren Tucker -Date: Fri Aug 13 13:00:14 2021 +1000 +commit 0979e29356915261d69a9517a1e0aaade7c9fc75 +Author: dtucker@openbsd.org +Date: Wed Apr 27 11:08:55 2022 +0000 - Skip scp3 test on dragonfly 58 and 60. + upstream: Add authfd path to debug output. ok markus@ - The tests hang, so skip until we figure them out. + OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890 -commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92 -Author: djm@openbsd.org -Date: Thu Aug 12 23:59:25 2021 +0000 +commit 67b7c784769c74fd4d6b147d91e17e1ac1a8a96d +Author: dtucker@openbsd.org +Date: Tue Apr 26 07:41:44 2022 +0000 - upstream: mention that CASignatureAlgorithms accepts +/- similarly to + upstream: Check sshauthopt_new() for NULL. bz#3425, from - the other algorithm list directives; ok jmc bz#3335 + tessgauthier at microsoft.com. ok djm@ - OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9 + OpenBSD-Commit-ID: af0315bc3e44aa406daa7e0ae7c2d719a974483f -commit 090a82486e5d7a8f7f16613d67e66a673a40367f -Author: schwarze@openbsd.org -Date: Thu Aug 12 09:59:00 2021 +0000 +commit d571314d14b919fbd7c84a61f9bf2065fc0a6841 +Author: millert@openbsd.org +Date: Wed Apr 20 16:00:25 2022 +0000 - upstream: In the editline(3) branch of the sftp(1) event loop, + upstream: Remove unnecessary includes: openssl/hmac.h and - handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to - discard the currently edited command line and get a fresh prompt, just like - in ftp(1), bc(1), and in shells. + openssl/evp.h. From Martin Vahlensieck. - It is critical to not use ssl_signal() for this particular case - because that function unconditionally sets SA_RESTART, but here we - need the signal to interrupt the read(2) in the el_gets(3) event loop. + OpenBSD-Commit-ID: a6debb5fb0c8a44e43e8d5ca7cc70ad2f3ea31c3 + +commit da8dddf8cc1f2516ff894b8183e83a7c5ba3ef80 +Author: millert@openbsd.org +Date: Wed Apr 20 15:59:18 2022 +0000 + + upstream: Add missing includes of stdlib.h and stdint.h. We need - OK dtucker@ deraadt@ + stdlib.h for malloc(3) and stdint.h for SIZE_MAX. Unlike the other xmss + files, ssh-xmss.c does not include xmss_commons.h so ssh-xmss.c must include + those headers itself. From Martin Vahlensieck - OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299 + OpenBSD-Commit-ID: 70e28a9818cee3da1be2ef6503d4b396dd421e6b -commit e1371e4f58404d6411d9f95eb774b444cea06a26 -Author: naddy@openbsd.org -Date: Wed Aug 11 14:07:54 2021 +0000 +commit fe9d87a6800a7a33be08f4d5ab662a758055ced2 +Author: millert@openbsd.org +Date: Wed Apr 20 15:56:49 2022 +0000 - upstream: scp: tweak man page and error message for -3 by default + upstream: Avoid an unnecessary xstrdup in rm_env() when matching - Now that the -3 option is enabled by default, flip the documentation - and error message logic from "requires -3" to "blocked by -R". - - ok djm@ + patterns. Since match_pattern() doesn't modify its arguments (they are + const), there is no need to make an extra copy of the strings in + options->send_env. From Martin Vahlensieck - OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020 + OpenBSD-Commit-ID: 2c9db31e3f4d3403b49642c64ee048b2a0a39351 -commit 49f46f6d77328a3d10a758522b670a3e8c2235e7 -Author: naddy@openbsd.org -Date: Wed Aug 11 14:05:19 2021 +0000 +commit 7bf2eb958fbb551e7d61e75c176bb3200383285d +Author: Darren Tucker +Date: Tue Apr 26 23:30:59 2022 +1000 - upstream: scp: do not spawn ssh with two -s flags for + Add debian-riscv64 test target. + +commit 3913c935523902482974c4c503bcff20bd850a6a +Author: Darren Tucker +Date: Mon Apr 25 17:20:06 2022 +1000 + + Update OpenSSL and LibreSSL versions in tests. + +commit dcd8dca29bcdb193ff6be35b96fc55e6e30d37d9 +Author: Darren Tucker +Date: Sat Apr 23 20:40:28 2022 +1000 + + Include stdlib.h for free() prototype. - remote-to-remote copies + ... which is used inside the CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG block. + +commit 4cc05de568e1c3edd7834ff3bd9d8214eb34861b +Author: Darren Tucker +Date: Sat Apr 23 20:17:26 2022 +1000 + + Cache timezone data in capsicum sandbox. - Do not add another "-s" to the argument vector every time an SFTP - connection is initiated. Instead, introduce a subsystem flag to - do_cmd() and add "-s" when the flag is set. + From emaste at freebsd.org, originally part of FreeBSD commit r339216 + / fc3c19a9 with autoconf bits added by me. + +commit c31404426d212e2964ff9e5e58e1d0fce3d83f27 +Author: dtucker@openbsd.org +Date: Thu Apr 21 01:36:46 2022 +0000 + + upstream: It looks like we can't completely avoid - ok djm@ + waiting for processes to exit so retrieve the pid via controlmaster and + use that. - OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1 + OpenBSD-Regress-ID: 8246f00f22b14e49d2ff1744c94897ead33d457b -commit 2a2cd00783e1da45ee730b7f453408af1358ef5b -Author: djm@openbsd.org -Date: Wed Aug 11 08:55:04 2021 +0000 +commit d19b21afab5c8e2f3df6bd8aee9766bdad3d8c58 +Author: dtucker@openbsd.org +Date: Wed Apr 20 13:25:55 2022 +0000 - upstream: test -Oprint-pubkey + upstream: Use ssh -f and ControlPersist .. - OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0 + to start up test forwards and ssh -O stop to shut them down intead of + sleep loops. This speeds up the test by an order of magnitude. + + OpenBSD-Regress-ID: eb3db5f805100919b092a3b2579c611fba3e83e7 -commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54 -Author: djm@openbsd.org -Date: Wed Aug 11 08:54:17 2021 +0000 +commit 5f76286a126721fa005de6edf3d1c7a265555f19 +Author: dtucker@openbsd.org +Date: Wed Apr 20 05:24:13 2022 +0000 - upstream: when verifying sshsig signatures, support an option + upstream: Simplify forward-control test. - (-Oprint-pubkey) to dump the full public key to stdout; based on patch from - Fabian Stelzer; ok markus@ + Since we no longer need to support SSH1 we don't need to run shell + commands on the other end of the connection and can use ssh -N instead. + This also makes the test less racy. - OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2 + OpenBSD-Regress-ID: 32e94ce272820cc398f30b848b2b0f080d10302c -commit 750c1a45ba4e8ad63793d49418a0780e77947b9b +commit 687bbf23572d8bdf25cbbcdf8ac583514e1ba710 Author: djm@openbsd.org -Date: Wed Aug 11 05:21:32 2021 +0000 +Date: Thu Mar 31 03:07:33 2022 +0000 - upstream: oops, missed one more %p + upstream: regression test for sftp cp command - OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb + OpenBSD-Regress-ID: c96bea9edde3a384b254785e7f9b2b24a81cdf82 -commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489 +commit f1233f19a6a9fe58f52946f50df4772f5b136761 +Author: dtucker@openbsd.org +Date: Wed Apr 20 01:13:47 2022 +0000 + + upstream: Import regenerated moduli + + OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0 + +commit fec014785de198b9a325d1b94e324bb958c5fe7b Author: djm@openbsd.org -Date: Wed Aug 11 05:20:17 2021 +0000 +Date: Wed Apr 20 04:19:11 2022 +0000 - upstream: remove a bunch of %p in format strings; leftovers of + upstream: Try to continue running local I/O for channels in state - debuggings past. prompted by Michael Forney, ok dtucker@ + OPEN during SSH transport rekeying. The most visible benefit is that it + should make ~-escapes work in the client (e.g. to exit) if the connection + happened to have stalled during a rekey event. Based work by and ok dtucker@ - OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac + OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45 -commit 419aa01123db5ff5dbc68b2376ef23b222862338 -Author: Darren Tucker -Date: Wed Aug 11 09:21:09 2021 +1000 +commit e68154b0d4f0f5085a050ea896955da1b1be6e30 +Author: dtucker@openbsd.org +Date: Wed Apr 20 01:13:47 2022 +0000 - Add includes.h to compat tests. + upstream: Import regenerated moduli - On platforms where closefrom returns void (eg glibc>=2.34) the prototype - for closefrom in its compat tests would cause compile errors. Remove - this and have the tests pull in the compat headers in the same way as - the main code. bz#3336. + OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0 -commit 931f592f26239154eea3eb35a086585897b1a185 -Author: djm@openbsd.org -Date: Tue Aug 10 03:35:45 2021 +0000 +commit 69928b106d8f0fa15b88cf3850d992ed81c44ae0 +Author: tj@openbsd.org +Date: Sat Apr 16 00:22:31 2022 +0000 - upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too + upstream: list the correct version number - OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0 + for when usage of the sftp protocol became default and fix a typo + from ed maste + + OpenBSD-Commit-ID: 24e1795ed2283fdeacf16413c2f07503bcdebb31 -commit 391ca67fb978252c48d20c910553f803f988bd37 -Author: djm@openbsd.org -Date: Tue Aug 10 03:33:34 2021 +0000 +commit 21042a05c0b304c16f655efeec97438249d2e2cc +Author: dtucker@openbsd.org +Date: Tue Apr 12 05:09:49 2022 +0000 - upstream: Prepare for a future where scp(1) uses the SFTP protocol by + upstream: Correct path for system known hosts file in description - default. Replace recently added -M option to select the protocol with -O - (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that - it will be removed in the near future (so no, don't use it in scripts!). + of IgnoreUserKnownHosts. Patch from Martin Vahlensieck via tech@ - prompted by/feedback from deraadt@ + OpenBSD-Commit-ID: 9b7784f054fa5aa4d63cb36bd563889477127215 + +commit 53f4aff60a7c1a08a23917bd47496f8901c471f5 +Author: Darren Tucker +Date: Sat Apr 16 14:33:20 2022 +1000 + + Resync moduli.5 with upstream. - OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc + 1.18: remove duplicate publication year; carsten dot kunze at arcor dot de + 1.19: ssh-keygen's -G/-T have been replaced with -M generate/screen. -commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be +commit d2b888762b9844eb0d8eb59909cdf5af5159f810 +Author: Darren Tucker +Date: Sat Apr 16 14:31:13 2022 +1000 + + Retire fbsd6 test VM. + + It's long since out of support, relatively slow (it's i686) and the + compiler has trouble with PIE. + +commit cd1f70009860a154b51230d367c55ea5f9a4504e Author: djm@openbsd.org -Date: Mon Aug 9 23:56:36 2021 +0000 +Date: Mon Apr 11 22:52:08 2022 +0000 - upstream: make scp -3 the default for remote-to-remote copies. It + upstream: clear io_want/io_ready flags at start of poll() cycle; - provides a much better and more intuitive user experience and doesn't require - exposing credentials to the source host. + avoids plausible spin during rekeying if channel io_want flags are reused + across cycles. ok markus@ deraadt@ - thanks naddy@ for catching the missing argument in usage() + OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967 + +commit aa1920302778273f7f94c2091319aba199068ca0 +Author: dtucker@openbsd.org +Date: Fri Apr 8 05:43:39 2022 +0000 + + upstream: Note that curve25519-sha256 was later published in - "Yes please!" - markus@ - "makes a lot of sense" - deraadt@ - "the right thing to do" - dtucker@ + RFC8731. ok djm@ - OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9 + OpenBSD-Commit-ID: 2ac2b5d642d4cf5918eaec8653cad9a4460b2743 -commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555 +commit 4673fa8f2be983f2f88d5afd754adb1a2a39ec9e Author: djm@openbsd.org -Date: Mon Aug 9 23:49:31 2021 +0000 +Date: Fri Apr 8 04:40:40 2022 +0000 - upstream: make scp in SFTP mode try to use relative paths as much + upstream: two defensive changes from Tobias Stoeckmann via GHPR287 - as possible. Previosuly, it would try to make relative and ~/-rooted paths - absolute before requesting transfers. + enforce stricter invarient for sshbuf_set_parent() - never allow + a buffer to have a previously-set parent changed. - prompted by and much discussion deraadt@ - ok markus@ + In sshbuf_reset(), if the reallocation fails, then zero the entire + buffer and not the (potentially smaller) default initial alloc size. - OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566 + OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9 -commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c -Author: djm@openbsd.org -Date: Mon Aug 9 23:47:44 2021 +0000 +commit 26eef015e2d2254375e13afaaf753b78932b1bf5 +Author: Damien Miller +Date: Mon Apr 11 16:07:09 2022 +1000 - upstream: SFTP protocol extension to allow the server to expand - - ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept - these paths, like scp in rcp mode does. + Revert "update build-aux files to match autoconf-2.71" - prompted by and much discussion deraadt@ - ok markus@ + This reverts commit 0a8ca39fac6ad19096b6c263436f8b2dd51606f2. - OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392 + It turns out that the checked-in copies of these files are actually newer + than autoconf-2.71's copies, so this was effectively a downgrade. + Spotted by Bo Anderson via github -commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8 -Author: djm@openbsd.org -Date: Mon Aug 9 23:44:32 2021 +0000 +commit 0a8ca39fac6ad19096b6c263436f8b2dd51606f2 +Author: Damien Miller +Date: Fri Apr 8 14:48:58 2022 +1000 - upstream: when scp is in SFTP mode, try to deal better with ~ - - prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted - and prefixed with the SFTP server starting directory (more to come) + update build-aux files to match autoconf-2.71 - prompted by and discussed with deraadt@ - ok markus@ - - OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d + i.e. config.guess, config.sub and install-sh -commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae -Author: djm@openbsd.org -Date: Mon Aug 9 07:21:01 2021 +0000 +commit 94eb6858efecc1b4f02d8a6bd35e149f55c814c8 +Author: Damien Miller +Date: Wed Apr 6 10:47:48 2022 +1000 - upstream: on fatal errors, make scp wait for ssh connection before - - exiting avoids LogLevel=verbose (or greater) messages from ssh appearing - after scp has returned exited and control has returned to the shell; ok - markus@ - - (this was originally committed as r1.223 along with unrelated stuff that - I rolled back in r1.224) - - OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b + update version numbers for release -commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245 +commit 8e4a8eadf4fe74e65e6492f34250f8cf7d67e8da Author: djm@openbsd.org -Date: Mon Aug 9 07:19:12 2021 +0000 +Date: Mon Apr 4 22:45:25 2022 +0000 - upstream: rever r1.223 - I accidentally committed unrelated changes + upstream: openssh-9.0 - OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9 + OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64 -commit 986abe94d481a1e82a01747360bd767b96b41eda -Author: djm@openbsd.org -Date: Mon Aug 9 07:16:09 2021 +0000 +commit a9f23ea2e3227f406880c2634d066f6f50fa5eaa +Author: naddy@openbsd.org +Date: Thu Mar 31 17:58:44 2022 +0000 - upstream: show only the final path component in the progress meter; + upstream: ssh: document sntrup761x25519-sha512@openssh.com as - more useful with long paths (that may truncate) and better matches - traditional scp behaviour; spotted by naddy@ ok deraadt@ + default KEX - OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3 + OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171 -commit 2b67932bb3176dee4fd447af4368789e04a82b93 -Author: djm@openbsd.org -Date: Mon Aug 9 07:13:54 2021 +0000 +commit 9ec2713d122af79d66ebb9c1d6d9ae8621a8945f +Author: naddy@openbsd.org +Date: Thu Mar 31 17:27:27 2022 +0000 - upstream: on fatal errors, make scp wait for ssh connection before + upstream: man pages: add missing commas between subordinate and - exiting avoids LogLevel=verbose (or greater) messages from ssh appearing - after scp has returned exited and control has returned to the shell; ok - markus@ + main clauses - OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c - -commit 724eb900ace30661d45db2ba01d0f924d95ecccb -Author: dtucker@openbsd.org -Date: Sun Aug 8 08:49:09 2021 +0000 - - upstream: xstrdup environment variable used by ForwardAgent. bz#3328 + jmc@ dislikes a comma before "then" in a conditional, so leave those + untouched. - from goetze at dovetail.com, ok djm@ deraadt@ + ok jmc@ - OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742 + OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3 -commit 86b4cb3a884846b358305aad17a6ef53045fa41f -Author: dtucker@openbsd.org -Date: Sun Aug 8 08:27:28 2021 +0000 +commit 3741df98ffaaff92b474ee70d8ef276b5882f85a +Author: Darren Tucker +Date: Mon Apr 4 23:52:11 2022 +1000 - upstream: Although it's POSIX, not all shells used in Portable support - - the implicit 'in "$@"' after 'for i'. - - OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc + Disable security key on fbsd6 test host. -commit f2ccf6c9f395923695f22345e626dfd691227aaf +commit 32c12236f27ae83bfe6d2983b67c9bc67a83a417 Author: Darren Tucker -Date: Sun Aug 8 17:39:56 2021 +1000 +Date: Mon Apr 4 15:16:51 2022 +1000 - Move portable specific settings down. + Specify TEST_SHELL=bash on AIX. - This brings the top hunk of the file back in sync with OpenBSD - so patches to the CVS Id should apply instead of always being - rejected. + The system shells cause the agent-restrict test to fail due to some + quoting so explicitly specify bash until we can get configure to + autmatically work around that. -commit 71b0eb997e220b0fc9331635af409ad84979f2af -Author: dtucker@openbsd.org -Date: Sun Aug 8 07:27:52 2021 +0000 +commit 90452c8b69d065b7c7c285ff78b81418a75bcd76 +Author: Darren Tucker +Date: Fri Apr 1 23:38:44 2022 +1100 - upstream: Move setting of USER further down the startup In portable - - we have to change this and having it in the same hunk as the CVS Id string - means applying changes fails every. single. time. + Only return events from ppoll that were requested. - OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b + If the underlying system's select() returns bits that were not in the + request set, our ppoll() implementation can return revents for events + not requested, which can apparently cause a hang. Only return revents + for activity in the requested event set. bz#3416, analysis and fix by + yaroslav.kuzmin at vmssoftware com, ok djm@ -commit f0aca2706c710a0da1a4be705f825a807cd15400 -Author: dtucker@openbsd.org -Date: Sun Aug 8 06:38:33 2021 +0000 +commit 6c49eb5fabc56f4865164ed818aa5112d09c31a8 +Author: Darren Tucker +Date: Fri Apr 1 23:21:40 2022 +1100 - upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. - - scp and sftp like to add -q to the command line passed to ssh which - overrides the LogLevel we set in the config files and suppresses output - to the debug logs so drop any "-q" from the invoked ssh. In the one - case where we actually want to use -q in the banner test, call the ssh - binary directly bypassing the logging wrapper. - - OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75 + Only run regression tests on slow VMs. -commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc -Author: dtucker@openbsd.org -Date: Sat Aug 7 01:57:08 2021 +0000 +commit f67e47903977b42cb6abcd5565a61bd7293e4dc3 +Author: Darren Tucker +Date: Fri Apr 1 23:21:06 2022 +1100 - upstream: Fix prototype mismatch for do_cmd. ok djm@ - - OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d + Increase test timeout to allow slow VMs to finish -commit 85de69f64665245786e28c81ab01fe18b0e2a149 -Author: djm@openbsd.org -Date: Sat Aug 7 01:55:01 2021 +0000 +commit 02488c1b54065ddc4f25835dbd2618b2a2fe21f5 +Author: Darren Tucker +Date: Fri Apr 1 16:27:38 2022 +1100 - upstream: sftp-client.c needs poll.h - - remove unused variable + Use bash or ksh if available for SH in Makefile. + +commit 34c7018c316af4773e432066de28d0ef9d0888cd +Author: Darren Tucker +Date: Fri Apr 1 14:56:54 2022 +1100 + + Set Makefile SHELL as determined by configure. - OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16 + This should improve compatibility for users with non-POSIX shells. If + using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL + will need to be specified on the command line (along with MANFMT in that + particular case). ok djm@ -commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073 +commit 5b054d76402faab38c48377efd112426469553a0 Author: Darren Tucker -Date: Sat Aug 7 11:30:57 2021 +1000 +Date: Fri Apr 1 13:16:47 2022 +1100 - Include poll.h and friends for struct pollfd. + Skip slow tests on (very) slow test targets. -commit a9e2c533195f28627f205682482d9da384c4c52e +commit b275818065b31a865142c48c2acf6a7c1655c542 +Author: Damien Miller +Date: Thu Mar 31 14:11:36 2022 +1100 + + depend + +commit 3fa539c3ffaabd6211995512d33e29150f88c5c5 Author: djm@openbsd.org -Date: Sat Aug 7 00:14:17 2021 +0000 +Date: Thu Mar 31 03:07:03 2022 +0000 - upstream: do_upload() used a near-identical structure for - - tracking expected status replies from the server to what do_download() was - using. + upstream: add a sftp client "cp" command that supports server-side - Refactor it to use the same structure and factor out some common - code into helper functions. + copying of files. Useful for this task and for testing the copy-data + extension. Patch from Mike Frysinger; ok dtucker@ - OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054 + OpenBSD-Commit-ID: 1bb1b950af0d49f0d5425b1f267e197aa1b57444 -commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee +commit 7988bfc4b701c4b3fe9b36c8561a3d1c5d4c9a74 Author: djm@openbsd.org -Date: Sat Aug 7 00:12:09 2021 +0000 +Date: Thu Mar 31 03:05:49 2022 +0000 - upstream: make scp(1) in SFTP mode follow symlinks like + upstream: add support for the "corp-data" protocol extension to - traditional scp(1) ok markus@ + allow server-side copies to be performed without having to go via the client. + Patch by Mike Frysinger, ok dtucker@ - OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231 + OpenBSD-Commit-ID: 00aa510940fedd66dab1843b58682de4eb7156d5 -commit 133b44e500422df68c9c25c3b6de35c0263132f1 +commit 32dc1c29a4ac9c592ddfef0a4895eb36c1f567ba Author: djm@openbsd.org -Date: Sat Aug 7 00:10:49 2021 +0000 +Date: Wed Mar 30 21:13:23 2022 +0000 - upstream: fix incorrect directory permissions on scp -3 + upstream: select post-quantum KEX - transfers; ok markus@ + sntrup761x25519-sha512@openssh.com as the default; ok markus@ - OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2 + OpenBSD-Commit-ID: f02d99cbfce22dffec2e2ab1b60905fbddf48fb9 -commit 98b59244ca10e62ff67a420856770cb700164f59 +commit d6556de1db0822c76ba2745cf5c097d9472adf7c Author: djm@openbsd.org -Date: Sat Aug 7 00:09:57 2021 +0000 +Date: Wed Mar 30 21:10:25 2022 +0000 - upstream: a bit more debugging of file attributes being + upstream: fix poll() spin when a channel's output fd closes without - sent/received over the wire + data in the channel buffer. Introduce more exact packing of channel fds into + the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@ - OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b + OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10 -commit c677e65365d6f460c084e41e0c4807bb8a9cf601 +commit 8a74a96d25ca4d32fbf298f6c0ac5a148501777d Author: djm@openbsd.org -Date: Sat Aug 7 00:08:52 2021 +0000 +Date: Wed Mar 30 04:33:09 2022 +0000 - upstream: make scp(1) in SFTP mode output better match original + upstream: ssh is almost out of getopt() characters; note the - scp(1) by suppressing "Retrieving [path]" lines that were emitted to support - the interactive sftp(1) client. ok markus@ + remaining remaining available ones in a comment - OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc + OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd -commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd +commit 6d4fc51adb9d8a42f67b5474f02f877422379de6 Author: djm@openbsd.org -Date: Sat Aug 7 00:07:18 2021 +0000 +Date: Wed Mar 30 04:27:51 2022 +0000 - upstream: factor out a structure duplicated between downloading + upstream: avoid NULL deref via ssh-keygen -Y find-principals. - and crossloading; ok markus@ + bz3409, reported by Mateusz Adamowski - OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39 + OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5 -commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388 +commit e937514920335b92b543fd9be79cd6481d1eb0b6 +Author: Darren Tucker +Date: Mon Mar 28 17:51:03 2022 +1100 + + Add AIX 5.1 test target. + +commit 4bbe815ba974b4fd89cc3fc3e3ef1be847a0befe +Author: Darren Tucker +Date: Sat Mar 26 22:01:31 2022 +1100 + + Drop leading "v" from release version identifier. + + It's present in the git tags but not in the release tarball names. + Also drop extra "/" from URL path. + +commit f5cdd3b3c275dffaebfca91df782dca29975e9ac +Author: Darren Tucker +Date: Sat Mar 26 16:28:04 2022 +1100 + + Use tarballs when testing LibreSSL releases. + + This means they'll still work when the combination of -portable and + openbsd github repos no longer match. + +commit 24dc37d198f35a7cf71bf4d5384363c7ef4209d4 +Author: Darren Tucker +Date: Sat Mar 26 15:02:45 2022 +1100 + + Remove now-unused passwd variable. + +commit 5b467ceef2c356f0a77f5e8ab4eb0fac367e4d24 +Author: Darren Tucker +Date: Sat Mar 26 13:15:44 2022 +1100 + + Missing semicolon. + +commit 2923d026e55998133c0f6e5186dca2a3c0fa5ff5 +Author: Darren Tucker +Date: Sat Mar 26 12:49:50 2022 +1100 + + Factor out platform-specific locked account check. + + Also fixes an incorrect free on platforms with both libiaf and shadow + passwords (probably only Unixware). Prompted by github PR#284, + originally from @c3h2_ctf and stoeckmann@. + +commit d23efe4b12886ffe416be10bc0a7da6ca8aa72d1 +Author: Darren Tucker +Date: Sat Mar 26 08:13:46 2022 +1100 + + Add OpenWRT mips and mipsel test targets. + +commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b Author: djm@openbsd.org -Date: Sat Aug 7 00:06:30 2021 +0000 +Date: Sun Mar 20 08:52:17 2022 +0000 - upstream: use sftp_client crossloading to implement scp -3 + upstream: don't leak argument list; bz3404, reported by Balu - feedback/ok markus@ + Gajjala ok dtucker@ - OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9 + OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6 -commit de7115b373ba0be3861c65de9b606a3e0e9d29a3 +commit a72bde294fe0518c9a44ba63864093a1ef2425e3 Author: djm@openbsd.org -Date: Sat Aug 7 00:02:41 2021 +0000 +Date: Sun Mar 20 08:51:21 2022 +0000 - upstream: support for "cross"-loading files/directories, i.e. + upstream: make addargs() and replacearg() a little more robust and - downloading from one SFTP server while simultaneously uploading to another. + improve error reporting - feedback & ok markus@ + make freeargs(NULL) a noop like the other free functions - OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235 + ok dtucker as part of bz3403 + + OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d -commit a50bd0367ff2063bbc70a387740a2aa6914de094 +commit 731087d2619fa7f01e675b23f57af10d745e8af2 Author: djm@openbsd.org -Date: Sat Aug 7 00:01:29 2021 +0000 +Date: Fri Mar 18 04:04:11 2022 +0000 - upstream: factor our SSH2_FXP_OPEN calls into their own function; + upstream: don't try to resolve ListenAddress directives in the sshd - "looks fine" markus@ + re-exec path - we're never going to use the result and if the operation fails + then it can prevent connections from being accepted. Reported by Aaron + Poffenberger; with / ok dtucker@ - OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb + OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60 -commit e3c0ba05873cf3d3f7d19d595667a251026b2d84 +commit 1c83c082128694ddd11ac05fdf31d70312ff1763 Author: djm@openbsd.org -Date: Sat Aug 7 00:00:33 2021 +0000 +Date: Fri Mar 18 02:50:21 2022 +0000 - upstream: prepare for scp -3 implemented via sftp + upstream: remove blank line - OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44 + OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf -commit 395d8fbdb094497211e1461cf0e2f80af5617e0a -Author: dtucker@openbsd.org -Date: Fri Aug 6 09:00:18 2021 +0000 +commit 807be68684da7a1fe969c399ddce2fafb7997dcb +Author: djm@openbsd.org +Date: Fri Mar 18 02:32:22 2022 +0000 - upstream: Make diff invocation more portable. - - POSIX does not require diff to have -N, so compare in both directions - with just -r, which should catch missing files in either directory. + upstream: helpful comment - OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7 + OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7 -commit d247a73ce27b460138599648d9c637c6f2b77605 +commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac Author: djm@openbsd.org -Date: Wed Aug 4 21:28:00 2021 +0000 +Date: Fri Mar 18 02:31:25 2022 +0000 - upstream: regression test for scp -3 + upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV - OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d + will ensue. Patch from Mateusz Adamowski via GHPR#307 + + OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd -commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2 -Author: dtucker@openbsd.org -Date: Fri Aug 6 05:04:42 2021 +0000 +commit 5a252d54a63be30d5ba4be76210942d754a531c0 +Author: djm@openbsd.org +Date: Tue Mar 15 05:27:37 2022 +0000 - upstream: Document "ProxyJump none". bz#3334. + upstream: improve DEBUG_CHANNEL_POLL debugging message - OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7 + OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f -commit 911ec6411821bda535d09778df7503b92f0eafab -Author: dtucker@openbsd.org -Date: Wed Aug 4 01:34:55 2021 +0000 +commit ce324cf58ba2840e31afeb996935800780c8fa4b +Author: cheloha@openbsd.org +Date: Sun Mar 13 23:27:54 2022 +0000 - upstream: Allow for different (but POSIX compliant) behaviour of + upstream: ssh: xstrdup(): use memcpy(3) - basename(3) and prevent a use-after-free in that case in the new sftp-compat - code. + Copying the given string into the buffer with strlcpy(3) confers no + benefit in this context because we have already determined the + string's length with strlen(3) in order to allocate that buffer. - POSIX allows basename(3) to either return a pointer to static storage - or modify the passed string and return a pointer to that. OpenBSD does - the former and works as is, but on other platforms "filename" points - into "tmp" which was just freed. This makes the freeing of tmp - consistent with the other variable in the loop. + Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2 - Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@ + ok dtucker@ millert@ - OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374 - -commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd -Author: Damien Miller -Date: Wed Aug 4 11:05:11 2021 +1000 - - use openbsd-compat glob.h is required + OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a -commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b +commit 2893c5e764557f48f9d6a929e224ed49c59545db Author: Darren Tucker -Date: Tue Aug 3 21:03:23 2021 +1000 +Date: Fri Mar 11 18:43:58 2022 +1100 - Missing space between macro arg and punctuation. + Resync fmt_scaled. with OpenBSD. - From jmc@ + Fixes underflow reported in bz#3401. -commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a +commit 5ae31a0fdd27855af29f48ff027491629fff5979 Author: Darren Tucker -Date: Tue Aug 3 21:02:33 2021 +1000 +Date: Wed Mar 9 09:41:56 2022 +1100 - Avoid lines >80 chars. From jmc@ + Provide killpg implementation. + + Based on github PR#301 for Tandem NonStop. -commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b -Author: djm@openbsd.org -Date: Tue Aug 3 01:05:24 2021 +0000 +commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae +Author: Darren Tucker +Date: Wed Mar 9 09:29:30 2022 +1100 - upstream: regression tests for scp SFTP protocol support; mostly by - - Jakub Jelen in GHPR#194 ok markus + Check for missing ftruncate prototype. - OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 + From github PR#301 in conjunction with rsbeckerca. -commit e4673b7f67ae7740131a4ecea29a846593049a91 -Author: anton@openbsd.org -Date: Thu Jul 29 15:34:09 2021 +0000 +commit 8cf5275452a950869cb90eeac7d220b01f77b12e +Author: Darren Tucker +Date: Tue Mar 8 20:04:06 2022 +1100 - upstream: Treat doas with arguments as a valid SUDO variable. - - Allows one to specify SUDO="doas -n" which I do while running make regress. - - ok dtucker@ + Default to not using sandbox when cross compiling. - OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005 + On most systems poll(2) does not work when the number of FDs is reduced + with setrlimit, so assume it doesn't when cross compiling and we can't + run the test. bz#3398. -commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3 +commit 379b30120da53d7c84aa8299c26b18c51c2a0dac Author: djm@openbsd.org -Date: Mon Aug 2 23:38:27 2021 +0000 +Date: Tue Mar 1 01:59:19 2022 +0000 - upstream: support for using the SFTP protocol for file transfers in + upstream: pack pollfd array before server_accept_loop() ppoll() - scp, via a new "-M sftp" option. Marked as experimental for now. + call, and terminate sshd if ppoll() returns errno==EINVAL - Some corner-cases exist, in particular there is no attempt to - provide bug-compatibility with scp's weird "double shell" quoting - rules. + avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by + Daniel Micay - Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ - Thanks jmc@ for improving the scp.1 bits. + feedback/ok deraadt - OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c + OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 -commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f -Author: jmc@openbsd.org -Date: Fri Jul 30 14:28:13 2021 +0000 +commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd +Author: naddy@openbsd.org +Date: Sun Feb 27 01:33:59 2022 +0000 - upstream: fix a formatting error and add some Xr; from debian at - - helgefjell de - - removed references to rlogin etc. as no longer relevant; - suggested by djm + upstream: include rejected signature algorithm in error message and - ok djm dtucker + not the (useless) key type; ok djm@ - OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae + OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff -commit c7cd347a8823819411222c1e10a0d26747d0fd5c -Author: jmc@openbsd.org -Date: Fri Jul 30 14:25:01 2021 +0000 +commit f2f3269423618a83157e18902385e720f9776007 +Author: dtucker@openbsd.org +Date: Fri Feb 25 09:46:24 2022 +0000 - upstream: fix a formatting error and mark up known_hosts - - consistently; issues reported by debian at helgefjell de + upstream: Remove the char * casts from arguments to do_lstat, - ok djm dtucker + do_readdir and do_stat paths since the underlying functions now take a const + char *. Patch from vapier at gentoo.org. - OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce + OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b -commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738 -Author: jmc@openbsd.org -Date: Wed Jul 28 05:57:42 2021 +0000 - - upstream: no need to talk about version 2 with the -Q option, so - - rewrite the text to read better; - - issue reported by debian at helgefjell de - ok djm dtucker - - OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf - -commit bec429338e9b30d2c7668060e82608286a8a4777 -Author: jmc@openbsd.org -Date: Tue Jul 27 14:28:46 2021 +0000 - - upstream: word fix; reported by debian at helgefjell de - - OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece - -commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1 -Author: jmc@openbsd.org -Date: Tue Jul 27 14:14:25 2021 +0000 +commit 4a66dac052c5ff5047161853f36904607649e4f9 +Author: djm@openbsd.org +Date: Fri Feb 25 02:09:27 2022 +0000 - upstream: standardise the grammar in the options list; issue - - reported by debian at helgefjell de + upstream: save an unneccessary alloc/free, based on patch from - ok dtucker djm + Martin Vahlensieck; ok dtucker@ - OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6 + OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f -commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956 +commit 6f117cb151efe138ac57bdd8e26165f350328f5f Author: Darren Tucker -Date: Mon Aug 2 18:56:29 2021 +1000 +Date: Tue Mar 1 09:02:06 2022 +1100 - Check for RLIMIT_NOFILE before trying to use it. + Remove unused ivbits argument from chacha_keysetup -commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4 +commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 Author: Darren Tucker -Date: Tue Jul 27 17:45:34 2021 +1000 +Date: Tue Mar 1 09:00:20 2022 +1100 - lastenv is only used in setenv. - - Prevents an unused variable warning on platforms that have setenv but - not unsetenv. + Add OPENBSD ORIGINAL marker. -commit a1f78e08bdb3eaa88603ba3c6e01de7c8671e28a +commit f2ff669347d320532e7c1b63cdf5c62f46e73150 Author: Darren Tucker -Date: Mon Jul 26 12:45:30 2021 +1000 +Date: Mon Feb 28 22:21:36 2022 +1100 - Move SUDO to "make test" command line. + No unused param warnings for clang-12 and gcc-11. - Environment variables don't get passed by vmrun, so move to command - line. + These have too many false positives in -Werror tests on the github CI + since we often provide empty stub functions for functionality not needed + for particular configurations. -commit 02e624273b9c78a49a01239159b8c09b8409b1a0 +commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 Author: Darren Tucker -Date: Sun Jul 25 23:26:36 2021 +1000 +Date: Sat Feb 26 14:10:41 2022 +1100 - Set SUDO for tests and cleanup. + Add debian-i386 test target. -commit 460ae5d93051bab70239ad823dd784822d58baad +commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 Author: Darren Tucker -Date: Sun Jul 25 22:37:55 2021 +1000 - - Pass OPENSSL=no to make tests too. - -commit b398f499c68d74ebe3298b73757cf3f36e14e0cb -Author: dtucker@openbsd.org -Date: Sun Jul 25 12:27:37 2021 +0000 - - upstream: Skip unit and makefile-based key conversion tests when - - we're building with OPENSSL=no. - - OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732 - -commit 727ce36c8c5941bde99216d27109405907caae4f -Author: dtucker@openbsd.org -Date: Sun Jul 25 12:13:03 2021 +0000 +Date: Sat Feb 26 14:06:14 2022 +1100 - upstream: Replace OPENSSL as the variable that points to the - - openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL - variable from mk.conf or the make(1) command line indicating if we're - building with our without OpenSSL, and ultimately get the regress tests - working in the OPENSSL=no configuration. + Allow ppoll_time64 in seccomp sandbox. - OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e + Should fix sandbox violations on (some? at least i386 and armhf) 32bit + Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at + debian.org via bz#3396. -commit 55e17101a9075f6a63af724261c5744809dcb95c -Author: dtucker@openbsd.org -Date: Sat Jul 24 02:57:28 2021 +0000 +commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 +Author: Darren Tucker +Date: Fri Feb 25 19:47:48 2022 +1100 - upstream: Skip RFC4716 format import and export tests when built - - without OpenSSL. + Improve handling of _getshort and _getlong. - OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4 + If the system native ones are exactly as required then use them, + otherwise use the local versions mapped to another name to prevent + name collisions. -commit f5ccb5895d39cd627ad9e7b2c671d2587616100d -Author: dtucker@openbsd.org -Date: Sat Jul 24 02:51:14 2021 +0000 +commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b +Author: Darren Tucker +Date: Fri Feb 25 15:14:22 2022 +1100 - upstream: Don't omit ssh-keygen -y from usage when built without - - OpenSSL. It is actually available, albeit only for ed25519 keys. + Constify utimes in compat library to match specs. - OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674 + Patch from vapier at chromium.org. -commit 819d57ac23469f1f03baa8feb38ddefbada90fdc -Author: dtucker@openbsd.org -Date: Sat Jul 24 02:08:13 2021 +0000 +commit 1b2920e3b63db2eddebeec7330ffe8b723055573 +Author: Darren Tucker +Date: Fri Feb 25 13:50:56 2022 +1100 - upstream: Exclude key conversion options from usage when built - - without OpenSSL since those are not available, similar to what we currently - do with the moduli screening options. We can also use this to skip the - conversion regression tests in this case. + ANSIfy getshort and getlong. - OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe + These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c + which made this change in 2005. -commit b6673b1d2ee90b4690ee84f634efe40225423c38 +commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 Author: Darren Tucker -Date: Sat Jul 24 13:02:51 2021 +1000 +Date: Fri Feb 25 13:23:04 2022 +1100 - Test OpenBSD upstream with and without OpenSSL. + Use PICFLAG instead of hard coding -fPIC. -commit 9d38074b5453c1abbdf888e80828c278d3b886ac -Author: djm@openbsd.org -Date: Sat Jul 24 01:54:23 2021 +0000 +commit 3016ba47035ac3561aabd48e2be70167fe157d6a +Author: Darren Tucker +Date: Fri Feb 25 11:37:11 2022 +1100 - upstream: test for first-match-wins in authorized_keys environment= - - options - - OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8 + Add tests for latest releases of {Libre,Open}SSL. -commit 2b76f1dd19787e784711ea297ad8fc938b4484fd -Author: dtucker@openbsd.org -Date: Fri Jul 23 05:53:02 2021 +0000 +commit f107467179428a0e3ea9e4aa9738ac12ff02822d +Author: Colin Watson +Date: Thu Feb 24 16:04:18 2022 +0000 - upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly. + Improve detection of -fzero-call-used-regs=all support - OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108 + GCC doesn't tell us whether this option is supported unless it runs into + the situation where it would need to emit corresponding code. -commit 7d64a9fb587ba9592f027f7a2264226c713d6579 +commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 Author: djm@openbsd.org -Date: Sat Jul 24 01:55:19 2021 +0000 +Date: Wed Feb 23 21:21:49 2022 +0000 - upstream: don't leak environment= variable when it is not the first - - match + upstream: free(3) wants stdlib.h - OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0 + OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a -commit db2130e2340bf923e41c791aa9cd27b9e926042c -Author: jmc@openbsd.org -Date: Fri Jul 23 06:01:17 2021 +0000 +commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 +Author: djm@openbsd.org +Date: Wed Feb 23 21:21:16 2022 +0000 - upstream: punctuation; + upstream: put back the scp manpage changes for SFTP mode too - OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806 + OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 -commit 03190d10980c6fc9124e988cb2df13101f266507 -Author: djm@openbsd.org -Date: Fri Jul 23 05:56:47 2021 +0000 +commit 449bcb8403adfb9724805d02a51aea76046de185 +Author: deraadt@openbsd.org +Date: Wed Feb 23 19:01:00 2022 +0000 - upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN) - - will try to use askpass first. bz3314 + upstream: and we go back to testing sftp-scp after the 8.9 - convert a couple of debug() -> debug_f() while here + release... - OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c + OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c -commit 1653ece6832b2b304d46866b262d5f69880a9ec7 -Author: dtucker@openbsd.org -Date: Fri Jul 23 05:07:16 2021 +0000 +commit 166456cedad3962b83b848b1e9caf80794831f0f +Author: Damien Miller +Date: Wed Feb 23 22:31:11 2022 +1100 - upstream: Test conversion of ed25519 and ecdsa keys too. - - OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb + makedepend -commit 8b7af02dcf9d2b738787efd27da7ffda9859bed2 -Author: dtucker@openbsd.org -Date: Fri Jul 23 04:56:21 2021 +0000 +commit 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 +Author: djm@openbsd.org +Date: Wed Feb 23 11:18:13 2022 +0000 - upstream: Add test for exporting pubkey from a passphrase-protected + upstream: avoid integer overflow of auth attempts (harmless, caught - private key. + by monitor) - OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac + OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 -commit 441095d4a3e5048fe3c87a6c5db5bc3383d767fb +commit 6e0258c64c901753df695e06498b26f9f4812ea6 Author: djm@openbsd.org -Date: Fri Jul 23 03:54:55 2021 +0000 +Date: Wed Feb 23 11:17:10 2022 +0000 - upstream: regression test for time-limited signature keys + upstream: randomise the password used in fakepw - OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc + OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947 -commit 9e1882ef6489a7dd16b6d7794af96629cae61a53 +commit bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 Author: djm@openbsd.org -Date: Fri Jul 23 05:24:02 2021 +0000 +Date: Wed Feb 23 11:15:57 2022 +0000 - upstream: note successful authentication method in final "Authenticated - - to ..." message and partial auth success messages (all at LogLevel=verbose) - ok dtucker@ + upstream: use asprintf to construct .rhosts paths - OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984 + OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b -commit a917e973a1b90b40ff1e950df083364b48fc6c78 +commit c07e154fbdc7285e9ec54e78d8a31f7325d43537 Author: djm@openbsd.org -Date: Fri Jul 23 04:04:52 2021 +0000 +Date: Wed Feb 23 11:07:09 2022 +0000 - upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart - - to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok - dtucker + upstream: openssh-8.9 - OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3 + OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e -commit e0c5088f1c96a145eb6ea1dee438010da78f9ef5 -Author: djm@openbsd.org -Date: Fri Jul 23 04:00:59 2021 +0000 +commit bc16667b4a1c3cad7029304853c143a32ae04bd4 +Author: Darren Tucker +Date: Tue Feb 22 15:29:22 2022 +1100 - upstream: Add a StdinNull directive to ssh_config(5) that allows + Extend select+rlimit sanbox test to include poll. - the config file to do the same thing as -n does on the ssh(1) commandline. - Patch from Volker Diels-Grabsch via GHPR231; ok dtucker + POSIX specifies that poll() shall fail if "nfds argument is greater + than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero + so this causes poll() to fail in the preauth privsep process. - OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e + This is likely the underlying cause for the previously observed similar + behaviour of select() on plaforms where it is implement in userspace on + top of poll(). -commit e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea -Author: djm@openbsd.org -Date: Fri Jul 23 03:57:20 2021 +0000 +commit 6520c488de95366be031d49287ed243620399e23 +Author: Darren Tucker +Date: Tue Feb 22 13:08:59 2022 +1100 - upstream: make authorized_keys environment="..." directives - - first-match-wins and more strictly limit their maximum number; prompted by - OOM reported by OSS-fuzz (35470). - - feedback and ok dtucker@ - - OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121 + Add Alpine Linux test VM. -commit d0bb1ce731762c55acb95817df4d5fab526c7ecd -Author: djm@openbsd.org -Date: Fri Jul 23 03:37:52 2021 +0000 +commit a4b325a3fc82d11e0f5d61f62e7fde29415f7afb +Author: Darren Tucker +Date: Tue Feb 22 12:27:07 2022 +1100 - upstream: Let allowed signers files used by ssh-keygen(1) - - signatures support key lifetimes, and allow the verification mode to specify - a signature time to check at. This is intended for use by git to support - signing objects using ssh keys. ok dtucker@ + Include sys/param.h if present. - OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31 + Needed for howmany() on MUSL systems such as Alpine. -commit 44142068dc7ef783d135e91ff954e754d2ed432e -Author: dtucker@openbsd.org -Date: Mon Jul 19 08:48:33 2021 +0000 +commit 5a102e9cb287a43bd7dfe594b775a89a8e94697c +Author: Darren Tucker +Date: Tue Feb 22 12:25:52 2022 +1100 - upstream: Use SUDO when setting up hostkey. + Only include sys/poll.h if we don't have poll.h. - OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7 + Prevents warnings on MUSL based systems such as Alpine. -commit 6b67f3f1d1d187597e54a139cc7785c0acebd9a2 -Author: dtucker@openbsd.org -Date: Mon Jul 19 05:08:54 2021 +0000 +commit 7c0d4ce911d5c58b6166b2db754a4e91f352adf5 +Author: Damien Miller +Date: Tue Feb 22 11:14:51 2022 +1100 - upstream: Increase time margin for rekey tests. Should help + disable agent-restrict test on minix3 - reliability on very heavily loaded hosts. + Minix seems to have a platform-wide limit on the number of + select(2) syscalls that can be concurrently issued. This test + seems to exceed this limit. - OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533 + Refer to: + + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114 + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31 -commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8 +commit 81d33d8e3cf7ea5ce3a5653c6102b623e019428a Author: Darren Tucker -Date: Mon Jul 19 13:47:51 2021 +1000 +Date: Mon Feb 21 21:27:20 2022 +1100 - Add sshfp-connect.sh file missed in previous. + Skip agent-getpeereid when running as root. -commit b75a80fa8369864916d4c93a50576155cad4df03 +commit fbd772570a25436a33924d91c164d2b24021f010 Author: dtucker@openbsd.org -Date: Mon Jul 19 03:13:28 2021 +0000 +Date: Sun Feb 20 03:47:26 2022 +0000 - upstream: Ensure that all returned SSHFP records for the specified host + upstream: Aproximate realpath on the expected output by deduping - name and hostkey type match instead of only one. While there, simplify the - code somewhat and add some debugging. Based on discussion in bz#3322, ok - djm@. + leading slashes. Fixes test failure when user's home dir is / which is + possible in some portable configurations. - OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4 + OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63 -commit 1cc1fd095393663cd72ddac927d82c6384c622ba -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:21:50 2021 +0000 +commit 336685d223a59f893faeedf0a562e053fd84058e +Author: Darren Tucker +Date: Sun Feb 20 13:30:52 2022 +1100 - upstream: Id sync only, -portable already has this. - - Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes - build with OPENSSL=no. + Really move DSA to end of list. - OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15 + In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to + the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net. -commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485 -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:46:34 2021 +0000 +commit 63bf4f49ed2fdf2da6f97136c9df0c8168546eb3 +Author: Darren Tucker +Date: Fri Feb 18 12:12:21 2022 +1100 - upstream: Add test for host key verification via SSHFP records. This - - requires some external setup to operate so is disabled by default (see - comments in sshfp-connect.sh). - - OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9 + Add test configs for MUSL C library. -commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:29:28 2021 +0000 +commit f7fc6a43f1173e8b2c38770bf6cee485a562d03b +Author: Damien Miller +Date: Thu Feb 17 22:54:19 2022 +1100 - upstream: Add ed25519 key and test SSHFP export of it. Only test - - RSA SSHFP export if we have RSA functionality compiled in. - - OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af + minix needs BROKEN_POLL too; chokes on /dev/null -commit 0075511e27e5394faa28edca02bfbf13b9a6693e -Author: dtucker@openbsd.org -Date: Mon Jul 19 00:16:26 2021 +0000 +commit 667fec5d4fe4406745750a32f69b5d2e1a75e94b +Author: djm@openbsd.org +Date: Thu Feb 17 10:58:27 2022 +0000 - upstream: Group keygen tests together. + upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught - OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c + by dtucker's minix3 vm :) ok dtucker@ + + OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361 -commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26 -Author: dtucker@openbsd.org -Date: Sun Jul 18 23:10:10 2021 +0000 +commit 41417dbda9fb55a0af49a8236e3ef9d50d862644 +Author: Darren Tucker +Date: Thu Feb 17 22:05:29 2022 +1100 - upstream: Add test for ssh-keygen printing of SSHFP records. - - OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b + Comment hurd test, the VM is currently broken. -commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812 -Author: djm@openbsd.org -Date: Sat Jul 17 00:38:11 2021 +0000 +commit b2aee35a1f0dc798339b3fcf96136da71b7e3f6d +Author: Damien Miller +Date: Thu Feb 17 21:15:16 2022 +1100 - upstream: wrap some long lines + find sk-dummy.so when build_dir != src_dir - OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d + spotted by Corinna Vinschen; feedback & ok dtucker@ -commit 43ec991a782791d0b3f42898cd789f99a07bfaa4 -Author: djm@openbsd.org -Date: Sat Jul 17 00:36:53 2021 +0000 +commit 62a2d4e50b2e89f2ef04576931895d5139a5d037 +Author: Damien Miller +Date: Wed Feb 16 16:26:17 2022 +1100 - upstream: fix sftp on ControlPersist connections, broken by recent - - SessionType change; spotted by sthen@ - - OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234 + update versions in preparation for 8.9 release -commit 073f45c236550f158c9a94003e4611c07dea5279 +commit dd6d3dded721ac653ea73c017325e5bfeeec837f Author: djm@openbsd.org -Date: Fri Jul 16 09:00:23 2021 +0000 +Date: Tue Feb 15 05:13:36 2022 +0000 - upstream: Explicitly check for and start time-based rekeying in the - - client and server mainloops. - - Previously the rekey timeout could expire but rekeying would not start - until a packet was sent or received. This could cause us to spin in - select() on the rekey timeout if the connection was quiet. + upstream: document the unbound/host-bound options to - ok markus@ + PubkeyAuthentication; spotted by HARUYAMA Seigo - OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987 + OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981 -commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf -Author: jmc@openbsd.org -Date: Wed Jul 14 06:46:38 2021 +0000 +commit df93529dd727fdf2fb290700cd4f1adb0c3c084b +Author: Darren Tucker +Date: Mon Feb 14 14:19:40 2022 +1100 - upstream: reorder SessionType; ok djm + Test if sshd accidentally acquires controlling tty - OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c + When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour + in the STREAMS code before activating the workaround. ok djm@ -commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3 +commit 766176cfdbfd7ec38bb6118dde6e4daa0df34888 Author: Darren Tucker -Date: Wed Jul 14 11:26:50 2021 +1000 +Date: Sat Feb 12 10:24:56 2022 +1100 - Make whitespace consistent. + Add cygwin-release test config. + + This tests the flags used to build the cygwin release binaries. -commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723 +commit b30698662b862f5397116d23688aac0764e0886e Author: Darren Tucker -Date: Wed Jul 14 11:26:12 2021 +1000 - - Add ARM64 Linux self-hosted runner. - -commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f -Author: djm@openbsd.org -Date: Tue Jul 13 23:48:36 2021 +0000 +Date: Fri Feb 11 21:00:35 2022 +1100 - upstream: add a SessionType directive to ssh_config, allowing the + Move SSHD_ACQUIRES_CTTY workaround into compat. - configuration file to offer equivalent control to the -N (no session) and -s - (subsystem) command-line flags. + On some (most? all?) SysV based systems with STREAMS based ptys, + sshd could acquire a controlling terminal during pty setup when + it pushed the "ptem" module, due to what is probably a bug in + the STREAMS driver that's old enough to vote. Because it was the + privileged sshd's controlling terminal, it was not available for + the user's session, which ended up without one. This is known to + affect at least Solaris <=10, derivatives such as OpenIndiana and + several other SysV systems. See bz#245 for the backstory. - Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; - feedback and ok dtucker@ + In the we past worked around that by not calling setsid in the + privileged sshd child, which meant it was not a session or process + group leader. This solved controlling terminal problem because sshd + was not eligble to acquire one, but had other side effects such as + not cleaning up helper subprocesses in the SIGALRM handler since it + was not PG leader. Recent cleanups in the signal handler uncovered + this, resulting in the LoginGraceTime timer not cleaning up privsep + unprivileged processes. - OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12 - -commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538 -Author: djm@openbsd.org -Date: Mon Jul 12 02:12:22 2021 +0000 - - upstream: fix some broken tests; clean up output + This change moves the workaround into the STREAMS pty allocation code, + by allocating a sacrificial pty to act as sshd's controlling terminal + before allocating user ptys, so those are still available for users' + sessions. - OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566 - -commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e -Author: Darren Tucker -Date: Mon Jul 12 18:00:05 2021 +1000 - - Add configure-time detection for SSH_TIME_T_MAX. + On the down side: + - this will waste a pty per ssh connection on affected platforms. - Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms - were time_t is a long long. The limit used is for the signed type, so if - some system has a 32bit unsigned time_t then the lower limit will still - be imposed and we would need to add some way to detect this. Anyone using - an unsigned 64bit can let us know when it starts being a problem. - -commit fd2d06ae4442820429d634c0a8bae11c8e40c174 -Author: dtucker@openbsd.org -Date: Mon Jul 12 06:22:57 2021 +0000 - - upstream: Make limit for time_t test unconditional in the + On the up side: + - it makes the process group behaviour consistent between platforms. - format_absolute_time fix for bz#3329 that allows printing of timestamps past - INT_MAX. This was incorrectly included with the previous commit. Based on - discussion with djm@. + - it puts the workaround nearest the code that actually causes the + problem and competely out of the mainline code. - OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e + - the workaround is only activated if you use the STREAMS code. If, + say, Solaris 11 has the bug but also a working openpty() it doesn't + matter that we defined SSHD_ACQUIRES_CTTY. + + - the workaround is only activated when the fist pty is allocated, + ie in the post-auth privsep monitor. This means there's no risk + of fd leaks to the unprivileged processes, and there's no effect on + sessions that do not allocate a pty. + + Based on analysis and work by djm@, ok djm@ -commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3 -Author: dtucker@openbsd.org -Date: Mon Jul 12 06:08:57 2021 +0000 +commit cd00b48cf10f3565936a418c1e6d7e48b5c36140 +Author: Darren Tucker +Date: Fri Feb 11 20:09:32 2022 +1100 - upstream: Use existing format_absolute_time() function when - - printing cert validity instead of doing it inline. Part of bz#3329. + Simplify handling of --with-ssl-dir. - OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c + ok djm@ -commit 99981d5f8bfa383791afea03f6bce8454e96e323 -Author: djm@openbsd.org -Date: Fri Jul 9 09:55:56 2021 +0000 +commit ea13fc830fc0e0dce2459f1fab2ec5099f73bdf0 +Author: Darren Tucker +Date: Fri Feb 11 13:39:29 2022 +1100 - upstream: silence redundant error message; reported by Fabian Stelzer + Stop testing OpenBSD HEAD on 6.9 and 7.0. - OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2 + HEAD is not guaranteed to work on previous stable branches, and at the + moment is broken due to libfido API changes. -commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804 -Author: John Ericson -Date: Sat Dec 26 11:40:49 2020 -0500 +commit 50b9e4a4514697ffb9592200e722de6b427cb9ff +Author: dtucker@openbsd.org +Date: Fri Feb 11 00:43:56 2022 +0000 - Re-indent krb5 section after pkg-config addition. + upstream: Always initialize delim before passing to hpdelim2 which + + might not set it. Found by the Valgrind tests on github, ok deraadt@ + + OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d -commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb -Author: John Ericson -Date: Sat Dec 26 11:40:49 2020 -0500 +commit 6ee53064f476cf163acd5521da45b11b7c57321b +Author: Darren Tucker +Date: Fri Feb 11 10:03:06 2022 +1100 - Support finding Kerberos via pkg-config + Fix helper include path and remove excess code. - This makes cross compilation easier. + Looks like test_hpdelim.c was imported twice into the same file. + Spotted by kevin.brott at gmail com and chris at cataclysmal org. -commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4 +commit 9fa63a19f68bc87452d3cf5c577cafad2921b7a4 Author: Darren Tucker -Date: Fri Jul 9 14:34:06 2021 +1000 +Date: Thu Feb 10 23:27:02 2022 +1100 - Update comments about EGD to include prngd. + Put poll.h inside ifdef. -commit b5d23150b4e3368f4983fd169d432c07afeee45a -Author: dtucker@openbsd.org -Date: Mon Jul 5 01:21:07 2021 +0000 +commit 3ac00dfeb54b252c15dcbf1971582e9e3b946de6 +Author: Darren Tucker +Date: Thu Feb 10 22:17:31 2022 +1100 - upstream: Fix a couple of whitespace things. Portable already has - - these so this removes two diffs between the two. - - OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56 + We now support POLLPRI so actually define it. -commit 8f57be9f279b8e905f9883066aa633c7e67b31cf +commit 25bd659cc72268f2858c5415740c442ee950049f Author: dtucker@openbsd.org -Date: Mon Jul 5 01:16:46 2021 +0000 +Date: Sun Feb 6 22:58:33 2022 +0000 - upstream: Order includes as per style(9). Portable already has - - these so this removes a handful of diffs between the two. + upstream: Add test for empty hostname with port. - OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77 + OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3 -commit b75624f8733b3ed9e240f86cac5d4a39dae11848 +commit a29af853cff41c0635f0378c00fe91bf9c91dea4 Author: dtucker@openbsd.org -Date: Mon Jul 5 00:50:25 2021 +0000 +Date: Fri Feb 4 07:53:44 2022 +0000 - upstream: Remove comment referencing now-removed - - RhostsRSAAuthentication. ok djm@ + upstream: Add unit tests for hpdelim. - OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9 + OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018 -commit b67eb12f013c5441bb4f0893a97533582ad4eb13 +commit 9699151b039ecc5fad9ac6c6c02e9afdbd26f15f Author: djm@openbsd.org -Date: Mon Jul 5 00:25:42 2021 +0000 +Date: Thu Feb 10 04:12:38 2022 +0000 - upstream: allow spaces to appear in usernames for local to remote, + upstream: revert for imminent OpenSSH release, which wil ship with - and scp -3 remote to remote copies. with & ok dtucker bz#1164 + scp in RCP mode. - OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd + > revision 1.106 + > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; + > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP + > protocol for copying. Let's get back to testing the SFTP protocol. + + This will be put back once the OpenSSH release is done. + + OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768 -commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87 +commit 45279abceb37c3cbfac8ba36dde8b2c8cdd63d32 Author: dtucker@openbsd.org -Date: Fri Jul 2 07:20:44 2021 +0000 +Date: Tue Feb 8 08:59:12 2022 +0000 - upstream: Remove obsolete comments about SSHv1 auth methods. ok + upstream: Switch hpdelim interface to accept only ":" as delimiter. - djm@ + Historicallly, hpdelim accepted ":" or "/" as a port delimiter between + hosts (or addresses) and ports. These days most of the uses for "/" + are no longer accepted, so there are several places where it checks the + delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 + in the other cases. ok djm@ - OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f + OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102 -commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003 -Author: Darren Tucker -Date: Sat Jul 3 23:00:19 2021 +1000 +commit a1bcbf04a7c2d81944141db7ecd0ba292d175a66 +Author: pedro martelletto +Date: Mon Feb 7 09:09:59 2022 +0100 - Remove reference to ChallengeResponse. - - challenge_response_authentication was removed from the struct, keeping - kbd_interactive_authentication. + fix typos in previous -commit 321874416d610ad2158ce6112f094a4862c2e37f -Author: Darren Tucker -Date: Sat Jul 3 20:38:09 2021 +1000 +commit 56192518e329b39f063487bc2dc4d796f791eca0 +Author: Damien Miller +Date: Mon Feb 7 12:53:47 2022 +1100 - Move signal.h up include order to match upstream. + compat code for fido_assert_set_clientdata() -commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32 -Author: Darren Tucker -Date: Sat Jul 3 20:36:06 2021 +1000 +commit d6b5aa08fdcf9b527f8b8f932432941d5b76b7ab +Author: djm@openbsd.org +Date: Mon Feb 7 01:25:12 2022 +0000 - Remove old OpenBSD version marker. + upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead - Looks like an accidental leftover from a sync. - -commit 9d5e31f55d5f3899b72645bac41a932d298ad73b -Author: Darren Tucker -Date: Sat Jul 3 20:34:19 2021 +1000 - - Remove duplicate error on error path. + of manually hashing data outselves. Saves a fair bit of code and makes life + easier for some -portable platforms. - There's an extra error() call on the listen error path, it looks like - its removal was missed during an upstream sync. + OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0 -commit 888c459925c7478ce22ff206c9ac1fb812a40caf -Author: Darren Tucker -Date: Sat Jul 3 20:32:46 2021 +1000 +commit 86cc93fd3c26b2e0c7663c6394995fb04ebfbf3b +Author: jsg@openbsd.org +Date: Sun Feb 6 00:29:03 2022 +0000 - Remove some whitespace not in upstream. + upstream: remove please from manual pages ok jmc@ sthen@ millert@ - Reduces diff vs OpenBSD by a small amount. + OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa -commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2 -Author: Darren Tucker -Date: Sat Jul 3 19:27:43 2021 +1000 +commit ad16a84e64a8cf1c69c63de3fb9008320a37009c +Author: dtucker@openbsd.org +Date: Fri Feb 4 02:49:17 2022 +0000 - Replace remaining references to ChallengeResponse. + upstream: Since they are deprecated, move DSA to the end of the - Portable had a few additional references to ChallengeResponse related to - UsePAM, replaces these with equivalent keyboard-interactive ones. - -commit 53237ac789183946dac6dcb8838bc3b6b9b43be1 -Author: Darren Tucker -Date: Sat Jul 3 19:23:28 2021 +1000 - - Sync remaining ChallengeResponse removal. + default list of public keys so that they will be tried last. From github + PR#295 from "ProBackup-nl", ok djm@ - These were omitted from commit 88868fd131. + OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0 -commit 2c9e4b319f7e98744b188b0f58859d431def343b -Author: Darren Tucker -Date: Sat Jul 3 19:17:31 2021 +1000 +commit 253de42753de85dde266e061b6fec12ca6589f7d +Author: Damien Miller +Date: Wed Feb 2 16:52:07 2022 +1100 - Disable rocky84 to figure out why agent test fails + portable-specific string array constification + + from Mike Frysinger -commit bfe19197a92b7916f64a121fbd3c179abf15e218 -Author: Darren Tucker -Date: Fri Jul 2 15:43:28 2021 +1000 +commit dfdcc2220cf359c492d5d34eb723370e8bd8a19e +Author: djm@openbsd.org +Date: Tue Feb 1 23:37:15 2022 +0000 - Remove now-unused SSHv1 enums. + upstream: test 'ssh-keygen -Y find-principals' with wildcard - sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options - and are no longer used. + principals; from Fabian Stelzer + + OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40 -commit c73b02d92d72458a5312bd098f32ce88868fd131 +commit 968e508967ef42480cebad8cf3172465883baa77 Author: dtucker@openbsd.org -Date: Fri Jul 2 05:11:20 2021 +0000 +Date: Fri Jan 21 02:54:41 2022 +0000 - upstream: Remove references to ChallengeResponseAuthentication in - - favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the - latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but - not entirely equivalent. We retain the old name as deprecated alias so - config files continue to work and a reference in the man page for people - looking for it. + upstream: Enable all supported ciphers and macs in the server - Prompted by bz#3303 which pointed out the discrepancy between the two - when used with Match. Man page help & ok jmc@, with & ok djm@ + before trying to benchmark them. Increase the data file size to get more + signal. - OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e + OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6 -commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9 -Author: Darren Tucker -Date: Fri Jul 2 15:20:32 2021 +1000 +commit 15b7199a1fd37eff4c695e09d573f3db9f4274b7 +Author: djm@openbsd.org +Date: Tue Feb 1 23:34:47 2022 +0000 - Fix ifdefs around get_random_bytes_prngd. + upstream: allow 'ssh-keygen -Y find-principals' to match wildcard - get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET - are defined, so adjust ifdef accordingly. - -commit 0767627cf66574484b9c0834500b42ea04fe528a -Author: Damien Miller -Date: Fri Jul 2 14:30:23 2021 +1000 - - wrap get_random_bytes_prngd() in ifdef + principals in allowed_signers files; from Fabian Stelzer - avoid unused static function warning - -commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25 -Author: Darren Tucker -Date: Mon Jun 28 13:06:37 2021 +1000 - - Add rocky84 test target. + OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098 -commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b +commit 541667fe6dc26d7881e55f0bb3a4baa6f3171645 Author: djm@openbsd.org -Date: Fri Jun 25 06:30:22 2021 +0000 +Date: Tue Feb 1 23:32:51 2022 +0000 - upstream: fix decoding of X.509 subject name; from Leif Thuresson + upstream: mark const string array contents const too, i.e. static - via bz3327 ok markus@ + const char *array => static const char * const array from Mike Frysinger - OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8 + OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1 -commit 2a5704ec142202d387fda2d6872fd4715ab81347 -Author: dtucker@openbsd.org -Date: Fri Jun 25 06:20:39 2021 +0000 +commit 8cfa73f8a2bde4c98773f33f974c650bdb40dd3c +Author: djm@openbsd.org +Date: Tue Feb 1 23:11:11 2022 +0000 - upstream: Use better language to refer to the user. From l1ving + upstream: better match legacy scp behaviour: show un-expanded paths - via github PR#250, ok jmc@ + in error messages. Spotted by and ok tb@ - OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf + OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7 -commit 4bdf7a04797a0ea1c431a9d54588417c29177d19 +commit 4e62c13ab419b4b224c8bc6a761e91fcf048012d Author: dtucker@openbsd.org -Date: Fri Jun 25 03:38:17 2021 +0000 +Date: Tue Feb 1 07:57:32 2022 +0000 - upstream: Replace SIGCHLD/notify_pipe kludge with pselect. - - Previously sshd's SIGCHLD handler would wake up select() by writing a - byte to notify_pipe. We can remove this by blocking SIGCHLD, checking - for child terminations then passing the original signal mask through - to pselect. This ensures that the pselect will immediately wake up if - a child terminates between wait()ing on them and the pselect. - - In -portable, for platforms that do not have pselect the kludge is still - there but is hidden behind a pselect interface. - - Based on other changes for bz#2158, ok djm@ + upstream: Remove explicit kill of privsep preauth child's PID in - OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813 - -commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 -Author: Darren Tucker -Date: Fri Jun 25 15:08:18 2021 +1000 - - Move closefrom() to before first malloc. + SIGALRM handler. It's no longer needed since the child will get terminated by + the SIGTERM to the process group that cleans up any auth helpers, it + simplifies the signal handler and removes the risk of a race when updating + the PID. Based on analysis by HerrSpace in github PR#289, ok djm@ - When built against tcmalloc, tcmalloc allocates a descriptor for its - internal use, so calling closefrom() afterward causes the descriptor - number to be reused resulting in a corrupted connection. Moving the - closefrom a little earlier should resolve this. From kircherlike at - outlook.com via bz#3321, ok djm@ + OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663 -commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92 -Author: Darren Tucker -Date: Fri Jun 18 20:41:45 2021 +1000 +commit 2a7ccd2ec4022917b745af7186f514f365b7ebe9 +Author: guenther@openbsd.org +Date: Fri Jan 28 06:18:42 2022 +0000 - Put second -lssh in link line for sftp-server. + upstream: When it's the possessive of 'it', it's spelled "its", - When building --without-openssl the recent port-prngd.c change adds - a dependency on atomicio, but since nothing else in sftp-server uses - it, the linker may not find it. Add a second -lssh similar to other - binaries. - -commit e409d7966785cfd9f5970e66a820685c42169717 -Author: Darren Tucker -Date: Fri Jun 18 18:34:08 2021 +1000 - - Try EGD/PRNGD if random device fails. + without the apostrophe. - When built --without-openssl, try EGD/PRGGD (if configured) as a last - resort before failing. + OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7 -commit e43a898043faa3a965dbaa1193cc60e0b479033d -Author: Darren Tucker -Date: Fri Jun 18 18:32:51 2021 +1000 +commit 8a0848cdd3b25c049332cd56034186b7853ae754 +Author: Alex James +Date: Sun Jan 30 16:13:36 2022 -0600 - Split EGD/PRNGD interface into its own file. + sandbox-seccomp-filter: allow gettid - This will allow us to use it when building --without-openssl. - -commit acb2887a769a1b1912cfd7067f3ce04fad240260 -Author: Darren Tucker -Date: Thu Jun 17 21:03:19 2021 +1000 - - Handle GIDs > 2^31 in getgrouplist. + Some allocators (such as Scudo) use gettid while tracing allocations [1]. + Allow gettid in preauth to prevent sshd from crashing with Scudo. - When compiled in 32bit mode, the getgrouplist implementation may fail - for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel - at tui.com. + [1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46 -commit 31fac20c941126281b527605b73bff30a8f02edd -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:46:28 2021 +0000 +commit b30d32159dc3c7052f4bfdf36357996c905af739 +Author: djm@openbsd.org +Date: Sat Jan 22 00:49:34 2022 +0000 - upstream: Use $SUDO when reading sshd's pidfile here too. + upstream: add a ssh_packet_process_read() function that reads from - OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409 - -commit a3a58acffc8cc527f8fc6729486d34e4c3d27643 -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:43:51 2021 +0000 - - upstream: Use $SUDO when reading sshd's pidfile in case it was + a fd directly into the transport input buffer. - created with a very restrictive umask. This resyncs with -portable. + Use this in the client and server mainloops to avoid unnecessary + copying. It also lets us use a more greedy read size without penalty. - OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d - -commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611 -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:37:59 2021 +0000 - - upstream: Set umask when creating hostkeys to prevent excessive + Yields a 2-3% performance gain on cipher-speed.sh (in a fairly + unscientific test tbf) - permissions warning. + feedback dtucker@ ok markus@ - OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef + OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632 -commit 9d0892153c005cc65897e9372b01fa66fcbe2842 -Author: dtucker@openbsd.org -Date: Thu Jun 10 03:45:31 2021 +0000 +commit a1a8efeaaa9cccb15cdc0a2bd7c347a149a3a7e3 +Author: djm@openbsd.org +Date: Sat Jan 22 00:45:31 2022 +0000 - upstream: Add regress test for SIGHUP restart + upstream: Use sshbuf_read() to read directly into the channel input - while handling active and unauthenticated clients. Should catch anything - similar to the pselect bug just fixed in sshd.c. + buffer rather than into a stack buffer that needs to be copied again; + Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok + markus@ - OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73 + OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572 -commit 73f6f191f44440ca3049b9d3c8e5401d10b55097 -Author: dtucker@openbsd.org -Date: Thu Jun 10 03:14:14 2021 +0000 +commit 29a76994e21623a1f84d68ebb9dc5a3c909fa3a7 +Author: Damien Miller +Date: Tue Jan 25 11:52:34 2022 +1100 - upstream: Continue accept loop when pselect - - returns -1, eg if it was interrupted by a signal. This should prevent - the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has - an unauthenticated child and goes on to a blocking read on a notify_pipe. - feedback deraadt@, ok djm@ - - OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0 + depend -commit c785c0ae134a8e8b5c82b2193f64c632a98159e4 +commit 754e0d5c7712296a7a3a83ace863812604c7bc4f Author: djm@openbsd.org -Date: Tue Jun 8 22:30:27 2021 +0000 +Date: Sat Jan 22 00:43:43 2022 +0000 - upstream: test that UserKnownHostsFile correctly accepts multiple + upstream: Add a sshbuf_read() that attempts to read(2) directly in - arguments; would have caught readconf.c r1.356 regression + to a sshbuf; ok markus@ - OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a + OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b -commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e +commit c7964fb9829d9ae2ece8b51a76e4a02e8449338d Author: djm@openbsd.org -Date: Tue Jun 8 22:06:12 2021 +0000 +Date: Fri Jan 21 07:04:19 2022 +0000 - upstream: fix regression in r1.356: for ssh_config options that + upstream: add a helper for writing an error message to the - accepted multiple string arguments, ssh was only recording the first. - Reported by Lucas via bugs@ + stderr_buf and setting quit_pending; no functional change but saves a bunch + of boilerplate - OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d + OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d -commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de +commit d23b4f7fdb1bd87e2cd7a9ae7c198ae99d347916 Author: djm@openbsd.org -Date: Tue Jun 8 07:40:12 2021 +0000 +Date: Fri Jan 21 06:58:06 2022 +0000 - upstream: test argv_split() optional termination on comments + upstream: correct comment and use local variable instead of long - OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c + indirection; spotted by dtucker@ + + OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965 -commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03 -Author: dtucker@openbsd.org -Date: Tue Jun 8 07:05:27 2021 +0000 +commit d069b020a02b6e3935080204ee44d233e8158ebb +Author: deraadt@openbsd.org +Date: Fri Jan 21 00:53:40 2022 +0000 - upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice + upstream: When poll(2) returns -1, for some error conditions - being overridden on the command line. + pfd[].revents is not cleared. There are subtle errors in various programs. + In this particular case, the program should error out. ok djm millert - OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8 + OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c -commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2 -Author: djm@openbsd.org -Date: Tue Jun 8 06:52:43 2021 +0000 +commit e204b34337a965feb439826157c191919fd9ecf8 +Author: Damien Miller +Date: Sat Jan 22 11:38:21 2022 +1100 - upstream: sprinkle some "# comment" at end of configuration lines + restore tty force-read hack - to test comment handling + This portable-specific hack fixes a hang on exit for ttyful sessions + on Linux and some SysVish Unix variants. It was accidentally disabled + in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion). - OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7 + Spotted by John in bz3383 -commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411 -Author: djm@openbsd.org -Date: Tue Jun 8 06:51:47 2021 +0000 +commit 68085066b6bad43643b43f5957fcc5fd34782ccd +Author: Corinna Vinschen +Date: Fri Jan 21 03:22:56 2022 +1100 - upstream: more descriptive failure message + Fix signedness bug in Cygwin code - OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509 - -commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1 -Author: djm@openbsd.org -Date: Mon Jun 7 01:16:34 2021 +0000 - - upstream: test AuthenticationMethods inside a Match block as well - - as in the main config section + The Cygwin-specific pattern match code has a bug. It checks + the size_t value returned by mbstowcs for being < 0. The right + thing to do is to check against (size_t) -1. Fix that. - OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7 + Signed-off-by: Corinna Vinschen -commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db -Author: djm@openbsd.org -Date: Mon Jun 7 00:00:50 2021 +0000 +commit 2e5cfed513e84444483baf1d8b31c40072b05103 +Author: Darren Tucker +Date: Thu Jan 20 13:26:27 2022 +1100 - upstream: prepare for stricter sshd_config parsing that will refuse - - a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent - arguments. Such lines are permitted but are nonsensical noops ATM + Improve compatibility of early exit trap handling. - OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650 + Dash (as used by the github runners) has some differences in its trap + builtin: + - it doesn't have -p (which is fine, that's not in posix). + - it doesn't work in a subshell (which turns out to be in compliance + with posix, which means bash isn't). + - it doesn't work in a pipeline, ie "trap|cat" produces no output. -commit a10f929d1ce80640129fc5b6bc1acd9bf689169e -Author: djm@openbsd.org -Date: Tue Jun 8 07:09:42 2021 +0000 +commit 3fe6800b6027add478e648934cbb29d684e51943 +Author: Darren Tucker +Date: Thu Jan 20 00:49:57 2022 +1100 - upstream: switch sshd_config parsing to argv_split() - - similar to the previous commit, this switches sshd_config parsing to - the newer tokeniser. Config parsing will be a little stricter wrt - quote correctness and directives appearing without arguments. - - feedback and ok markus@ - - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs + Move more tests out of valgrind-1 runner. + +commit 20da6ed136dd76e6a0b229ca3036ef9c7c7ef798 +Author: Darren Tucker +Date: Wed Jan 19 15:37:39 2022 +1100 + + Invoke EXIT handler early when using Valgrind. - OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e + When using Valgrind, we need to wait for all invoked programs to + complete before checking their valgrind logs. Some tests, notably + agent-restrict, set an EXIT trap handler to clean up things like + ssh-agent, but those do not get invoked until test-exec.sh exits. + This causes the Valgrind wait to deadlock, so if present invoke + the EXIT handler before checking the Valgrind logs. -commit ea9e45c89a4822d74a9d97fef8480707d584da4d +commit ad2e0580c87b0714cf166bca9d926a95ddeee1c8 +Author: Darren Tucker +Date: Tue Jan 18 12:55:21 2022 +1100 + + Remove line leftover from upstream sync. + +commit d1051c0f11a6b749027e26bbeb61b07df4b67e15 Author: djm@openbsd.org -Date: Tue Jun 8 07:07:15 2021 +0000 +Date: Mon Jan 17 22:56:04 2022 +0000 - upstream: Switch ssh_config parsing to use argv_split() - - This fixes a couple of problems with the previous tokeniser, - strdelim() - - 1. strdelim() is permissive wrt accepting '=' characters. This is - intended to allow it to tokenise "Option=value" but because it - cannot keep state, it will incorrectly split "Opt=val=val2". - 2. strdelim() has rudimentry handling of quoted strings, but it - is incomplete and inconsistent. E.g. it doesn't handle escaped - quotes inside a quoted string. - 3. It has no support for stopping on a (unquoted) comment. Because - of this readconf.c r1.343 added chopping of lines at '#', but - this caused a regression because these characters may legitimately - appear inside quoted strings. - - The new tokeniser is stricter is a number of cases, including #1 above - but previously it was also possible for some directives to appear - without arguments. AFAIK these were nonsensical in all cases, and the - new tokeniser refuses to accept them. - - The new code handles quotes much better, permitting quoted space as - well as escaped closing quotes. Finally, comment handling should be - fixed - the tokeniser will terminate only on unquoted # characters. + upstream: when decompressing zlib compressed packets, use - feedback & ok markus@ + Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually + specified as a valid mode for inflate(). There should be no practical change + in behaviour as the compression side ensures a flush that should make all + data available to the receiver in all cases. - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs + repoted by lamm AT ibm.com via bz3372; ok markus - OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5 + OpenBSD-Commit-ID: 67cfc1fa8261feae6d2cc0c554711c97867cc81b -commit d786424986c04d1d375f231fda177c8408e05c3e -Author: dtucker@openbsd.org -Date: Tue Jun 8 07:02:46 2021 +0000 +commit d5981b1883746b1ae178a46229c26b53af99e37a +Author: djm@openbsd.org +Date: Mon Jan 17 21:41:04 2022 +0000 - upstream: Check if IPQoS or TunnelDevice are already set before + upstream: make most of the sftp errors more idiomatic, following - overriding. Prevents values in config files from overriding values supplied - on the command line. bz#3319, ok markus. + the general form of "[local/remote] operation path: error message"; ok markus - OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74 + OpenBSD-Commit-ID: 61364cd5f3a9fecaf8d63b4c38a42c0c91f8b571 -commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457 +commit ac7c9ec894ed0825d04ef69c55babb49bab1d32e Author: djm@openbsd.org -Date: Tue Jun 8 06:54:40 2021 +0000 +Date: Mon Jan 17 21:39:51 2022 +0000 - upstream: Allow argv_split() to optionally terminate tokenisation - - when it encounters an unquoted comment. - - Add some additional utility function for working with argument - vectors, since we'll be switching to using them to parse - ssh/sshd_config shortly. + upstream: when transferring multiple files in SFTP mode, create the - ok markus@ as part of a larger diff; tested in snaps + destination directory if it doesn't already exist to match olde-scp(1) + behaviour. noticed by deraadt@ ok markus@ - OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac - -commit da9f9acaac5bab95dca642b48e0c8182b246ab69 -Author: Darren Tucker -Date: Mon Jun 7 19:19:23 2021 +1000 - - Save logs on failure for upstream test - -commit 76883c60161e5f3808787085a27a8c37f8cc4e08 -Author: Darren Tucker -Date: Mon Jun 7 14:36:32 2021 +1000 - - Add obsdsnap-i386 upstream test target. + OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407 -commit d45b9c63f947ec5ec314696e70281f6afddc0ac3 +commit 39d17e189f8e72c34c722579d8d4e701fa5132da Author: djm@openbsd.org -Date: Mon Jun 7 03:38:38 2021 +0000 +Date: Fri Jan 14 03:43:48 2022 +0000 - upstream: fix debug message when finding a private key to match a + upstream: allow pin-required FIDO keys to be added to ssh-agent(1). - certificate being attempted for user authentication. Previously it would - print the certificate's path, whereas it was supposed to be showing the - private key's path. Patch from Alex Sherwin via GHPR247 + ssh-askpass will be used to request the PIN at authentication time. - OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b + From Pedro Martelletto, ok djm + + OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950 -commit 530739d42f6102668aecd699be0ce59815c1eceb +commit 52423f64e13db2bdc31a51b32e999cb1bfcf1263 Author: djm@openbsd.org -Date: Sun Jun 6 11:34:16 2021 +0000 +Date: Fri Jan 14 03:35:10 2022 +0000 - upstream: Match host certificates against host public keys, not private + upstream: ssh-sk: free a resident key's user id - keys. Allows use of certificates with private keys held in a ssh-agent. - Reported by Miles Zhou in bz3524; ok dtucker@ + From Pedro Martelletto; ok dtucker & me - OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a + OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9 -commit 4265215d7300901fd7097061c7517688ade82f8e +commit 014e2f147a2788bfb3cc58d1b170dcf2bf2ee493 Author: djm@openbsd.org -Date: Sun Jun 6 03:40:39 2021 +0000 +Date: Fri Jan 14 03:34:00 2022 +0000 - upstream: Client-side workaround for a bug in OpenSSH 7.4: this release + upstream: sshsk_load_resident: don't preallocate resp - allows RSA/SHA2 signatures for public key authentication but fails to - advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these - server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse - to offer valid keys. + resp is allocated by client_converse(), at which point we lose + the original pointer. - Reported by and based on patch from Gordon Messmer via bz3213, thanks - also for additional analysis by Jakub Jelen. ok dtucker + From Pedro Martelletto; ok dtucker & me - OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7 + OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1 -commit bda270d7fb8522d43c21a79a4b02a052d7c64de8 +commit c88265f207dfe0e8bdbaf9f0eda63ed6b33781cf Author: djm@openbsd.org -Date: Sun Jun 6 03:17:02 2021 +0000 +Date: Fri Jan 14 03:32:52 2022 +0000 - upstream: degrade gracefully if a sftp-server offers the + upstream: sshsk_sign: trim call to sshkey_fingerprint() - limits@openssh.com extension but fails when the client tries to invoke it. - Reported by Hector Martin via bz3318 + the resulting fingerprint doesn't appear to be used for anything, + and we end up leaking it. - OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967 + from Pedro Martelletto; ok dtucker & me + + OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7 -commit d345d5811afdc2d6923019b653cdd93c4cc95f76 +commit 1cd1b2eac39661b849d5a4b4b56363e22bb5f61e Author: djm@openbsd.org -Date: Sun Jun 6 03:15:39 2021 +0000 +Date: Fri Jan 14 03:31:52 2022 +0000 - upstream: the limits@openssh.com extension was incorrectly marked + upstream: use status error message to communicate ~user expansion - as an operation that writes to the filesystem, which made it unavailable in - sftp-server read-only mode. Spotted by Hector Martin via bz3318 + failures; provides better experience for scp in sftp mode, where ~user paths + are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & + markus - OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067 + (forgot to include this file in previous commit) + + OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b -commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a -Author: naddy@openbsd.org -Date: Sat Jun 5 13:47:00 2021 +0000 +commit a1d42a6ce0398da3833bedf374ef2571af7fea50 +Author: Damien Miller +Date: Fri Jan 14 13:49:32 2022 +1100 - upstream: PROTOCOL.certkeys: update reference from IETF draft to - - RFC + fix edge case in poll(2) wrapper - Also fix some typos. - ok djm@ + Correct handling of select(2) exceptfds. These should only be consulted + for POLLPRI flagged pfds and not unconditionally converted to POLLERR. - OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44 + with and ok dtucker@ -commit aa99b2d9a3e45b943196914e8d8bf086646fdb54 +commit 976b9588b4b5babcaceec4767a241c11a67a5ccb Author: Darren Tucker -Date: Fri Jun 4 23:41:29 2021 +1000 +Date: Fri Jan 14 13:46:35 2022 +1100 - Clear notify_pipe from readset if present. + Wrap OpenSSL includes in unit tests in ifdef. - Prevents leaking an implementation detail to the caller. + Fixes unit test on systems that do not have OpenSSL headers installed. -commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b +commit c171879374b2e8b07157503f5639ed0bce59ce89 Author: Darren Tucker -Date: Fri Jun 4 23:24:25 2021 +1000 +Date: Thu Jan 13 15:53:33 2022 +1100 - space->tabs. + Remove sort wrapper. + + agent-restrict now takes care of this itself. -commit c8677065070ee34c05c7582a9c2f58d8642e552d -Author: Darren Tucker -Date: Fri Jun 4 18:39:48 2021 +1000 +commit 9cc2654403f1a686bb26c07a6ac790edf334cef5 +Author: dtucker@openbsd.org +Date: Thu Jan 13 04:53:16 2022 +0000 - Add pselect implementation for platforms without. + upstream: Set LC_ALL in both local and remote shells so that sorted - This is basically the existing notify_pipe kludge from serverloop.c - moved behind a pselect interface. It works by installing a signal - handler that writes to a pipe that the select is watching, then calls - the original handler. + output matches regardless of what the user's shell sets it to. ok djm@ - The select call in serverloop will become pselect soon, at which point the - kludge will be removed from thereand will only exist in the compat layer. - Original code by markus, help from djm. + OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f -commit 7cd7f302d3a072748299f362f9e241d81fcecd26 -Author: Vincent Brillault -Date: Sun May 24 09:15:06 2020 +0200 +commit 7a75f748cb2dd2f771bf70ea72698aa027996ab1 +Author: dtucker@openbsd.org +Date: Thu Jan 13 04:22:10 2022 +0000 - auth_log: dont log partial successes as failures + upstream: Avoid %'s in commands (not used in OpenBSD, but used in - By design, 'partial' logins are successful logins, so initially with - authenticated set to 1, for which another authentication is required. As - a result, authenticated is always reset to 0 when partial is set to 1. - However, even if authenticated is 0, those are not failed login - attempts, similarly to attempts with authctxt->postponed set to 1. + -portable's Valgrind test) being interpretted as printf format strings. + + OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043 -commit e7606919180661edc7f698e6a1b4ef2cfb363ebf -Author: djm@openbsd.org -Date: Fri Jun 4 06:19:07 2021 +0000 +commit 6c435bd4994d71442192001483a1cdb846e5ffcd +Author: Darren Tucker +Date: Wed Jan 12 16:58:13 2022 +1100 - upstream: The RB_GENERATE_STATIC(3) macro expands to a series of - - function definitions and not a statement, so there should be no semicolon - following them. Patch from Michael Forney + Stop on first test failure to minimize logs. + +commit 4bc2ba6095620a4484b708ece12842afd8c7685b +Author: dtucker@openbsd.org +Date: Wed Jan 12 07:18:37 2022 +0000 + + upstream: Use egrep when searching for an anchored string. - OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd + OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4 -commit c298c4da574ab92df2f051561aeb3e106b0ec954 -Author: djm@openbsd.org -Date: Fri Jun 4 05:59:18 2021 +0000 +commit 6bf2efa2679da1e8e60731f41677b2081dedae2c +Author: Darren Tucker +Date: Wed Jan 12 18:25:06 2022 +1100 - upstream: rework authorized_keys example section, removing irrelevant + Add "rev" command replacement if needed. + +commit 72bcd7993dadaf967bb3d8564ee31cbf38132b5d +Author: dtucker@openbsd.org +Date: Wed Jan 12 03:30:32 2022 +0000 + + upstream: Don't log NULL hostname in restricted agent code, - stuff, de-wrapping the example lines and better aligning the examples with - common usage and FAQs; ok jmc + printf("%s", NULL) is not safe on all platforms. with & ok djm - OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c + OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02 -commit d9cb35bbec5f623589d7c58fc094817b33030f35 +commit acabefe3f8fb58c867c99fed9bbf84dfa1771727 Author: djm@openbsd.org -Date: Fri Jun 4 05:10:03 2021 +0000 +Date: Tue Jan 11 22:33:16 2022 +0000 - upstream: adjust SetEnv description to clarify $TERM handling + upstream: remove hardcoded domain and use window.location.host, so this - OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22 + can be run anywhere + + OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92 -commit 771f57a8626709f2ad207058efd68fbf30d31553 +commit 96da0946e44f34adc0397eb7caa6ec35a3e79891 Author: dtucker@openbsd.org -Date: Fri Jun 4 05:09:08 2021 +0000 +Date: Tue Jan 11 02:56:19 2022 +0000 - upstream: Switch the listening select loop from select() to - - pselect() and mask signals while checking signal flags, umasking for pselect - and restoring afterwards. Also restore signals before sighup_restart so they - don't remain blocked after restart. + upstream: "void" functions should not return anything. From Tim Rice - This prevents a race where a SIGTERM or SIGHUP can arrive between - checking the flag and calling select (eg if sshd is processing a - new connection) resulting in sshd not shutting down until the next - time it receives a new connection. bz#2158, with & ok djm@ + via -portable. - OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f + OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a -commit f64f8c00d158acc1359b8a096835849b23aa2e86 +commit a882a09722c9f086c9edb65d0c4022fd965ec1ed Author: djm@openbsd.org -Date: Fri Jun 4 05:02:40 2021 +0000 +Date: Tue Jan 11 01:26:47 2022 +0000 - upstream: allow ssh_config SetEnv to override $TERM, which is otherwise + upstream: suppress "Connection to xxx closed" messages at LogLevel >= - handled specially by the protocol. Useful in ~/.ssh/config to set TERM to - something generic (e.g. "xterm" instead of "xterm-256color") for destinations - that lack terminfo entries. feedback and ok dtucker@ + error bz3378; ok dtucker@ - OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758 + OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c -commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5 -Author: djm@openbsd.org -Date: Fri Jun 4 04:02:21 2021 +0000 +commit 61a1a6af22e17fc94999a5d1294f27346e6c4668 +Author: Damien Miller +Date: Wed Jan 12 08:57:49 2022 +1100 - upstream: correct extension name "no-presence-required" => - - "no-touch-required" + OS X poll(2) is broken; use compat replacement - document "verify-required" option + Darwin's poll(2) implementation is broken. For character-special + devices like /dev/null, it returns POLLNVAL when polled with + POLLIN. - OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5 + Apparently this is Apple bug 3710161, which is AFAIK not public, + but a websearch will find other OSS projects rediscovering it + periodically since it was first identified in 2005 (!!) -commit ecc186e46e3e30f27539b4311366dfda502f0a08 +commit 613a6545fc5a9542753b503cbe5906538a640b60 Author: Darren Tucker -Date: Wed Jun 2 13:54:11 2021 +1000 +Date: Tue Jan 11 20:56:01 2022 +1100 - Retire fbsd7 test target. - - It's the slowest of the selfhosted targets (since it's 32bit but has - most of the crypto algos). We still have coverage for 32bit i386. + libhardended_malloc.so moved into out dir. -commit 5de0867b822ec48b5eec9abde0f5f95d1d646546 -Author: Darren Tucker -Date: Wed Jun 2 11:21:40 2021 +1000 +commit 61761340be5e11046556623f8f5412b236cefa95 +Author: Tim Rice +Date: Mon Jan 10 11:07:04 2022 -0800 - Check for $OPENSSL in md5 fallback too. + Make USL compilers happy + UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value -commit 1db69d1b6542f8419c04cee7fd523a4a11004be2 +commit 3ef403f351e80a59b6f7e9d43cb82c181855483c Author: Darren Tucker -Date: Wed Jun 2 11:17:54 2021 +1000 +Date: Mon Jan 10 21:07:38 2022 +1100 - Add dfly60 target. + Add wrapper for "sort" to set LC_ALL=C. + + Found by djm, this should make sorts stable and reduce test flakiness. -commit a3f2dd955f1c19cad387a139f0e719af346ca6ef +commit bd69e29f5716090181dbe0b8272eb7eab1a383bb Author: dtucker@openbsd.org -Date: Wed Jun 2 00:17:45 2021 +0000 +Date: Sat Jan 8 07:55:26 2022 +0000 - upstream: Merge back shell portability changes - - bringing it back in sync with -portable. + upstream: Remove errant "set -x" left over from debugging. - OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1 + OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc -commit 9d482295c9f073e84d75af46b720a1c0f7ec2867 +commit 1a7c88e26fd673813dc5f61c4ac278564845e004 Author: dtucker@openbsd.org -Date: Tue Jun 1 23:56:20 2021 +0000 +Date: Sat Jan 8 07:01:13 2022 +0000 - upstream: Use a default value for $OPENSSL, + upstream: Enable all supported hostkey algorithms (but no others). - allowing it to be overridden. Do the same in the PuTTY tests since it's - needed there and not exported by test-exec.sh. + Allows hostbased test to pass when built without OpenSSL. - OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16 + OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562 -commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1 -Author: dtucker@openbsd.org -Date: Mon May 24 10:25:18 2021 +0000 +commit 12b457c2a42ff271e7967d9bedd068cebb048db9 +Author: djm@openbsd.org +Date: Sat Jan 8 07:37:32 2022 +0000 - upstream: Find openssl binary via environment variable. This + upstream: use status error message to communicate ~user expansion - allows overriding if necessary (eg in -portable where we're testing against a - specific version of OpenSSL). + failures; provides better experience for scp in sftp mode, where ~user paths + are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & + markus - OpenBSD-Regress-ID: 491f39cae9e762c71aa4bf045803d077139815c5 + OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f -commit 1a4d1da9188d7c88f646b61f0d6a3b34f47c5439 +commit 63670d4e9030bcee490d5a9cce561373ac5b3b23 Author: djm@openbsd.org -Date: Fri May 21 04:03:47 2021 +0000 +Date: Sat Jan 8 07:36:11 2022 +0000 - upstream: fix memleak in test + upstream: fix some corner-case bugs in scp sftp-mode handling of - OpenBSD-Regress-ID: 5e529d0982aa04666604936df43242e97a7a6f81 + ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus + + OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222 -commit 60455a5d98065a73ec9a1f303345856bbd49aecc +commit e14940bbec57fc7d3ce0644dbefa35f5a8ec97d0 Author: djm@openbsd.org -Date: Fri May 21 03:59:01 2021 +0000 +Date: Sat Jan 8 07:34:57 2022 +0000 - upstream: also check contents of remaining string + upstream: more idiomatic error messages; spotted by jsg & deraadt - OpenBSD-Regress-ID: d526fa07253f4eebbc7d6205a0ab3d491ec71a28 + ok jsg & markus + + OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8 -commit 39f6cd207851d7b67ca46903bfce4a9f615b5b1c +commit 9acddcd5918c623f7ebf454520ffe946a8f15e90 Author: djm@openbsd.org -Date: Fri May 21 03:48:07 2021 +0000 +Date: Sat Jan 8 07:33:54 2022 +0000 - upstream: unit test for misc.c:strdelim() that mostly servces to + upstream: add a variant of send_status() that allows overriding the - highlight its inconsistencies + default, generic error message. feedback/ok markus & jsg - OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195 - -commit 7a3a1dd2c7d4461962acbcc0ebee9445ba892be0 -Author: Darren Tucker -Date: Thu May 27 21:23:15 2021 +1000 - - Put minix3 config in the host-specific block. + OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f -commit 59a194825f12fff8a7f75d91bf751ea17645711b +commit 961411337719d4cd78f1ab33e4ac549f3fa22f50 Author: djm@openbsd.org -Date: Mon May 31 06:48:42 2021 +0000 +Date: Sat Jan 8 07:32:45 2022 +0000 - upstream: Hash challenge supplied by client during FIDO key enrollment + upstream: refactor tilde_expand_filename() and make it handle ~user - prior to passing it to libfido2, which does expect a hash. + paths with no trailing slash; feedback/ok markus and jsg - There is no effect for users who are simply generating FIDO keys using - ssh-keygen - by default we generate a random 256 bit challenge, but - people building attestation workflows around our tools should now have - a more consistent experience (esp. fewer failures when they fail to - guess the magic 32-byte challenge length requirement). + OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d + +commit dc38236ab6827dec575064cac65c8e7035768773 +Author: dtucker@openbsd.org +Date: Thu Jan 6 22:14:25 2022 +0000 + + upstream: Don't explicitly set HostbasedAuthentication in - ok markus@ + sshd_config. It defaults to "no", and not explicitly setting it allows us to + enable it for the (optional) hostbased test. - OpenBSD-Commit-ID: b8d5363a6a7ca3b23dc28f3ca69470472959f2b5 + OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c -commit eb68e669bc8ab968d4cca5bf1357baca7136a826 -Author: Darren Tucker -Date: Thu May 27 21:14:15 2021 +1000 +commit e12d912ddf1c873cb72e5de9a197afbe0b6622d2 +Author: dtucker@openbsd.org +Date: Thu Jan 6 21:46:56 2022 +0000 - Include login_cap.h for login_getpwclass override. + upstream: Add test for hostbased auth. It requires some external - On minix3, login_getpwclass is __RENAME'ed to __login_getpwclass50 so - without this the include overriding login_getpwclass causes a compile - error. + setup (see comments at the top) and thus is disabled unless + TEST_SSH_HOSTBASED_AUTH and SUDO are set. + + OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a -commit 2063af71422501b65c7a92a5e14c0e6a3799ed89 -Author: Darren Tucker -Date: Thu May 27 21:13:38 2021 +1000 +commit a48533a8da6a0f4f05ecd055dc8048047e53569e +Author: Damien Miller +Date: Fri Jan 7 09:24:26 2022 +1100 - Add minix3 test target. + depend -commit 2e1efcfd9f94352ca5f4b6958af8a454f8cf48cd +commit d9dbb5d9a0326e252d3c7bc13beb9c2434f59409 Author: djm@openbsd.org -Date: Wed May 26 01:47:24 2021 +0000 +Date: Thu Jan 6 22:06:51 2022 +0000 - upstream: fix SEGV in UpdateHostkeys debug() message, triggered + upstream: allow hostbased auth to select RSA keys when only - when the update removed more host keys than remain present. Fix tested by - reporter James Cook, via bugs@ + RSA/SHA2 are configured (this is the default case); ok markus@ - OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3 + OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827 -commit 9acd76e6e4d2b519773e7119c33cf77f09534909 -Author: naddy@openbsd.org -Date: Sun May 23 18:22:57 2021 +0000 +commit fdb1d58d0d3888b042e5a500f6ce524486aaf782 +Author: djm@openbsd.org +Date: Thu Jan 6 22:05:42 2022 +0000 - upstream: ssh: The client configuration keyword is - - "hostbasedacceptedalgorithms" - - This fixes a mistake that slipped in when "HostbasedKeyTypes" was - renamed to "HostbasedAcceptedAlgorithms". + upstream: add a helper function to match a key type to a list of - Bug report by zack@philomathiclife.com + signature algorithms. RSA keys can make signatures with multiple algorithms, + so some special handling is required. ok markus@ - OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38 + OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff -commit 078a0e60c92700da4c536c93c007257828ccd05b -Author: Darren Tucker -Date: Tue May 25 11:40:47 2021 +1000 +commit 11e8c4309a5086a45fbbbc87d0af5323c6152914 +Author: djm@openbsd.org +Date: Thu Jan 6 22:04:20 2022 +0000 - Rename README.md to ci-status.md. + upstream: log some details on hostkeys that ssh loads for - The original intent was to provide a status page for the CIs configured - in that directory, but it had the side effect of replacing the top-level - README.md. + hostbased authn ok markus@ + + OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38 -commit 7be4ac813662f68e89f23c50de058a49aa32f7e4 +commit c6706f661739514a34125aa3136532a958929510 Author: djm@openbsd.org -Date: Wed May 19 01:24:05 2021 +0000 +Date: Thu Jan 6 22:03:59 2022 +0000 - upstream: restore blocking status on stdio fds before close - - ssh(1) needs to set file descriptors to non-blocking mode to operate - but it was not restoring the original state on exit. This could cause - problems with fds shared with other programs via the shell, e.g. + upstream: log signature algorithm during verification by monitor; - > $ cat > test.sh << _EOF - > #!/bin/sh - > { - > ssh -Fnone -oLogLevel=verbose ::1 hostname - > cat /usr/share/dict/words - > } | sleep 10 - > _EOF - > $ ./test.sh - > Authenticated to ::1 ([::1]:22). - > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds - > Bytes per second: sent 44338.9, received 55197.4 - > cat: stdout: Resource temporarily unavailable + ok markus - This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) - abandons/closes them. + OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc + +commit 8832402bd500d1661ccc80a476fd563335ef6cdc +Author: djm@openbsd.org +Date: Thu Jan 6 22:02:52 2022 +0000 + + upstream: piece of UpdateHostkeys client strictification: when - This was reported as bz3280 and GHPR246; ok dtucker@ + updating known_hosts with new keys, ignore NULL keys (forgot to include in + prior commit) - OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce + OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08 -commit c4902e1a653c67fea850ec99c7537f358904c0af +commit c2d9ced1da0276961d86690b3bd7ebdaca7fdbf7 Author: djm@openbsd.org -Date: Mon May 17 11:43:16 2021 +0000 +Date: Thu Jan 6 22:01:14 2022 +0000 - upstream: fix breakage of -W forwaring introduced in 1.554; reported by + upstream: include rejected signature algorithm in error message - naddy@ and sthen@, ok sthen@ + and not the (useless) key type; ok markus - OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd + OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023 -commit afea01381ad1fcea1543b133040f75f7542257e6 -Author: dtucker@openbsd.org -Date: Mon May 17 07:22:45 2021 +0000 +commit 7aa7b096cf2bafe2777085abdeed5ce00581f641 +Author: djm@openbsd.org +Date: Thu Jan 6 22:00:18 2022 +0000 - upstream: Regenerate moduli. + upstream: make ssh-keysign use the requested signature algorithm - OpenBSD-Commit-ID: 83c93a2a07c584c347ac6114d6329b18ce515557 + and not the default for the keytype. Part of unbreaking hostbased auth for + RSA/SHA2 keys. ok markus@ + + OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc -commit be2866d6207b090615ff083c9ef212b603816a56 -Author: Damien Miller -Date: Mon May 17 09:40:23 2021 +1000 +commit 291721bc7c840d113a49518f3fca70e86248b8e8 +Author: djm@openbsd.org +Date: Thu Jan 6 21:57:28 2022 +0000 - Handle Android libc returning NULL pw->pw_passwd + upstream: stricter UpdateHostkey signature verification logic on - Reported by Luke Dashjr + the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when + RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 + + ok markus@ + + OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29 -commit 5953c143008259d87342fb5155bd0b8835ba88e5 +commit 0fa33683223c76289470a954404047bc762be84c Author: djm@openbsd.org -Date: Fri May 14 05:20:32 2021 +0000 +Date: Thu Jan 6 21:55:23 2022 +0000 - upstream: fix previous: test saved no_shell_flag, not the one that just + upstream: Fix signature algorithm selection logic for - got clobbered + UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 + for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 + signatures for RSA keys if the client proposed these algorithms in initial + KEX. bz3375 - OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d + Mostly by Dmitry Belyavskiy with some tweaks by me. + + ok markus@ + + OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029 -commit 1e9fa55f4dc4b334651d569d3448aaa3841f736f +commit 17877bc81db3846e6e7d4cfb124d966bb9c9296b Author: djm@openbsd.org -Date: Fri May 14 03:09:48 2021 +0000 +Date: Thu Jan 6 21:48:38 2022 +0000 - upstream: Fix ssh started with ControlPersist incorrectly executing a + upstream: convert ssh, sshd mainloops from select() to poll(); - shell when the -N (no shell) option was specified. bz3290 reported by Richard - Schwab; patch from markus@ ok me + feedback & ok deraadt@ and markus@ has been in snaps for a few months - OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1 + OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c -commit d1320c492f655d8f5baef8c93899d79dded217a5 -Author: dtucker@openbsd.org -Date: Wed May 12 11:34:30 2021 +0000 +commit 5c79952dfe1aa36105c93b3f383ce9be04dee384 +Author: djm@openbsd.org +Date: Thu Jan 6 21:46:23 2022 +0000 - upstream: Clarify language about moduli. While both ends of the + upstream: prepare for conversion of ssh, sshd mainloop from - connection do need to use the same parameters (ie groups), the DH-GEX - protocol takes care of that and both ends do not need the same contents in - the moduli file, which is what the previous text suggested. ok djm@ jmc@ + select() to poll() by moving FD_SET construction out of channel handlers into + separate functions. ok markus - OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a + OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027 -commit d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d +commit 24c5187edfef4651a625b7d5d692c8c7e794f71f Author: djm@openbsd.org -Date: Fri May 7 04:11:51 2021 +0000 +Date: Wed Jan 5 21:54:37 2022 +0000 - upstream: include pid in LogVerbose spam + upstream: add a comment so I don't make this mistake again - OpenBSD-Commit-ID: aacb86f96ee90c7cb84ec27452374285f89a7f00 + OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e -commit e3c032333be5fdbbaf2751f6f478e044922b4ec4 +commit 7369900441929058263a17f56aa67e05ff7ec628 Author: djm@openbsd.org -Date: Fri May 7 03:09:38 2021 +0000 +Date: Wed Jan 5 21:50:00 2022 +0000 - upstream: don't sigdie() in signal handler in privsep child process; - - this can end up causing sandbox violations per bz3286; ok dtucker@ + upstream: fix cut-and-pasto in error message - OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda + OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198 -commit a4039724a3f2abac810735fc95cf9114a3856049 -Author: dtucker@openbsd.org -Date: Fri May 7 09:23:40 2021 +0000 +commit 294c11b1c7d56d3fb61e329603a782315ed70c62 +Author: djm@openbsd.org +Date: Wed Jan 5 08:25:05 2022 +0000 - upstream: Increase ConnectionAttempts from 4 to 10 as the tests + upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, - occasionally time out on heavily loaded hosts. + not just RSA-SHA1 - OpenBSD-Regress-ID: 29a8cdef354fc9da471a301f7f65184770434f3a + OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8 -commit c0d7e36e979fa3cdb60f5dcb6ac9ad3fd018543b +commit 2ea1108c30e3edb6f872dfc1e6da10b041ddf2c0 Author: djm@openbsd.org -Date: Fri May 7 02:26:55 2021 +0000 +Date: Wed Jan 5 04:56:15 2022 +0000 - upstream: dump out a usable private key string too; inspired by Tyson + upstream: regress test both sshsig message hash algorithms, possible - Whitehead + now because the algorithm is controllable via the CLI - OpenBSD-Regress-ID: 65572d5333801cb2f650ebc778cbdc955e372058 + OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f -commit 24fee8973abdf1c521cd2c0047d89e86d9c3fc38 +commit 2327c306b5d4a2b7e71178e5a4d139af9902c2b0 Author: djm@openbsd.org -Date: Fri May 7 02:29:40 2021 +0000 +Date: Wed Jan 5 04:50:11 2022 +0000 - upstream: correct mistake in spec - the private key blobs are encoded + upstream: allow selection of hash at sshsig signing time; code - verbatim and not as strings (i.e. no 4-byte length header) + already supported either sha512 (default) or sha256, but plumbing wasn't + there mostly by Linus Nordberg - OpenBSD-Commit-ID: 3606b5d443d72118c5b76c4af6dd87a5d5a4f837 + OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd -commit f43859159cc62396ad5d080f0b1f2635a67dac02 -Author: dtucker@openbsd.org -Date: Tue May 4 22:53:52 2021 +0000 +commit 56e941d0a00d6d8bae88317717d5e1b7395c9529 +Author: djm@openbsd.org +Date: Wed Jan 5 04:27:54 2022 +0000 - upstream: Don't pass NULL as a string in debugging as it does not work + upstream: add missing -O option to usage() for ssh-keygen -Y sign; - on some platforms in -portable. ok djm@ + from Linus Nordberg - OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9 + OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0 -commit ac31aa3c6341905935e75f0539cf4a61bbe99779 +commit 141a14ec9b0924709c98df2dd8013bde5d8d12c7 Author: djm@openbsd.org -Date: Mon May 3 00:16:45 2021 +0000 +Date: Wed Jan 5 04:27:01 2022 +0000 - upstream: more debugging for UpdateHostKeys signature failures + upstream: move sig_process_opts() to before sig_sign(); no - OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36 - -commit 8e32e97e788e0676ce83018a742203614df6a2b3 -Author: Darren Tucker -Date: Sat May 1 20:07:47 2021 +1000 - - Add obsd69 test target. + functional code change + + OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9 -commit f06893063597c5bb9d9e93f851c4070e77d2fba9 +commit 37a14249ec993599a9051731e4fb0ac5e976aec1 Author: djm@openbsd.org -Date: Fri Apr 30 04:29:53 2021 +0000 +Date: Wed Jan 5 04:10:39 2022 +0000 - upstream: a little debugging in the main mux process for status + upstream: regression test for find-principals NULL deref; from Fabian - confirmation failures in multiplexed sessions + Stelzer - OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49 + OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5 -commit e65cf00da6bc31e5f54603b7feb7252dc018c033 -Author: dtucker@openbsd.org -Date: Fri Apr 30 04:02:52 2021 +0000 +commit eb1f042142fdaba93f6c9560cf6c91ae25f6884a +Author: djm@openbsd.org +Date: Wed Jan 5 04:02:42 2022 +0000 - upstream: Remove now-unused skey function prototypes leftover from + upstream: NULL deref when using find-principals when matching an - skey removal. + allowed_signers line that contains a namespace restriction, but no + restriction specified on the command-line; report and fix from Fabian Stelzer - OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3 + OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145 -commit ae5f9b0d5c8126214244ee6b35aae29c21028133 -Author: Darren Tucker -Date: Thu Apr 29 13:01:50 2021 +1000 +commit 8f3b18030579f395eca2181da31a5f945af12a59 +Author: dtucker@openbsd.org +Date: Tue Jan 4 08:38:53 2022 +0000 - Wrap sntrup761x25519 inside ifdef. + upstream: Log command invocation while debugging. - From balu.gajjala at gmail.com via bz#3306. + This will aid in manually reproducing failing commands. + + OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a -commit 70a8dc138a6480f85065cdb239915ad4b7f928cf +commit bbf285164df535f0d38c36237f007551bbdae27f Author: Darren Tucker -Date: Wed Apr 28 14:44:07 2021 +1000 +Date: Sun Dec 26 10:31:15 2021 +1100 - Add status badges for Actions-based tests. + Always save config.h as build artifact. + + Should allow better comparison between failing and succeeding test + platforms. -commit 40b59024cc3365815381474cdf4fe423102e391b +commit 03bd4ed0db699687c5cd83405d26f81d2dc28d22 Author: Darren Tucker -Date: Wed Apr 28 12:22:11 2021 +1000 +Date: Sat Dec 25 16:42:51 2021 +1100 - Add obsdsnap (OpenBSD snapshot) test target. + Add OpenBSD 7.0 target. Retire 6.8. -commit e627067ec8ef9ae8e7a638f4dbac91d52dee3e6d -Author: Darren Tucker -Date: Wed Apr 28 11:35:28 2021 +1000 +commit c45a752f0de611afd87755c2887c8a24816d08ee +Author: jsg@openbsd.org +Date: Sat Jan 1 05:55:06 2022 +0000 - Add test building upstream OpenBSD source. + upstream: spelling + + OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62 -commit 1b8108ebd12fc4ed0fb39ef94c5ba122558ac373 -Author: Darren Tucker -Date: Tue Apr 27 14:22:20 2021 +1000 +commit c672f83a89a756564db0d3af9934ba0e1cf8fa3e +Author: djm@openbsd.org +Date: Tue Jan 4 07:20:33 2022 +0000 - Test against OpenSSL 1.1.0h instead of 1.1.0g. + upstream: unbreak test: was picking up system ssh-add instead of the - 1.1.0g requires a perl glob module that's not installed by default. + one supposedly being tested. Spotted by dtucker and using his VM zoo (which + includes some systems old enough to lack ed25519 key support) + + OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5 -commit 9bc20efd39ce8525be33df3ee009f5a4564224f1 -Author: Darren Tucker -Date: Tue Apr 27 12:37:59 2021 +1000 +commit a23698c3082ffe661abed14b020eac9b0c25eb9f +Author: djm@openbsd.org +Date: Sat Jan 1 04:18:06 2022 +0000 - Use the default VM type for libcrypto ver tests. + upstream: fix memleak in process_extension(); oss-fuzz issue #42719 + + OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e -commit 9f79e80dc40965c2e73164531250b83b176c1eea -Author: Darren Tucker -Date: Tue Apr 27 12:24:10 2021 +1000 +commit cb885178f36b83d0f14cfe9f345d2068103feed0 +Author: jsg@openbsd.org +Date: Sat Jan 1 01:55:30 2022 +0000 - Always build OpenSSL shared. + upstream: spelling ok dtucker@ - This is the default for current versions but we need it to test against - earlier versions. + OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19 -commit b3cc9fbdff2782eca79e33e02ac22450dc63bce9 -Author: Darren Tucker -Date: Tue Apr 27 09:18:02 2021 +1000 +commit 6b977f8080a32c5b3cbb9edb634b9d5789fb79be +Author: djm@openbsd.org +Date: Sun Dec 26 23:34:41 2021 +0000 - Fix custom OpenSSL tests. + upstream: split method list search functionality from - Check out specified OpenSSL version. Install custom libcrypto where - configure expects to find it. Remove unneeded OpenSSL config time - options. Older OpenSSL versions were not make -j safe so remove it. + authmethod_lookup() into a separate authmethod_byname(), for cases where we + don't need to check whether a method is enabled, etc. + + use this to fix the "none" authentication method regression reported + by Nam Nguyen via bugs@ + + ok deraadt@ + + OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17 -commit 77532609874a99a19e3e2eb2d1b7fa93aef963bb -Author: Darren Tucker -Date: Mon Apr 26 17:18:25 2021 +1000 +commit 0074aa2c8d605ee7587279a22cdad4270b4ddd07 +Author: jmc@openbsd.org +Date: Wed Dec 22 06:56:41 2021 +0000 - Export CC and CFLAGS for c89 test. + upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text; + + ok djm + + OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965 -commit 33f62dfbe865f4de77980ab88774bf1eb5e4e040 +commit 1c9853a68b2319f2e5f929179735e8fbb9988a67 Author: Darren Tucker -Date: Mon Apr 26 17:13:44 2021 +1000 +Date: Wed Dec 22 19:33:10 2021 +1100 - Add c89 here too. + Use SHA.*_HMAC_BLOCK_SIZE if needed. + + If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH + but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter. + Should fix --without-openssl build on Solaris. -commit da9d59f526fce58e11cba49cd8eb011dc0bf5677 -Author: Darren Tucker -Date: Mon Apr 26 15:34:23 2021 +1000 +commit 715c892f0a5295b391ae92c26ef4d6a86ea96e8e +Author: Damien Miller +Date: Wed Dec 22 09:02:50 2021 +1100 - Add test against OpenSSL w/out ECC. + remove sys/param.h in -portable, after upstream -commit 29e194a752359ebf85bf7fce100f23a0477fc4de -Author: Darren Tucker -Date: Mon Apr 26 14:49:59 2021 +1000 +commit 7a7c69d8b4022b1e5c0afb169c416af8ce70f3e8 +Author: Damien Miller +Date: Mon Dec 20 13:05:20 2021 +1100 - Ensure we can still build with C89. + add agent-restrict.sh file, missed in last commit -commit a38016d369d21df5d35f761f2b67e175e132ba22 -Author: Darren Tucker -Date: Mon Apr 26 14:29:03 2021 +1000 +commit f539136ca51a4976644db5d0be8158cc1914c72a +Author: djm@openbsd.org +Date: Sun Dec 19 22:20:12 2021 +0000 - Interop test agains PuTTY. + upstream: regression test for destination restrictions in ssh-agent + + OpenBSD-Regress-ID: 3c799d91e736b1753b4a42d80c42fc40de5ad33d -commit 095b0307a77be8803768857cc6c0963fa52ed85b -Author: Darren Tucker -Date: Mon Apr 26 14:02:03 2021 +1000 +commit 6e4980eb8ef94c04874a79dd380c3f568e8416d6 +Author: anton@openbsd.org +Date: Sat Dec 18 06:53:59 2021 +0000 - Support testing against arbitary libcrytpo vers. + upstream: Make use of ntests variable, pointed out by clang 13. - Add tests against various LibreSSL and OpenSSL versions. + OpenBSD-Regress-ID: 4241a3d21bdfa1630ed429b6d4fee51038d1be72 -commit b16082aa110fa7128ece2a9037ff420c4a285317 -Author: Darren Tucker -Date: Mon Apr 26 13:35:44 2021 +1000 +commit 3eead8158393b697f663ec4301e3c7b6f24580b1 +Author: deraadt@openbsd.org +Date: Tue Dec 14 21:25:27 2021 +0000 - Add fbsd10 test target. + upstream: sys/param.h cleanup, mostly using MINIMUM() and + + ok dtucker + + OpenBSD-Regress-ID: 172a4c45d3bcf92fa6cdf6c4b9db3f1b3abe4db0 -commit 2c805f16b24ea37cc051c6018fcb05defab6e57a -Author: Darren Tucker -Date: Sun Apr 25 14:15:02 2021 +1000 +commit 266678e19eb0e86fdf865b431b6e172e7a95bf48 +Author: djm@openbsd.org +Date: Sun Dec 19 22:15:42 2021 +0000 - Disable compiler hardening on nbsd4. + upstream: document host-bound publickey authentication - The system compiler supports -fstack-protector-all, but using it will - result in an internal compiler error on some files. + OpenBSD-Commit-ID: ea6ed91779a81f06d961e30ecc49316b3d71961b -commit 6a5d39305649da5dff1934ee54292ee0cebd579d -Author: Darren Tucker -Date: Sun Apr 25 13:01:34 2021 +1000 +commit 3d00024b3b156aa9bbd05d105f1deb9cb088f6f7 +Author: djm@openbsd.org +Date: Sun Dec 19 22:15:21 2021 +0000 - Add nbsd3, nbsd4 and nbsd9 test targets. + upstream: document agent protocol extensions + + OpenBSD-Commit-ID: 09e8bb391bbaf24c409b75a4af44e0cac65405a7 -commit d1aed05bd2e4ae70f359a394dc60a2d96b88f78c -Author: Darren Tucker -Date: Sat Apr 24 22:03:46 2021 +1000 +commit c385abf76511451bcba78568167b1cd9e90587d5 +Author: djm@openbsd.org +Date: Sun Dec 19 22:14:47 2021 +0000 - Comment out nbsd2 test target for now. + upstream: PubkeyAuthentication=yes|no|unbound|host-bound + + Allow control over which pubkey methods are used. Added out of + concern that some hardware devices may have difficulty signing + the longer pubkey authentication challenges. This provides a + way for them to disable the extension. It's also handy for + testing. + + feedback / ok markus@ + + OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a -commit a6b4ec94e5bd5a8a18cd2c9942d829d2e5698837 -Author: Darren Tucker -Date: Sat Apr 24 17:52:24 2021 +1000 +commit 34b1e9cc7654f41cd4c5b1cc290b999dcf6579bb +Author: djm@openbsd.org +Date: Sun Dec 19 22:14:12 2021 +0000 - Add OPENBSD ORIGINAL marker. + upstream: document destination-constrained keys + + feedback / ok markus@ + + OpenBSD-Commit-ID: cd8c526c77268f6d91c06adbee66b014d22d672e -commit 3737c9f66ee590255546c4b637b6d2be669a11eb -Author: Darren Tucker -Date: Fri Apr 23 19:49:46 2021 +1000 +commit a6d7677c4abcfba268053e5867f2acabe3aa371b +Author: djm@openbsd.org +Date: Sun Dec 19 22:13:55 2021 +0000 - Replace "==" (a bashism) with "=". + upstream: Use hostkey parsed from hostbound userauth request + + Require host-bound userauth requests for forwarded SSH connections. + + The hostkey parsed from the host-bound userauth request is now checked + against the most recently bound session ID / hostkey on the agent socket + and the signature refused if they do not match. + + ok markus@ + + OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02 -commit a116b6f5be17a1dd345b7d54bf8aa3779a28a0df -Author: Darren Tucker -Date: Fri Apr 23 16:34:48 2021 +1000 +commit baaff0ff4357cc5a079621ba6e2d7e247b765061 +Author: djm@openbsd.org +Date: Sun Dec 19 22:13:33 2021 +0000 - Add nbsd2 test target. - -commit 196bf2a9bb771f45d9b0429cee7d325962233c44 -Author: Darren Tucker -Date: Fri Apr 23 14:54:10 2021 +1000 - - Add obsd68 test target. - -commit e3ba6574ed69e8b7af725cf5e8a9edaac04ff077 -Author: Darren Tucker -Date: Fri Apr 23 14:53:32 2021 +1000 - - Remove dependency on bash. - -commit db1f9ab8feb838aee9f5b99c6fd3f211355dfdcf -Author: Darren Tucker -Date: Fri Apr 23 14:41:13 2021 +1000 - - Add obsd67 test target. - -commit c039a6bf79192fe1daa9ddcc7c87dd98e258ae7c -Author: Darren Tucker -Date: Fri Apr 23 11:08:23 2021 +1000 - - Re-add macos-11.0 test target. - -commit a6db3a47b56adb76870d59225ffb90a65bc4daf2 -Author: Darren Tucker -Date: Fri Apr 23 10:28:28 2021 +1000 - - Add openindiana test target. - -commit 3fe7e73b025c07eda46d78049f1da8ed7dfc0c69 -Author: Darren Tucker -Date: Fri Apr 23 10:26:35 2021 +1000 - - Test krb5 on Solaris 11 too. - -commit f57fbfe5eb02df1a91f1a237c4d27165afd87c13 -Author: Darren Tucker -Date: Thu Apr 22 22:27:26 2021 +1000 - - Don't always set SUDO. + upstream: agent support for parsing hostkey-bound signatures - Rely on sourcing configs to set as appropriate. - -commit e428f29402fb6ac140b52f8f12e06ece7bb104a0 -Author: Darren Tucker -Date: Thu Apr 22 22:26:08 2021 +1000 - - Remove now-unused 2nd arg to configs. - -commit cb4ff640d79b3c736879582139778f016bbb2cd7 -Author: Darren Tucker -Date: Wed Apr 21 01:08:04 2021 +1000 - - Add win10 test target. - -commit 4457837238072836b2fa3107d603aac809624983 -Author: Darren Tucker -Date: Tue Apr 20 23:31:29 2021 +1000 - - Add nbsd8 test target. - -commit bd4fba22e14da2fa196009010aabec5a8ba9dd42 -Author: Darren Tucker -Date: Sat Apr 17 09:55:47 2021 +1000 - - Add obsd51 target. - -commit 9403d0e805c77a5741ea8c3281bbe92558c2f125 -Author: Darren Tucker -Date: Fri Apr 16 18:14:25 2021 +1000 - - Add fbsd13 target. - -commit e86968280e358e62649d268d41f698d64d0dc9fa -Author: Damien Miller -Date: Fri Apr 16 13:55:25 2021 +1000 - - depend - -commit 2fb25ca11e8b281363a2a2a4dec4c497a1475d9a -Author: Damien Miller -Date: Fri Apr 16 13:53:02 2021 +1000 - - crank version in README and RPM spec files + Allow parse_userauth_request() to work with blobs from + publickey-hostbound-v00@openssh.com userauth attempts. + + Extract hostkey from these blobs. + + ok markus@ + + OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8 -commit b2b60ebab0cb77b5bc02d364d72e13db882f33ae +commit 3e16365a79cdeb2d758cf1da6051b1c5266ceed7 Author: djm@openbsd.org -Date: Fri Apr 16 03:42:00 2021 +0000 +Date: Sun Dec 19 22:13:12 2021 +0000 - upstream: openssh-8.6 + upstream: EXT_INFO negotiation of hostbound pubkey auth - OpenBSD-Commit-ID: b5f3e133c846127ec114812248bc17eff07c3e19 - -commit faf2b86a46c9281d237bcdec18c99e94a4eb820a -Author: markus@openbsd.org -Date: Thu Apr 15 16:24:31 2021 +0000 - - upstream: do not pass file/func to monitor; noted by Ilja van Sprundel; + the EXT_INFO packet gets a new publickey-hostbound@openssh.com to + advertise the hostbound public key method. - ok djm@ + Client side support to parse this feature flag and set the kex->flags + indicator if the expected version is offered (currently "0"). - OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa - -commit 2dc328023f60212cd29504fc05d849133ae47355 -Author: Damien Miller -Date: Wed Apr 14 11:42:55 2021 +1000 - - sshd don't exit on transient read errors + ok markus@ - openssh-8.5 introduced a regression that would cause sshd to exit - because of transient read errors on the network socket (e.g. EINTR, - EAGAIN). Reported by balu.gajjala AT gmail.com via bz3297 - -commit d5d6b7d76d171a2e6861609dcd92e714ee62ad88 -Author: Damien Miller -Date: Sat Apr 10 18:45:00 2021 +1000 - - perform report_failed_grab() inline + OpenBSD-Commit-ID: 4cdb2ca5017ec1ed7a9d33bda95c1d6a97b583b0 -commit ea996ce2d023aa3c6d31125e2c3ebda1cb42db8c -Author: Damien Miller -Date: Sat Apr 10 18:22:57 2021 +1000 +commit 94ae0c6f0e35903b695e033bf4beacea1d376bb1 +Author: djm@openbsd.org +Date: Sun Dec 19 22:12:54 2021 +0000 - dedicated gnome-ssk-askpass3 source + upstream: client side of host-bound pubkey authentication - Compatibility with Wayland requires that we use the gdk_seat_grab() - API for grabbing mouse/keyboard, however these API don't exist in - Gtk+2. + Add kex->flags member to enable the publickey-hostbound-v00@openssh.com + authentication method. - This branches gnome-ssk-askpass2.c => gnome-ssk-askpass3.c and - makes the changes to use the gdk_seat_grab() instead of grabbing - mouse/focus separately via GDK. + Use the new hostbound method in client if the kex->flags flag was set, + and include the inital KEX hostkey in the userauth request. - In the future, we can also use the branched file to avoid some - API that has been soft-deprecated in GTK+3, e.g. gtk_widget_modify_fg - -commit bfa5405da05d906ffd58216eb77c4375b62d64c2 -Author: Darren Tucker -Date: Thu Apr 8 15:18:15 2021 +1000 - - Ensure valgrind-out exists. + Note: nothing in kex.c actually sets the new flag yet - Normally the regress tests would create it, but running the unit tests - on their own would fail because the directory did not exist. - -commit 1f189181f3ea09a9b08aa866f78843fec800874f -Author: Darren Tucker -Date: Thu Apr 8 15:17:19 2021 +1000 - - Pass OBJ to unit test make invocation. + ok markus@ - At least the Valgrind unit tests uses $OBJ. - -commit f42b550c281d28bd19e9dd6ce65069164f3482b0 -Author: Darren Tucker -Date: Thu Apr 8 14:20:12 2021 +1000 - - Add pattern for valgrind-unit. + OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d -commit 19e534462710e98737478fd9c44768b50c27c4c6 -Author: Darren Tucker -Date: Thu Apr 8 13:31:08 2021 +1000 +commit 288fd0218dbfdcb05d9fbd1885904bed9b6d42e6 +Author: djm@openbsd.org +Date: Sun Dec 19 22:12:30 2021 +0000 - Run unit tests under valgrind. + upstream: sshd side of hostbound public key auth - Run a separate build for the unit tests under Valgrind. They take long - enough that running in parallel with the other Valgrind tests helps. - -commit 80032102d05e866dc2a48a5caf760cf42c2e090e -Author: Darren Tucker -Date: Thu Apr 8 13:25:57 2021 +1000 - - ifdef out MIN and MAX. + This is identical to the standard "publickey" method, but it also includes + the initial server hostkey in the message signed by the client. - In -portable, defines.h ensures that these are defined, so redefining - potentially causes a warning. We don't just delete it to make any - future code syncs a little but easier. bz#3293. - -commit d1bd184046bc310c405f45da3614a1dc5b3e521a -Author: Darren Tucker -Date: Wed Apr 7 10:23:51 2021 +1000 - - Remove only use of warn(). + feedback / ok markus@ - The warn() function is only used in one place in portable and does not - exist upstream. Upgrade the only instance it's used to fail() - (the privsep/sandbox+proxyconnect, from back when that was new) and - remove the now-unused function. + OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862 -commit fea8f4b1aa85026ad5aee5ad8e1599a8d5141fe0 -Author: Darren Tucker -Date: Wed Apr 7 10:18:32 2021 +1000 +commit dbb339f015c33d63484261d140c84ad875a9e548 +Author: djm@openbsd.org +Date: Sun Dec 19 22:12:07 2021 +0000 - Move make_tmpdir() into portable-specific area. + upstream: prepare for multiple names for authmethods - Reduces diff vs OpenBSD and makes it more likely diffs will apply - cleanly. - -commit 13e5fa2acffd26e754c6ee1d070d0afd035d4cb7 -Author: dtucker@openbsd.org -Date: Tue Apr 6 23:57:56 2021 +0000 - - upstream: Add TEST_SSH_ELAPSED_TIMES environment variable to print the + allow authentication methods to have one additional name beyond their + primary name. - elapsed time in seconds of each test. This depends on "date +%s" which is - not specified by POSIX but is commonly implemented. + allow lookup by this synonym - OpenBSD-Regress-ID: ec3c8c19ff49b2192116a0a646ee7c9b944e8a9c - -commit ef4f46ab4387bb863b471bad124d46e8d911a79a -Author: Darren Tucker -Date: Wed Apr 7 09:59:15 2021 +1000 - - Move the TEST_SSH_PORT section down a bit. + Use primary name for authentication decisions, e.g. for + PermitRootLogin=publickey - This groups the portable-specific changes together and makes it a - little more likely that patches will apply cleanly. - -commit 3674e33fa70dfa1fe69b345bf576113af7b7be11 -Author: Darren Tucker -Date: Wed Apr 7 10:05:10 2021 +1000 - - Further split Valgrind tests. + Pass actual invoked name to the authmethods, so they can tell whether they + were requested via the their primary name or synonym. - Even split in two, the Valgrind tests take by far the longest to run, - so split them four ways to further increase parallelism. + ok markus@ + + OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559 -commit 961af266b861e30fce1e26170ee0dbb5bf591f29 +commit 39f00dcf44915f20684160f0a88d3ef8a3278351 Author: djm@openbsd.org -Date: Tue Apr 6 23:24:30 2021 +0000 +Date: Sun Dec 19 22:11:39 2021 +0000 - upstream: include "ssherr.h" not ; from Balu Gajjala via + upstream: ssh-agent side of destination constraints - bz#3292 + Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com + constraints and to apply them to keys. - OpenBSD-Commit-ID: e9535cd9966eb2e69e73d1ede1f44905c30310bd - -commit e7d0a285dbdd65d8df16123ad90f15e91862f959 -Author: Damien Miller -Date: Wed Apr 7 08:50:38 2021 +1000 - - wrap struct rlimit in HAVE_GETRLIMIT too + Check constraints against the hostkeys recorded for a SocketEntry when + attempting a signature, adding, listing or deleting keys. Note that + the "delete all keys" request will remove constrained keys regardless of + location. + + feedback Jann Horn & markus@ + ok markus@ + + OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319 -commit f283a6c2e0a9bd9369e18462acd00be56fbe5b0d -Author: Damien Miller -Date: Wed Apr 7 08:20:35 2021 +1000 +commit ce943912df812c573a33d00bf9e5435b7fcca3f7 +Author: djm@openbsd.org +Date: Sun Dec 19 22:11:06 2021 +0000 - wrap getrlimit call in HAVE_GETRLIMIT; bz3291 + upstream: ssh-add side of destination constraints + + Have ssh-add accept a list of "destination constraints" that allow + restricting where keys may be used in conjunction with a ssh-agent/ssh + that supports session ID/hostkey binding. + + Constraints are specified as either "[user@]host-pattern" or + "host-pattern>[user@]host-pattern". + + The first form permits a key to be used to authenticate as the + specified user to the specified host. + + The second form permits a key that has previously been permitted + for use at a host to be available via a forwarded agent to an + additional host. + + For example, constraining a key with "user1@host_a" and + "host_a>host_b". Would permit authentication as "user1" at + "host_a", and allow the key to be available on an agent forwarded + to "host_a" only for authentication to "host_b". The key would not + be visible on agent forwarded to other hosts or usable for + authentication there. + + Internally, destination constraints use host keys to identify hosts. + The host patterns are used to obtain lists of host keys for that + destination that are communicated to the agent. The user/hostkeys are + encoded using a new restrict-destination-v00@openssh.com key + constraint. + + host keys are looked up in the default client user/system known_hosts + files. It is possible to override this set on the command-line. + + feedback Jann Horn & markus@ + ok markus@ + + OpenBSD-Commit-ID: 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 -commit 679bdc4a5c9244f427a7aee9c14b0a0ed086da1f -Author: dtucker@openbsd.org -Date: Tue Apr 6 09:07:33 2021 +0000 +commit 5e950d765727ee0b20fc3d2cbb0c790b21ac2425 +Author: djm@openbsd.org +Date: Sun Dec 19 22:10:24 2021 +0000 - upstream: Don't check return value of unsetenv(). It's part of the + upstream: ssh-add side of destination constraints - environment setup and not part of the actual test, and some platforms - -portable runs on declare it as returning void, which prevents the test from - compiling. + Have ssh-add accept a list of "destination constraints" that allow + restricting where keys may be used in conjunction with a ssh-agent/ssh + that supports session ID/hostkey binding. + + Constraints are specified as either "[user@]host-pattern" or + "host-pattern>[user@]host-pattern". + + The first form permits a key to be used to authenticate as the + specified user to the specified host. + + The second form permits a key that has previously been permitted + for use at a host to be available via a forwarded agent to an + additional host. + + For example, constraining a key with "user1@host_a" and + "host_a>host_b". Would permit authentication as "user1" at + "host_a", and allow the key to be available on an agent forwarded + to "host_a" only for authentication to "host_b". The key would not + be visible on agent forwarded to other hosts or usable for + authentication there. + + Internally, destination constraints use host keys to identify hosts. + The host patterns are used to obtain lists of host keys for that + destination that are communicated to the agent. The user/hostkeys are + encoded using a new restrict-destination-v00@openssh.com key + constraint. + + host keys are looked up in the default client user/system known_hosts + files. It is possible to override this set on the command-line. + + feedback Jann Horn & markus@ + ok markus@ - OpenBSD-Regress-ID: 24f08543ee3cdebc404f2951f3e388cc82b844a1 + OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e -commit 320af2f3de6333aa123f1b088eca146a245e968a -Author: jmc@openbsd.org -Date: Sun Apr 4 11:36:56 2021 +0000 +commit 4c1e3ce85e183a9d0c955c88589fed18e4d6a058 +Author: djm@openbsd.org +Date: Sun Dec 19 22:09:23 2021 +0000 - upstream: remove stray inserts; from matthias schmidt + upstream: ssh-agent side of binding - OpenBSD-Commit-ID: 2c36ebdc54e14bbf1daad70c6a05479a073d5c63 - -commit 801f710953b24dd2f21939171c622eac77c7484d -Author: jmc@openbsd.org -Date: Sun Apr 4 06:11:24 2021 +0000 - - upstream: missing comma; from kawashima james + record session ID/hostkey/forwarding status for each active socket. - OpenBSD-Commit-ID: 31cec6bf26c6db4ffefc8a070715ebef274e68ea - -commit b3ca08cb174266884d44ec710a84cd64c12414ea -Author: Darren Tucker -Date: Mon Apr 5 23:46:42 2021 +1000 - - Install libcbor with libfido2. + Attempt to parse data-to-be-signed at signature request time and extract + session ID from the blob if it is a pubkey userauth request. + + ok markus@ + + OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318 -commit f3ca8af87a4c32ada660da12ae95cf03d190c083 -Author: Damien Miller -Date: Sat Apr 3 18:21:08 2021 +1100 +commit e9497ecf73f3c16667288bce48d4e3d7e746fea1 +Author: djm@openbsd.org +Date: Sun Dec 19 22:08:48 2021 +0000 - enable authopt and misc unit tests + upstream: ssh client side of binding - Neither were wired into the build, both required some build - adaptations for -portable + send session ID, hostkey, signature and a flag indicating whether the + agent connection is being forwarded to ssh agent each time a connection + is opened via a new "session-bind@openssh.com" agent extension. + + ok markus@ + + OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135 -commit dc1b45841fb97e3d7f655ddbcfef3839735cae5f +commit b42c61d6840d16ef392ed0f365e8c000734669aa Author: djm@openbsd.org -Date: Sat Apr 3 06:58:30 2021 +0000 +Date: Sun Dec 19 22:08:06 2021 +0000 - upstream: typos in comments; GHPR#180 from Vill + upstream: Record session ID, host key and sig at intital KEX - =?UTF-8?q?e=20Skytt=C3=A4?= - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + These will be used later for agent session ID / hostkey binding - OpenBSD-Commit-ID: 93c732381ae0e2b680c79e67c40c1814b7ceed2c + ok markus@ + + OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe -commit 53ea05e09b04fd7b6dea66b42b34d65fe61b9636 +commit 26ca33d186473d58a32d812e19273ce078b6ffff Author: djm@openbsd.org -Date: Sat Apr 3 06:55:52 2021 +0000 +Date: Tue Dec 7 22:06:45 2021 +0000 - upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from + upstream: better error message for FIDO keys when we can't match - Matt Hazinski + them to a token - OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696 + OpenBSD-Commit-ID: 58255c2a1980088f4ed144db67d879ada2607650 -commit 57ed647ee07bb883a2f2264231bcd1df6a5b9392 -Author: Damien Miller -Date: Sat Apr 3 17:47:37 2021 +1100 +commit adb0ea006d7668190f0c42aafe3a2864d352e34a +Author: Darren Tucker +Date: Wed Dec 15 10:50:33 2021 +1100 - polish whitespace for portable files + Correct value for IPTOS_DSCP_LE. + + It needs to allow for the preceeding two ECN bits. From daisuke.higashi + at gmail.com via OpenSSH bz#3373, ok claudio@, job@, djm@. -commit 31d8d231eb9377df474746a822d380c5d68d7ad6 -Author: djm@openbsd.org -Date: Sat Apr 3 06:18:40 2021 +0000 +commit 3dafd3fe220bd9046f11fcf5191a79ec8800819f +Author: Darren Tucker +Date: Fri Dec 10 11:57:30 2021 +1100 - upstream: highly polished whitespace, mostly fixing spaces-for-tab + Increase timeout for test step. + +commit 5aefb05cd5b843e975b191d6ebb7ddf8de35c112 +Author: Darren Tucker +Date: Fri Dec 10 10:27:27 2021 +1100 + + Update the list of tests that don't work on Minix. - and bad indentation on continuation lines. Prompted by GHPR#185 + While there, remove CC (configure will now find clang) and make the test + list easier to update via cut and paste. + +commit 1c09bb1b2e207d091cec299c49416c23d24a1b31 +Author: Darren Tucker +Date: Fri Dec 10 10:12:57 2021 +1100 + + Add minix host tuple. - OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9 + Define SETEUID_BREAKS_SETUID for it which should make privsep work. -commit 34afde5c73b5570d6f8cce9b49993b23b77bfb86 -Author: djm@openbsd.org -Date: Sat Apr 3 05:54:14 2021 +0000 +commit a2188579032cf080213a78255373263466cb90cc +Author: jsg@openbsd.org +Date: Sun Dec 5 12:28:27 2021 +0000 - upstream: whitespace (tab after space) + upstream: fix unintended sizeof pointer in debug path ok markus@ - OpenBSD-Commit-ID: 0e2b3f7674e985d3f7c27ff5028e690ba1c2efd4 + OpenBSD-Commit-ID: b9c0481ffc0cd801e0840e342e6a282a85aac93c -commit 7cd262c1c5a08cc7f4f30e3cab108ef089d0a57b -Author: Darren Tucker -Date: Sat Apr 3 16:59:10 2021 +1100 +commit da40355234068c82f1a36196f2d18dd2d81aaafd +Author: naddy@openbsd.org +Date: Sat Dec 4 00:05:39 2021 +0000 - Save config.h and config.log on failure too. + upstream: RSA/SHA-1 is not used by default anymore on the server + + OpenBSD-Commit-ID: 64abef6cfc3e53088225f6b8a1dcd86d52dc8353 -commit 460aee9298f365357e9fd26851c22e0dca51fd6a +commit e9c71498a083a8b502aa831ea931ce294228eda0 Author: djm@openbsd.org -Date: Sat Apr 3 05:46:41 2021 +0000 +Date: Thu Dec 2 23:45:36 2021 +0000 - upstream: fix incorrect plural; from Ville Skyt + upstream: hash full host:port when asked to hash output, fixes hashes - =?UTF-8?q?t=C3=A4=20via=20GHPR#181?= - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + for non- default ports. bz3367 ok dtucker@ - OpenBSD-Commit-ID: 92f31754c6296d8f403d7c293e09dc27292d22c9 + OpenBSD-Commit-ID: 096021cc847da7318ac408742f2d0813ebe9aa73 -commit 082804c14e548cada75c81003a3c68ee098138ee +commit b5601202145a03106012c22cb8980bcac2949f0b Author: djm@openbsd.org -Date: Sat Apr 3 05:40:39 2021 +0000 +Date: Thu Dec 2 23:23:13 2021 +0000 - upstream: ensure that pkcs11_del_provider() is called before exit - + upstream: improve the testing of credentials against inserted FIDO - some PKCS#11 providers get upset if C_Initialize is not matched with - C_Finalize. + keys a little more: ask the token whether a particular key belongs to it in + cases where the token support on-token user- verification (e.g. biometrics) + rather than just assuming that it will accept it. - From Adithya Baglody via GHPR#234; ok markus + Will reduce spurious "Confirm user presence" notifications for key + handles that relate to FIDO keys that are not currently inserted in at + least some cases. - OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6 + Motivated by bz3366; by Pedro Martelletto + + OpenBSD-Commit-ID: ffac7f3215842397800e1ae2e20229671a55a63d -commit 464ebc82aa926dd132ec75a0b064574ef375675e +commit ca709e27c41c90f4565b17282c48dca7756e083c Author: djm@openbsd.org -Date: Sat Apr 3 05:28:43 2021 +0000 +Date: Thu Dec 2 22:40:05 2021 +0000 - upstream: unused variable + upstream: move check_sk_options() up so we can use it earlier - OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205 + OpenBSD-Commit-ID: 67fe98ba1c846d22035279782c4664c1865763b4 -commit dc3c0be8208c488e64a8bcb7d9efad98514e0ffb -Author: djm@openbsd.org -Date: Sat Apr 3 05:21:46 2021 +0000 +commit b711bc01a7ec76bb6a285730990cbce9b8ca5773 +Author: dtucker@openbsd.org +Date: Thu Dec 2 22:35:05 2021 +0000 - upstream: Fix two problems in string->argv conversion: 1) multiple + upstream: ssh-rsa is no longer in the default for - backslashes were not being dequoted correctly and 2) quoted space in the - middle of a string was being incorrectly split. - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + PubkeyAcceptedAlgorithms. - A unit test for these cases has already been committed + OpenBSD-Commit-ID: 34a9e1bc30966fdcc922934ae00f09f2596cd73c + +commit dc91ceea33cd4a9f05be953e8d8062f732db5c8a +Author: djm@openbsd.org +Date: Thu Dec 2 02:44:44 2021 +0000 + + upstream: don't put the tty into raw mode when SessionType=none, avoids - prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@ + ^c being unable to kill such a session. bz3360; ok dtucker@ - OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4 + OpenBSD-Commit-ID: 83960c433052303b643b4c380ae2f799ac896f65 -commit f75bcbba58a08c670727ece5e3f8812125969799 +commit e6e7d2654a13ba10141da7b42ea683ea4eeb1f38 Author: Damien Miller -Date: Sat Apr 3 16:22:48 2021 +1100 +Date: Mon Nov 29 14:11:03 2021 +1100 - missing bits from 259d648e + previous commit broke bcrypt_pbkdf() + + Accidentally reverted part of the conversion to use SHA512 from SUPERCOP + instead of OpenBSD-style libc SHA512. -commit 4cbc4a722873d9b68cb5496304dc050d7168df78 -Author: djm@openbsd.org -Date: Wed Mar 31 21:59:26 2021 +0000 +commit c0459588b8d00b73e506c6095958ecfe62a4a7ba +Author: Darren Tucker +Date: Mon Nov 29 14:03:19 2021 +1100 - upstream: cannot effectively test posix-rename extension after - - changes in feature advertisment. - - OpenBSD-Regress-ID: 5e390bf88d379162aaa81b60ed86b34cb0c54d29 + Fix typo in Neils' name. -commit 259d648e63e82ade4fe2c2c73c8b67fe57d9d049 -Author: djm@openbsd.org -Date: Fri Mar 19 04:23:50 2021 +0000 +commit 158bf854e2a22cf09064305f4a4e442670562685 +Author: Damien Miller +Date: Mon Nov 29 12:30:22 2021 +1100 - upstream: add a test for misc.c:argv_split(), currently fails + sync bcrypt-related files with OpenBSD - OpenBSD-Regress-ID: ad6b96d6ebeb9643b698b3575bdd6f78bb144200 + The main change is that Niels Provos kindly agreed to rescind the + BSD license advertising clause, shifting them to the 3-term BSD + license. + + This was the last thing in OpenSSH that used the advertising clause. -commit 473ddfc2d6b602cb2d1d897e0e5c204de145cd9a -Author: djm@openbsd.org -Date: Fri Mar 19 03:25:01 2021 +0000 +commit e8976d92a42883ff6b8991438f07df60c2c0d82d +Author: Damien Miller +Date: Mon Nov 29 12:29:29 2021 +1100 - upstream: split - - OpenBSD-Regress-ID: f6c03c0e4c58b3b9e04b161757b8c10dc8378c34 + depend -commit 1339800fef8d0dfbfeabff71b34670105bcfddd2 +commit 8249afeec013e557fe7491a72ca3285de03e25b1 Author: djm@openbsd.org -Date: Wed Mar 31 22:16:34 2021 +0000 +Date: Sun Nov 28 07:21:26 2021 +0000 - upstream: Use new limits@openssh.com protocol extension to let the + upstream: sshsig: return "key not found" when searching empty files - client select good limits based on what the server supports. Split the - download and upload buffer sizes to allow them to be chosen independently. + rather than "internal error" - In practice (and assuming upgraded sftp/sftp-server at each end), this - increases the download buffer 32->64KiB and the upload buffer - 32->255KiB. + OpenBSD-Commit-ID: e2ccae554c78d7a7cd33fc5d217f35be7e2507ed + +commit 9e3227d4dbb5ad9c9091b4c14982cab4bba87b4d +Author: djm@openbsd.org +Date: Sun Nov 28 07:15:10 2021 +0000 + + upstream: ssh-keygen -Y match-principals doesn't accept any -O - Patches from Mike Frysinger; ok dtucker@ + options at present, so don't say otherwise in SYNOPSIS; spotted jmc@ - OpenBSD-Commit-ID: ebd61c80d85b951b794164acc4b2f2fd8e88606c + OpenBSD-Commit-ID: 9cc43a18f4091010741930b48b3db2f2e4f1d35c -commit 6653c61202d104e59c8e741329fcc567f7bc36b8 +commit 56db1f4a4cf5039fc3b42e84c4b16291fdff32b1 Author: djm@openbsd.org -Date: Wed Mar 31 21:58:07 2021 +0000 +Date: Sun Nov 28 07:14:29 2021 +0000 - upstream: do not advertise protocol extensions that have been + upstream: fix indenting in last commit - disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@ + OpenBSD-Commit-ID: 8b9ba989815d0dec1fdf5427a4a4b58eb9cac4d2 + +commit 50bea24a9a9bdebad327c76e700def3261f5694e +Author: djm@openbsd.org +Date: Sun Nov 28 07:10:18 2021 +0000 + + upstream: missing initialisation for oerrno - OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205 + OpenBSD-Commit-ID: 05d646bba238080259bec821c831a6f0b48d2a95 -commit 71241fc05db4bbb11bb29340b44b92e2575373d8 -Author: Damien Miller -Date: Mon Mar 29 15:14:25 2021 +1100 +commit 5a0f4619041d09cd29f3a08da41db5040372bdd1 +Author: Darren Tucker +Date: Sun Nov 28 15:31:37 2021 +1100 - gnome-ssh-askpass3 is a valid target here + Correct ifdef to activate poll() only if needed. -commit 8a9520836e71830f4fccca066dba73fea3d16bda +commit d4035c81a71237f690edd7eda32bef7d63fd9528 Author: djm@openbsd.org -Date: Fri Mar 19 02:22:34 2021 +0000 +Date: Sat Nov 27 07:23:35 2021 +0000 - upstream: return non-zero exit status when killed by signal; bz#3281 ok - - dtucker@ + upstream: whitespac e - OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816 + OpenBSD-Regress-ID: b9511d41568056bda489e13524390167889908f8 -commit 1269b8a686bf1254b03cd38af78167a04aa6ec88 +commit a443491e6782ef0f5a8bb87a5536c8ee4ff233a1 Author: djm@openbsd.org -Date: Fri Mar 19 02:18:28 2021 +0000 +Date: Sat Nov 27 07:20:58 2021 +0000 - upstream: increase maximum SSH2_FXP_READ to match the maximum + upstream: regression test for match-principals. Mostly by Fabian - packet size. Also handle zero-length reads that are borderline nonsensical - but not explicitly banned by the spec. Based on patch from Mike Frysinger, - feedback deraadt@ ok dtucker@ + Stelzer - OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c + OpenBSD-Regress-ID: ced0bec89af90935103438986bbbc4ad1df9cfa7 -commit 860b67604416640e8db14f365adc3f840aebcb1f +commit 78230b3ec8cbabc1e7de68732dc5cbd4837c6675 Author: djm@openbsd.org -Date: Tue Mar 16 06:15:43 2021 +0000 +Date: Sat Nov 27 07:14:46 2021 +0000 - upstream: don't let logging clobber errno before use + upstream: Add ssh-keygen -Y match-principals operation to perform - OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec - -commit 5ca8a9216559349c56e09039c4335636fd85c241 -Author: Darren Tucker -Date: Sat Mar 13 14:40:43 2021 +1100 - - Only call dh_set_moduli_file if using OpenSSL. + matching of principals names against an allowed signers file. + + Requested by and mostly written by Fabian Stelzer, towards a TOFU + model for SSH signatures in git. Some tweaks by me. + + "doesn't bother me" deraadt@ - Fixes link failure when configuring --without-openssl since dh.c is not - linked in. + OpenBSD-Commit-ID: 8d1b71f5a4127bc5e10a880c8ea6053394465247 -commit 867a7dcf003c51d5a83f83565771a35f0d9530ac -Author: Darren Tucker -Date: Sat Mar 13 13:52:53 2021 +1100 +commit 15db86611baaafb24c40632784dabf82e3ddb1a7 +Author: djm@openbsd.org +Date: Thu Nov 25 23:02:24 2021 +0000 - Don't install moduli during tests. + upstream: debug("func: ...") -> debug_f("...") - Now that we have TEST_SSH_MODULI_FILE pointing to the moduli in the - soure directory we don't need to install the file to prevent warnings - about it being missing. + OpenBSD-Commit-ID: d58494dc05c985326a895adfbe16fbd5bcc54347 -commit 0c054538fccf92b4a028008321d3711107bee6d5 +commit b7ffbb17e37f59249c31f1ff59d6c5d80888f689 Author: Darren Tucker -Date: Sat Mar 13 13:51:26 2021 +1100 +Date: Fri Nov 19 18:53:46 2021 +1100 - Point TEST_SSH_MODULI_FILE at our own moduli. + Allow for fd = -1 in compat ppoll overflow check. - This will allow the test to run without requiring a moduli file - installed at the configured default path. + Fixes tests on at least FreeBSD 6, possibly others. -commit 4d48219c72ab0c71238806f057f0e9630b7dd25c -Author: jsg@openbsd.org -Date: Fri Mar 12 05:18:01 2021 +0000 +commit 04b172da5b96a51b0d55c905b423ababff9f4e0b +Author: Darren Tucker +Date: Fri Nov 19 16:01:51 2021 +1100 - upstream: spelling + Don't auto-enable Capsicum sandbox on FreeBSD 9/10. - OpenBSD-Commit-ID: 478bc3db04f62f1048ed6e1765400f3ab325e60f + Since we changed from select() to ppoll() tests have been failing. + This seems to be because FreeBSD 10 (and presumably 9) do not allow + ppoll() in the privsep process and sshd will fail with "Not permitted in + capability mode". Setting CAP_EVENT on the FDs doesn't help, but weirdly, + poll() works without that. Those versions are EOL so this situation is + unlikely to change. -commit 88057eb6df912abf2678ea5c846d9d9cbc92752c -Author: dtucker@openbsd.org -Date: Fri Mar 12 04:08:19 2021 +0000 +commit a823f39986e7b879f26412e64c15630e1cfa0dc5 +Author: djm@openbsd.org +Date: Thu Nov 18 03:53:48 2021 +0000 - upstream: Add ModuliFile keyword to sshd_config to specify the + upstream: regression test for ssh-keygen -Y find-principals fix; from - location of the "moduli" file containing the groups for DH-GEX. This will - allow us to run tests against arbitrary moduli files without having to - install them. ok djm@ + Fabian Stelzer ok djm markus - OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66 + OpenBSD-Regress-ID: 34fe4088854c1a2eb4c0c51cc4676ba24096bac4 -commit f07519a2af96109325b5a48b1af18b57601074ca +commit 199c4df66c0e39dd5c3333b162af274678c0501d Author: djm@openbsd.org -Date: Fri Mar 12 03:43:40 2021 +0000 +Date: Thu Nov 18 21:32:11 2021 +0000 - upstream: pwcopy() struct passwd that we're going to reuse across a - - bunch of library calls; bz3273 ok dtucker@ + upstream: less confusing debug message; bz#3365 - OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762 + OpenBSD-Commit-ID: 836268d3642c2cdc84d39b98d65837f5241e4a50 -commit 69d6d4b0c8a88d3d1288415605f36e2df61a2f12 -Author: dtucker@openbsd.org -Date: Wed Mar 10 06:32:27 2021 +0000 +commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836 +Author: djm@openbsd.org +Date: Thu Nov 18 21:11:01 2021 +0000 - upstream: Import regenerated moduli file. + upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we + + already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries + that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364 - OpenBSD-Commit-ID: 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b + OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d -commit e5895e8ecfac65086ea6b34d0d168409a66a15e1 +commit c74aa0eb73bd1edf79947d92d9c618fc3424c4a6 Author: djm@openbsd.org -Date: Wed Mar 10 04:58:45 2021 +0000 +Date: Thu Nov 18 03:50:41 2021 +0000 - upstream: no need to reset buffer after send_msg() as that is done + upstream: ssh-keygen -Y find-principals was verifying key validity - for us; patch from Mike Frysinger + when using ca certs but not with simple key lifetimes within the allowed + signers file. - OpenBSD-Commit-ID: 565516495ff8362a38231e0f1a087b8ae66da59c - -commit 721948e67488767df0fa0db71ff2578ee2bb9210 -Author: dtucker@openbsd.org -Date: Sat Mar 13 01:52:16 2021 +0000 - - upstream: Add TEST_SSH_MODULI_FILE variable to allow overriding of the + Since it returns the first keys principal it finds this could + result in a principal with an expired key even though a valid + one is just below. - moduli file used during the test run. + patch from Fabian Stelzer; feedback/ok djm markus - OpenBSD-Regress-ID: be10f785263120edb64fc87db0e0d6570a10220a + OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905 -commit 82fef71e20ffef425b932bec26f5bc46aa1ed41c +commit d902d728dfd81622454260e23bc09d5e5a9a795e Author: Darren Tucker -Date: Fri Mar 12 15:58:57 2021 +1100 +Date: Thu Nov 18 23:44:07 2021 +1100 - Allow (but return EACCES) fstatat64 in sandbox. - - This is apparently used in some configurations of OpenSSL when glibc - has getrandom(). bz#3276, patch from Kris Karas, ok djm@ + Correct calculation of tv_nsec in poll(). -commit 1cd67ee15ce3d192ab51be22bc4872a6a7a4b6d9 +commit 21dd5a9a3fb35e8299a1fbcf8d506f1f6b752b85 Author: Darren Tucker -Date: Fri Mar 12 13:16:10 2021 +1100 +Date: Thu Nov 18 23:11:37 2021 +1100 - Move generic includes outside of ifdef. - - This ensures that the macros in log.h are defined in the case where - either of --with-solaris-projects or --with-solaris-privs are used - without --with-solaris-contracts. bz#3278. + Add compat implementation of ppoll using pselect. -commit 2421a567a8862fe5102a4e7d60003ebffd1313dd +commit b544ce1ad4afb7ee2b09f714aa63efffc73fa93a Author: Darren Tucker -Date: Wed Mar 10 17:41:21 2021 +1100 +Date: Thu Nov 18 23:05:34 2021 +1100 - Import regenerated moduli file. + Put poll.h inside ifdef HAVE_POLL_H. -commit e99080c05d9d48dbbdb022538533d53ae1bd567d -Author: millert@openbsd.org -Date: Sat Mar 6 20:36:31 2021 +0000 +commit 875408270c5a7dd69ed5449e5d85bd7120c88f70 +Author: djm@openbsd.org +Date: Thu Nov 18 03:31:44 2021 +0000 - upstream: Fix PRINT macro, the suffix param to sshlog() was missing. - - Also remove redundant __func__ prefix from PRINT calls as the macro already - adds __FILE__, __func__ and __LINE__. From Christos Zoulas. OK dtucker@ + upstream: check for POLLHUP wherever we check for POLLIN - OpenBSD-Commit-ID: 01fdfa9c5541151b5461d9d7d6ca186a3413d949 + OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5 -commit 160db17fc678ceb5e3fd4a7e006cc73866f484aa +commit 36b5e37030d35bbaa18ba56825b1af55971d18a0 Author: djm@openbsd.org -Date: Wed Mar 3 22:41:49 2021 +0000 +Date: Thu Nov 18 03:07:59 2021 +0000 - upstream: don't sshbuf_get_u32() into an enum; reported by goetze + upstream: fd leak in sshd listen loop error path; from Gleb - AT dovetail.com via bz3269 + Smirnoff - OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a + OpenBSD-Commit-ID: a7a2be27a690a74bf2381bc16cea38e265657412 -commit cffd033817a5aa388764b6661855dcdaabab0588 -Author: sthen@openbsd.org -Date: Wed Mar 3 21:40:16 2021 +0000 +commit b99498d0c93f1edd04857b318308a66b28316bd8 +Author: djm@openbsd.org +Date: Thu Nov 18 03:07:20 2021 +0000 - upstream: typo in other_hostkeys_message() display output, ok djm + upstream: check for POLLHUP as well as POLLIN in sshd listen loop; + + ok deraadt millert - OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5 + OpenBSD-Commit-ID: a4f1244c5a9c2b08dac4f3b1dc22e9d1dc60c587 -commit 7fe141b96b13bd7dc67ca985e14d55b9bd8a03fd +commit 1f3055d788e8cf80851eb1728b535d57eb0dba6a Author: djm@openbsd.org -Date: Wed Mar 3 08:42:52 2021 +0000 +Date: Thu Nov 18 03:06:03 2021 +0000 - upstream: needs FILE*; from Mike Frysinger + upstream: check for POLLHUP as well as POLLIN, handle transient IO + + errors as well as half-close on the output side; ok deraadt millert - OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d + OpenBSD-Commit-ID: de5c5b9939a37476d256328cbb96305bdecf511e -commit d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98 +commit 9778a15fa6dbdac6a95bf15865c2688b4bd6944e Author: Damien Miller -Date: Tue Mar 2 21:31:47 2021 +1100 +Date: Thu Nov 18 10:16:55 2021 +1100 - update depend + adjust seccomp filter for select->poll conversion + + Needed to add ppoll syscall but also to relax the fallback rlimit + sandbox. Linux poll() fails with EINVAL if npfds > RLIMIT_NOFILE, + so we have to allow a single fd in the rlimit. -commit f0c4eddf7cf224ebcac1f07ac8afdb30c6e9fe0a +commit fcd8d895bbb849c64f0aed934e3303d37f696f5d Author: Damien Miller -Date: Tue Mar 2 21:30:14 2021 +1100 +Date: Thu Nov 18 10:16:44 2021 +1100 - update relnotes URL + update depends -commit 67a8bb7fe62a381634db4c261720092e7d514a3d +commit 76292787a1e93e668f10e36b4bf59ce0ae28e156 Author: Damien Miller -Date: Tue Mar 2 21:29:54 2021 +1100 +Date: Thu Nov 18 09:26:20 2021 +1100 - update RPM spec version numbers + compat for timespecsub() and friends -commit 0a4b23b11b9a4e6eec332dd5c6ab2ac6f62aa164 +commit fd7e7de4ddb4399c7e929b44f2bbfc118eddfcf8 Author: djm@openbsd.org -Date: Tue Mar 2 01:48:18 2021 +0000 +Date: Wed Nov 17 21:06:39 2021 +0000 - upstream: openssh-8.5 + upstream: set num_listen_socks to 0 on close-all instead of -1, - OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6 + which interferes with the new poll()-based listen loop; spotted and debugged + by anton@+deraadt@ + + OpenBSD-Commit-ID: f7ab8ab124f615a2e0c45fee14c38d2f2abbabbd -commit de3866383b6720ad4cad83be76fe4c8aa111a249 -Author: Darren Tucker -Date: Mon Mar 1 21:13:24 2021 +1100 +commit fd9343579afac30a971f06643a669733d9acb407 +Author: deraadt@openbsd.org +Date: Sun Nov 14 18:47:43 2021 +0000 - Only upload config logs if configure fails. + upstream: use ppoll() instead of pselect() with djm + + OpenBSD-Commit-ID: 980f87c9564d5d2ad55722b7a6f44f21284cd215 -commit 85ff2a564ce838f8690050081176c1de1fb33116 -Author: dtucker@openbsd.org -Date: Sun Feb 28 22:56:30 2021 +0000 +commit 092d29b232ef1a19609a5316ed7e4d896bb2e696 +Author: deraadt@openbsd.org +Date: Sun Nov 14 06:15:36 2021 +0000 - upstream: Add %k to list of keywords. From + upstream: match .events with .fd better - =?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?= - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + OpenBSD-Commit-ID: 77eef212ca0add905949532af390164489c5984b + +commit 8d642c9a90fa4ed5a3effd785fb3591e14de00cd +Author: deraadt@openbsd.org +Date: Sun Nov 14 03:25:10 2021 +0000 + + upstream: convert select() to poll() ok djm - OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e + OpenBSD-Commit-ID: b53e4940ff10dd24f8d16e8db8ef1970015d7ead -commit e774bac35933e71f924f4301786e7fb5bbe1422f -Author: dtucker@openbsd.org -Date: Sun Feb 28 01:50:47 2021 +0000 +commit 6582a31c388968f4073af2bd8621880735c3d42b +Author: deraadt@openbsd.org +Date: Sat Nov 13 21:14:13 2021 +0000 - upstream: Do not try to reset signal handler for signal 0 in + upstream: replace select() with ppoll(), including converting - subprocess. Prevents spurious debug message. ok djm@ + timeval's to timespec's to make things easier. back and forth and ok; djm - OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46 + OpenBSD-Commit-ID: 89d3b23c60875da919e7820f9de6213286ffbec9 -commit 351c5dbbd74ce300c4f058112f9731c867c6e225 -Author: djm@openbsd.org -Date: Sat Feb 27 23:42:37 2021 +0000 +commit 7c025c005550c86a40200a2bcdd355d09413d61a +Author: deraadt@openbsd.org +Date: Sat Nov 13 17:26:13 2021 +0000 - upstream: fix alphabetic ordering of options; spotted by Iain Morgan + upstream: It really looks like pledge "stdio dns" is possible + + earlier. Discussed with mestre - OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5 + OpenBSD-Commit-ID: 610873de63a593e0ac7bbbcb7a0f2894d36f4c01 -commit 0d1c9dbe578597f8d45d3ac7690df10d32d743e5 -Author: Darren Tucker -Date: Sat Feb 27 12:25:25 2021 +1100 +commit 06acb04c20ee483fe4757bd12aec870cc4bb1076 +Author: deraadt@openbsd.org +Date: Fri Nov 12 05:23:49 2021 +0000 - zlib is now optional. + upstream: aggressively pre-fill the pollfd array with fd=-1 + + OpenBSD-Commit-ID: c2a525de8f83c1a04405bd79122c424140552a5b -commit b7c6ee7b437d9adfd19ef49d6c0f19f13f26f9b3 -Author: Jeffrey H. Johnson <61629094+johnsonjh@users.noreply.github.com> -Date: Sat Feb 27 01:04:58 2021 +0000 +commit 7eec76793dec06e8f06b6cf71f9473141c69d109 +Author: deraadt@openbsd.org +Date: Thu Nov 11 15:32:32 2021 +0000 - Fix punctuatio and typo in README.md. + upstream: Convert from select() to ppoll(). Along the way, I + + observed that the select() code was using exceptfds incorrectly.. ok millert - Some very minor fixes, missing 's' and punctuation. + OpenBSD-Commit-ID: 548e05bfc31b2af02319eb3d051286d4128dec96 -commit 6248b86074804983e8f7a2058856a516dbfe2924 -Author: Damien Miller -Date: Fri Feb 26 16:45:50 2021 +1100 +commit e665ed2d0c24fe11d5470ce72fa1e187377d3fc4 +Author: Darren Tucker +Date: Fri Nov 12 22:55:27 2021 +1100 - Revert "ssh: optional bind interface if bind address specified." + Switch from LibreSSL 3.4.0 to 3.4.1. + + The LibreSSL 3.4.0 release has an OPENBSD_BRANCH that points to + "master" and that branch no longer has the files LibreSSL expects + and thus it will no longer build, breaking the test. + +commit 21b6b5a06c8c53c548d25e6074c5240e88e2ef34 +Author: djm@openbsd.org +Date: Wed Nov 10 06:29:25 2021 +0000 + + upstream: add the sntrup761x25519-sha512@openssh.com hybrid + + ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default + KEXAlgorithms list (after the ECDH methods but before the prime-group DH + ones). - This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c. + ok markus@ - Apologies - I accidentally pushed this. + OpenBSD-Commit-ID: 22b77e27a04e497a10e22f138107579652854210 -commit 493339a940b13be6071629c3c2dd5a3b6fc17023 -Author: Damien Miller -Date: Fri Feb 26 15:45:38 2021 +1100 +commit 239da797cbf07a640d7b1ea02d3f99ace3ef792d +Author: djm@openbsd.org +Date: Wed Nov 10 06:25:08 2021 +0000 - detech BSD libc hash functions in libbsd / libmd + upstream: fix ssh-keysign for KEX algorithms that use SHA384/512 - Some Linux distributions are shipping the BSD-style hashing functions - (e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to - avoid header/replacement clashes later. ok dtucker@ - -commit 5a878a71a3528c2626aa1d331934fd964782d41c -Author: Dmitrii Turlupov -Date: Thu Feb 4 16:27:31 2021 +0300 - - ssh: optional bind interface if bind address specified. + exchange hashes; feedback/ok markus@ - Allows the -b and -B options to be used together. - For example, when the interface is in the VRF. + OpenBSD-Commit-ID: 09a8fda1c081f5de1e3128df64f28b7bdadee239 -commit 1fe4d70df94d3bcc2b35fd57cad6b5fc4b2d7b16 +commit 6997a592ecb1013df0c6d7f8df3e6517827aef11 Author: djm@openbsd.org -Date: Fri Feb 26 04:18:42 2021 +0000 +Date: Mon Nov 8 21:32:49 2021 +0000 - upstream: remove this KEX fuzzer; it's awkward to use and doesn't play + upstream: improve error message when trying to expand a ~user path + + for a user that doesn't exist; better matches what the shell does - nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it - but me. + ok deraadt@ - OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9 + OpenBSD-Commit-ID: 1ddefa3c3a78b69ce13d1b8f67bc9f2cefd23ad6 -commit 24a3a67bd7421740d08803b84bd784e764107928 +commit 10b899a15c88eb40eb5f73cd0fa84ef0966f79c9 Author: Darren Tucker -Date: Fri Feb 26 11:49:19 2021 +1100 +Date: Wed Nov 10 12:34:25 2021 +1100 - Remove macos-11.00 PAM test target too. + Don't trust closefrom() on Linux. - These are failing apparently due to some kind of infrastructure problem, - making it look like every commit is busted. + glibc's closefrom implementation does not work in a chroot when the kernel + does not have close_range. It tries to read from /proc/self/fd and when + that fails dies with an assertion of sorts. Instead, call close_range + ourselves from our compat code and fall back if that fails. bz#3349, + with william.wilson at canonical.com and fweimer at redhat.com. -commit 473201783f732ca8b0ec528b56aa55fa0d8cf717 -Author: djm@openbsd.org -Date: Fri Feb 26 00:16:58 2021 +0000 +commit eb1f63195a9a38b519536a5b398d9939261ec081 +Author: dtucker@openbsd.org +Date: Sat Nov 6 10:13:39 2021 +0000 - upstream: a bit more debugging behind #ifdef DEBUG_SK + upstream: Plug a couple of minor mem leaks. From beldmit at + + gmail.com via github PR#283, ok markus@ - OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993 + OpenBSD-Commit-ID: ec1fa7d305d46226861c3ca6fb9c9beb2ada2892 -commit fd9fa76a344118fe1ef10b9a6c9e85d39599e9a8 -Author: Darren Tucker -Date: Fri Feb 26 01:15:10 2021 +1100 +commit e4f501bf1d3b53f1cc23d9521fd7c5163307b760 +Author: djm@openbsd.org +Date: Fri Nov 5 03:10:58 2021 +0000 - Remove macos-11.0 from the test target list. + upstream: move cert_filter_principals() to earlier in the file for + + reuse; no code change - It has been consistently failing for the past few days with a github - actions internal error. + OpenBSD-Commit-ID: 598fa9528b656b2f38bcc3cf5b6f3869a8c115cf -commit 476ac8e9d33dbf96ef97aab812b8d7089d0cdc24 -Author: Philip Hands -Date: Wed Feb 24 23:43:16 2021 +0100 +commit 59c60f96fee321c7f38f00372826d37f289534af +Author: deraadt@openbsd.org +Date: Wed Nov 3 22:00:56 2021 +0000 - tidy the $INSTALLKEY_SH code layout a little + upstream: Many downstreams expect ssh to compile as non-C99... - SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983 + OpenBSD-Commit-ID: e6aa3e08bda68e5fb838fc8a49b1d2dfc38ee783 -commit 983e05ef3b81329d76d6a802b39ad0d1f637c06c -Author: Jakub Jelen -Date: Tue Sep 29 10:02:45 2020 +0000 +commit 7a78fe63b0b28ef7231913dfefe9d08f9bc41c61 +Author: Darren Tucker +Date: Sat Nov 6 21:07:03 2021 +1100 - if unable to add a missing newline, fail + Skip getline() on HP-UX 10.x. - SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95 + HP-UX 10.x has a getline() implementation in libc that does not behave + as we expect so don't use it. With correction from Thorsten Glaser and + typo fix from Larkin Nickle. -commit 3594b3b015f6014591da88ba71bf6ff010be7411 -Author: Philip Hands -Date: Tue Oct 13 14:12:58 2020 +0200 +commit 343ae252ebb35c6ecae26b447bf1551a7666720e +Author: Damien Miller +Date: Wed Nov 3 12:08:21 2021 +1100 - use $AUTH_KEY_DIR, now that we have it - - since that was a change made since jjelen's commit was written - - also, quote the variables - - SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616 + basic SECURITY.md (refers people to the website) -commit 333e25f7bc43cee6e36f766e39dad6f9918b318c -Author: Jakub Jelen -Date: Tue Sep 29 10:00:01 2020 +0000 +commit ed45a0168638319e0a710633f6085b96b9cec656 +Author: djm@openbsd.org +Date: Tue Nov 2 22:57:27 2021 +0000 - restorecon the correct directory + upstream: crank SSH_SK_VERSION_MAJOR to match recent change in - if using different path for authorized_keys file + usr/bin/ssh - SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51 + OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552 -commit 9beeab8a37a49a9e3ffb1972fff6621ee5bd7a71 +commit f3c34df860c4c1ebddacb973954e58167d9dbade Author: djm@openbsd.org -Date: Thu Feb 25 03:27:34 2021 +0000 +Date: Tue Nov 2 22:56:40 2021 +0000 - upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ + upstream: Better handle FIDO keys on tokens that provide user - OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69 - -commit 2dd9870c16ddbd83740adeead5030d6840288c8f -Author: dtucker@openbsd.org -Date: Wed Feb 24 23:12:35 2021 +0000 - - upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in + verification (UV) on the device itself, including biometric keys. - test to match change to config-dump output. + Query the token during key creation to determine whether it supports + on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag + in the key so that ssh(1) doesn't automatically prompty for PIN later. - OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d - -commit b9225c3a1c3f5827e31d5d64a71b8e0504a25619 -Author: dtucker@openbsd.org -Date: Wed Feb 24 01:18:08 2021 +0000 - - upstream: Put obsolete aliases for hostbasedalgorithms and + When making signatures with the key, query the token's capabilities + again and check whether the token is able (right now) to perform user- + verification without a PIN. If it is then the PIN prompt is bypassed + and user verification delegated to the token. If not (e.g. the token + is biometric capable, but no biometric are enrolled), then fall back + to user verification via the usual PIN prompt. + + Work by Pedro Martelletto; ok myself and markus@ - pubkeyacceptedalgorithms after their current names so that the config-dump - mode finds and uses the current names. Spotted by Phil Pennock. + NB. cranks SSH_SK_VERSION_MAJOR - OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15 + OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27 -commit 8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42 +commit 0328a081f38c09d2d4d650e94461a47fb5eef536 Author: djm@openbsd.org -Date: Tue Feb 23 21:55:08 2021 +0000 +Date: Fri Oct 29 03:03:06 2021 +0000 - upstream: lots more s/key types/signature algorithms/ mostly in + upstream: sshsig: add tests for signing key validity and - HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen + find-principals - OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb - -commit 0aeb508aaabc4818970c90831e3d21843c3c6d09 -Author: djm@openbsd.org -Date: Tue Feb 23 21:50:18 2021 +0000 - - upstream: Correct reference to signature algorithms as keys; from + - adds generic find-principals tests (this command had none before) + - tests certs with a timeboxed validity both with and without a + restriced lifetime for the CA + - test for a revoked CA cert - Jakub Jelen + by Fabian Stelzer - OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5 - -commit f186a020f2ba5f9c462a23293750e29ba0a746b1 -Author: Darren Tucker -Date: Tue Feb 23 16:05:22 2021 +1100 - - Add a couple more test VMs. + OpenBSD-Regress-ID: 9704b2c6df5b8ccfbdf2c06c5431f5f8cad280c9 -commit ffcdd3d90e74176b3bb22937ad1f65a6c1cd3f9d -Author: Darren Tucker -Date: Mon Feb 22 08:09:27 2021 +1100 +commit ccd358e1e25e25c13f0825996283cbf7a1647a3b +Author: djm@openbsd.org +Date: Fri Oct 29 02:48:19 2021 +0000 - Valgrind test: split and move up list. + upstream: avoid signedness warning; spotted in -portable - Since the valgrind test takes so long it approaches the limit allowed by - github, move it to the head of the list so it's the first one started and - split the longest tests out into a second instance that runs concurrently - with the first. + OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6 -commit c3b1636770785cc2830dedd0f22ef7d3d3491d6d +commit 2741f52beb11490d7033a25e56ed0496f0c78006 Author: djm@openbsd.org -Date: Tue Feb 23 00:05:31 2021 +0000 +Date: Fri Oct 29 03:20:46 2021 +0000 - upstream: warn when the user specifies a ForwardAgent path that does - - not exist and exit if ExitOnForwardFailure is set; bz3264 + upstream: ssh-keygen: make verify-time argument parsing optional - OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26 - -commit 5fcb0514949d61aadaf4a89cf16eb78fb47491ec -Author: Darren Tucker -Date: Sat Feb 20 13:34:02 2021 +1100 - - Disable rlimit sandbox, doesn't work with valgrind + From Fabian Stelzer - Only run regress tests, runing unit tests as well makes it run longer - than allowed y github. - -commit bb0b9bf45396c19486080d3eb0a159f94de7e6ba -Author: Darren Tucker -Date: Sat Feb 20 13:06:25 2021 +1100 - - Upload valgrind logs on failure. + OpenBSD-Commit-ID: 1ff35e4c366a45a073663df90381be6a8ef4d370 -commit ebb3b75e974cb241c6b9b9f5881b09c7bd32b651 -Author: Darren Tucker -Date: Fri Feb 19 22:18:50 2021 +1100 +commit a1217d363b88b32cfe54c4f02c6c1cf4bdefdd23 +Author: Damien Miller +Date: Fri Oct 29 13:48:34 2021 +1100 - Rename "vm" to "os" in selfhosted to match c-cpp. - - Should make it easier to share code or maybe merge at some point. + unbreak fuzz harness for recent changes -commit 76c0be0fe0465cb2b975dbd409f8d38b55e55bcb +commit 68e522ed8183587c9367fa3842c5b75f64f3d12b Author: Darren Tucker -Date: Fri Feb 19 22:15:22 2021 +1100 +Date: Fri Oct 29 13:32:24 2021 +1100 - Upload regress failure logs in c-cpp too. + Use -Wbitwise-instead-of-logical if supported. -commit 8751b6c3136f5225c40f41bbf29aa29e15795f6e -Author: Darren Tucker -Date: Fri Feb 19 22:13:36 2021 +1100 +commit be28b23012aa3fa323be7ec84863cf238927c078 +Author: Damien Miller +Date: Thu Oct 28 16:24:53 2021 +1100 - Comment out Solaris 64bit PAM build... + use -Wmisleading-indentation cflag if available - until I can figure out why it's failing. - -commit e9f6d563c06886b277c6b9abafa99fa80726dc48 -Author: Darren Tucker -Date: Fri Feb 19 10:20:17 2021 +1100 - - Actually run Valgrind tests. - -commit 41d232e226624f1a81c17091c36b44c9010aae62 -Author: Darren Tucker -Date: Fri Feb 19 10:16:56 2021 +1100 - - Add test against Valgrind. - -commit e6528d91f12fba05f0ea64224091c9d0f38bdf1d -Author: Darren Tucker -Date: Thu Feb 18 16:30:01 2021 +1100 - - Add fbsd12 test target. - -commit 6506cb2798d98ff03a7cc06567c392a81f540680 -Author: Darren Tucker -Date: Thu Feb 18 15:21:13 2021 +1100 - - Remove unused arg. - -commit 93c31a623973b0fad508214593aab6ca94b11dcb -Author: Darren Tucker -Date: Thu Feb 18 14:54:07 2021 +1100 - - Add DEBUG_SK to kitchensink builds. - -commit 65085740d3574eeb3289d592f042df62c2689bb0 -Author: Darren Tucker -Date: Thu Feb 18 14:53:14 2021 +1100 - - Add bbone test target (arm32). + ok dtucker@ -commit 63238f5aed66148b8d6ca7bd5fb347d624200155 -Author: djm@openbsd.org -Date: Thu Feb 18 02:49:35 2021 +0000 +commit 2e6f5f24dd2f9217f4ab8b737ed428d5d5278f91 +Author: Damien Miller +Date: Thu Oct 28 16:24:44 2021 +1100 - upstream: Fix the hostkeys rotation extension documentation - - The documentation was lacking the needed want-reply field in the initial - global request. - - https://github.com/openssh/openssh-portable/pull/218 by dbussink - - OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054 + depend -commit 34c5ef6e2d06d9f0e20cb04a9aebf67a6f96609a -Author: djm@openbsd.org -Date: Thu Feb 18 02:15:07 2021 +0000 +commit a5ab4882348d26addc9830a44e053238dfa2cb58 +Author: Damien Miller +Date: Thu May 6 10:08:30 2021 +1000 - upstream: make names in function prototypes match those in + remove built-in support for md5crypt() - definition from https://github.com/openssh/openssh-portable/pull/225 by - ZenithalHourlyRate + Users of MD5-hashed password should arrange for ./configure to link + against libxcrypt or similar. Though it would be better to avoid use + of MD5 password hashing entirely, it's arguably worse than DEScrypt. - OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd + feedback and ok dtucker@ -commit 88e3d4de31ab4f14cac658e9e0c512043b15b146 +commit c5de1fffa6328b8246b87da28fa9df05813f76a3 Author: djm@openbsd.org -Date: Thu Feb 18 02:13:58 2021 +0000 +Date: Thu Oct 28 02:55:30 2021 +0000 - upstream: unbreak SK_DEBUG builds - - from https://github.com/openssh/openssh-portable/pull/225 by - ZenithalHourlyRate + upstream: increment SSH_SK_VERSION_MAJOR to match last change - OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb + OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0 -commit 788cbc5b74a53956ba9fff11e1ca506271a3597f +commit 0001d04e55802d5bd9d6dece1081a99aa4ba2828 Author: djm@openbsd.org -Date: Thu Feb 18 00:30:17 2021 +0000 +Date: Thu Oct 28 02:54:18 2021 +0000 - upstream: sftp-server: implement limits@openssh.com extension - - This is a simple extension that allows the server to clearly - communicate transfer limits it is imposing so the client doesn't - have to guess, or force the user to manually tune. This is - particularly useful when an attempt to use too large of a value - causes the server to abort the connection. + upstream: When downloading resident keys from a FIDO token, pass - Patch from Mike Frysinger; ok dtucker@ + back the user ID that was used when the key was created and append it to the + filename the key is written to (if it is not the default). - OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51 - -commit 324449a68d510720d0e4dfcc8e9e5a702fe6a48f -Author: Damien Miller -Date: Thu Feb 18 12:06:25 2021 +1100 - - support OpenSSL 3.x cipher IV API change + Avoids keys being clobbered if the user created multiple + resident keys with the same application string but different + user IDs. - OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x. - This uses the new name if available. + feedback Pedro Martelletto; ok markus - https://github.com/openssl/openssl/issues/13411 + NB. increments SSH_SK_VERSION_MAJOR - bz#3238 ok dtucker@ + OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3 -commit 845fe9811c047063d935eca89188ed55c993626b -Author: Damien Miller -Date: Thu Feb 18 11:25:38 2021 +1100 +commit d4bed5445646e605c383a4374fa962e23bf9e3a3 +Author: deraadt@openbsd.org +Date: Sun Oct 24 21:24:17 2021 +0000 - prefer login_getpwclass() to login_getclass() + upstream: For open/openat, if the flags parameter does not contain - FreeBSD has login_getpwclass() that does some special magic for - UID=0. Prefer this to login_getclass() as its easier to emulate - the former with the latter. + O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers + in the past have passed mode_t (0, 044, 0644, or such), which might lead + future people to copy this broken idiom, and perhaps even believe this + parameter has some meaning or implication or application. Delete them all. + This comes out of a conversation where tb@ noticed that a strange (but + intentional) pledge behaviour is to always knock-out high-bits from mode_t on + a number of system calls as a safety factor, and his bewilderment that this + appeared to be happening against valid modes (at least visually), but no + sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok + millert - Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@ + OpenBSD-Commit-ID: 503d11633497115688c0c6952686524f01f53121 -commit d0763c8d566119cce84d9806e419badf20444b02 +commit d575cf44895104e0fcb0629920fb645207218129 Author: Darren Tucker -Date: Thu Feb 18 10:45:27 2021 +1100 +Date: Fri Oct 22 23:27:41 2021 +1100 - Fixing quoting for installing moduli on target guest. + kitchensink test target now needs krb5. -commit b3afc243bc820f323a09e3218e9ec8a30a3c1933 +commit 4ae39cada214e955bcfd3448ff28f0ed18886706 Author: Darren Tucker -Date: Thu Feb 18 10:27:16 2021 +1100 +Date: Fri Oct 22 22:54:33 2021 +1100 - Install moduli on target not host. + Test both MIT KRB5 and Heimdal. -commit f060c2bc85d59d111fa18a12eb3872ee4b9f7e97 -Author: Damien Miller -Date: Thu Feb 18 10:33:58 2021 +1100 +commit 22b2681d88619e5247dc53c9f112058a7e248d48 +Author: dtucker@openbsd.org +Date: Fri Oct 22 10:51:57 2021 +0000 - don't free string returned by login_getcapstr(3) - - OpenBSD and NetBSD require the caller to free strings returned - bu the login_* functions, but FreeBSD requires that callers don't. + upstream: Plug mem addrinfo mem leaks. - Fortunately in this case, we can harmlessly leak as the process is - about to exec the shell/command. + Prevent mem leaks in the (unlikely) event that getaddrinfo returns + no addresses. ALso, remove an unneeded NULL check in addr_ntop. From + khaleesicodes via github PR#281, ok deraadt@ - From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@ + OpenBSD-Commit-ID: e8a5afc686376637c355c5f7e122dc4b080b9c1a -commit bc9b0c25703215501da28aa7a6539f96c0fa656f -Author: Darren Tucker -Date: Thu Feb 18 10:10:00 2021 +1100 +commit 27c8c343b610263f83ac2328735feeb881c6c92f +Author: dtucker@openbsd.org +Date: Fri Oct 22 09:22:04 2021 +0000 - Skip unit tests on sol11 to speed things up. + upstream: Remove unnecessary semicolons + + ... in case statements. From khaleesicodes via github PR#280. + + OpenBSD-Commit-ID: e1e89360b65775cff83e77ce040b342015caf4ed -commit 161873035c12cc22211fc73d07170ade47746bc5 -Author: Darren Tucker -Date: Thu Feb 18 10:09:27 2021 +1100 +commit e7eb73b8d1fe1008d92433ea949491ce654bfaba +Author: dtucker@openbsd.org +Date: Fri Oct 22 09:19:34 2021 +0000 - Remove SKIP_UNIT as it needs to be a make arg. + upstream: Fix typos in comments. + + From khaleesicodes via github PR#280. + + OpenBSD-Commit-ID: 26fdd83652c40f098bf7c685e8ebb9eb72cc45fc -commit 1c293868e4b4e8e74e3ea15b8dff90f6b089967a -Author: Darren Tucker -Date: Thu Feb 18 10:05:03 2021 +1100 +commit 052a9d8494175e24312daa6c132665e58c17fe6e +Author: deraadt@openbsd.org +Date: Fri Oct 15 14:46:46 2021 +0000 - Always intall moduli. + upstream: switch scp(1) back to sftp protocol. - Allows us to run tests without falling back to a fixed modulus. Ensure that - the directory exists. + openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP + protocol for copying. Let's get back to testing the SFTP protocol. + + OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30 -commit 5c8f41ad100601ec2fdcbccdfe92890c31f81bbe +commit a07664646bf6d293f5bbd45a5de54f3c36bb85da Author: Darren Tucker -Date: Thu Feb 18 09:59:09 2021 +1100 +Date: Fri Oct 22 14:00:05 2021 +1100 - Quote SSHD_CONFOPTS in case it contains spaces. + Source configs script so setup_ci can use settings -commit 4653116c1f5384ea7006e6396d9b53c33d218975 +commit 34df52c201c6b47e5a46b50c215e4d98a8bf6587 Author: Darren Tucker -Date: Thu Feb 18 09:51:18 2021 +1100 +Date: Fri Oct 22 09:42:14 2021 +1100 - Fix labels on targets (dots vs underscores). + Install libedit and pam based on config flags. -commit 4512047f57ca3c6e8cd68f0cc69be59e98b25287 +commit 8c626cc563e8d21d844d06f9971a9ee01de6aa2a Author: Darren Tucker -Date: Wed Feb 17 21:47:48 2021 +1100 +Date: Thu Oct 21 16:53:39 2021 +1100 - More compact representation of config matrix. + Don't use 'here string", it's not POSIX. -commit 0406cd09f05c2e419b113dd4c0eac8bc34ec915b +commit 086a4b5977472aefa3de918b88efad0faf83b2b1 Author: Darren Tucker -Date: Wed Feb 17 21:19:18 2021 +1100 +Date: Thu Oct 21 15:33:27 2021 +1100 - Skip unit tests on hosted VMs to speed things up. + Remove -Werror from compiler package to install. -commit 4582612e6147d766c336198c498740242fb8f1ec +commit 5a7a4687507d057f9b5e7497f3d3f82e64753c02 Author: Darren Tucker -Date: Wed Feb 17 20:21:29 2021 +1100 +Date: Thu Oct 21 15:00:53 2021 +1100 - Merge macos and ubuntu tests. + Build with -Werror on most recent gcc and clang. -commit 09f4b84654b71099559492e9aed5e1a38bf24815 +commit 4d2cbdb525d673acf941d48a7044fcf03125611a Author: Darren Tucker -Date: Wed Feb 17 18:41:30 2021 +1100 +Date: Fri Oct 15 12:59:06 2021 +1100 - Convert most github hosted tests to new config structure. + Include string.h and stdio.h for strerror. -commit 65380ff7e054be1454e5ab4fd7bb9c66f8fcbaa9 +commit fff13aaa262b7b3ec83ed21e29674cbf331780a7 Author: Darren Tucker -Date: Wed Feb 17 18:27:36 2021 +1100 +Date: Fri Oct 15 12:43:36 2021 +1100 - Only run selfhosted tests from selfhosted repo. + Include error reason if trace disabling fails. -commit f031366535650b88248ed7dbf23033afdf466240 +commit d4b38144c02f3faa5271e5fb35df93507e06f1b4 Author: Darren Tucker -Date: Fri Jan 15 14:11:43 2021 +1100 +Date: Tue Oct 12 22:55:51 2021 +1100 - Add self-hosted runners for VMs of other platforms. - - Github only hosts a limited number of platforms, and the runner code - is only supported on slightly wider range of platforms. To increase - our test coverage beyond that, we run the runner natively on a VM host, - where it runs a jobs that boot VMs of other platforms, waits for them - to come up then runs the build and test by ssh'ing into the guest. - This means that the minimum dependencies for the guests are quite low - (basically just sshd, a compiler and make). - - The interface to the VM host is fairly simple (basically 3 scripts: - vmstartup, vmrun and vmshutdown), but those are specific to the VM host - so are not in the public repo. We also mount the working directory on the - host via sshfs, so things like artifact upload by the runner also work. - - As part of this we are moving the per-test-target configs into a single - place (.github/configs) where there will be referenced by a single short - "config" key. I plan to make the github-hosted runners use this too. - - The self-hosted runners are run off a private repo on github since that - prevents third parties from accessing them[0], and since runner quota is - limited on private repos, we avoid running the tests we run on the public - repo. - - [0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories + Add tcmalloc test target. -commit 64bbd7444d658ef7ee14a7ea5ccc7f5810279ee7 +commit 002d65b0a30063c6e49bf8a53e709d8d5a0d45c1 Author: dtucker@openbsd.org -Date: Wed Feb 17 03:59:00 2021 +0000 - - upstream: Make sure puttygen is new enough to successfully run the - - PuTTY interop tests, otherwise skip them. - - OpenBSD-Regress-ID: 34565bb50b8aec58331ed02a5e9e0a9a929bef51 - -commit da0a9afcc446a30ca49dd216612c41ac3cb1f2d4 -Author: markus@openbsd.org -Date: Mon Feb 15 20:43:15 2021 +0000 - - upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding - - with SOCKS ok djm@, dtucker@ - - OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c - -commit b696858a7f9db72a83d02cb6edaca4b30a91b386 -Author: markus@openbsd.org -Date: Mon Feb 15 20:36:35 2021 +0000 - - upstream: factor out opt_array_append; ok djm@ - - OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a - -commit ad74fc127cc45567e170e8c6dfa2cfd9767324ec -Author: dlg@openbsd.org -Date: Mon Feb 15 11:09:22 2021 +0000 +Date: Sat Oct 9 10:52:42 2021 +0000 - upstream: ProxyJump takes "none" to disable processing like - - ProxyCommand does + upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and - ok djm@ jmc@ + PubkeyAuthOptions can be used in a Match block. Patch from eehakkin via + github PR#277. - OpenBSD-Commit-ID: 941a2399da2193356bdc30b879d6e1692f18b6d3 + OpenBSD-Commit-ID: c0a63f5f52e918645967ac022b28392da4b866aa -commit 16eacdb016ccf38dd9959c78edd3a6282513aa53 -Author: djm@openbsd.org -Date: Fri Feb 12 03:49:09 2021 +0000 +commit 40bd3709dddaae3a1b6113748bec3faa6a607531 +Author: Darren Tucker +Date: Thu Oct 7 15:55:49 2021 +1100 - upstream: sftp: add missing lsetstat@openssh.com documentation - - patch from Mike Frysinger - - OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b + Skip SK unit tests when built without security-key -commit e04fd6dde16de1cdc5a4d9946397ff60d96568db -Author: djm@openbsd.org -Date: Fri Feb 12 03:14:18 2021 +0000 +commit 482f73be10f10b93f818df19fcc8a912c0c371fc +Author: Darren Tucker +Date: Thu Oct 7 15:55:04 2021 +1100 - upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own - - function and remove an unused variable; ok dtucker@ + Include relevant env vars on command line. - OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559 + Makes it easier to reproduce a build by cut/pasting the configure line. -commit 1bb130ed34721d46452529d094d9bbf045607d79 +commit ef5916b8acd9b1d2f39fad4951dae03b00dbe390 Author: Darren Tucker -Date: Thu Feb 11 10:18:05 2021 +1100 +Date: Thu Oct 7 14:28:02 2021 +1100 - Add __NR_futex_time64 to seccomp sandbox. - - This is apparently needed for (some) 32 bit platforms with glibc 2.33. - Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260. + Only enable sk-* key types if ENABLE_SK is defined -commit f88a7a431212a16e572ecabd559e632f369c363e +commit 52d4232b493a9858fe616e28a8bbcc89afa2ad4d Author: Darren Tucker -Date: Sat Feb 6 09:37:01 2021 +1100 +Date: Wed Oct 6 18:14:37 2021 +1100 - Add a hostname function for systems that don't have it. + Disable security key on minix3. - Some systems don't have a hostname command (it's not required by POSIX). - The do have uname -n (which is), but as found by tim@ some others (eg - UnixWare) do not report the FQDN from uname -n. + The test doesn't work so disable. -commit 5e385a71ef2317856f37c91a98658eb12eb5a89c -Author: dtucker@openbsd.org -Date: Fri Feb 5 22:03:40 2021 +0000 +commit 7cd062c3a29669b8d7dc2a97e6575f4dcb7d35a2 +Author: Darren Tucker +Date: Wed Oct 6 17:45:28 2021 +1100 - upstream: Roll back the hostname->uname change in rev 1.10. It turns - - out uname -n doesn't do what we need for some platforms in portable, so we'll - fix the original problem (that some other platforms don't have hostname at - all) by providing wrapper function to implement it. - - OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341 + Add USE_LIBC_SHA2 for (at least) NetBSD 9. -commit b446c214279de50ed8388e54897eb1be5281c894 -Author: dtucker@openbsd.org -Date: Fri Feb 5 06:01:58 2021 +0000 +commit 639c440f6c3c2a8216a5eb9455ef13bf4204089c +Author: Darren Tucker +Date: Wed Oct 6 17:09:31 2021 +1100 - upstream: hostname is not specified by POSIX but uname -n is, so use - - the latter for portability. Patch from Geert Hendrickx via github PR#208. + Define OPENSSL_NO_SHA including OpenSSL from test. - OpenBSD-Regress-ID: d6a79c7c4d141a0d05ade4a042eb57dddbce89f3 + We don't use SHA256 from OpenSSL in the sk-dummy module and the + definitions can conflict with system sha2.h (eg on NetBSD) so define + OPENSSL_NO_SHA so we don't attempt to redefine them. -commit 1cb6ce98d658e5fbdae025a3bd65793980e3b5d9 -Author: David Carlier -Date: Sat Nov 21 12:22:23 2020 +0000 +commit 8f4be526a338d06624f146fa26007bb9dd3a4f7b +Author: Darren Tucker +Date: Wed Oct 6 15:40:58 2021 +1100 - Using explicit_memset for the explicit_bzero compatibility layer. + Disable security key on NetBSD4 test. - Favoriting the native implementation in this case. + sk-dummy used for the security key test includes both sha2.h and OpenSSL + causing the definitions conflict so disable security key support on this + platform. -commit 2e0beff67def2120f4b051b1016d7fbf84823e78 -Author: Luca Weiss -Date: Sun Nov 8 14:19:23 2020 +0100 +commit 3b353ae58aa07a1cbbeb1da3ace21fc0dcccd66a +Author: Damien Miller +Date: Wed Oct 6 15:07:01 2021 +1100 - Deny (non-fatal) statx in preauth privsep child. + clean regress/misc/sk-dummy in cleandir target -commit a35d3e911e193a652bd09eed40907e3e165b0a7b +commit 57680a2ab43518c5ccbd8242c40482106cde6ac1 Author: dtucker@openbsd.org -Date: Fri Feb 5 02:20:23 2021 +0000 +Date: Sat Oct 2 03:17:01 2021 +0000 - upstream: Remove debug message from sigchld handler. While this - - works on OpenBSD it can cause problems on other platforms. From kircherlike - at outlook.com via bz#3259, ok djm@ + upstream: Dynamically allocate encoded HashKnownHosts and free as - OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668 - -commit 69338ab46afe9e3dfb7762ad65351d854077c998 -Author: djm@openbsd.org -Date: Tue Feb 2 22:36:59 2021 +0000 - - upstream: whitespace + appropriate. Saves 1k of static storage and prevents snprintf "possible + truncation" warnings from newer compilers (although in this case it's false + positive since the actual sizes are limited by the output size of the SHA1). + ok djm@ - OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad + OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4 -commit f71219a01d8f71c4b3ed7e456337a84ddba1653e +commit e3e62deb549fde215b777d95276c304f84bf00c6 Author: djm@openbsd.org -Date: Tue Feb 2 22:36:46 2021 +0000 +Date: Wed Oct 6 03:35:13 2021 +0000 - upstream: fix memleaks in private key deserialisation; enforce more + upstream: use libc SHA256 functions; make this work when compiled - consistency between redundant fields in private key certificate and private - key body; ok markus@ + !WITH_OPENSSL - OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240 + OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890 -commit 3287790e78bf5b53c4a3cafb67bb5aa03e3910f0 -Author: djm@openbsd.org -Date: Tue Feb 2 22:35:14 2021 +0000 +commit 12937d867019469ebce83c2ff614cdc6688fc2d8 +Author: dtucker@openbsd.org +Date: Fri Oct 1 05:20:20 2021 +0000 - upstream: memleak on error path; ok markus@ + upstream: Add test for ssh hashed known_hosts handling. - OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8 + OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf -commit 3dd0c64e08f1bba21d71996d635c7256c8c139d1 -Author: djm@openbsd.org -Date: Sun Jan 31 22:55:29 2021 +0000 +commit 5a37cc118f464416d08cd0291a9b1611d8de9943 +Author: Damien Miller +Date: Wed Oct 6 13:16:21 2021 +1100 - upstream: more strictly enforce KEX state-machine by banning packet - - types once they are received. Fixes memleak caused by duplicate - SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via - oss-fuzz #30078). - - ok markus@ + fix broken OPENSSL_HAS_ECC test - OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def + spotted by dtucker -commit 7a92a324a2e351fabd0ba8ef9b434d3b12d54ee3 -Author: dtucker@openbsd.org -Date: Sun Jan 31 10:50:10 2021 +0000 +commit 16a25414f303cd6790eb967aeb962040e32c9c7a +Author: Damien Miller +Date: Fri Oct 1 22:40:06 2021 +1000 - upstream: Set linesize returned by getline to zero when freeing and - - NULLing the returned string. OpenBSD's getline handles this just fine, but - some implementations used by -portable do not. ok djm@ - - OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c + make sk-dummy.so work without libcrypto installed -commit a5dfc5bae8c16e2a7caf564758d812c7672480b5 +commit dee22129bbc61e25b1003adfa2bc584c5406ef2d Author: Damien Miller -Date: Sat Jan 30 16:32:29 2021 +1100 +Date: Fri Oct 1 16:35:49 2021 +1000 - allow a fuzz case to contain more than one request + make OPENSSL_HAS_ECC checks more thorough - loop until input buffer empty, no message consumed or 256 messages - processed + ok dtucker -commit 0ef24ad60204022f7e33b6e9d171172c50514132 +commit 872595572b6c9a584ed754165e8b7c4c9e7e1d61 Author: Damien Miller -Date: Sat Jan 30 16:28:23 2021 +1100 +Date: Fri Oct 1 16:35:05 2021 +1000 - expect fuzz cases to have length prefix + fix FIDO key support for !OPENSSL_HAS_ECC case - might make life a little easier for the fuzzer, e.g. it can now - produce valid (multi-request) messages by smashing two cases together. + ok dtucker -commit de613f2713d2dfcd3b03c00e5558a40997f52712 +commit 489741dc68366940d369ac670b210b4834a6c272 Author: Damien Miller -Date: Sat Jan 30 12:03:30 2021 +1100 +Date: Fri Oct 1 14:51:37 2021 +1000 - ssh-agent fuzzer + enable security key support for --without-openssl -commit 7e96c877bcb2fb645355a687b8cb7347987c1c58 +commit c978565c8589acfe4ea37ab5099d39c84158c713 Author: Damien Miller -Date: Sat Jan 30 12:02:46 2021 +1100 +Date: Fri Oct 1 13:27:50 2021 +1000 - move keys out of kex_fuzz.cc into separate header - - add certificates and missing key types + need stdlib.h for free(3) -commit 76f46d75664fdaa1112739ca523ff85ee4eb52b4 -Author: Damien Miller -Date: Sat Jan 30 12:02:10 2021 +1100 +commit 76a398edfb51951b2d65d522d7b02c72304db300 +Author: dtucker@openbsd.org +Date: Thu Sep 30 05:26:26 2021 +0000 - some fixed test data (mostly keys) for fuzzing + upstream: Fix up whitespace left by previous + + change removing privsep. No other changes. + + OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15 -commit 7c2e3d6de1f2edb0c8b4725b4c2b56360e032b19 -Author: djm@openbsd.org -Date: Sat Jan 30 00:56:38 2021 +0000 +commit ddcb53b7a7b29be65d57562302b2d5f41733e8dd +Author: dtucker@openbsd.org +Date: Thu Sep 30 05:20:08 2021 +0000 - upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy + upstream: Remove references to privsep. - security key middleware to be directly linked; useful for writing fuzzers, - etc. + This removes several do..while loops but does not change the + indentation of the now-shallower loops, which will be done in a separate + whitespace-only commit to keep changes of style and substance separate. - OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544 + OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7 -commit 1a4b92758690faa12f49079dd3b72567f909466d -Author: djm@openbsd.org -Date: Fri Jan 29 06:29:46 2021 +0000 +commit ece2fbe486164860de8df3f8b943cccca3085eff +Author: dtucker@openbsd.org +Date: Thu Sep 30 04:22:50 2021 +0000 - upstream: fix the values of enum sock_type + upstream: Use "skip" instead of "fatal" + + if SUDO isn't set for the *-command tests. This means running "make tests" + without SUDO set will perform all of the tests that it can instead of + failing on the ones it cannot run. - OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd + OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a -commit 8afaa7d7918419d3da6c0477b83db2159879cb33 +commit bb754b470c360e787a99fb4e88e2668198e97b41 Author: djm@openbsd.org -Date: Fri Jan 29 06:28:10 2021 +0000 +Date: Fri Oct 1 04:50:36 2021 +0000 - upstream: give typedef'd struct a struct name; makes the fuzzer I'm + upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; - writing a bit easier + ok dtucker@ - OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb - -commit 1e660115f0c7c4a750cd31e468ff889f33dd8088 -Author: Damien Miller -Date: Fri Jan 29 11:09:14 2021 +1100 - - fuzz diffie-hellman-group-exchange-sha1 kex too - -commit be5f0048ea2aaeddd27be7dcca23aaad345fa16c -Author: Damien Miller -Date: Fri Jan 29 11:03:35 2021 +1100 - - support for running kex fuzzer with null cipher + OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709 -commit 3d59e88c0e42182c3749b446ccd9027933c84be4 +commit 207648d7a6415dc915260ca75850404dbf9f0a0b Author: Darren Tucker -Date: Thu Jan 28 20:55:16 2021 +1100 +Date: Wed Sep 29 20:03:58 2021 +1000 - make with -j2 to use available CPUs. + Include stdlib.h for arc4random_uniform prototype. -commit 66dd9ddb5d2ea8c407908c8e8468c9d6e71db05b +commit 696aadc854582c164d5fc04933d2f3e212dc0e06 Author: Darren Tucker -Date: Thu Jan 28 14:31:01 2021 +1100 +Date: Wed Sep 29 20:00:30 2021 +1000 - Add test against openssl head and libressl head. + Look for clang after cc and gcc. -commit 237dbb34e24b6b7ea888d54bda4d17da0a0fd0fa +commit a3c6375555026d85dbf811fab566b9f76f196144 Author: Darren Tucker -Date: Thu Jan 28 14:30:50 2021 +1100 - - Remove whitespace. - -commit d983e1732b8135d7ee8d92290d6dce35f736ab88 -Author: djm@openbsd.org -Date: Wed Jan 27 23:49:46 2021 +0000 - - upstream: fix leak: was double allocating kex->session_id buffer - - OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183 - -commit 1134a48cdcef8e7363b9f6c73ebdd24405066738 -Author: Damien Miller -Date: Thu Jan 28 08:57:31 2021 +1100 - - correct kex name in disabled code - -commit 67f47f1965abafc1830a287761125c2f4790857e -Author: djm@openbsd.org -Date: Wed Jan 27 10:15:08 2021 +0000 +Date: Wed Sep 29 19:30:59 2021 +1000 - upstream: this needs kex.h now + Use backticks instead of $(..) for portability. - OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41 + Older shells (eg /bin/sh on Solaris 10) don't support $() syntax. -commit 39be3dc209f28f9c1ebfeba42adde8963b01e1cd -Author: djm@openbsd.org -Date: Wed Jan 27 10:05:28 2021 +0000 +commit 958aaa0387133d51f84fe9c8f30bca03025f2867 +Author: Darren Tucker +Date: Wed Sep 29 18:53:32 2021 +1000 - upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t - - and use that instead of global variables containing copies of it. feedback/ok - markus@ + Skip file-based tests by default on Mac OS. - OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68 + The file-based tests need OpenSSL so skip them. -commit 4ca6a1fac328477c642329676d6469dba59019a3 -Author: djm@openbsd.org -Date: Wed Jan 27 09:26:53 2021 +0000 +commit 55c8bdf6e9afb0f9fa8e4f10c25c7f0081b48fd0 +Author: Darren Tucker +Date: Wed Sep 29 18:42:47 2021 +1000 - upstream: remove global variable used to stash compat flags and use the - - purpose-built ssh->compat variable instead; feedback/ok markus@ + Build without OpenSSL on Mac OS. - OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06 + Modern versions don't ship enough libcrypto to build against. -commit bba229b6f3328171f5e3ae85de443002523c0452 +commit c9172193ea975415facf0afb356d87df21535f88 Author: Darren Tucker -Date: Wed Jan 27 12:34:07 2021 +1100 +Date: Wed Sep 29 18:33:38 2021 +1000 - Install moduli file before tests. + Remove TEST_SSH_ECC. - Reduces warnings during test runs. + Convert the only remaining user of it to runtime detection using ssh -Q. -commit 1b83185593a90a73860a503d753a95ca6d726c00 +commit 5e6d28b7874b0deae95d2c68947c45212d32e599 Author: Darren Tucker -Date: Wed Jan 27 11:58:26 2021 +1100 +Date: Wed Sep 29 17:48:09 2021 +1000 - Run one test with -Werror to catch warnings. + Split c89 test openssl setting out. -commit d1532d90074b212054d5fd965f833231b09982f5 -Author: dtucker@openbsd.org -Date: Wed Jan 27 00:37:26 2021 +0000 +commit c4ac7f98e230e83c015678dc958b1ffe828564ad +Author: Darren Tucker +Date: Wed Sep 29 17:40:50 2021 +1000 - upstream: Logical not bitwise or. ok djm@ - - OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5 + Expand TEST_SHELL consistently with other vars. -commit 507b448a2465a53ab03a88acbc71cc51b48ca6ac -Author: naddy@openbsd.org -Date: Tue Jan 26 15:40:17 2021 +0000 +commit cfe5f7b0eb7621bfb0a756222de0431315c2ab8b +Author: Darren Tucker +Date: Wed Sep 29 17:26:50 2021 +1000 - upstream: move HostbasedAcceptedAlgorithms to the right place in - - alphabetical order - - OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec + Replace `pwd` with make variable in regress cmd. -commit e26c980778b228bdd42b8353cc70101cf49b731b -Author: dtucker@openbsd.org -Date: Tue Jan 26 11:25:01 2021 +0000 +commit 899be59da5fbc3372444bd0fbe74af48313bed33 +Author: Darren Tucker +Date: Wed Sep 29 17:14:33 2021 +1000 - upstream: Remove unused variables leftover from refactoring. ok - - djm@ + Get BUILDDIR from autoconf. - OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8 + Use this to replace `pwd`s in regress test command line. -commit e9f78d6b06fc323bba1890b2dc3b8423138fb35c -Author: dtucker@openbsd.org -Date: Tue Jan 26 05:32:21 2021 +0000 +commit c8d92d3d4f7d560146f2f936156ec4dac3fc5811 +Author: Darren Tucker +Date: Wed Sep 29 13:28:56 2021 +1000 - upstream: Rename HostbasedKeyTypes (ssh) and - - HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more - accurately reflects its effect. This matches a previous change to - PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok - djm@ - - OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e + Add make clean step to tests. -commit 48d0d7a4dd31154c4208ec39029d60646192f978 +commit 360fb41ef8359619ab90b0d131c914494e55d3dd Author: Darren Tucker -Date: Tue Jan 26 14:48:07 2021 +1100 +Date: Wed Sep 29 11:36:13 2021 +1000 - Disable sntrup761 if compiler doesn't support VLAs. - - The sntrup761 code sourced from supercop uses variable length - arrays. Although widely supported, they are not part of the ANSI - C89 spec so if the compiler does not support VLAs, disable the - sntrup761x25519-sha512@openssh.com KEX method by replacing the kex - functions with no-op ones similar to what we do in kexecdh.c. - - This should allow OpenSSH to build with a plain C89 compiler again. - Spotted by tim@, ok djm@. + Test all available clang and gcc versions. -commit 37c70ea8d4f3664a88141bcdf0bf7a16bd5fd1ac +commit 4fb49899d7da22952d35a4bc4c9bdb2311087893 Author: djm@openbsd.org -Date: Tue Jan 26 00:54:49 2021 +0000 +Date: Wed Sep 29 01:32:21 2021 +0000 - upstream: refactor key constraint parsing in ssh-agent + upstream: Test certificate hostkeys held in ssh-agent too. Would have - Key constraints parsing code previously existed in both the "add regular - key" and "add smartcard key" path. This unifies them but also introduces - more consistency checking: duplicated constraints and constraints that - are nonsensical for a particular situation (e.g. FIDO provider for a - smartcard key) are now banned. + caught regression fixed in sshd r1.575 ok markus@ - OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c + OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed -commit e0e8bee8024fa9e31974244d14f03d799e5c0775 +commit ce4854e12e749a05646e5775e9deb8cfaf49a755 Author: djm@openbsd.org -Date: Tue Jan 26 00:53:31 2021 +0000 +Date: Wed Sep 29 01:33:32 2021 +0000 - upstream: more ssh-agent refactoring - - Allow confirm_key() to accept an additional reason suffix - - Factor publickey userauth parsing out into its own function and allow - it to optionally return things it parsed out of the message to its - caller. + upstream: add some debug output showing how many key file/command lines - feedback/ok markus@ + were processed. Useful to see whether a file or command actually has keys + present - OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e + OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c -commit dfe18a295542c169ffde8533b3d7fe42088e2de7 -Author: djm@openbsd.org -Date: Tue Jan 26 00:51:30 2021 +0000 +commit 15abdd523501c349b703d9a27e2bb4252ad921ef +Author: dtucker@openbsd.org +Date: Tue Sep 28 11:14:50 2021 +0000 - upstream: make struct hostkeys public; I have no idea why I made it - - opaque originally. + upstream: Make prototype for rijndaelEncrypt match function - ok markus@ + including the bounds. Fixes error in portable where GCC>=11 takes notice of + the bounds. ok deraadt@ - OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3 + OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6 -commit 3b44f2513cae89c920e8fe927b9bc910a1c8c65a -Author: djm@openbsd.org -Date: Tue Jan 26 00:49:30 2021 +0000 +commit d1d29ea1d1ef1a1a54b209f062ec1dcc8399cf03 +Author: dtucker@openbsd.org +Date: Tue Sep 28 11:10:05 2021 +0000 - upstream: move check_host_cert() from sshconnect,c to sshkey.c and - - refactor it to make it more generally usable and testable. + upstream: Import regenerated moduli. - ok markus@ + OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1 + +commit 39f2111b1d5f00206446257377dcce58cc72369f +Author: Darren Tucker +Date: Wed Sep 29 10:53:55 2021 +1000 + + Add new compiler hardening flags. - OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4 + Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of + compiler hardening flags that configure checks for. These are supported + by clang and gcc, and make ROP gadgets less useful and mitigate + stack-based infoleaks respectively. ok djm@ + +commit bf944e3794eff5413f2df1ef37cddf96918c6bde +Author: Damien Miller +Date: Mon Sep 27 00:03:19 2021 +1000 -commit 1fe16fd61bb53944ec510882acc0491abd66ff76 + initgroups needs grp.h + +commit 8c5b5655149bd76ea21026d7fe73ab387dbc3bc7 Author: djm@openbsd.org -Date: Tue Jan 26 00:47:47 2021 +0000 +Date: Sun Sep 26 14:01:11 2021 +0000 - upstream: use recallocarray to allocate the agent sockets table; - - also clear socket entries that are being marked as unused. - - spinkle in some debug2() spam to make it easier to watch an agent - do its thing. - - ok markus + upstream: openssh-8.8 - OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922 + OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4 -commit cb7b22ea20a01332c81c0ddcb3555ad50de9cce2 +commit f3cbe43e28fe71427d41cfe3a17125b972710455 Author: djm@openbsd.org -Date: Tue Jan 26 00:46:17 2021 +0000 +Date: Sun Sep 26 14:01:03 2021 +0000 - upstream: factor out common code in the agent client - - Add a ssh_request_reply_decode() function that sends a message to - the agent, reads and parses a success/failure reply. - Use it for all requests that only expect success/failure + upstream: need initgroups() before setresgid(); reported by anton@, - ok markus@ + ok deraadt@ - OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb + OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce -commit d1e578afe7cd48140ad6e92a453f9b035363fd7f -Author: djm@openbsd.org -Date: Mon Jan 25 06:00:17 2021 +0000 +commit 8acaff41f7518be40774c626334157b1b1c5583c +Author: Damien Miller +Date: Sun Sep 26 22:16:36 2021 +1000 - upstream: make ssh hostbased authentication send the signature - - algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. - This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on - signature algorithm and not key type. + update version numbers for release + +commit d39039ddc0010baa91c70a0fa0753a2699bbf435 +Author: kn@openbsd.org +Date: Sat Sep 25 09:40:33 2021 +0000 + + upstream: RSA/SHA-1 is not used by default anymore - spotted with dtucker@ ok markus@ + OK dtucker deraadt djm - OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6 + OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6 -commit 95eca1e195a3b41baa1a725c2c5af8a09d885e4b +commit 9b2ee74e3aa8c461eb5552a6ebf260449bb06f7e Author: Darren Tucker -Date: Sat Jan 23 18:26:05 2021 +1100 +Date: Fri Sep 24 11:08:03 2021 +1000 - ifdef new instance of sin6_scope_id + Move the fgrep replacement to hostkey-rotate.sh. - Put inside HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID similar to - existing instance. Should fix error on UnixWare 7. + The fgrep replacement for buggy greps doesn't work in the sftp-glob test + so move it to just where we know it's needed. -commit 6ffdcdda128045226dda7fbb3956407978028a1e -Author: dtucker@openbsd.org -Date: Mon Jan 18 11:43:34 2021 +0000 +commit f7039541570d4b66d76e6f574544db176d8d5c02 +Author: Darren Tucker +Date: Fri Sep 24 08:04:14 2021 +1000 - upstream: Fix long->int for convtime tests here too. Spotted by - - tobhe@. + Replacement function for buggy fgrep. - OpenBSD-Regress-ID: a87094f5863312d00938afba771d25f788c849d0 + GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will + occasionally fail to find ssh host keys in the hostkey-rotate test. + If we have those versions, use awk instead. -commit b55b7565f15327d82ad7acbddafa90b658c5f0af -Author: dtucker@openbsd.org -Date: Fri Jan 22 02:46:40 2021 +0000 +commit f6a660e5bf28a01962af87568e118a2d2e79eaa0 +Author: David Manouchehri +Date: Thu Sep 23 17:03:18 2021 -0400 - upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms - - here too. - - OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a + Don't prompt for yes/no questions. -commit ee9c0da8035b3168e8e57c1dedc2d1b0daf00eec -Author: dtucker@openbsd.org -Date: Fri Jan 22 02:44:58 2021 +0000 +commit 7ed1a3117c09f8c3f1add35aad77d3ebe1b85b4d +Author: djm@openbsd.org +Date: Mon Sep 20 06:53:56 2021 +0000 - upstream: Rename PubkeyAcceptedKeyTypes keyword to + upstream: fix missing -s in SYNOPSYS and usage() as well as a - PubkeyAcceptedAlgorithms. While the two were originally equivalent, this - actually specifies the signature algorithms that are accepted. Some key - types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) - so the old name is becoming increasingly misleading. The old name is - retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ + capitalisation mistake; spotted by jmc@ - OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5 + OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710 -commit a8e798feabe36d02de292bcfd274712cae1d8d17 +commit 8c07170135dde82a26886b600a8bf6fb290b633d Author: dtucker@openbsd.org -Date: Fri Jan 15 02:58:11 2021 +0000 +Date: Mon Sep 20 04:02:13 2021 +0000 - upstream: Change types in convtime() unit test to int to match change + upstream: Fix "Allocated port" debug message - its new type. Add tests for boundary conditions and fix convtime to work up - to INT_MAX. ok djm@ + for unix domain sockets. From peder.stray at gmail.com via github PR#272, + ok deraadt@ - OpenBSD-Regress-ID: ba2b81e9a3257fff204b020affe85b604a44f97e + OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e -commit 9bde1a420626da5007bf7ab499fa2159b9eddf72 -Author: dtucker@openbsd.org -Date: Fri Jan 15 04:31:25 2021 +0000 +commit 277d3c6adfb128b4129db08e3d65195d94b55fe7 +Author: djm@openbsd.org +Date: Mon Sep 20 01:55:42 2021 +0000 - upstream: Make output buffer larger to prevent potential truncation + upstream: Switch scp back to use the old protocol by default, ahead of - warnings from compilers not smart enough to know the strftime calls won't - ever fully fill "to" and "from". ok djm@ + release. We'll wait a little longer for people to pick up sftp-server(8) that + supports the extension that scp needs for ~user paths to continue working in + SFTP protocol mode. Discussed with deraadt@ - OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7 + OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871 -commit 02da325f10b214219eae2bb1bc2d3bf0c2f13f9f -Author: dtucker@openbsd.org -Date: Fri Jan 15 02:58:11 2021 +0000 +commit ace19b34cc15bea3482be90450c1ed0cd0dd0669 +Author: djm@openbsd.org +Date: Sat Sep 18 02:03:25 2021 +0000 - upstream: Change types in convtime() unit test to int to match + upstream: better error message for ~user failures when the - change its new type. Add tests for boundary conditions and fix convtime to - work up to INT_MAX. ok djm@ + sftp-server lacks the expand-path extension; ok deraadt@ - OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de + OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc -commit 5339ab369c225b40bc64d5ec3374f5c91b3ad609 -Author: dtucker@openbsd.org -Date: Fri Jan 15 02:32:41 2021 +0000 +commit 6b1238ba971ee722a310d95037b498ede5539c03 +Author: djm@openbsd.org +Date: Thu Sep 16 15:22:22 2021 +0000 - upstream: In waitfd(), when poll returns early we are subtracting + upstream: make some more scp-in-SFTP mode better match Unix idioms - the elapsed time from the timeout each loop, so we only want to measure the - elapsed time the poll() in that loop, not since the start of the function. - Spotted by chris.xj.zhu at gmail.com, ok djm@ + suggested by deraadt@ - OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a + OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87 -commit a164862dfa863b54b7897f66e1dd75437f086c11 -Author: rob@openbsd.org -Date: Thu Jan 14 19:45:06 2021 +0000 +commit e694f8ac4409931e67d08ac44ed251b20b10a957 +Author: djm@openbsd.org +Date: Thu Sep 16 15:11:19 2021 +0000 - upstream: Minor grammatical correction. + upstream: allow log_stderr==2 to prefix log messages with argv[0] - OK jmc@ + use this to make scp's SFTP mode error messages more scp-like - OpenBSD-Commit-ID: de0fad0581e212b2750751e479b79c18ff8cac02 - -commit 8635e7df7e3a3fbb4a4f6cd5a7202883b2506087 -Author: Darren Tucker -Date: Wed Jan 13 18:00:57 2021 +1100 - - Merge Mac OS X targets into a single config. + prompted by and ok deraadt@ + + OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733 -commit ac112ade990585c511048ed4edaf2d9fc92b61f0 +commit 8a7a06ee505cb833e613f74a07392e9296286c30 Author: Darren Tucker -Date: Tue Jan 12 19:22:47 2021 +1100 - - Add Mac OS X test targets. - -commit 1050109b4b2884bf50fd1b3aa084c7fd0a42ae90 -Author: anatasluo -Date: Mon Jan 11 13:51:39 2021 +0000 +Date: Fri Sep 17 13:03:31 2021 +1000 - Remove duplicated declaration in fatal.c . + Test against LibreSSL 3.2.6, 3.3.4, 3.4.0. -commit 7d0f8a3369579dfe398536eb4e3da7bc15da9599 -Author: dtucker@openbsd.org -Date: Mon Jan 11 04:48:22 2021 +0000 +commit c25c84074a47f700dd6534995b4af4b456927150 +Author: djm@openbsd.org +Date: Thu Sep 16 05:36:03 2021 +0000 - upstream: Correct spelling of persourcenetblocksize in config-dump + upstream: missing space character in ssh -G output broke the - mode. + t-sshcfgparse regression test; spotted by anton@ - OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d + OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0 -commit ba328bd7a6774f30daaf90b83f1933cc4afc866c -Author: dtucker@openbsd.org -Date: Sat Jan 9 12:31:46 2021 +0000 +commit a4bee1934bf5e5575fea486628f4123d6a29dff8 +Author: djm@openbsd.org +Date: Wed Sep 15 06:56:01 2021 +0000 - upstream: Adjust kexfuzz to addr.c/addrmatch.c split. + upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; ok - OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb - -commit b08ef25552443e94c0857d5e3806dd019ccc55d7 -Author: dtucker@openbsd.org -Date: Sat Jan 9 12:24:30 2021 +0000 - - upstream: Update unittests for addr.c/addrmatch.c split. + markus@ - OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef + OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623 -commit 6d30673fedec2d251f4962c526fd0451f70c4d97 -Author: dtucker@openbsd.org -Date: Mon Jan 11 02:12:57 2021 +0000 +commit d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd +Author: mbuhl@openbsd.org +Date: Tue Sep 14 11:04:21 2021 +0000 - upstream: Change convtime() from returning long to returning int. + upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT - On platforms where sizeof(int) != sizeof(long), convtime could accept values - >MAX_INT which subsequently truncate when stored in an int during config - parsing. bz#3250, ok djm@ + OK mfriedl@ - OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31 + OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798 -commit 7a57adb8b07b2ad0aead4b2e09ee18edc04d0481 -Author: jmc@openbsd.org -Date: Sat Jan 9 12:51:12 2021 +0000 +commit 19b3d846f06697c85957ab79a63454f57f8e22d6 +Author: schwarze@openbsd.org +Date: Sat Sep 11 09:05:50 2021 +0000 - upstream: add a comma to previous; + upstream: Do not ignore SIGINT while waiting for input if editline(3) + + is not used. Instead, in non-interactive mode, exit sftp(1), like for other + serious errors. As pointed out by dtucker@, when compiled without editline(3) + support in portable OpenSSH, the el == NULL branch is also used for + interactive mode. In that case, discard the input line and provide a fresh + prompt to the user just like in the case where editline(3) is used. OK djm@ - OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869 + OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393 -commit 3a923129534b007c2e24176a8655dec74eca9c46 -Author: dtucker@openbsd.org -Date: Sat Jan 9 12:10:02 2021 +0000 +commit ba61123eef9c6356d438c90c1199a57a0d7bcb0a +Author: djm@openbsd.org +Date: Sat Sep 11 00:40:24 2021 +0000 - upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize + upstream: when using SFTP protocol, continue transferring files after a - options which provide more fine grained MaxStartups limits. Man page help - jmc@, feedback & ok djm@ + transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@ - OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b + OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa -commit d9a2bc71693ea27461a78110005d5a2d8b0c6a50 +commit b0ec59a708b493c6f3940336b1a537bcb64dd2a7 Author: dtucker@openbsd.org -Date: Sat Jan 9 11:58:50 2021 +0000 +Date: Fri Sep 10 11:38:38 2021 +0000 - upstream: Move address handling functions out into their own file + upstream: Document that non-interactive commands are run via the user's - in order to reuse them for per-source maxstartups limiting. Supplement with - some additional functions from djm's flowtools that we'll also need. ok djm@ - (as part of a larger diff). + shell using the -c flag. ok jmc@ - OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf - -commit b744914fcb76d70761f1b667de95841b3fc80a56 -Author: Darren Tucker -Date: Sat Jan 9 00:36:05 2021 +1100 - - Add test against Graphene hardened malloc. + OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477 -commit 6cb52d5bf771f6769b630fce35a8e9b8e433044f -Author: djm@openbsd.org -Date: Fri Jan 8 04:49:13 2021 +0000 +commit 66a658b5d9e009ea11f8a0ca6e69c7feb2d851ea +Author: dtucker@openbsd.org +Date: Fri Sep 10 10:26:02 2021 +0000 - upstream: make CheckHostIP default to 'no'. It doesn't provide any - - perceptible value and makes it much harder for hosts to change host keys, - particularly ones that use IP-based load-balancing. + upstream: Document behaviour of arguments following non-interactive - ok dtucker@ + commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@ - OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0 - -commit 309b642e1442961b5e57701f095bcd4acd2bfb5f -Author: Darren Tucker -Date: Fri Jan 8 15:50:41 2021 +1100 - - Run tests with sudo for better coverage. - -commit c336644351fa3c715a08b7a292e309e72792e71e -Author: Darren Tucker -Date: Fri Jan 8 14:26:32 2021 +1100 - - Add Ubuntu 16.04 and 20.04 test targets. + OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a -commit 4c7af01f9dcc1606dec033e7665a042cb0d8ec52 -Author: djm@openbsd.org -Date: Fri Jan 8 02:57:24 2021 +0000 +commit 1d47e28e407d1f95fdf8f799be23f48dcfa5206b +Author: dtucker@openbsd.org +Date: Fri Sep 10 07:11:11 2021 +0000 - upstream: If a signature operation on a FIDO key fails with a - - "incorrect PIN" reason and no PIN was initially requested from the user, then - request a PIN and retry the operation. - - This smoothes over a few corner cases including FIDO devices that - require PINs for all hosted credentials, biometric FIDO devices that - fall back to requiring PIN when reading the biometric failed, devices - that don't implement reading credProtect status for downloaded keys - and probably a few more cases that I haven't though of yet. + upstream: Clarify which file's attributes -p preserves, and that - ok dtucker@ + it's specifically the file mode bits. bz#3340 from calestyo at scientia.net, + ok djm@ jmc@ - OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878 + OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884 -commit 64ddd0fe68c4a7acf99b78624f8af45e919cd317 +commit b344db7a413478e4c21e4cadba4a970ad3e6128a Author: djm@openbsd.org -Date: Fri Jan 8 02:44:14 2021 +0000 - - upstream: don't try to use timespeccmp(3) directly as a qsort(3) - - comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes. - - fixes sftp "ls -ltr" under some circumstances. - - Based on patch by Masahiro Matsuya via bz3248. - - OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163 - -commit 599df78f3008cf78af21f8977be3e1dd085f8e2e -Author: dtucker@openbsd.org -Date: Fri Jan 8 02:33:13 2021 +0000 +Date: Fri Sep 10 05:46:09 2021 +0000 - upstream: Update the sntrup761 creation script and generated code: - - - remove unneeded header files and typedefs and rely on crypto_api.h - add - defines to map types used to the crypto_api ones instead of typedefs. This - prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE - entirely instead of making it a no-op - delete unused functions and make the - remaining ones that aren't exported static. + upstream: openssh-7.4 was incorrectly listed twice; spotted by - ok djm@ + Dmitry Belyavskiy, ok dtucker@ - OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783 + OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef -commit 16448ff529affda7e2a15ee7c3200793abde0759 -Author: djm@openbsd.org -Date: Fri Jan 8 02:19:24 2021 +0000 +commit 9136d6239ad7a4a293e0418a49b69e70c76d58b8 +Author: jmc@openbsd.org +Date: Thu Sep 9 06:17:39 2021 +0000 - upstream: mention that DisableForwarding is valid in a sshd_config + upstream: - move CAVEATS to its correct order - use the term - Match block reported by Fredrik Eriksson in bz3239 + "legacy" protocol rather than "original", as the latter made the text + misleading - uppercase SCP + + ok djm - OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6 + OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0 -commit 91bac5e95b1b0debf9b2b4f05c20dcfa96b368b9 -Author: dtucker@openbsd.org -Date: Mon Jan 4 21:58:58 2021 +0000 +commit 2d678c5e3bdc2f5c99f7af5122e9d054925d560d +Author: David Carlier +Date: Wed Sep 8 19:49:54 2021 +0100 - upstream: estructure sntrup761.sh to process all files in a single - - list, which will make it easier to reorder. Re-inline int32_MINMAX. ok - tobhe@ + Disable tracing on FreeBSD using procctl. - OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0 + Placed at the start of platform_disable_tracing() to prevent declaration + after code errors from strict C89 compilers (in the unlikely event that + more than one method is enabled). -commit 4d96a3ebab2224f17e639a15078e03be1ad3736d -Author: tobhe@openbsd.org -Date: Sun Jan 3 18:05:21 2021 +0000 +commit 73050fa38fb36ae3326d768b574806352b97002d +Author: djm@openbsd.org +Date: Wed Sep 8 23:31:39 2021 +0000 - upstream: Prevent redefinition of `crypto_int32' error with gcc3. + upstream: Use the SFTP protocol by default. The original scp/rcp + + protocol remains available via the -O flag. - Fixes compilation on luna88k. + Note that ~user/ prefixed paths in SFTP mode require a protocol extension + that was first shipped in OpenSSH 8.7. - Feedback millert@ - Found by and ok aoyama@ + ok deraadt, after baking in snaps for a while without incident - OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6 + OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c -commit a23954eeb930ccc8a66a2710153730769dba31b6 +commit c4565e69ffa2485cff715aa842ea7a350296bfb6 Author: Darren Tucker -Date: Fri Jan 1 22:00:49 2021 +1100 +Date: Wed Sep 8 21:09:49 2021 +1000 - Undef int32 after sort routines. - - This prevents typedef'ing crypto_int32 twice, in sntrup761.c and - crypto_api.h, which some compilers (at least some GCCs) don't accept. + Really fix test on OpenSSL 1.1.1 stable. -commit 148b8a661c3f93e4b6d049ee902de3d521261fbc -Author: Damien Miller -Date: Thu Dec 31 12:47:22 2020 +1100 +commit 79f1bb5f56cef3ae9276207316345b8309248478 +Author: Darren Tucker +Date: Wed Sep 8 18:51:39 2021 +1000 - fix: missing pieces of previous commit + Correct OpenSSL 1.1.1 stable identifier. -commit 3d999be7b987c848feda718cfcfcdc005ddf670d -Author: tobhe@openbsd.org -Date: Wed Dec 30 14:13:28 2020 +0000 +commit b6255593ed5ccbe5e7d3d4b26b2ad31ad4afc232 +Author: Darren Tucker +Date: Wed Sep 8 18:39:44 2021 +1000 - upstream: Use int64_t for intermediate values in int32_MINMAX to - - prevent signed 32-bit integer overflow. - - Found by and ok djm@ - ok markus@ + Increment nfds when coming from startup_pipe. - OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3 + If we have to increase nfds because startup_pipe[0] is above any of the + descriptors passed in the fd_sets, we also need to add 1 to nfds since + select takes highest FD number plus one. bz#3345 from yaroslav.kuzmin + at vmssoftware.com. -commit 5c1953bf98732da5a76c706714ac066dbfa015ac -Author: Damien Miller -Date: Tue Dec 29 12:40:54 2020 +1100 +commit a3e92a6794817df6012ac8546aea19652cc91b61 +Author: Darren Tucker +Date: Wed Sep 8 13:45:10 2021 +1000 - adapt KEX fuzzer to PQ kex change + Tests for OpenSSL 3.0.0 release & 1.1.1 branch. -commit 659864fe81dbc57eeed3769c462679d83e026640 +commit 4afe431da98ec1cf6a2933fe5658f4fd68dee9e2 Author: djm@openbsd.org -Date: Tue Dec 29 01:02:15 2020 +0000 +Date: Wed Sep 8 03:23:44 2021 +0000 - upstream: Adapt to replacement of - - sntrup4591761x25519-sha512@tinyssh.org with - sntrup761x25519-sha512@openssh.com. - - Also test sntrup761x25519-sha512@openssh.com in unittests/kex + upstream: correct my mistake in previous fix; spotted by halex - OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c + OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183 -commit 2c71cec020219d69df84055c59eba5799a1233ec +commit ca0e455b9331213ff9505a21b94c38e34faa2bba Author: djm@openbsd.org -Date: Tue Dec 29 00:59:15 2020 +0000 +Date: Tue Sep 7 06:03:51 2021 +0000 - upstream: Update/replace the experimental post-quantim hybrid key - - exchange method based on Streamlined NTRU Prime (coupled with X25519). - - The previous sntrup4591761x25519-sha512@tinyssh.org method is - replaced with sntrup761x25519-sha512@openssh.com. Per the authors, - sntrup4591761 was replaced almost two years ago by sntrup761. - - The sntrup761 implementaion, like sntrup4591761 before it, is public - domain code extracted from the SUPERCOP cryptography benchmark - suite (https://bench.cr.yp.to/supercop.html). - - Thanks for Daniel J Bernstein for guidance on algorithm selection. - Patch from Tobias Heider; feedback & ok markus@ and myself + upstream: avoid NULL deref in -Y find-principals. Report and fix - (note this both the updated method and the one that it replaced are - disabled by default) + from Carlo Marcelo Arenas Belón + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae + OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0 -commit 09d070ccc3574ae0d7947d212ed53c7268ef7e1f -Author: jmc@openbsd.org -Date: Tue Dec 22 07:40:26 2020 +0000 +commit 37616807f150fb46610bbd5031c31af4857ad1e9 +Author: millert@openbsd.org +Date: Mon Sep 6 00:36:01 2021 +0000 - upstream: tweak the description of KnownHostsCommand in ssh_conf.5, - - and add entries for it to the -O list in scp.1 and sftp.1; + upstream: revision 1.381 neglected to remove - ok djm + sChallengeResponseAuthentication from the enum. Noticed by + christos@zoulas.com. OK dtucker@ - OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff - -commit 931c93389a80e32272712459b1102d303844453d -Author: Damien Miller -Date: Tue Dec 22 19:43:55 2020 +1100 - - whitespace at EOL - -commit 397b1c4d393f97427283a4717e9015a2bd31b8a5 -Author: Damien Miller -Date: Tue Dec 22 19:42:37 2020 +1100 - - whitespace at EOL + OpenBSD-Commit-ID: b533283a4dd6d04a867da411a4c7a8fbc90e34ff -commit 33fa3ac547e5349ca34681cce6727b2f933dff0a +commit 7acb3578cdfec0b3d34501408071f7a96c1684ea Author: Darren Tucker -Date: Tue Dec 22 19:21:26 2020 +1100 +Date: Sun Sep 5 20:45:42 2021 +1000 - Improve AIX text. + Correct version_num for OpenSSL dev branch. -commit 0f2e21c9dca89598b694932b5b05848380a23ec0 +commit 65bb01111320dfd0d25e21e1fd4d3f2b77532669 Author: Darren Tucker -Date: Tue Dec 22 18:56:54 2020 +1100 +Date: Sun Sep 5 19:37:39 2021 +1000 - Include stdio.h for FILE in misc.h. + Test against OpenSSL 3 branch as well as dev. - Fixes build on at least OpenBSD. + Now that OpenSSL development has moved to 3.1, test against the most + recent version of the openssl-3.0 branch too. -commit 3e9811e57b57ee66b0f70d99d7258da3153b0e8a -Author: Damien Miller -Date: Tue Dec 22 18:31:50 2020 +1100 +commit 864ed0d5e04a503b97202c776b7cf3f163f3eeaa +Author: Darren Tucker +Date: Sun Sep 5 19:33:22 2021 +1000 - ensure $LOGNAME is set in tests + OpenSSL development is now 3.1.* -commit 3eb647cbb34d87a063aa7714256c6e56103fffda -Author: djm@openbsd.org -Date: Tue Dec 22 06:47:24 2020 +0000 +commit a60209a586a928f92ab323bf23bd07f57093342e +Author: dtucker@openbsd.org +Date: Fri Sep 3 07:43:23 2021 +0000 - upstream: more detail for failing tests + upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list for - OpenBSD-Regress-ID: c68c0e5a521cad7e7f68e54c54ebf86d6c10ee1d - -commit 2873f19570d4d8758be24dbf78332be9a779009b -Author: djm@openbsd.org -Date: Tue Dec 22 06:03:36 2020 +0000 - - upstream: regress test for KnownHostsCommand + consistency. Patch from scop via github PR#257, ok jmc@ - OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a + OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872 -commit 0121aa87bab9ad2365de2d07f2832b56d5ff9871 -Author: tb@openbsd.org -Date: Tue Dec 22 03:05:31 2020 +0000 +commit 8d1d9eb6de37331e872700e9e399a3190cca1242 +Author: dtucker@openbsd.org +Date: Fri Sep 3 07:27:03 2021 +0000 - upstream: Remove lines accidentally left behind in the ProxyJump - - parsing fix r1.345. + upstream: Mention using ssh -i for specifying the public key file - ok djm + in the case where the private key is loaded into ssh-agent but is not present + locally. Based on patch from rafork via github PR#215, ok jmc@ - OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c + OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2 -commit da4bf0db942b5f0278f33238b86235e5813d7a5a -Author: djm@openbsd.org -Date: Tue Dec 22 00:15:22 2020 +0000 +commit eb4362e5e3aa7ac26138b11e44d8c191910aff64 +Author: dtucker@openbsd.org +Date: Fri Sep 3 05:25:50 2021 +0000 - upstream: add a ssh_config KnownHostsCommand that allows the client - - to obtain known_hosts data from a command in addition to the usual files. - - The command accepts bunch of %-expansions, including details of the - connection and the offered server host key. Note that the command may - be invoked up to three times per connection (see the manpage for - details). + upstream: Refer to KEX "algorithms" instead of "methods" to match - ok markus@ + other references and improve consistency. Patch from scop via github PR#241, + ok djm@ - OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0 + OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c -commit a34e14a5a0071de2036826a00197ce38c8b4ba8b -Author: djm@openbsd.org -Date: Tue Dec 22 00:12:22 2020 +0000 +commit b3318946ce5725da43c4bf7eeea1b73129c47d2a +Author: dtucker@openbsd.org +Date: Fri Sep 3 05:12:25 2021 +0000 - upstream: move subprocess() from auth.c to misc.c - - make privilege dropping optional but allow it via callbacks (to avoid - need to link uidswap.c everywhere) - - add some other flags (keep environment, disable strict path safety check) - that make this more useful for client-side use. + upstream: Remove redundant attrib_clear in upload_dir_internal. - feedback & ok markus@ + The subsequent call to stat_to_attrib clears the struct as its first step + anyway. From pmeinhardt via github PR#220, ok djm@ - OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf + OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e -commit 649205fe388b56acb3481a1b2461f6b5b7c6efa6 +commit 7cc3fe28896e653956a6a2eed0a25d551b83a029 Author: dtucker@openbsd.org -Date: Mon Dec 21 22:48:41 2020 +0000 +Date: Fri Sep 3 04:11:13 2021 +0000 - upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the + upstream: Add test for client termination status on signal. - cipher was removed. + Based on patch from Alexxz via github PR#235 with some tweaks, to + match patch in bz#3281. - OpenBSD-Regress-ID: aa93cddb4ecd9bc21446a79008a1a53050e64f17 + OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2 -commit 03e93c753d7c223063ad8acaf9a30aa511e5f931 -Author: dtucker@openbsd.org -Date: Mon Dec 21 11:09:32 2020 +0000 +commit 5428b0d239f6b516c81d1dd15aa9fe9e60af75d4 +Author: deraadt@openbsd.org +Date: Thu Sep 2 21:03:54 2021 +0000 - upstream: Remove the pre-standardization cipher - - rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was - standardized in RFC4253 (2006), has been deprecated and disabled by default - since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. + upstream: sys/param.h is not needed for any visible reason - This will reduce the amount of work the cipher/kex regression tests need - to do by a little bit. ok markus@ djm@ + OpenBSD-Commit-ID: 8bdea2d0c75692e4c5777670ac039d4b01c1f368 + +commit 1ff38f34b4c4545eb28106629cafa1e0496bc726 +Author: Shchelkunov Artem +Date: Wed Aug 11 18:07:58 2021 +0500 + + Fix memory leak in error path. - OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad + *info is allocated via xstrdup but was leaked in the PAM_AUTH_ERR path. + From github PR#266. -commit a11ca015879eab941add8c6bdaaec7d41107c6f5 -Author: djm@openbsd.org -Date: Mon Dec 21 09:19:53 2020 +0000 +commit cb37e2f0c0ca4fef844ed7edc5d0e3b7d0e83f6a +Author: dtucker@openbsd.org +Date: Wed Sep 1 03:16:06 2021 +0000 - upstream: properly fix ProxyJump parsing; Thanks to tb@ for + upstream: Fix ssh-rsa fallback for old PuTTY interop tests. - pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed). - Reported by Raf Czlonka via bugs@ + OpenBSD-Regress-ID: a19ac929da604843a5b5f0f48d2c0eb6e0773d37 + +commit 8b02ef0f28dc24cda8cbcd8b7eb02bda8f8bbe59 +Author: dtucker@openbsd.org +Date: Wed Sep 1 00:50:27 2021 +0000 + + upstream: Add a function to skip remaining tests. - ok tb@ + Many tests skip tests for various reasons but not in a consistent way and + don't always clean up, so add that and switch the tests that do that over. - OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6 + OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735 -commit d97fb879724f1670bf55d9adfea7278a93c33ae2 -Author: djm@openbsd.org -Date: Mon Dec 21 01:31:06 2020 +0000 +commit d486845c07324c04240f1674ac513985bd356f66 +Author: dtucker@openbsd.org +Date: Tue Aug 31 07:13:59 2021 +0000 - upstream: adapt to API change in hostkeys_foreach()/load_hostkeys() + upstream: Specify path to PuTTY keys. + + Portable needs this and it makes no difference on OpenBSD, so resync + them. (Id sync only, Portable already had this.) - OpenBSD-Regress-ID: dcb468514f32da49a446372453497dc6eeafdbf3 + OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162 -commit bf7eb3c266b7fd4ddda108fcf72b860af2af6406 -Author: djm@openbsd.org -Date: Fri Oct 16 14:02:24 2020 +0000 +commit d22b299115e27606e846b23490746f69fdd4fb38 +Author: dtucker@openbsd.org +Date: Tue Aug 31 06:13:23 2021 +0000 - upstream: few more things needs match.c and addrmatch.c now that + upstream: Better compat tests with old PuTTY. - log.c calls match_pattern_list() + When running PuTTY interop tests and using a PuTTY version older than + 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants + of RSA were added some time between 0.73 and 0.76). - OpenBSD-Regress-ID: f7c95c76b150d0aeb00a67858b9579b7d1b2db74 + OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1 -commit 2c64f24e27a5e72a7f59e515fc4f4985355237ae +commit 87ad70d605c3e39c9b8aa275db27120d7cc09b77 Author: Darren Tucker -Date: Mon Dec 21 14:02:56 2020 +1100 +Date: Tue Aug 31 17:04:50 2021 +1000 - Pull in missing rev 1.2. + Resync PuTTY interop tests. + + Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD. -commit 0f504f592d15d8047e466eb7453067a6880992a8 -Author: djm@openbsd.org -Date: Sun Dec 20 23:40:19 2020 +0000 +commit e47b82a7bf51021afac218bf59a3be121827653d +Author: dtucker@openbsd.org +Date: Tue Aug 31 01:25:27 2021 +0000 - upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok + upstream: Specify hostkeyalgorithms in SSHFP test. - markus@ + Specify host key algorithms in sshd's default set for the SSHFP test, + from djm@. Make the reason for when the test is skipped a bit clearer. - OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0 + OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea -commit 729b05f59ded35483acef90a6f88aa03eae33b29 +commit 7db3e0a9e8477c018757b59ee955f7372c0b55fb Author: djm@openbsd.org -Date: Sun Dec 20 23:38:00 2020 +0000 +Date: Mon Aug 30 01:15:45 2021 +0000 - upstream: allow UserKnownHostsFile=none; feedback and ok markus@ + upstream: adapt to RSA/SHA1 deprectation - OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48 + OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb -commit b4c7cd1185c5dc0593d47eafcc1a34fda569dd1d +commit 2344750250247111a6c3c6a4fe84ed583a61cc11 Author: djm@openbsd.org -Date: Sun Dec 20 23:36:51 2020 +0000 +Date: Sun Aug 29 23:53:10 2021 +0000 - upstream: load_hostkeys()/hostkeys_foreach() variants for FILE* - - Add load_hostkeys_file() and hostkeys_foreach_file() that accept a - FILE* argument instead of opening the file directly. - - Original load_hostkeys() and hostkeys_foreach() are implemented using - these new interfaces. - - Add a u_int note field to the hostkey_entry and hostkey_foreach_line - structs that is passed directly from the load_hostkeys() and - hostkeys_foreach() call. This is a lightweight way to annotate results - between different invocations of load_hostkeys(). + upstream: After years of forewarning, disable the RSA/SHA-1 - ok markus@ + signature algorithm by default. It is feasible to create colliding SHA1 + hashes, so we need to deprecate its use. - OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20 - -commit 06fbb386bed666581095cb9cbc7a900e02bfe1b7 -Author: tobhe@openbsd.org -Date: Sat Dec 19 22:09:21 2020 +0000 - - upstream: Print client kem key with correct length. + RSA/SHA-256/512 remains available and will be transparently selected + instead of RSA/SHA1 for most SSH servers released in the last five+ + years. There is no need to regenerate RSA keys. - ok markus@ + The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the + PubkeyAcceptedAlgorithms directives on the client and server. - OpenBSD-Commit-ID: 91689e14a4fc6c270e265a32d1c8faba63a45755 - -commit 0ebead6593e2441e4af2735bbe2cd097607cd0d3 -Author: djm@openbsd.org -Date: Thu Dec 17 23:28:50 2020 +0000 - - upstream: fix possible error("%s", NULL) on error paths + ok dtucker deraadt - OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11 + OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5 -commit d060bc7f6e6244f001e658208f53e3e2ecbbd382 +commit 56c4455d3b54b7d481c77c82115c830b9c8ce328 Author: djm@openbsd.org -Date: Thu Dec 17 23:26:11 2020 +0000 +Date: Sun Aug 29 23:44:07 2021 +0000 - upstream: refactor client percent_expand() argument passing; - - consolidate the common arguments into a single struct and pass that around - instead of using a bunch of globals. ok markus@ + upstream: wrap at 80 columns - OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b + OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0 -commit 43026da035cd266db37df1f723d5575056150744 -Author: djm@openbsd.org -Date: Thu Dec 17 23:10:27 2020 +0000 +commit 95401eea8503943449f712e5f3de52fc0bc612c5 +Author: Darren Tucker +Date: Fri Aug 20 18:14:13 2021 +1000 - upstream: prepare readconf.c for fuzzing; remove fatal calls and - - fix some (one-off) memory leaks; ok markus@ + Replace shell function with ssh-keygen -A. - OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5 + Prevents the init script in the SysV package from trying (and failing) + to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. + ok tim@ -commit bef92346c4a808f33216e54d6f4948f9df2ad7c1 -Author: djm@openbsd.org -Date: Mon Dec 14 03:13:12 2020 +0000 +commit d83ec9ed995a76ed1d5c65cf10b447222ec86131 +Author: Darren Tucker +Date: Fri Aug 20 15:39:05 2021 +1000 - upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path - - OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01 + Remove obsolete Redhat PAM config and init script. -commit a5ab499bd2644b4026596fc2cb24a744fa310666 +commit e1a596186c81e65a34ce13076449712d3bf97eb4 Author: Damien Miller -Date: Fri Dec 4 14:01:27 2020 +1100 +Date: Fri Aug 20 14:03:49 2021 +1000 - basic KEX fuzzer; adapted from Markus' unittest + depend -commit 021ff33e383c77b11badd60cec5b141a3e3fa532 +commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1 Author: Damien Miller -Date: Fri Dec 4 13:57:43 2020 +1100 +Date: Fri Aug 20 13:59:43 2021 +1000 - use options that work with recent clang + update version numbers -commit e4d1a0b40add800b6e9352b40c2223e44acc3a45 +commit feee2384ab8d694c770b7750cfa76a512bdf8246 Author: djm@openbsd.org -Date: Fri Dec 4 02:41:10 2020 +0000 +Date: Fri Aug 20 03:22:55 2021 +0000 - upstream: shuffle a few utility functions into sftp-client.c; from - - Jakub Jelen + upstream: openssh-8.7 - OpenBSD-Commit-ID: fdeb1aae1f6149b193f12cd2af158f948c514a2a + OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd -commit ace12dc64f8e3a2496ca48d36b53cb3c0a090755 -Author: djm@openbsd.org -Date: Fri Dec 4 02:29:56 2020 +0000 +commit 9a2ed62173cc551b2b5f479460bb015b19499de8 +Author: Darren Tucker +Date: Fri Aug 20 10:48:13 2021 +1000 - upstream: make ssh_free(NULL) a no-op + Also check pid in pselect_notify_setup. - OpenBSD-Commit-ID: 42cb285d94789cefe6608db89c63040ab0a80fa0 + Spotted by djm@. -commit 3b98b6e27f8a122dbfda9966b1afeb3e371cce91 -Author: djm@openbsd.org -Date: Fri Dec 4 02:29:25 2020 +0000 +commit deaadcb93ca15d4f38aa38fb340156077792ce87 +Author: Darren Tucker +Date: Fri Aug 20 08:39:33 2021 +1000 - upstream: memleak of DH public bignum; found with libfuzzer - - OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97 + Prefix pselect functions to clarify debug messages -commit 553b90feedd7da5b90901d73005f86705456d686 -Author: djm@openbsd.org -Date: Fri Dec 4 02:27:57 2020 +0000 +commit 10e45654cff221ca60fd35ee069df67208fcf415 +Author: Darren Tucker +Date: Fri Aug 20 08:30:42 2021 +1000 - upstream: fix minor memleak of kex->hostkey_alg on rekex + Fix race in pselect replacement code. - OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50 - -commit ac0364b85e66eb53da2f9618f699ba6bd195ceea -Author: djm@openbsd.org -Date: Fri Dec 4 02:27:08 2020 +0000 - - upstream: typos: s/hex/kex/ in error messages + On the second and subsequent calls to pselect the notify_pipe was not + added to the select readset, opening up a race that om G. Christensen + discovered on multiprocessor Solaris <=9 systems. - OpenBSD-Commit-ID: 43a026c9571dd779ec148de1829cf5a6b6651905 + Also reinitialize notify_pipe if the pid changes. This will prevent a + parent and child from using the same FD, although this is not an issue + in the current structure it might be in future. -commit ee22db7c5885a1d90219202c0695bc621aa0409b -Author: djm@openbsd.org -Date: Fri Dec 4 02:25:13 2020 +0000 +commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f +Author: Darren Tucker +Date: Wed Aug 18 12:51:30 2021 +1000 - upstream: make program name be const + Check compiler for c99 declarations after code. - OpenBSD-Commit-ID: ece25680ec637fdf20502721ccb0276691df5384 + The sntrup761 reference code contains c99-style declarations after code + so don't try to build that if the compiler doesn't support it. -commit 2bcbf679de838bb77a8bd7fa18e100df471a679c -Author: dtucker@openbsd.org -Date: Mon Nov 30 05:36:39 2020 +0000 +commit 7d878679a4b155a359d32104ff473f789501748d +Author: Darren Tucker +Date: Tue Aug 17 15:12:04 2021 +1000 - upstream: Ignore comments at the end of config lines in ssh_config, - - similar to what we already do for sshd_config. bz#2320, with & ok djm@ - - OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4 + Remove trailing backslash on regress-unit-binaries -commit b755264e7d3cdf1de34e18df1af4efaa76a3c015 -Author: dtucker@openbsd.org -Date: Sat Nov 28 12:52:32 2020 +0000 +commit b71b2508f17c68c5d9dbbe537686d81cedb9a781 +Author: Darren Tucker +Date: Tue Aug 17 07:59:27 2021 +1000 - upstream: Include cipher.h for declaration of cipher_by_name. + Put stdint.h inside HAVE_STDINT_H. - OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032 + From Tom G. Christensen. -commit 022def7bd16c3426a95e25f57cb259d54468341c -Author: djm@openbsd.org -Date: Sat Nov 28 03:27:59 2020 +0000 +commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c +Author: Darren Tucker +Date: Mon Aug 16 14:13:02 2021 +1000 - upstream: check result of strchr() against NULL rather than - - searched-for characters; from zhongjubin@huawei.com + Improve github test driver script. - OpenBSD-Commit-ID: e6f57de1d4a4d25f8db2d44e8d58d847e247a4fe + - use a trap to always output any failed regress logs (since the script + sets -e, the existing log output is never invoked). + - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg. + UsePAM). -commit 57bf03f0217554afb8980f6697a7a0b88658d0a9 -Author: dtucker@openbsd.org -Date: Fri Nov 27 10:12:30 2020 +0000 +commit b467cf13705f59ed348b620722ac098fe31879b7 +Author: Darren Tucker +Date: Mon Aug 16 11:32:23 2021 +1000 - upstream: Document ssh-keygen -Z, sanity check its argument earlier and - - provide a better error message if it's not correct. Prompted by bz#2879, ok - djm@ jmc@ + Remove deprecated ubuntu-16.04 test targets. - OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005 + Github has deprecated ubuntu-16.04 and it will be removed on 20 + September. -commit 33313ebc1c7135085676db62189e3520341d6b73 -Author: djm@openbsd.org -Date: Fri Nov 27 00:49:58 2020 +0000 +commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4 +Author: Darren Tucker +Date: Sun Aug 15 23:25:26 2021 +1000 - upstream: Set the specified TOS/DSCP for interactive use prior to - - TCP connect. The connection phase of the SSH session is time-sensitive (due - to server side login grace periods) and is frequently interactive (e.g. - entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after - authentication completes. - - ok dtucker@ - - OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1 + Skip agent ptrace test on hurd. -commit b2bcec13f17ce9174238a704e91d52203e916432 -Author: djm@openbsd.org -Date: Fri Nov 27 00:37:10 2020 +0000 +commit 7c9115bbbf958fbf85259a061c1122e2d046aabf +Author: Darren Tucker +Date: Sun Aug 15 19:37:22 2021 +1000 - upstream: clean up passing of struct passwd from monitor to preauth - - privsep process. No longer copy entire struct w/ pointer addresses, but pass - remaining scalar fields explicitly, - - Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@ - - OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53 + Add hurd test target. -commit 19af04e2231155d513e24fdc81fbec2217ae36a6 -Author: djm@openbsd.org -Date: Sun Nov 22 22:38:26 2020 +0000 +commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3 +Author: Darren Tucker +Date: Sun Aug 15 12:45:10 2021 +1000 - upstream: when loading PKCS#11 keys, include the key fingerprints - - and provider/slot information in debug output. - - OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431 + Skip scp3 tests on all dfly58 and 60 configs. -commit 9b9465ea856e15b9e9890b4ecb4110d7106e7766 -Author: djm@openbsd.org -Date: Sun Nov 22 22:37:11 2020 +0000 +commit e65198e52cb03534e8c846d1bca74c310b1526de +Author: Tim Rice +Date: Sat Aug 14 13:08:07 2021 -0700 - upstream: when mentioning that the host key has changed, don't - - report the type because it is ambiguous as to whether it referred to the - known or new host key. bz3216; ok dtucker@ - - OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad + openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h + to get sigset_t from signal.h needed for the pselect replacement. -commit 637017a7dd3281d3f2df804993cc27c30dbfda47 +commit e50635640f79920d9375e0155cb3f4adb870eee5 Author: Darren Tucker -Date: Wed Nov 25 17:38:46 2020 +1100 +Date: Fri Aug 13 13:21:00 2021 +1000 - Use "=" not "==" in string test. - - POSIX says "=" is string comparison and some shells (eg HP-UX) will - complain about "==". + Test OpenSSH from OpenBSD head on 6.8 and 6.9. -commit 9880f3480f9768897f3b8e714d5317fb993bc5b3 +commit e0ba38861c490c680117b7fe0a1d61a181cd00e7 Author: Darren Tucker -Date: Fri Nov 20 17:16:51 2020 +1100 +Date: Fri Aug 13 13:00:14 2021 +1000 - Restore correct flags during localtime_r check. + Skip scp3 test on dragonfly 58 and 60. - We were restoring the wrong thing CPPFLAGS (we used CFLAGS) for any - platform that doesn't have localtime_r. + The tests hang, so skip until we figure them out. -commit 41935882f4e82de60dbd6e033eabe79e1b963518 -Author: dtucker@openbsd.org -Date: Fri Nov 20 03:16:56 2020 +0000 +commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92 +Author: djm@openbsd.org +Date: Thu Aug 12 23:59:25 2021 +0000 - upstream: When doing an sftp recursive upload or download of a + upstream: mention that CASignatureAlgorithms accepts +/- similarly to - read-only directory, ensure that the directory is created with write and - execute permissions in the interim so that we can actually complete the - transfer, then set the directory permission as the final step. (The execute - bit is only likely to be an issue with a non-POSIX server). bz#3222, ok djm@ + the other algorithm list directives; ok jmc bz#3335 - OpenBSD-Commit-ID: a82606212f2796e31f0e1af94a63355a7ad5d903 + OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9 -commit 0f90440ca70abab947acbd77795e9f130967956c -Author: Darren Tucker -Date: Fri Nov 20 13:37:54 2020 +1100 +commit 090a82486e5d7a8f7f16613d67e66a673a40367f +Author: schwarze@openbsd.org +Date: Thu Aug 12 09:59:00 2021 +0000 - Add new pselect6_time64 syscall on ARM. + upstream: In the editline(3) branch of the sftp(1) event loop, - This is apparently needed on armhfp/armv7hl. bz#3232, patch from - jjelen at redhat.com. - -commit 3a7c46c72b6a1f643b1fc3589cd20d8320c3d9e1 -Author: dtucker@openbsd.org -Date: Fri Nov 20 02:14:16 2020 +0000 - - upstream: Explicitly initialize all members of the + handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to + discard the currently edited command line and get a fresh prompt, just like + in ftp(1), bc(1), and in shells. + + It is critical to not use ssl_signal() for this particular case + because that function unconditionally sets SA_RESTART, but here we + need the signal to interrupt the read(2) in the el_gets(3) event loop. - find_by_key_ctx struct. Initializing a single member should be enough - (the spec says the remainder should be initialized as per the static - rules) but some GCCs warn on this which prevents us testing with -Werror - on those. ok deraadt@ djm@ + OK dtucker@ deraadt@ - OpenBSD-Commit-ID: 687126e60a27d30f02614760ef3c3ae4e8d6af28 + OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299 -commit 076cb616b87d1ea1d292973fcd0ba38c08ea6832 -Author: dtucker@openbsd.org -Date: Thu Nov 19 23:05:05 2020 +0000 +commit e1371e4f58404d6411d9f95eb774b444cea06a26 +Author: naddy@openbsd.org +Date: Wed Aug 11 14:07:54 2021 +0000 - upstream: draft-ietf-secsh-architecture is now RFC4251. + upstream: scp: tweak man page and error message for -3 by default + + Now that the -3 option is enabled by default, flip the documentation + and error message logic from "requires -3" to "blocked by -R". - OpenBSD-Commit-ID: cb0bb58c2711fb5ed519507659be1dcf179ed403 + ok djm@ + + OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020 -commit 85cceda21f1471548e04111aefe2c4943131c1c8 -Author: dtucker@openbsd.org -Date: Tue Nov 17 11:23:58 2020 +0000 +commit 49f46f6d77328a3d10a758522b670a3e8c2235e7 +Author: naddy@openbsd.org +Date: Wed Aug 11 14:05:19 2021 +0000 - upstream: Specify that the KDF function is bcrypt. Based on github + upstream: scp: do not spawn ssh with two -s flags for + + remote-to-remote copies + + Do not add another "-s" to the argument vector every time an SFTP + connection is initiated. Instead, introduce a subsystem flag to + do_cmd() and add "-s" when the flag is set. - PR#214 from rafork, ok markus@, mdoc correction jmc@ + ok djm@ - OpenBSD-Commit-ID: d8f2853e7edbcd483f31b50da77ab80ffa18b4ef + OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1 -commit 5b9720f9adbd70ba5a994f407fe07a7d016d8d65 +commit 2a2cd00783e1da45ee730b7f453408af1358ef5b Author: djm@openbsd.org -Date: Sun Nov 15 22:34:58 2020 +0000 +Date: Wed Aug 11 08:55:04 2021 +0000 - upstream: revert r1.341; it breaks ProxyJump; reported by sthen@ + upstream: test -Oprint-pubkey - OpenBSD-Commit-ID: 6ac2f945b26cb86d936eed338f77861d6da8356a + OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0 -commit 04088725ec9c44880c01799b588cd4ba47b3e8bc +commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54 Author: djm@openbsd.org -Date: Fri Nov 13 07:30:44 2020 +0000 +Date: Wed Aug 11 08:54:17 2021 +0000 - upstream: scrub keyboard-interactive authentication prompts coming + upstream: when verifying sshsig signatures, support an option - from the server through asmprintf() prior to display; suggested by and ok - dtucker@ + (-Oprint-pubkey) to dump the full public key to stdout; based on patch from + Fabian Stelzer; ok markus@ - OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58 + OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2 -commit 5442b491d0ee4bb82f6341ad0ee620ef3947f8c5 +commit 750c1a45ba4e8ad63793d49418a0780e77947b9b Author: djm@openbsd.org -Date: Fri Nov 13 04:53:12 2020 +0000 +Date: Wed Aug 11 05:21:32 2021 +0000 - upstream: prefix keyboard interactive prompts with (user@host) to - - make it easier to determine which connection they are associated with in - cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker + upstream: oops, missed one more %p - OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170 + OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb -commit 2992e4e7014ac1047062acfdbbf6feb156fef616 -Author: Darren Tucker -Date: Fri Nov 13 17:56:11 2020 +1100 +commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489 +Author: djm@openbsd.org +Date: Wed Aug 11 05:20:17 2021 +0000 - Remove use of TIME_WITH_SYS_TIME. + upstream: remove a bunch of %p in format strings; leftovers of + + debuggings past. prompted by Michael Forney, ok dtucker@ - It was only set by the recently removed AC_HEADER_TIME macro, replace - with simple inclusions of both sys/time.h and time.h. Should prevent - mis-detection of struct timespec. + OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac -commit e3f27006f15abacb7e89fda3f5e9a0bd420b7e38 -Author: Damien Miller -Date: Fri Nov 13 14:20:43 2020 +1100 +commit 419aa01123db5ff5dbc68b2376ef23b222862338 +Author: Darren Tucker +Date: Wed Aug 11 09:21:09 2021 +1000 - Revert "detect Linux/X32 systems" - - This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. + Add includes.h to compat tests. - The approach used was incorrect; discussion in bz#3085 + On platforms where closefrom returns void (eg glibc>=2.34) the prototype + for closefrom in its compat tests would cause compile errors. Remove + this and have the tests pull in the compat headers in the same way as + the main code. bz#3336. -commit e51dc7fab61df36e43f3bc64b673f88d388cab91 -Author: Damien Miller -Date: Fri Nov 13 13:22:15 2020 +1100 +commit 931f592f26239154eea3eb35a086585897b1a185 +Author: djm@openbsd.org +Date: Tue Aug 10 03:35:45 2021 +0000 - SELinux has deprecated security_context_t + upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too - (it was only ever a char* anyway) + OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0 -commit b79add37d118276d67f3899987b9f0629c9449c3 -Author: Darren Tucker -Date: Fri Nov 13 13:43:30 2020 +1100 +commit 391ca67fb978252c48d20c910553f803f988bd37 +Author: djm@openbsd.org +Date: Tue Aug 10 03:33:34 2021 +0000 - Remove obsolete AC_HEADER_TIME macro. + upstream: Prepare for a future where scp(1) uses the SFTP protocol by + + default. Replace recently added -M option to select the protocol with -O + (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that + it will be removed in the near future (so no, don't use it in scripts!). + + prompted by/feedback from deraadt@ - AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I - can tell everything we have that might be old enough to need it doesn't. + OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc -commit d5d05cdb3d4efd4a618aa52caab5bec73097c163 +commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be Author: djm@openbsd.org -Date: Thu Nov 12 22:56:00 2020 +0000 +Date: Mon Aug 9 23:56:36 2021 +0000 - upstream: when prompting the user to accept a new hostkey, display + upstream: make scp -3 the default for remote-to-remote copies. It - any other host names/addresses already associated with the key. E.g. + provides a much better and more intuitive user experience and doesn't require + exposing credentials to the source host. - > The authenticity of host 'test (10.0.0.1)' can't be established. - > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. - > This host key is known by the following other names/addresses: - > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 - > ~/.ssh/known_hosts:2: [hashed name] - > ~/.ssh/known_hosts:3: [hashed name] - > ~/.ssh/known_hosts:4: host - > ~/.ssh/known_hosts:5: [host]:2222 - > Are you sure you want to continue connecting (yes/no/[fingerprint])? + thanks naddy@ for catching the missing argument in usage() - feedback and ok markus@ + "Yes please!" - markus@ + "makes a lot of sense" - deraadt@ + "the right thing to do" - dtucker@ - OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4 + OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9 -commit 819b44e8b9af6ce18d3ec7505b9f461bf7991a1f -Author: dtucker@openbsd.org -Date: Thu Nov 12 22:38:57 2020 +0000 +commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555 +Author: djm@openbsd.org +Date: Mon Aug 9 23:49:31 2021 +0000 - upstream: Prevent integer overflow when ridiculously large + upstream: make scp in SFTP mode try to use relative paths as much - ConnectTimeout is specified, capping the effective value (for most platforms) - at 24 days. bz#3229, ok djm@ + as possible. Previosuly, it would try to make relative and ~/-rooted paths + absolute before requesting transfers. + + prompted by and much discussion deraadt@ + ok markus@ - OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0 + OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566 -commit add926dd1bbe3c4db06e27cab8ab0f9a3d00a0c2 +commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c Author: djm@openbsd.org -Date: Wed Nov 11 05:22:32 2020 +0000 +Date: Mon Aug 9 23:47:44 2021 +0000 - upstream: fix logic error that broke URI parsing in ProxyJump + upstream: SFTP protocol extension to allow the server to expand + + ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept + these paths, like scp in rcp mode does. - directives; ok dtucker@ + prompted by and much discussion deraadt@ + ok markus@ - OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705 + OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392 -commit 4340dd43928dfe746cb7e75fe920b63c0d909a9a -Author: claudio@openbsd.org -Date: Tue Nov 10 07:46:20 2020 +0000 +commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8 +Author: djm@openbsd.org +Date: Mon Aug 9 23:44:32 2021 +0000 - upstream: Free the previously allocated msg buffer after writing it + upstream: when scp is in SFTP mode, try to deal better with ~ + + prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted + and prefixed with the SFTP server starting directory (more to come) - out. OK djm@ + prompted by and discussed with deraadt@ + ok markus@ - OpenBSD-Commit-ID: 18c055870fc75e4cb9f926c86c7543e2e21d7fa4 + OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d -commit fcf429a4c69d30d8725612a55b37181594da8ddf -Author: Darren Tucker -Date: Wed Nov 11 12:30:46 2020 +1100 +commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae +Author: djm@openbsd.org +Date: Mon Aug 9 07:21:01 2021 +0000 - Prevent excessively long username going to PAM. + upstream: on fatal errors, make scp wait for ssh connection before + + exiting avoids LogLevel=verbose (or greater) messages from ssh appearing + after scp has returned exited and control has returned to the shell; ok + markus@ - This is a mitigation for a buffer overflow in Solaris' PAM username - handling (CVE-2020-14871), and is only enabled for Sun-derived PAM - implementations. This is not a problem in sshd itself, it only - prevents sshd from being used as a vector to attack Solaris' PAM. - It does not prevent the bug in PAM from being exploited via some other - PAM application. + (this was originally committed as r1.223 along with unrelated stuff that + I rolled back in r1.224) - Based on github PR#212 from Mike Scott but implemented slightly - differently. ok tim@ djm@ + OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b -commit 10dce8ff68ef615362cfcab0c0cc33ce524e7682 +commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245 Author: djm@openbsd.org -Date: Sun Nov 8 23:19:03 2020 +0000 +Date: Mon Aug 9 07:19:12 2021 +0000 - upstream: unbreak; missing NULL check + upstream: rever r1.223 - I accidentally committed unrelated changes - OpenBSD-Commit-ID: 6613dfab488123f454d348ef496824476b8c11c0 + OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9 -commit d5a0cd4fc430c8eda213a4010a612d4778867cd9 +commit 986abe94d481a1e82a01747360bd767b96b41eda Author: djm@openbsd.org -Date: Sun Nov 8 22:37:24 2020 +0000 +Date: Mon Aug 9 07:16:09 2021 +0000 - upstream: when requesting a security key touch on stderr, inform the + upstream: show only the final path component in the progress meter; - user once the touch has been recorded; requested by claudio@ ok markus@ + more useful with long paths (that may truncate) and better matches + traditional scp behaviour; spotted by naddy@ ok deraadt@ - OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233 + OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3 -commit 292bcb2479deb27204e3ff796539c003975a5f7a -Author: Darren Tucker -Date: Mon Nov 9 00:33:35 2020 +1100 +commit 2b67932bb3176dee4fd447af4368789e04a82b93 +Author: djm@openbsd.org +Date: Mon Aug 9 07:13:54 2021 +0000 - Remove preprocessor directive from log macro calls. + upstream: on fatal errors, make scp wait for ssh connection before + + exiting avoids LogLevel=verbose (or greater) messages from ssh appearing + after scp has returned exited and control has returned to the shell; ok + markus@ - Preprocessor directives inside macro calls, such as the new log macros, - are undefined behaviour and do not work with, eg old GCCs. Put the - entire log call inside the ifdef for OPENSSL_HAS_NISTP521. + OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c -commit 71693251b7cbb7dd89aaac18815147124732d0d3 +commit 724eb900ace30661d45db2ba01d0f924d95ecccb Author: dtucker@openbsd.org -Date: Sun Nov 8 12:10:20 2020 +0000 +Date: Sun Aug 8 08:49:09 2021 +0000 - upstream: Add a comment documenting the source of the moduli group + upstream: xstrdup environment variable used by ForwardAgent. bz#3328 - sizes. + from goetze at dovetail.com, ok djm@ deraadt@ - OpenBSD-Commit-ID: aec0725ce607630caaa62682624c6763b350391c + OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742 -commit 4d94b031ff88b015f0db57e140f481bff7ae1a91 +commit 86b4cb3a884846b358305aad17a6ef53045fa41f Author: dtucker@openbsd.org -Date: Sun Nov 8 11:46:12 2020 +0000 +Date: Sun Aug 8 08:27:28 2021 +0000 - upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro. + upstream: Although it's POSIX, not all shells used in Portable support - The log calls are themselves now macros, and preprocessor directives inside - macro arguments are undefined behaviour which some compilers (eg old GCCs) - choke on. It also makes the code tidier. ok deraadt@ + the implicit 'in "$@"' after 'for i'. - OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69 + OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc -commit 6d2564b94e51184eb0b73b97d13a36ad50b4f810 +commit f2ccf6c9f395923695f22345e626dfd691227aaf Author: Darren Tucker -Date: Fri Nov 6 17:11:16 2020 +1100 +Date: Sun Aug 8 17:39:56 2021 +1000 - Fix function body for variadic macro test. + Move portable specific settings down. - AC_LANG_PROGRAM puts its second argument inside main() so we don't need - to do it ourselves. + This brings the top hunk of the file back in sync with OpenBSD + so patches to the CVS Id should apply instead of always being + rejected. -commit 586f9bd2f5980e12f8cf0d3c2a761fa63175da52 -Author: Darren Tucker -Date: Fri Nov 6 16:53:24 2020 +1100 +commit 71b0eb997e220b0fc9331635af409ad84979f2af +Author: dtucker@openbsd.org +Date: Sun Aug 8 07:27:52 2021 +0000 - Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70. + upstream: Move setting of USER further down the startup In portable - Since we only use it to make sure we can handle variadic macros, - explicitly check only for that. with & ok djm@ - -commit a019e353df04de1b2ca78d91b39c393256044ad7 -Author: Darren Tucker -Date: Fri Nov 6 13:56:41 2020 +1100 - - Replace AC_TRY_COMPILE obsoleted in autoconf 2.70. + we have to change this and having it in the same hunk as the CVS Id string + means applying changes fails every. single. time. - Replace with the equivalent AC_COMPILE_IFELSE. + OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b -commit 771b7795c0ef6a2fb43b4c6c66b615c2085cb9cd -Author: Darren Tucker -Date: Fri Nov 6 13:55:33 2020 +1100 +commit f0aca2706c710a0da1a4be705f825a807cd15400 +Author: dtucker@openbsd.org +Date: Sun Aug 8 06:38:33 2021 +0000 - Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC. + upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. - This puts the related C version selection output in the same place. - -commit e5591161f21ab493c6284a85ac3c0710ad94998f -Author: Darren Tucker -Date: Fri Nov 6 13:54:17 2020 +1100 - - AC_CHECK_HEADER() is obsoleted in autoconf 2.70. + scp and sftp like to add -q to the command line passed to ssh which + overrides the LogLevel we set in the config files and suppresses output + to the debug logs so drop any "-q" from the invoked ssh. In the one + case where we actually want to use -q in the banner test, call the ssh + binary directly bypassing the logging wrapper. - Replace with the non-obsoleted AC_CHECK_HEADERS(). + OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75 -commit 05bcd0cadf160fd4826a2284afa7cba6ec432633 -Author: djm@openbsd.org -Date: Tue Nov 3 22:53:12 2020 +0000 +commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc +Author: dtucker@openbsd.org +Date: Sat Aug 7 01:57:08 2021 +0000 - upstream: fold consecutive '*' wildcards to mitigate combinatorial - - explosion of recursive searches; ok dtucker + upstream: Fix prototype mismatch for do_cmd. ok djm@ - OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b + OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d -commit 7d680448db5858dc76307663f78d0b8d3c2b4a3d +commit 85de69f64665245786e28c81ab01fe18b0e2a149 Author: djm@openbsd.org -Date: Fri Oct 30 01:50:07 2020 +0000 +Date: Sat Aug 7 01:55:01 2021 +0000 - upstream: print reason in fatal error message when + upstream: sftp-client.c needs poll.h - kex_assemble_namelist() fails + remove unused variable - OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab + OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16 -commit 95d1109fec7e89ad21f2a97e92bde1305d32a353 -Author: djm@openbsd.org -Date: Thu Oct 29 03:13:06 2020 +0000 +commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073 +Author: Darren Tucker +Date: Sat Aug 7 11:30:57 2021 +1000 - upstream: fix sshd_config SetEnv directive inside Match blocks; part of - - github PR#201 from github user manuelm - - OpenBSD-Commit-ID: 9772e3748abff3ad65ae8fc43d026ed569b1d2bc + Include poll.h and friends for struct pollfd. -commit b12b835dc022ba161afe68348e05a83dfbcb1515 +commit a9e2c533195f28627f205682482d9da384c4c52e Author: djm@openbsd.org -Date: Thu Oct 29 03:01:18 2020 +0000 +Date: Sat Aug 7 00:14:17 2021 +0000 - upstream: fix type of nid in type_bits_valid(); github PR#202 from + upstream: do_upload() used a near-identical structure for - github user thingsconnected + tracking expected status replies from the server to what do_download() was + using. - OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485 - -commit 1a14c13147618144d1798c36a588397ba9008fcc -Author: djm@openbsd.org -Date: Thu Oct 29 02:52:43 2020 +0000 - - upstream: whitespace; no code change + Refactor it to use the same structure and factor out some common + code into helper functions. - OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79 + OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054 -commit 815209abfdd2991fb92ad7d2e33374916cdcbcf4 +commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee Author: djm@openbsd.org -Date: Thu Oct 29 02:47:23 2020 +0000 +Date: Sat Aug 7 00:12:09 2021 +0000 - upstream: UpdateHostkeys: fixed/better detection of host keys that + upstream: make scp(1) in SFTP mode follow symlinks like - exist under other names and addresses; spotted by and debugged with lots of - help from jca@ + traditional scp(1) ok markus@ - OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7 + OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231 -commit a575cf44e59a65506c67bddb62a712208a7a279c -Author: Duncan Eastoe -Date: Wed Oct 21 10:11:10 2020 +0100 +commit 133b44e500422df68c9c25c3b6de35c0263132f1 +Author: djm@openbsd.org +Date: Sat Aug 7 00:10:49 2021 +0000 - session.c: use "denylist" terminology + upstream: fix incorrect directory permissions on scp -3 - Follow upstream (6d755706a0059eb9e2d63517f288b75cbc3b4701) language - improvements in this portable-specific code. - -commit 33267feaffd5d98aa56d2f0b3a99ec352effe938 -Author: Damien Miller -Date: Tue Oct 27 16:46:31 2020 +1100 - - Remove checks for strict POSIX mkdtemp() + transfers; ok markus@ - We needed a mkdtemp() that accepted template paths that did not - end in XXXXXX a long time ago for KRB4, but that code is long - deprecated. We no longer need to replace mkdtemp() for strictly - following POSIX. ok dtucker@ + OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2 -commit 492d70e18bad5a8c97d05f5eddac817171e88d2c -Author: dtucker@openbsd.org -Date: Mon Oct 26 00:39:04 2020 +0000 +commit 98b59244ca10e62ff67a420856770cb700164f59 +Author: djm@openbsd.org +Date: Sat Aug 7 00:09:57 2021 +0000 - upstream: Minor man page fixes (capitalization, commas) identified by + upstream: a bit more debugging of file attributes being - the manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@ + sent/received over the wire - OpenBSD-Commit-ID: ab83af0daf18369244a72daaec6c4a58a9eb7e2c + OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b -commit eab2888cfc6cc4e2ef24bd017da9835a0f365f3f -Author: dtucker@openbsd.org -Date: Mon Oct 19 22:49:23 2020 +0000 +commit c677e65365d6f460c084e41e0c4807bb8a9cf601 +Author: djm@openbsd.org +Date: Sat Aug 7 00:08:52 2021 +0000 - upstream: Adapt XMSS to new logging infrastructure. With markus@, ok + upstream: make scp(1) in SFTP mode output better match original - djm@. + scp(1) by suppressing "Retrieving [path]" lines that were emitted to support + the interactive sftp(1) client. ok markus@ - OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de + OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc -commit f7bd11e4941620991f3e727cd0131b01f0311a58 +commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd Author: djm@openbsd.org -Date: Mon Oct 19 08:07:08 2020 +0000 +Date: Sat Aug 7 00:07:18 2021 +0000 - upstream: fix SEGV on fatal() errors spotted by dtucker@ + upstream: factor out a structure duplicated between downloading - OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2 - -commit 7715a3b171049afa1feffb1d5a1245dfac36ce99 -Author: Darren Tucker -Date: Mon Oct 19 10:54:41 2020 +1100 - - Use fatal_fr not fatal_r when passing r. + and crossloading; ok markus@ - Caught by the PAM -Werror tinderbox build. + OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39 -commit 816036f142ecd284c12bb3685ae316a68d2ef190 +commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388 Author: djm@openbsd.org -Date: Sun Oct 18 11:32:01 2020 +0000 +Date: Sat Aug 7 00:06:30 2021 +0000 - upstream: use the new variant log macros instead of prepending + upstream: use sftp_client crossloading to implement scp -3 - __func__ and appending ssh_err(r) manually; ok markus@ + feedback/ok markus@ - OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8 + OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9 -commit 9e2c4f64224f68fb84c49b5182e449f94b0dc985 +commit de7115b373ba0be3861c65de9b606a3e0e9d29a3 Author: djm@openbsd.org -Date: Sun Oct 18 11:21:59 2020 +0000 +Date: Sat Aug 7 00:02:41 2021 +0000 - upstream: variants of the log methods that append a ssherr.h string + upstream: support for "cross"-loading files/directories, i.e. - from a supplied error code; ok markus@ + downloading from one SFTP server while simultaneously uploading to another. - OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf - -commit 28cb0a4b03940d1ee576eb767a81a4113bdc917e -Author: djm@openbsd.org -Date: Sun Oct 18 11:14:27 2020 +0000 - - upstream: remove a level of macro indirection; ok markus@ + feedback & ok markus@ - OpenBSD-Commit-ID: 0c529d06e902c5d1a6b231e1bec6157f76dc67c9 + OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235 -commit 9cac1db52e6c4961c447910fe02cd68a3b2f9460 +commit a50bd0367ff2063bbc70a387740a2aa6914de094 Author: djm@openbsd.org -Date: Sun Oct 18 11:13:45 2020 +0000 +Date: Sat Aug 7 00:01:29 2021 +0000 - upstream: add some variant log.h calls that prepend the calling + upstream: factor our SSH2_FXP_OPEN calls into their own function; - function name; ok markus@ + "looks fine" markus@ - OpenBSD-Commit-ID: 4be1b2e2455b271ddb7457bc195c5367644f4e48 - -commit d55dfed34ef6ef1f028d552a90d5f3dba8dd6f7b -Author: Damien Miller -Date: Sat Oct 17 22:55:24 2020 +1100 - - missing header - -commit 999d7cb79a3a73d92a6dfbf174c33da0d984c7a2 -Author: Damien Miller -Date: Sat Oct 17 22:47:52 2020 +1100 - - sync regress/misc/sk-dummy/fatal.c + OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb -commit 3554b4afa38b3483a3302f1be18eaa6f843bb260 +commit e3c0ba05873cf3d3f7d19d595667a251026b2d84 Author: djm@openbsd.org -Date: Sat Oct 17 01:28:20 2020 +0000 +Date: Sat Aug 7 00:00:33 2021 +0000 - upstream: make the log functions that exit (sshlogdie(), - - sshfatal(), etc) have identical signatures. Makes things a bit more - consistent... + upstream: prepare for scp -3 implemented via sftp - OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9 + OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44 -commit 616029a85ad7529b24bb8c4631d9607c0d6e7afe -Author: jmc@openbsd.org -Date: Fri Oct 16 14:34:33 2020 +0000 +commit 395d8fbdb094497211e1461cf0e2f80af5617e0a +Author: dtucker@openbsd.org +Date: Fri Aug 6 09:00:18 2021 +0000 - upstream: add space between macro arg and punctuation; + upstream: Make diff invocation more portable. - OpenBSD-Commit-ID: bb81e2ed5a77832fe62ab30a915ae67cda57633e - -commit f812a36cee5727147bc897d34ab9af068dd4561e -Author: Damien Miller -Date: Sat Oct 17 12:03:34 2020 +1100 - - check for and require a C99 capable compiler + POSIX does not require diff to have -N, so compare in both directions + with just -r, which should catch missing files in either directory. - recent logging changes use __VA_ARGS__. - -commit f9ea6515202b59a1e2d5b885cafc1b12eff33016 -Author: Damien Miller -Date: Sat Oct 17 11:51:20 2020 +1100 - - logging is now macros, remove function pointers - -commit 0f938f998626e8359324f803157cd7c9f8f403e2 -Author: Damien Miller -Date: Sat Oct 17 11:42:26 2020 +1100 - - adapt sk-dummy's fatal implementation to changes - -commit afbd9ec9e2dbad04834ce7ce53e58740434f32a5 -Author: Damien Miller -Date: Sat Oct 17 11:33:13 2020 +1100 - - fix netcat build problem + OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7 -commit 793b583d097381730adaf6f68bed3c343139a013 +commit d247a73ce27b460138599648d9c637c6f2b77605 Author: djm@openbsd.org -Date: Fri Oct 16 13:26:13 2020 +0000 +Date: Wed Aug 4 21:28:00 2021 +0000 - upstream: LogVerbose keyword for ssh and sshd - - Allows forcing maximum debug logging by file/function/line pattern- - lists. - - ok markus@ + upstream: regression test for scp -3 - OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356 + OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d -commit 752250caabda3dd24635503c4cd689b32a650794 -Author: djm@openbsd.org -Date: Fri Oct 16 13:24:45 2020 +0000 +commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2 +Author: dtucker@openbsd.org +Date: Fri Aug 6 05:04:42 2021 +0000 - upstream: revised log infrastructure for OpenSSH - - log functions receive function, filename and line number of caller. - We can use this to selectively enable logging via pattern-lists. - - ok markus@ + upstream: Document "ProxyJump none". bz#3334. - OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349 + OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7 -commit acadbb3402b70f72f14d9a6930ad41be97c2f9dc -Author: djm@openbsd.org -Date: Fri Oct 16 02:37:12 2020 +0000 +commit 911ec6411821bda535d09778df7503b92f0eafab +Author: dtucker@openbsd.org +Date: Wed Aug 4 01:34:55 2021 +0000 - upstream: use do_log2 instead of function pointers to different log - - functions + upstream: Allow for different (but POSIX compliant) behaviour of - OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480 - -commit 95b0bcfd1531d59e056ae8af27bb741391f26ab0 -Author: djm@openbsd.org -Date: Wed Oct 14 00:55:17 2020 +0000 - - upstream: make UpdateHostkeys still more conservative: refuse to + basename(3) and prevent a use-after-free in that case in the new sftp-compat + code. - proceed if one of the keys offered by the server is already in known_hosts - under another name. This avoid collisions between address entries for - different host aliases when CheckHostIP=yes + POSIX allows basename(3) to either return a pointer to static storage + or modify the passed string and return a pointer to that. OpenBSD does + the former and works as is, but on other platforms "filename" points + into "tmp" which was just freed. This makes the freeing of tmp + consistent with the other variable in the loop. - Also, do not attempt to fix known_hosts with incomplete host/ip matches - when there are no new or deprecated hostkeys. + Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@ - OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3 + OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374 -commit a336ce8c2c55547cc00e0070a18c55f30bb53fb6 -Author: kn@openbsd.org -Date: Mon Oct 12 08:36:36 2020 +0000 +commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd +Author: Damien Miller +Date: Wed Aug 4 11:05:11 2021 +1000 - upstream: Zap unused family parameter from ssh_connect_direct() - - sshconnect.c r1.241 from 2013 made it unused; found while reading code. - - OK djm - - OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5 + use openbsd-compat glob.h is required -commit e545d94b713effab8e6c7dfabbfb76c1d84d7498 -Author: Philip Hands -Date: Sun Oct 4 00:15:46 2020 +0200 +commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b +Author: Darren Tucker +Date: Tue Aug 3 21:03:23 2021 +1000 - shift contents of long $() into filter_ids() - - This was prompted by the fact that posh does not deal with $() - that contains comments where the comment includes an odd number - of single-quotes. It seems to get befuddled into trying to find - the matching quote. - Regardless, making a function for filtering the unneeded ids - seems much neater than avoiding apostrophes, - so that's what I've done. + Missing space between macro arg and punctuation. - SSH-Copy-ID-Upstream: 3dab3366a584427045c8a690a93282f02c09cf24 + From jmc@ -commit fd360174596047b52aa1cddda74d85012a03ca4b -Author: Philip Hands -Date: Sat Oct 3 23:15:16 2020 +0200 +commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a +Author: Darren Tucker +Date: Tue Aug 3 21:02:33 2021 +1000 - combine if/elif to avoid duplication of the action - - SSH-Copy-ID-Upstream: 42aeb1cc53d3f7f6e78edc210fb121fda0834914 + Avoid lines >80 chars. From jmc@ -commit f7c3a39b016dd77709ecbf18da8282f967b86cd7 -Author: Philip Hands -Date: Sat Oct 3 21:45:16 2020 +0200 +commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b +Author: djm@openbsd.org +Date: Tue Aug 3 01:05:24 2021 +0000 - shellcheck tidyage + upstream: regression tests for scp SFTP protocol support; mostly by - SSH-Copy-ID-Upstream: 5b08f840e78ac544288b3983010a1b0585e966fd - -commit 108676c3f26be6c873db0dd8754063699908727b -Author: Philip Hands -Date: Sat Oct 3 21:10:03 2020 +0200 - - tidy up test of $SCRATCH_DIR creation + Jakub Jelen in GHPR#194 ok markus - SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93 + OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 -commit a9c9e91a82bc1a2cf801b4e3ef27a941dbd27717 -Author: Philip Hands -Date: Wed Sep 16 16:13:30 2020 +0200 +commit e4673b7f67ae7740131a4ecea29a846593049a91 +Author: anton@openbsd.org +Date: Thu Jul 29 15:34:09 2021 +0000 - add -s flag: to install keys via SFTP - - This is prompted by: + upstream: Treat doas with arguments as a valid SUDO variable. - https://bugzilla.mindrot.org/show_bug.cgi?id=3201 + Allows one to specify SUDO="doas -n" which I do while running make regress. - Thanks go to Matthias Blümel for the idea, and the helpful patch, from - which this patch grew. + ok dtucker@ - SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614 + OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005 -commit f92424970c02b78852ff149378c7f2616ada4ccf +commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3 Author: djm@openbsd.org -Date: Sun Oct 11 22:14:38 2020 +0000 +Date: Mon Aug 2 23:38:27 2021 +0000 - upstream: UpdateHostkeys: check for keys under other names + upstream: support for using the SFTP protocol for file transfers in - Stop UpdateHostkeys from automatically removing deprecated keys from - known_hosts files if the same keys exist under a different name or - address to the host that is being connected to. + scp, via a new "-M sftp" option. Marked as experimental for now. - This avoids UpdateHostkeys from making known_hosts inconsistent in - some cases. For example, multiple host aliases sharing address-based - known_hosts on different lines, or hosts that resolves to multiple - addresses. + Some corner-cases exist, in particular there is no attempt to + provide bug-compatibility with scp's weird "double shell" quoting + rules. - ok markus@ + Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ + Thanks jmc@ for improving the scp.1 bits. - OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1 + OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c -commit d98f14b5328922ae3085e07007d820c4f655b57a -Author: djm@openbsd.org -Date: Sun Oct 11 22:13:37 2020 +0000 +commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f +Author: jmc@openbsd.org +Date: Fri Jul 30 14:28:13 2021 +0000 - upstream: UpdateHostkeys: better CheckHostIP handling + upstream: fix a formatting error and add some Xr; from debian at - When preparing to update the known_hosts file, fully check both - entries for both the host and the address (if CheckHostIP enabled) - and ensure that, at the end of the operation, entries for both are - recorded. + helgefjell de - Make sure this works with HashKnownHosts too, which requires maintaining - a list of entry-types seen across the whole file for each key. + removed references to rlogin etc. as no longer relevant; + suggested by djm - ok markus@ + ok djm dtucker - OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd + OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae -commit af5941ae9b013aac12585e84c4cf494f3728982f -Author: djm@openbsd.org -Date: Sun Oct 11 22:12:44 2020 +0000 +commit c7cd347a8823819411222c1e10a0d26747d0fd5c +Author: jmc@openbsd.org +Date: Fri Jul 30 14:25:01 2021 +0000 - upstream: UpdateHostkeys: better detect manual host entries + upstream: fix a formatting error and mark up known_hosts - Disable UpdateHostkeys if the known_hosts line has more than two - entries in the pattern-list. ssh(1) only writes "host" or "host,ip" - lines so anything else was added by a different tool or by a human. + consistently; issues reported by debian at helgefjell de - ok markus@ + ok djm dtucker - OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820 + OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce -commit 6247812c76f70b2245f3c23f5074665b3d436cae -Author: djm@openbsd.org -Date: Thu Oct 8 01:15:16 2020 +0000 +commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738 +Author: jmc@openbsd.org +Date: Wed Jul 28 05:57:42 2021 +0000 - upstream: don't misdetect comma-separated hostkey names as wildcards; + upstream: no need to talk about version 2 with the -Q option, so - spotted by naddy@ + rewrite the text to read better; - OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce - -commit 67146c7d022a170be3cdad2f5f40259a663fb266 -Author: wangxp006 -Date: Thu Oct 8 17:49:59 2020 +0800 - - fix TEST_MALLOC_OPTIONS var - -commit 3205eaa3f8883a34fa4559ddef6c90d1067c5cce -Author: djm@openbsd.org -Date: Thu Oct 8 00:31:05 2020 +0000 - - upstream: clarify conditions for UpdateHostkeys + issue reported by debian at helgefjell de + ok djm dtucker - OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27 + OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf -commit e8dfca9bfeff05de87160407fb3e6a5717fa3dcb -Author: djm@openbsd.org -Date: Wed Oct 7 06:38:16 2020 +0000 +commit bec429338e9b30d2c7668060e82608286a8a4777 +Author: jmc@openbsd.org +Date: Tue Jul 27 14:28:46 2021 +0000 - upstream: remove GlobalKnownHostsFile for this test after - - UpdateHostkeys change + upstream: word fix; reported by debian at helgefjell de - OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1 + OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece -commit 4aa2717d7517cff4bc423a6cfba3a2defb055aea -Author: djm@openbsd.org -Date: Wed Oct 7 02:26:28 2020 +0000 +commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1 +Author: jmc@openbsd.org +Date: Tue Jul 27 14:14:25 2021 +0000 - upstream: Disable UpdateHostkeys when hostkey checking fails + upstream: standardise the grammar in the options list; issue - If host key checking fails (i.e. a wrong host key is recorded for the - server) and the user elects to continue (via StrictHostKeyChecking=no), - then disable UpdateHostkeys for the session. + reported by debian at helgefjell de - reminded by Mark D. Baushke; ok markus@ + ok dtucker djm - OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a + OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6 -commit 04c06d04475f1f673e9d9743710d194453fe3888 -Author: djm@openbsd.org -Date: Wed Oct 7 02:25:43 2020 +0000 +commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956 +Author: Darren Tucker +Date: Mon Aug 2 18:56:29 2021 +1000 - upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug - - When all of UpdateHostkeys, HashKnownHosts and ChechHostIP - were enabled and new host keys were learned, known_hosts IP - entries were not being recorded for new host keys. - - reported by matthieu@ ok markus@ - - OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7 + Check for RLIMIT_NOFILE before trying to use it. -commit b70e33711291f3081702133175a41cccafc0212a -Author: djm@openbsd.org -Date: Wed Oct 7 02:24:51 2020 +0000 +commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4 +Author: Darren Tucker +Date: Tue Jul 27 17:45:34 2021 +1000 - upstream: don't UpdateHostkeys when the hostkey is verified by the - - GlobalKnownHostsFile file, support only UserKnownHostsFile matches - - suggested by Mark D. Baushke; feedback and ok markus@ + lastenv is only used in setenv. - OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9 + Prevents an unused variable warning on platforms that have setenv but + not unsetenv. -commit aa623142e426ca1ab9db77b06dcc9b1b70bd102b -Author: djm@openbsd.org -Date: Wed Oct 7 02:22:23 2020 +0000 +commit a1f78e08bdb3eaa88603ba3c6e01de7c8671e28a +Author: Darren Tucker +Date: Mon Jul 26 12:45:30 2021 +1000 - upstream: revert kex->flags cert hostkey downgrade back to a plain - - key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less - plumbing. - - ok markus@ + Move SUDO to "make test" command line. - OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed + Environment variables don't get passed by vmrun, so move to command + line. -commit f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac -Author: djm@openbsd.org -Date: Wed Oct 7 02:20:35 2020 +0000 +commit 02e624273b9c78a49a01239159b8c09b8409b1a0 +Author: Darren Tucker +Date: Sun Jul 25 23:26:36 2021 +1000 - upstream: simply disable UpdateHostkeys when a certificate - - successfully authenticated the host; simpler than the complicated plumbing - via kex->flags we have now. - - ok markus@ - - OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c + Set SUDO for tests and cleanup. -commit e79957e877db42c4c68fabcf6ecff2268e53acb5 -Author: djm@openbsd.org -Date: Wed Oct 7 02:18:45 2020 +0000 +commit 460ae5d93051bab70239ad823dd784822d58baad +Author: Darren Tucker +Date: Sun Jul 25 22:37:55 2021 +1000 - upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is - - enabled; suggested by Mark D. Baushke - - OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf + Pass OPENSSL=no to make tests too. -commit 3d4c2016bae1a6f14b48c1150a4c79ca4c9968bd +commit b398f499c68d74ebe3298b73757cf3f36e14e0cb Author: dtucker@openbsd.org -Date: Tue Oct 6 07:12:04 2020 +0000 +Date: Sun Jul 25 12:27:37 2021 +0000 - upstream: Agent protocol draft is now at rev 4. ok djm@ + upstream: Skip unit and makefile-based key conversion tests when + + we're building with OPENSSL=no. - OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837 + OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732 -commit af889a40ffc113af9105c03d7b32131eb4372d50 -Author: djm@openbsd.org -Date: Sun Oct 4 09:45:01 2020 +0000 +commit 727ce36c8c5941bde99216d27109405907caae4f +Author: dtucker@openbsd.org +Date: Sun Jul 25 12:13:03 2021 +0000 - upstream: when ordering host key algorithms in the client, consider + upstream: Replace OPENSSL as the variable that points to the - the ECDSA key subtype; ok markus@ + openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL + variable from mk.conf or the make(1) command line indicating if we're + building with our without OpenSSL, and ultimately get the regress tests + working in the OPENSSL=no configuration. - OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece + OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e -commit 2d39fc9f7e039351daa3d6aead1538ac29258add +commit 55e17101a9075f6a63af724261c5744809dcb95c Author: dtucker@openbsd.org -Date: Sun Oct 4 03:04:02 2020 +0000 +Date: Sat Jul 24 02:57:28 2021 +0000 - upstream: Allow full range of UIDs and GIDs for sftp chown and + upstream: Skip RFC4716 format import and export tests when built - chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, - found by booking00 at sina.cn, ok markus@ + without OpenSSL. - OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5 + OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4 -commit 396d32f3a1a16e54df2a76b2a9b237868580dcbe -Author: djm@openbsd.org -Date: Sat Oct 3 09:22:26 2020 +0000 +commit f5ccb5895d39cd627ad9e7b2c671d2587616100d +Author: dtucker@openbsd.org +Date: Sat Jul 24 02:51:14 2021 +0000 - upstream: There are lots of place where we want to redirect stdin, + upstream: Don't omit ssh-keygen -y from usage when built without - stdout and/or stderr to /dev/null. Factor all these out to a single - stdfd_devnull() function that allows selection of which of these to redirect. - ok markus@ + OpenSSL. It is actually available, albeit only for ed25519 keys. - OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099 + OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674 -commit 1286981d08b8429a64613215ce8bff3f6b32488a -Author: djm@openbsd.org -Date: Sat Oct 3 08:30:47 2020 +0000 +commit 819d57ac23469f1f03baa8feb38ddefbada90fdc +Author: dtucker@openbsd.org +Date: Sat Jul 24 02:08:13 2021 +0000 - upstream: enable UpdateHostkeys by default when the configuration + upstream: Exclude key conversion options from usage when built - has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" - deraadt@ + without OpenSSL since those are not available, similar to what we currently + do with the moduli screening options. We can also use this to skip the + conversion regression tests in this case. - OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60 + OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe + +commit b6673b1d2ee90b4690ee84f634efe40225423c38 +Author: Darren Tucker +Date: Sat Jul 24 13:02:51 2021 +1000 + + Test OpenBSD upstream with and without OpenSSL. -commit 332f21537293d66508f7342dc643bc7fe45f0f69 +commit 9d38074b5453c1abbdf888e80828c278d3b886ac Author: djm@openbsd.org -Date: Sat Oct 3 08:12:59 2020 +0000 +Date: Sat Jul 24 01:54:23 2021 +0000 - upstream: disable UpdateHostkeys when a wildcard hostname pattern + upstream: test for first-match-wins in authorized_keys environment= - is encountered or when a certificate host key is in use. feedback/ok markus@ + options - OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd + OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8 -commit 13cee44ef907824083d89cb9395adbbd552e46c1 -Author: djm@openbsd.org -Date: Sat Oct 3 08:11:28 2020 +0000 +commit 2b76f1dd19787e784711ea297ad8fc938b4484fd +Author: dtucker@openbsd.org +Date: Fri Jul 23 05:53:02 2021 +0000 - upstream: record when the host key checking code downgrades a - - certificate host key to a plain key. This occurs when the user connects to a - host with a certificate host key but no corresponding CA key configured in - known_hosts; feedback and ok markus@ + upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly. - OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901 + OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108 -commit 12ae8f95e2e0c273e9e7ef930b01a028ef796a3f +commit 7d64a9fb587ba9592f027f7a2264226c713d6579 Author: djm@openbsd.org -Date: Sat Oct 3 04:15:06 2020 +0000 +Date: Sat Jul 24 01:55:19 2021 +0000 - upstream: prefer ed25519 signature algorithm variants to ECDSA; ok + upstream: don't leak environment= variable when it is not the first - markus@ + match - OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b + OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0 -commit e5ed753add7aa8eed6b167e44db6240a76404db2 -Author: djm@openbsd.org -Date: Sat Oct 3 03:40:38 2020 +0000 +commit db2130e2340bf923e41c791aa9cd27b9e926042c +Author: jmc@openbsd.org +Date: Fri Jul 23 06:01:17 2021 +0000 - upstream: want time.h here too + upstream: punctuation; - OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7 + OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806 -commit 66bd9fdf8b7762eb6a85cabbb1ae4ed955679f60 -Author: deraadt@openbsd.org -Date: Sat Oct 3 02:18:33 2020 +0000 +commit 03190d10980c6fc9124e988cb2df13101f266507 +Author: djm@openbsd.org +Date: Fri Jul 23 05:56:47 2021 +0000 - upstream: split introductory paragraph, and insert ominous words about + upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN) - the glob issue, which cannot be fully fixed and really requires completely - replacing scp with a completely different subsystem. team effort to find the - right words.. + will try to use askpass first. bz3314 - OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c - -commit 86cc8ce002ea10e88a4c5d622a8fdfab8a7d261f -Author: Damien Miller -Date: Sat Oct 3 13:38:55 2020 +1000 - - use relative rather than system include here - -commit 922cfac5ed5ead9f796f7d39f012dd653dc5c173 -Author: Damien Miller -Date: Sat Oct 3 13:38:41 2020 +1000 - - add some openbsd-compat licenses we missed - -commit ce941c75ea9cd6c358508a5b206809846c8d9240 -Author: Philip Hands -Date: Sat Oct 3 00:20:07 2020 +0200 - - un-nest $() to make ksh cheerful - -commit 18ea5f4b88e303677d2003b95e5cb864b439e442 -Author: Philip Hands -Date: Fri Oct 2 21:30:10 2020 +0200 - - ksh doesn't grok 'local' + convert a couple of debug() -> debug_f() while here - and AFAICT it's not actually doing anything useful in the code, so let's - see how things go without it. - -commit d9e727dcc04a52caaac87543ea1d230e9e6b5604 -Author: Oleg -Date: Thu Oct 1 12:09:08 2020 +0300 - - Fix `EOF: command not found` error in ssh-copy-id + OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c -commit a1a856d50c89be3206f320baa4bfb32fff4e826f +commit 1653ece6832b2b304d46866b262d5f69880a9ec7 Author: dtucker@openbsd.org -Date: Wed Sep 30 09:11:39 2020 +0000 +Date: Fri Jul 23 05:07:16 2021 +0000 - upstream: Regen moduli. + upstream: Test conversion of ed25519 and ecdsa keys too. - OpenBSD-Commit-ID: 04967f8c43e9854ac34b917bcd6f5ac96c53a693 - -commit fa1fe3ead7069d90d3c67d62137ad66acfcc9f48 -Author: HARUYAMA Seigo -Date: Sun Sep 27 20:06:20 2020 +0900 - - Restore first section title of INSTALL - -commit 279261e1ea8150c7c64ab5fe7cb4a4ea17acbb29 -Author: Damien Miller -Date: Sun Sep 27 17:25:01 2020 +1000 - - update version numbers + OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb -commit 58ca6ab6ff035ed12b5078e3e9c7199fe72c8587 -Author: djm@openbsd.org -Date: Sun Sep 27 07:22:05 2020 +0000 +commit 8b7af02dcf9d2b738787efd27da7ffda9859bed2 +Author: dtucker@openbsd.org +Date: Fri Jul 23 04:56:21 2021 +0000 - upstream: openssh 8.4 + upstream: Add test for exporting pubkey from a passphrase-protected - OpenBSD-Commit-ID: a29e5b372d2c00e297da8a35a3b87c9beb3b4a58 - -commit 9bb8a303ce05ff13fb421de991b495930be103c3 -Author: Damien Miller -Date: Tue Sep 22 10:07:43 2020 +1000 - - sync with upstream ssh-copy-id rev f0da1a1b7 - -commit 0a4a5571ada76b1b012bec9cf6ad1203fc19ec8d -Author: djm@openbsd.org -Date: Mon Sep 21 07:29:09 2020 +0000 - - upstream: close stdin when forking after authentication too; ok markus + private key. - OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24 + OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac -commit d14fe25e6c3b89f8af17e2894046164ac3b45688 +commit 441095d4a3e5048fe3c87a6c5db5bc3383d767fb Author: djm@openbsd.org -Date: Sun Sep 20 23:31:46 2020 +0000 +Date: Fri Jul 23 03:54:55 2021 +0000 - upstream: close stdout/stderr after "ssh -f ..." forking - - bz#3137, ok markus + upstream: regression test for time-limited signature keys - OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2 - -commit 53a33a0d745179c02108589e1722457ca8ae4372 -Author: Damien Miller -Date: Sun Sep 20 15:57:09 2020 +1000 - - .depend + OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc -commit 107eb3eeafcd390e1fa7cc7672a05e994d14013e +commit 9e1882ef6489a7dd16b6d7794af96629cae61a53 Author: djm@openbsd.org -Date: Sun Sep 20 05:47:25 2020 +0000 +Date: Fri Jul 23 05:24:02 2021 +0000 - upstream: cap channel input buffer size at 16MB; avoids high memory use - - when peer advertises a large window but is slow to consume the data we send - (e.g. because of a slow network) - - reported by Pierre-Yves David + upstream: note successful authentication method in final "Authenticated - fix with & ok markus@ + to ..." message and partial auth success messages (all at LogLevel=verbose) + ok dtucker@ - OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216 - -commit acfe2ac5fe033e227ad3a56624fbbe4af8b5da04 -Author: Damien Miller -Date: Fri Sep 18 22:02:53 2020 +1000 - - libfido2 1.5.0 is recommended + OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984 -commit 52a03e9fca2d74eef953ddd4709250f365ca3975 +commit a917e973a1b90b40ff1e950df083364b48fc6c78 Author: djm@openbsd.org -Date: Fri Sep 18 08:16:38 2020 +0000 +Date: Fri Jul 23 04:04:52 2021 +0000 - upstream: handle multiple messages in a single read() + upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart - PR#183 by Dennis Kaarsemaker; feedback and ok markus@ + to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok + dtucker - OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1 + OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3 -commit dc098405b2939146e17567a25b08fc6122893cdf -Author: pedro martelletto -Date: Fri Sep 18 08:57:29 2020 +0200 +commit e0c5088f1c96a145eb6ea1dee438010da78f9ef5 +Author: djm@openbsd.org +Date: Fri Jul 23 04:00:59 2021 +0000 - configure.ac: add missing includes + upstream: Add a StdinNull directive to ssh_config(5) that allows - when testing, make sure to include the relevant header files that - declare the types of the functions used by the test: + the config file to do the same thing as -n does on the ssh(1) commandline. + Patch from Volker Diels-Grabsch via GHPR231; ok dtucker - - stdio.h for printf(); - - stdlib.h for exit(); - - string.h for strcmp(); - - unistd.h for unlink(), _exit(), fork(), getppid(), sleep(). + OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e -commit b3855ff053f5078ec3d3c653cdaedefaa5fc362d +commit e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea Author: djm@openbsd.org -Date: Fri Sep 18 05:23:03 2020 +0000 +Date: Fri Jul 23 03:57:20 2021 +0000 - upstream: tweak the client hostkey preference ordering algorithm to + upstream: make authorized_keys environment="..." directives - prefer the default ordering if the user has a key that matches the - best-preference default algorithm. + first-match-wins and more strictly limit their maximum number; prompted by + OOM reported by OSS-fuzz (35470). - feedback and ok markus@ + feedback and ok dtucker@ - OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f + OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121 -commit f93b187ab900c7d12875952cc63350fe4de8a0a8 -Author: Damien Miller -Date: Fri Sep 18 14:55:48 2020 +1000 +commit d0bb1ce731762c55acb95817df4d5fab526c7ecd +Author: djm@openbsd.org +Date: Fri Jul 23 03:37:52 2021 +0000 - control over the colours in gnome-ssh-askpass[23] + upstream: Let allowed signers files used by ssh-keygen(1) - Optionally set the textarea colours via $GNOME_SSH_ASKPASS_FG_COLOR and - $GNOME_SSH_ASKPASS_BG_COLOR. These accept the usual three or six digit - hex colours. - -commit 9d3d36bdb10b66abd1af42e8655502487b6ba1fa -Author: Damien Miller -Date: Fri Sep 18 14:50:38 2020 +1000 - - focus improvement for gnome-ssh-askpass[23] + signatures support key lifetimes, and allow the verification mode to specify + a signature time to check at. This is intended for use by git to support + signing objects using ssh keys. ok dtucker@ - When serving a SSH_ASKPASS_PROMPT=none information dialog, ensure - then doesn't immediately close the dialog. Instead, require an - explicit to reach the close button, or . + OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31 -commit d6f507f37e6c75a899db0ef8224e72797c5563b6 +commit 44142068dc7ef783d135e91ff954e754d2ed432e Author: dtucker@openbsd.org -Date: Wed Sep 16 03:07:31 2020 +0000 +Date: Mon Jul 19 08:48:33 2021 +0000 - upstream: Remove unused buf, last user was removed when switching - - to the sshbuf API. Patch from Sebastian Andrzej Siewior. + upstream: Use SUDO when setting up hostkey. - OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889 + OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7 -commit c3c786c3a0973331ee0922b2c51832a3b8d7f20f -Author: djm@openbsd.org -Date: Wed Sep 9 21:57:27 2020 +0000 +commit 6b67f3f1d1d187597e54a139cc7785c0acebd9a2 +Author: dtucker@openbsd.org +Date: Mon Jul 19 05:08:54 2021 +0000 - upstream: For the hostkey confirmation message: - - > Are you sure you want to continue connecting (yes/no/[fingerprint])? + upstream: Increase time margin for rekey tests. Should help - compare the fingerprint case sensitively; spotted Patrik Lundin - ok dtucker + reliability on very heavily loaded hosts. - OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2 + OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533 -commit f2950baf0bafe6aa20dfe2e8d1ca4b23528df617 +commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8 Author: Darren Tucker -Date: Fri Sep 11 14:45:23 2020 +1000 +Date: Mon Jul 19 13:47:51 2021 +1000 - New config-build-time dependency on automake. + Add sshfp-connect.sh file missed in previous. -commit 600c1c27abd496372bd0cf83d21a1c119dfdf9a5 -Author: Darren Tucker -Date: Sun Sep 6 21:56:36 2020 +1000 +commit b75a80fa8369864916d4c93a50576155cad4df03 +Author: dtucker@openbsd.org +Date: Mon Jul 19 03:13:28 2021 +0000 - Add aclocal.m4 and config.h.in~ to .gitignore. + upstream: Ensure that all returned SSHFP records for the specified host + + name and hostkey type match instead of only one. While there, simplify the + code somewhat and add some debugging. Based on discussion in bz#3322, ok + djm@. - aclocal.m4 is now generated by autoreconf. + OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4 -commit 4bf7e1d00b1dcd3a6b3239f77465c019e61c6715 -Author: Sebastian Andrzej Siewior -Date: Sat Sep 5 17:50:03 2020 +0200 +commit 1cc1fd095393663cd72ddac927d82c6384c622ba +Author: dtucker@openbsd.org +Date: Mon Jul 19 02:21:50 2021 +0000 - Quote the definition of OSSH_CHECK_HEADER_FOR_FIELD - - autoreconf complains about underquoted definition of - OSSH_CHECK_HEADER_FOR_FIELD after aclocal.m4 has been and now is beeing - recreated. + upstream: Id sync only, -portable already has this. - Quote OSSH_CHECK_HEADER_FOR_FIELD as suggested. + Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes + build with OPENSSL=no. - Signed-off-by: Sebastian Andrzej Siewior + OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15 -commit a2f3ae386b5f7938ed3c565ad71f30c4f7f010f1 -Author: Sebastian Andrzej Siewior -Date: Sat Sep 5 17:50:02 2020 +0200 +commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485 +Author: dtucker@openbsd.org +Date: Mon Jul 19 02:46:34 2021 +0000 - Move the local m4 macros + upstream: Add test for host key verification via SSHFP records. This - The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is - present. - Move the current aclocal.m4 which contains local macros into the m4/ - folder. With this change the aclocal.m4 will be re-created during - changes to the m4/ macro. - This is needed so the `aclocal' can fetch m4 macros from the system if - they are references in the configure script. This is a prerequisite to - use PKG_CHECK_MODULES. + requires some external setup to operate so is disabled by default (see + comments in sshfp-connect.sh). - Signed-off-by: Sebastian Andrzej Siewior + OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9 -commit 8372bff3a895b84fd78a81dc39da10928b662f5a -Author: Sebastian Andrzej Siewior -Date: Sat Sep 5 17:50:01 2020 +0200 +commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd +Author: dtucker@openbsd.org +Date: Mon Jul 19 02:29:28 2021 +0000 - Remove HAVE_MMAP and BROKEN_MMAP - - BROKEN_MMAP is no longer defined since commit - 1cfd5c06efb12 ("Remove portability support for mmap") - - this commit also removed other HAVE_MMAP user. I didn't find anything - that defines HAVE_MMAP. The check does not trigger because compression - on server side is by default COMP_DELAYED (2) so it never triggers. + upstream: Add ed25519 key and test SSHFP export of it. Only test - Remove remaining HAVE_MMAP and BROKEN_MMAP bits. + RSA SSHFP export if we have RSA functionality compiled in. - Signed-off-by: Sebastian Andrzej Siewior + OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af -commit bbf20ac8065905f9cb9aeb8f1df57fcab52ee2fb -Author: djm@openbsd.org -Date: Wed Sep 9 03:10:21 2020 +0000 +commit 0075511e27e5394faa28edca02bfbf13b9a6693e +Author: dtucker@openbsd.org +Date: Mon Jul 19 00:16:26 2021 +0000 - upstream: adapt to SSH_SK_VERSION_MAJOR crank + upstream: Group keygen tests together. - OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8 + OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c -commit 9afe2a150893b20bdf9eab764978d817b9a7b783 +commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26 Author: dtucker@openbsd.org -Date: Fri Aug 28 03:17:13 2020 +0000 +Date: Sun Jul 18 23:10:10 2021 +0000 - upstream: Ensure that address/mask mismatches are flagged at - - config-check time. ok djm@ + upstream: Add test for ssh-keygen printing of SSHFP records. - OpenBSD-Regress-ID: 8f5f4c2c0bf00e6ceae7a1755a444666de0ea5c2 + OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b -commit c76773524179cb654ff838dd43ba1ddb155bafaa +commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812 Author: djm@openbsd.org -Date: Wed Sep 9 03:08:01 2020 +0000 - - upstream: when writing an attestation blob for a FIDO key, record all - - the data needed to verify the attestation. Previously we were missing the - "authenticator data" that is included in the signature. - - spotted by Ian Haken - feedback Pedro Martelletto and Ian Haken; ok markus@ - - OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a - -commit c1c44eeecddf093a7983bd91e70b446de789b363 -Author: pedro martelletto -Date: Tue Sep 1 17:01:55 2020 +0200 +Date: Sat Jul 17 00:38:11 2021 +0000 - configure.ac: fix libfido2 back-compat + upstream: wrap some long lines - - HAVE_FIDO_CRED_PROD -> HAVE_FIDO_CRED_PROT; - - check for fido_dev_get_touch_begin(), so that - HAVE_FIDO_DEV_GET_TOUCH_BEGIN gets defined. + OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d -commit 785f0f315bf7ac5909e988bb1ac3e019fb5e1594 +commit 43ec991a782791d0b3f42898cd789f99a07bfaa4 Author: djm@openbsd.org -Date: Mon Aug 31 04:33:17 2020 +0000 +Date: Sat Jul 17 00:36:53 2021 +0000 - upstream: refuse to add verify-required (PINful) FIDO keys to + upstream: fix sftp on ControlPersist connections, broken by recent - ssh-agent until the agent supports them properly + SessionType change; spotted by sthen@ - OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e + OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234 -commit 39e88aeff9c7cb6862b37ad1a87a03ebbb38c233 +commit 073f45c236550f158c9a94003e4611c07dea5279 Author: djm@openbsd.org -Date: Mon Aug 31 00:17:41 2020 +0000 +Date: Fri Jul 16 09:00:23 2021 +0000 - upstream: Add RCS IDs to the few files that are missing them; from + upstream: Explicitly check for and start time-based rekeying in the - Pedro Martelletto + client and server mainloops. - OpenBSD-Commit-ID: 39aa37a43d0c75ec87f1659f573d3b5867e4a3b3 - -commit 72730249b38a676da94a1366b54a6e96e6928bcb -Author: dtucker@openbsd.org -Date: Fri Aug 28 03:15:52 2020 +0000 - - upstream: Check that the addresses supplied to Match Address and + Previously the rekey timeout could expire but rekeying would not start + until a packet was sent or received. This could cause us to spin in + select() on the rekey timeout if the connection was quiet. - Match LocalAddress are valid when parsing in config-test mode. This will - catch address/mask mismatches before they cause problems at runtime. Found by - Daniel Stocker, ok djm@ + ok markus@ - OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b + OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987 -commit 2a3a9822311a565a9df48ed3b6a3c972f462bd7d +commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf Author: jmc@openbsd.org -Date: Thu Aug 27 12:34:00 2020 +0000 +Date: Wed Jul 14 06:46:38 2021 +0000 - upstream: sentence fix; from pedro martelletto + upstream: reorder SessionType; ok djm - OpenBSD-Commit-ID: f95b84a1e94e9913173229f3787448eea2f8a575 + OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c -commit ce178be0d954b210c958bc2b9e998cd6a7aa73a9 -Author: Damien Miller -Date: Thu Aug 27 20:01:52 2020 +1000 +commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3 +Author: Darren Tucker +Date: Wed Jul 14 11:26:50 2021 +1000 - tweak back-compat for older libfido2 + Make whitespace consistent. -commit d6f45cdde031acdf434bbb27235a1055621915f4 -Author: djm@openbsd.org -Date: Thu Aug 27 09:46:04 2020 +0000 +commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723 +Author: Darren Tucker +Date: Wed Jul 14 11:26:12 2021 +1000 - upstream: debug()-print a little info about FIDO-specific key - - fields via "ssh-keygen -vyf /path/key" - - OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf + Add ARM64 Linux self-hosted runner. -commit b969072cc3d62d05cb41bc6d6f3c22c764ed932f +commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f Author: djm@openbsd.org -Date: Thu Aug 27 09:43:28 2020 +0000 +Date: Tue Jul 13 23:48:36 2021 +0000 - upstream: skip a bit more FIDO token selection logic when only a + upstream: add a SessionType directive to ssh_config, allowing the - single token is attached. + configuration file to offer equivalent control to the -N (no session) and -s + (subsystem) command-line flags. - with Pedro Martelletto + Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; + feedback and ok dtucker@ - OpenBSD-Commit-ID: e4a324bd9814227ec1faa8cb619580e661cca9ac + OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12 -commit 744df42a129d7d7db26947b7561be32edac89f88 -Author: jmc@openbsd.org -Date: Thu Aug 27 06:15:22 2020 +0000 +commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538 +Author: djm@openbsd.org +Date: Mon Jul 12 02:12:22 2021 +0000 - upstream: tweak previous; + upstream: fix some broken tests; clean up output - OpenBSD-Commit-ID: 92714b6531e244e4da401b2defaa376374e24be7 + OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566 -commit e32479645ce649b444ba5c6e7151304306a09654 -Author: djm@openbsd.org -Date: Thu Aug 27 03:55:22 2020 +0000 +commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e +Author: Darren Tucker +Date: Mon Jul 12 18:00:05 2021 +1000 - upstream: adapt to API changes + Add configure-time detection for SSH_TIME_T_MAX. - OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd + Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms + were time_t is a long long. The limit used is for the signed type, so if + some system has a 32bit unsigned time_t then the lower limit will still + be imposed and we would need to add some way to detect this. Anyone using + an unsigned 64bit can let us know when it starts being a problem. -commit bbcc858ded3fbc46abfa7760e40389e3ca93884c -Author: Damien Miller -Date: Thu Aug 27 12:37:12 2020 +1000 +commit fd2d06ae4442820429d634c0a8bae11c8e40c174 +Author: dtucker@openbsd.org +Date: Mon Jul 12 06:22:57 2021 +0000 - degrade semi-gracefully when libfido2 is too old + upstream: Make limit for time_t test unconditional in the + + format_absolute_time fix for bz#3329 that allows printing of timestamps past + INT_MAX. This was incorrectly included with the previous commit. Based on + discussion with djm@. + + OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e -commit 9cbbdc12cb6a2ab1e9ffe9974cca91d213c185c2 -Author: djm@openbsd.org -Date: Thu Aug 27 01:15:36 2020 +0000 +commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3 +Author: dtucker@openbsd.org +Date: Mon Jul 12 06:08:57 2021 +0000 - upstream: dummy firmware needs to match API version numner crank (for + upstream: Use existing format_absolute_time() function when - verify-required resident keys) even though it doesn't implement this feature + printing cert validity instead of doing it inline. Part of bz#3329. - OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657 + OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c -commit c1e76c64956b424ba260fd4eec9970e5b5859039 +commit 99981d5f8bfa383791afea03f6bce8454e96e323 Author: djm@openbsd.org -Date: Thu Aug 27 02:11:09 2020 +0000 +Date: Fri Jul 9 09:55:56 2021 +0000 - upstream: remove unreachable code I forgot to delete in r1.334 + upstream: silence redundant error message; reported by Fabian Stelzer - OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18 + OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2 -commit 0caff05350bd5fc635674c9e051a0322faba5ae3 -Author: djm@openbsd.org -Date: Thu Aug 27 01:08:45 2020 +0000 +commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804 +Author: John Ericson +Date: Sat Dec 26 11:40:49 2020 -0500 - upstream: Request PIN ahead of time for certain FIDO actions - - When we know that a particular action will require a PIN, such as - downloading resident keys or generating a verify-required key, request - the PIN before attempting it. - - joint work with Pedro Martelletto; ok markus@ - - OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727 + Re-indent krb5 section after pkg-config addition. -commit b649b3daa6d4b8ebe1bd6de69b3db5d2c03c9af0 -Author: djm@openbsd.org -Date: Thu Aug 27 01:08:19 2020 +0000 +commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb +Author: John Ericson +Date: Sat Dec 26 11:40:49 2020 -0500 - upstream: preserve verify-required for resident FIDO keys - - When downloading a resident, verify-required key from a FIDO token, - preserve the verify-required in the private key that is written to - disk. Previously we weren't doing that because of lack of support - in the middleware API. - - from Pedro Martelletto; ok markus@ and myself + Support finding Kerberos via pkg-config - OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517 + This makes cross compilation easier. -commit 642e06d0df983fa2af85126cf4b23440bb2985bf -Author: djm@openbsd.org -Date: Thu Aug 27 01:07:51 2020 +0000 +commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4 +Author: Darren Tucker +Date: Fri Jul 9 14:34:06 2021 +1000 - upstream: major rework of FIDO token selection logic - - When PINs are in use and multiple FIDO tokens are attached to a host, we - cannot just blast requests at all attached tokens with the PIN specified - as this will cause the per-token PIN failure counter to increment. If - this retry counter hits the token's limit (usually 3 attempts), then the - token will lock itself and render all (web and SSH) of its keys invalid. - We don't want this. - - So this reworks the key selection logic for the specific case of - multiple keys being attached. When multiple keys are attached and the - operation requires a PIN, then the user must touch the key that they - wish to use first in order to identify it. - - This may require multiple touches, but only if there are multiple keys - attached AND (usually) the operation requires a PIN. The usual case of a - single key attached should be unaffected. - - Work by Pedro Martelletto; ok myself and markus@ - - OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864 + Update comments about EGD to include prngd. -commit 801c9f095e6d8b7b91aefd98f5001c652ea13488 -Author: djm@openbsd.org -Date: Thu Aug 27 01:07:09 2020 +0000 +commit b5d23150b4e3368f4983fd169d432c07afeee45a +Author: dtucker@openbsd.org +Date: Mon Jul 5 01:21:07 2021 +0000 - upstream: support for requiring user verified FIDO keys in sshd - - This adds a "verify-required" authorized_keys flag and a corresponding - sshd_config option that tells sshd to require that FIDO keys verify the - user identity before completing the signing/authentication attempt. - Whether or not user verification was performed is already baked into the - signature made on the FIDO token, so this is just plumbing that flag - through and adding ways to require it. + upstream: Fix a couple of whitespace things. Portable already has - feedback and ok markus@ + these so this removes two diffs between the two. - OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6 + OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56 -commit 9b8ad93824c682ce841f53f3b5762cef4e7cc4dc -Author: djm@openbsd.org -Date: Thu Aug 27 01:06:18 2020 +0000 +commit 8f57be9f279b8e905f9883066aa633c7e67b31cf +Author: dtucker@openbsd.org +Date: Mon Jul 5 01:16:46 2021 +0000 - upstream: support for user-verified FIDO keys - - FIDO2 supports a notion of "user verification" where the user is - required to demonstrate their identity to the token before particular - operations (e.g. signing). Typically this is done by authenticating - themselves using a PIN that has been set on the token. - - This adds support for generating and using user verified keys where - the verification happens via PIN (other options might be added in the - future, but none are in common use now). Practically, this adds - another key generation option "verify-required" that yields a key that - requires a PIN before each authentication. + upstream: Order includes as per style(9). Portable already has - feedback markus@ and Pedro Martelletto; ok markus@ + these so this removes a handful of diffs between the two. - OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15 + OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77 -commit 1196d7f49d4fbc90f37e550de3056561613b0960 -Author: cheloha@openbsd.org -Date: Wed Aug 12 01:23:45 2020 +0000 +commit b75624f8733b3ed9e240f86cac5d4a39dae11848 +Author: dtucker@openbsd.org +Date: Mon Jul 5 00:50:25 2021 +0000 - upstream: ssh-keyscan(1): simplify conloop() with timercmp(3), + upstream: Remove comment referencing now-removed - timersub(3); ok djm@ + RhostsRSAAuthentication. ok djm@ - OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27 + OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9 -commit d0a195c89e26766d3eb8f3e4e2a00ebc98b57795 +commit b67eb12f013c5441bb4f0893a97533582ad4eb13 Author: djm@openbsd.org -Date: Tue Aug 11 09:49:57 2020 +0000 +Date: Mon Jul 5 00:25:42 2021 +0000 - upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time + upstream: allow spaces to appear in usernames for local to remote, - limit for keys in addition to its current flag options. Time-limited keys - will automatically be removed from ssh-agent after their expiry time has - passed; ok markus@ + and scp -3 remote to remote copies. with & ok dtucker bz#1164 - OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94 + OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd -commit e9c2002891a7b8e66f4140557a982978f372e5a3 -Author: djm@openbsd.org -Date: Tue Aug 11 09:45:54 2020 +0000 +commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87 +Author: dtucker@openbsd.org +Date: Fri Jul 2 07:20:44 2021 +0000 - upstream: let the "Confirm user presence for key ..." ssh-askpass + upstream: Remove obsolete comments about SSHv1 auth methods. ok - notification respect $SSH_ASKPASS_REQUIRE; ok markus@ + djm@ - OpenBSD-Commit-ID: 7c1a616b348779bda3b9ad46bf592741f8e206c1 + OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f -commit eaf8672b1b52db2815a229745f4e4b08681bed6d +commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003 Author: Darren Tucker -Date: Fri Aug 21 00:04:13 2020 +1000 +Date: Sat Jul 3 23:00:19 2021 +1000 - Remove check for 'ent' command. + Remove reference to ChallengeResponse. - It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which - has long since been removed and there are no other references to it. + challenge_response_authentication was removed from the struct, keeping + kbd_interactive_authentication. -commit 05c215de8d224e094a872d97d45f37f60c06206b +commit 321874416d610ad2158ce6112f094a4862c2e37f Author: Darren Tucker -Date: Mon Aug 17 21:34:32 2020 +1000 +Date: Sat Jul 3 20:38:09 2021 +1000 - Wrap stdint.h include in ifdef HAVE_STDINT_H. + Move signal.h up include order to match upstream. -commit eaf2765efe8bc74feba85c34295d067637fc6635 -Author: Damien Miller -Date: Mon Aug 10 13:24:09 2020 +1000 +commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32 +Author: Darren Tucker +Date: Sat Jul 3 20:36:06 2021 +1000 - sync memmem.c with OpenBSD + Remove old OpenBSD version marker. + + Looks like an accidental leftover from a sync. + +commit 9d5e31f55d5f3899b72645bac41a932d298ad73b +Author: Darren Tucker +Date: Sat Jul 3 20:34:19 2021 +1000 + + Remove duplicate error on error path. + + There's an extra error() call on the listen error path, it looks like + its removal was missed during an upstream sync. -commit ed6bef77f5bb5b8f9ca2914478949e29f2f0a780 +commit 888c459925c7478ce22ff206c9ac1fb812a40caf Author: Darren Tucker -Date: Fri Aug 7 17:12:16 2020 +1000 +Date: Sat Jul 3 20:32:46 2021 +1000 - Always send any PAM account messages. + Remove some whitespace not in upstream. - If the PAM account stack reaturns any messages, send them to the user - not just if the check succeeds. bz#2049, ok djm@ + Reduces diff vs OpenBSD by a small amount. -commit a09e98dcae1e26f026029b7142b0e0d10130056f +commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2 Author: Darren Tucker -Date: Fri Aug 7 15:37:37 2020 +1000 +Date: Sat Jul 3 19:27:43 2021 +1000 - Output test debug logs on failure. + Replace remaining references to ChallengeResponse. + + Portable had a few additional references to ChallengeResponse related to + UsePAM, replaces these with equivalent keyboard-interactive ones. -commit eb122b1eebe58b29a83a507ee814cbcf8aeded1b +commit 53237ac789183946dac6dcb8838bc3b6b9b43be1 Author: Darren Tucker -Date: Fri Aug 7 15:11:42 2020 +1000 +Date: Sat Jul 3 19:23:28 2021 +1000 - Add ability to specify exact test target. + Sync remaining ChallengeResponse removal. + + These were omitted from commit 88868fd131. -commit c2ec7a07f8caabb4d8e00c66e7cd46bf2cd1e922 +commit 2c9e4b319f7e98744b188b0f58859d431def343b Author: Darren Tucker -Date: Fri Aug 7 14:21:15 2020 +1000 +Date: Sat Jul 3 19:17:31 2021 +1000 - Document --without-openssl and --without-zlib. + Disable rocky84 to figure out why agent test fails -commit 651bb3a31949bbdc3a78b2ede95a77bce0c72984 +commit bfe19197a92b7916f64a121fbd3c179abf15e218 Author: Darren Tucker -Date: Fri Aug 7 14:15:11 2020 +1000 - - Add without-openssl without-zlib test target. - -commit 9499f2bb01dc1032ae155999b2d7764b9491341f -Author: Stefan Schindler -Date: Wed Aug 5 19:00:52 2020 +0200 +Date: Fri Jul 2 15:43:28 2021 +1000 - Add CI with prepare script + Remove now-unused SSHv1 enums. - * Only use heimdal kerberos implementation - * Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2) - * Add one target for - * all features - * each feature alone - * no features + sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options + and are no longer used. -commit ea1f649046546a860f68b97ddc3015b7e44346ca -Author: Damien Miller -Date: Wed Aug 5 08:58:57 2020 +1000 +commit c73b02d92d72458a5312bd098f32ce88868fd131 +Author: dtucker@openbsd.org +Date: Fri Jul 2 05:11:20 2021 +0000 - support NetBSD's utmpx.ut_ss address field + upstream: Remove references to ChallengeResponseAuthentication in + + favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the + latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but + not entirely equivalent. We retain the old name as deprecated alias so + config files continue to work and a reference in the man page for people + looking for it. - bz#960, ok dtucker + Prompted by bz#3303 which pointed out the discrepancy between the two + when used with Match. Man page help & ok jmc@, with & ok djm@ + + OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e -commit 32c63e75a70a0ed9d6887a55fcb0e4531a6ad617 -Author: Damien Miller -Date: Tue Aug 4 14:59:21 2020 +1000 +commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9 +Author: Darren Tucker +Date: Fri Jul 2 15:20:32 2021 +1000 - wrap a declaration in the same ifdefs as its use + Fix ifdefs around get_random_bytes_prngd. - avoids warnings on NetBSD + get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET + are defined, so adjust ifdef accordingly. -commit c9e3be9f4b41fda32a2a0138d54c7a6b563bc94d +commit 0767627cf66574484b9c0834500b42ea04fe528a Author: Damien Miller -Date: Tue Aug 4 14:58:46 2020 +1000 +Date: Fri Jul 2 14:30:23 2021 +1000 - undef TAILQ_CONCAT and friends + wrap get_random_bytes_prngd() in ifdef - Needed for NetBSD. etc that supply these macros + avoid unused static function warning -commit 2d8a3b7e8b0408dfeb933ac5cfd3a58f5bac49af -Author: djm@openbsd.org -Date: Mon Aug 3 02:53:51 2020 +0000 +commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25 +Author: Darren Tucker +Date: Mon Jun 28 13:06:37 2021 +1000 - upstream: ensure that certificate extensions are lexically sorted. - - Previously if the user specified a custom extension then the everything would - be in order except the custom ones. bz3198 ok dtucker markus - - OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0 + Add rocky84 test target. -commit a8732d74cb8e72f0c6366015687f1e649f60be87 +commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b Author: djm@openbsd.org -Date: Mon Aug 3 02:43:41 2020 +0000 +Date: Fri Jun 25 06:30:22 2021 +0000 - upstream: allow -A to explicitly enable agent forwarding in scp and + upstream: fix decoding of X.509 subject name; from Leif Thuresson - sftp. The default remains to not forward an agent, even when ssh_config - enables it. ok jmc dtucker markus + via bz3327 ok markus@ - OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822 + OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8 -commit ab9105470a83ed5d8197959a1b1f367399958ba1 -Author: deraadt@openbsd.org -Date: Mon Aug 3 02:42:49 2020 +0000 +commit 2a5704ec142202d387fda2d6872fd4715ab81347 +Author: dtucker@openbsd.org +Date: Fri Jun 25 06:20:39 2021 +0000 - upstream: clang -Wimplicit-fallthrough does not recognise /* + upstream: Use better language to refer to the user. From l1ving - FALLTHROUGH */ comments, which is the style we currently use, and gives too - many boring warnings. ok djm + via github PR#250, ok jmc@ - OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 + OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf -commit ced327b9fb78c94d143879ef4b2a02cbc5d38690 +commit 4bdf7a04797a0ea1c431a9d54588417c29177d19 Author: dtucker@openbsd.org -Date: Fri Jul 31 04:19:37 2020 +0000 +Date: Fri Jun 25 03:38:17 2021 +0000 - upstream: Also compare username when checking for JumpHost loops. + upstream: Replace SIGCHLD/notify_pipe kludge with pselect. + + Previously sshd's SIGCHLD handler would wake up select() by writing a + byte to notify_pipe. We can remove this by blocking SIGCHLD, checking + for child terminations then passing the original signal mask through + to pselect. This ensures that the pselect will immediately wake up if + a child terminates between wait()ing on them and the pselect. + + In -portable, for platforms that do not have pselect the kludge is still + there but is hidden behind a pselect interface. - bz#3057, ok djm@ + Based on other changes for bz#2158, ok djm@ - OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782 + OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813 -commit ae7527010c44b3376b85d036a498f136597b2099 +commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 Author: Darren Tucker -Date: Fri Jul 31 15:19:04 2020 +1000 +Date: Fri Jun 25 15:08:18 2021 +1000 - Remove AC_REVISION. + Move closefrom() to before first malloc. - It hasn't been useful since we switched to git in 2014. ok djm@ + When built against tcmalloc, tcmalloc allocates a descriptor for its + internal use, so calling closefrom() afterward causes the descriptor + number to be reused resulting in a corrupted connection. Moving the + closefrom a little earlier should resolve this. From kircherlike at + outlook.com via bz#3321, ok djm@ -commit 89fc3f414be0ce4e8008332a9739a7d721269e50 +commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92 Author: Darren Tucker -Date: Tue Jul 28 19:40:30 2020 +1000 +Date: Fri Jun 18 20:41:45 2021 +1000 - Use argv in OSSH_CHECK_CFLAG_COMPILE test. + Put second -lssh in link line for sftp-server. - configure.ac is not detecting -Wextra in compilers that implement the - option. The problem is that -Wextra implies -Wunused-parameter, and the - C excerpt used by aclocal.m4 does not use argv. Patch from pedro at - ambientworks.net, ok djm@ + When building --without-openssl the recent port-prngd.c change adds + a dependency on atomicio, but since nothing else in sftp-server uses + it, the linker may not find it. Add a second -lssh similar to other + binaries. -commit 62c81ef531b0cc7ff655455dd34f5f0c94f48e82 +commit e409d7966785cfd9f5970e66a820685c42169717 Author: Darren Tucker -Date: Mon Jul 20 22:12:07 2020 +1000 - - Skip ECDSA-SK webauthn test when built w/out ECC - -commit 3ec9a6d7317236a9994887d8bd5d246af403a00d -Author: Damien Miller -Date: Mon Jul 20 13:09:25 2020 +1000 +Date: Fri Jun 18 18:34:08 2021 +1000 - Add ssh-sk-helper and manpage to RPM spec file + Try EGD/PRNGD if random device fails. - Based on patch from Fabio Pedretti + When built --without-openssl, try EGD/PRGGD (if configured) as a last + resort before failing. -commit a2855c048b3f4b17d8787bd3f24232ec0cd79abe -Author: dtucker@openbsd.org -Date: Fri Jul 17 07:09:24 2020 +0000 +commit e43a898043faa3a965dbaa1193cc60e0b479033d +Author: Darren Tucker +Date: Fri Jun 18 18:32:51 2021 +1000 - upstream: Add %k to the TOKENs for Match Exec for consistency with - - the other keywords that recently got %k. + Split EGD/PRNGD interface into its own file. - OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb + This will allow us to use it when building --without-openssl. -commit 69860769fa9f4529d8612ec055ae11912f7344cf -Author: jmc@openbsd.org -Date: Fri Jul 17 05:59:05 2020 +0000 +commit acb2887a769a1b1912cfd7067f3ce04fad240260 +Author: Darren Tucker +Date: Thu Jun 17 21:03:19 2021 +1000 - upstream: fix macro slip in previous; + Handle GIDs > 2^31 in getgrouplist. - OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a + When compiled in 32bit mode, the getgrouplist implementation may fail + for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel + at tui.com. -commit 40649bd0822883b684183854b16d0b8461d5697b +commit 31fac20c941126281b527605b73bff30a8f02edd Author: dtucker@openbsd.org -Date: Fri Jul 17 07:10:24 2020 +0000 +Date: Thu Jun 10 09:46:28 2021 +0000 - upstream: Add test for '%k' (HostKeyAlias) TOKEN. + upstream: Use $SUDO when reading sshd's pidfile here too. - OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456 + OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409 -commit 6736fe680704a3518cb4f3f8f6723b00433bd3dd +commit a3a58acffc8cc527f8fc6729486d34e4c3d27643 Author: dtucker@openbsd.org -Date: Fri Jul 17 03:26:58 2020 +0000 +Date: Thu Jun 10 09:43:51 2021 +0000 - upstream: Add tests for expansions on UserKnownHostsFile. + upstream: Use $SUDO when reading sshd's pidfile in case it was - OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51 - -commit 287dc6396e0f9cb2393f901816dbd7f2a7dfbb5f -Author: djm@openbsd.org -Date: Fri Jul 17 03:51:32 2020 +0000 - - upstream: log error message for process_write() write failures + created with a very restrictive umask. This resyncs with -portable. - OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851 + OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d -commit 8df5774a42d2eaffe057bd7f293fc6a4b1aa411c +commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611 Author: dtucker@openbsd.org -Date: Fri Jul 17 03:43:42 2020 +0000 +Date: Thu Jun 10 09:37:59 2021 +0000 - upstream: Add a '%k' TOKEN that expands to the effective HostKey of + upstream: Set umask when creating hostkeys to prevent excessive - the destination. This allows, eg, keeping host keys in individual files - using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ - (man page bits) + permissions warning. - OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc + OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef -commit c4f239944a4351810fd317edf408bdcd5c0102d9 +commit 9d0892153c005cc65897e9372b01fa66fcbe2842 Author: dtucker@openbsd.org -Date: Fri Jul 17 03:23:10 2020 +0000 +Date: Thu Jun 10 03:45:31 2021 +0000 - upstream: Add %-TOKEN, environment variable and tilde expansion to + upstream: Add regress test for SIGHUP restart - UserKnownHostsFile, allowing the file to be automagically split up in the - configuration (eg bz#1654). ok djm@, man page parts jmc@ + while handling active and unauthenticated clients. Should catch anything + similar to the pselect bug just fixed in sshd.c. - OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18 + OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73 -commit dbaaa01daedb423c38124a72c471982fb08a16fb -Author: solene@openbsd.org -Date: Wed Jul 15 07:50:46 2020 +0000 +commit 73f6f191f44440ca3049b9d3c8e5401d10b55097 +Author: dtucker@openbsd.org +Date: Thu Jun 10 03:14:14 2021 +0000 - upstream: - Add [-a rounds] in ssh-keygen man page and usage() - - - Reorder parameters list in the first usage() case - Sentence rewording - - ok dtucker@ - jmc@ noticed usage() missed -a flag too + upstream: Continue accept loop when pselect - OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246 - -commit 69924a92c3af7b99a7541aa544a2334ec0fb092c -Author: jmc@openbsd.org -Date: Wed Jul 15 05:40:05 2020 +0000 - - upstream: start sentence with capital letter; + returns -1, eg if it was interrupted by a signal. This should prevent + the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has + an unauthenticated child and goes on to a blocking read on a notify_pipe. + feedback deraadt@, ok djm@ - OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973 + OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0 -commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885 -Author: Damien Miller -Date: Fri Jul 17 13:15:50 2020 +1000 +commit c785c0ae134a8e8b5c82b2193f64c632a98159e4 +Author: djm@openbsd.org +Date: Tue Jun 8 22:30:27 2021 +0000 - detect Linux/X32 systems + upstream: test that UserKnownHostsFile correctly accepts multiple - This is a frankenstein monster of AMD64 instructions/calling conventions - but with a 4GB address space. Allegedly deprecated but people still run - into it causing weird sandbox failures, e.g. bz#3085 - -commit 9c9ddc1391d6af8d09580a2424ab467d0a5df3c7 -Author: dtucker@openbsd.org -Date: Wed Jul 15 06:43:16 2020 +0000 - - upstream: Fix previous by calling the correct function. + arguments; would have caught readconf.c r1.356 regression - OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a + OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a -commit f1a4798941b4372bfe5e46f1c0f8672fe692d9e4 -Author: dtucker@openbsd.org -Date: Wed Jul 15 05:36:50 2020 +0000 +commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e +Author: djm@openbsd.org +Date: Tue Jun 8 22:06:12 2021 +0000 - upstream: Update test to match recent change in match.c + upstream: fix regression in r1.356: for ssh_config options that - OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167 - -commit d7e71be4fd57b7c7e620d733cdf2333b27bfa924 -Author: Darren Tucker -Date: Wed Jul 15 15:30:43 2020 +1000 - - Adjust portable code to match changes in 939d787d, - -commit fec89f32a84fd0aa1afc81deec80a460cbaf451a -Author: dtucker@openbsd.org -Date: Wed Jul 15 04:27:34 2020 +0000 - - upstream: Add default for number of rounds (-a). ok djm@ + accepted multiple string arguments, ssh was only recording the first. + Reported by Lucas via bugs@ - OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15 + OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d -commit aaa8b609a7b332be836cd9a3b782422254972777 +commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de Author: djm@openbsd.org -Date: Tue Jul 14 23:57:01 2020 +0000 +Date: Tue Jun 8 07:40:12 2021 +0000 - upstream: allow some additional control over the use of ssh-askpass - - via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ + upstream: test argv_split() optional termination on comments - OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2 + OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c -commit 6368022cd4dd508671c4999a59ec5826df098530 -Author: deraadt@openbsd.org -Date: Tue Jul 7 02:47:21 2020 +0000 +commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03 +Author: dtucker@openbsd.org +Date: Tue Jun 8 07:05:27 2021 +0000 - upstream: correct recently broken comments + upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice + + being overridden on the command line. - OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1 + OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8 -commit 6d755706a0059eb9e2d63517f288b75cbc3b4701 +commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2 Author: djm@openbsd.org -Date: Sun Jul 5 23:59:45 2020 +0000 +Date: Tue Jun 8 06:52:43 2021 +0000 - upstream: some language improvements; ok markus + upstream: sprinkle some "# comment" at end of configuration lines - OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8 - -commit b0c1e8384d5e136ebdf895d1434aea7dd8661a1c -Author: markus@openbsd.org -Date: Fri Jul 3 10:12:26 2020 +0000 - - upstream: update setproctitle after re-exec; ok djm + to test comment handling - OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b + OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7 -commit cd119a5ec2bf0ed5df4daff3bd14f8f7566dafd3 -Author: markus@openbsd.org -Date: Fri Jul 3 10:11:33 2020 +0000 +commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411 +Author: djm@openbsd.org +Date: Tue Jun 8 06:51:47 2021 +0000 - upstream: keep ignoring HUP after fork+exec; ok djm + upstream: more descriptive failure message - OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2 + OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509 -commit 8af4a743693ccbea3e15fc9e93edbeb610fa94f4 -Author: markus@openbsd.org -Date: Fri Jul 3 10:10:17 2020 +0000 +commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1 +Author: djm@openbsd.org +Date: Mon Jun 7 01:16:34 2021 +0000 - upstream: don't exit the listener on send_rexec_state errors; ok + upstream: test AuthenticationMethods inside a Match block as well - djm + as in the main config section - OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c + OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7 -commit 03da4c2b70468f04ed1c08518ea0a70e67232739 -Author: dtucker@openbsd.org -Date: Wed Jul 15 04:55:47 2020 +0000 +commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db +Author: djm@openbsd.org +Date: Mon Jun 7 00:00:50 2021 +0000 - upstream: Use $OBJ to find key files. Fixes test when run on an obj + upstream: prepare for stricter sshd_config parsing that will refuse - directory (on OpenBSD) or out of tree (in Portable). + a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent + arguments. Such lines are permitted but are nonsensical noops ATM - OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17 - -commit 73f20f195ad18f1cf633eb7d8be95dc1b6111eea -Author: Darren Tucker -Date: Sat Jul 4 23:11:23 2020 +1000 - - Wrap stdint.h in ifdef HAVE_STDINT_H. + OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650 -commit aa6fa4bf3023fa0e5761cd8f4b2cd015d2de74dd +commit a10f929d1ce80640129fc5b6bc1acd9bf689169e Author: djm@openbsd.org -Date: Fri Jul 3 07:25:18 2020 +0000 +Date: Tue Jun 8 07:09:42 2021 +0000 - upstream: put back the mux_ctx memleak fix, but only for channels of + upstream: switch sshd_config parsing to argv_split() - type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels - should not have this structure freed. + similar to the previous commit, this switches sshd_config parsing to + the newer tokeniser. Config parsing will be a little stricter wrt + quote correctness and directives appearing without arguments. - OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325 - -commit d8195914eb43b20b13381f4e5a74f9f8a14f0ded -Author: djm@openbsd.org -Date: Fri Jul 3 07:17:35 2020 +0000 - - upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex; + feedback and ok markus@ - simply freeing it here causes other problems + tested in snaps for the last five or so days - thanks Theo and those who + caught bugs - OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed + OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e -commit 20b5fab9f773b3d3c7f06cb15b8f69a2c081ee80 +commit ea9e45c89a4822d74a9d97fef8480707d584da4d Author: djm@openbsd.org -Date: Fri Jul 3 07:02:37 2020 +0000 +Date: Tue Jun 8 07:07:15 2021 +0000 - upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if + upstream: Switch ssh_config parsing to use argv_split() - sshd is in chroot mode, the likely absence of a password database will cause - tilde_expand_filename() to fatal; ok dtucker@ + This fixes a couple of problems with the previous tokeniser, + strdelim() - OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1 - -commit c8935081db35d73ee6355999142fa0776a2af912 -Author: djm@openbsd.org -Date: Fri Jul 3 06:46:41 2020 +0000 - - upstream: when redirecting sshd's log output to a file, undo this + 1. strdelim() is permissive wrt accepting '=' characters. This is + intended to allow it to tokenise "Option=value" but because it + cannot keep state, it will incorrectly split "Opt=val=val2". + 2. strdelim() has rudimentry handling of quoted strings, but it + is incomplete and inconsistent. E.g. it doesn't handle escaped + quotes inside a quoted string. + 3. It has no support for stopping on a (unquoted) comment. Because + of this readconf.c r1.343 added chopping of lines at '#', but + this caused a regression because these characters may legitimately + appear inside quoted strings. - redirection after the session child process is forked(); ok dtucker@ + The new tokeniser is stricter is a number of cases, including #1 above + but previously it was also possible for some directives to appear + without arguments. AFAIK these were nonsensical in all cases, and the + new tokeniser refuses to accept them. - OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865 - -commit 183c4aaef944af3a1a909ffa01058c65bac55748 -Author: djm@openbsd.org -Date: Fri Jul 3 06:29:57 2020 +0000 - - upstream: start ClientAliveInterval bookkeeping before first pass + The new code handles quotes much better, permitting quoted space as + well as escaped closing quotes. Finally, comment handling should be + fixed - the tokeniser will terminate only on unquoted # characters. - through select() loop; fixed theoretical case where busy sshd may ignore - timeouts from client; inspired by and ok dtucker + feedback & ok markus@ - OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f - -commit 6fcfd303d67f16695198cf23d109a988e40eefb6 -Author: Damien Miller -Date: Fri Jul 3 15:28:27 2020 +1000 - - add check for fido_cred_set_prot() to configure + tested in snaps for the last five or so days - thanks Theo and those who + caught bugs + + OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5 -commit f11b23346309e4d5138e733a49321aedd6eeaa2f +commit d786424986c04d1d375f231fda177c8408e05c3e Author: dtucker@openbsd.org -Date: Fri Jul 3 05:09:06 2020 +0000 +Date: Tue Jun 8 07:02:46 2021 +0000 - upstream: Only reset the serveralive check when we receive traffic from - - the server and ignore traffic from a port forwarding client, preventing a - client from keeping a connection alive when it should be terminated. Based - on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok - djm@ + upstream: Check if IPQoS or TunnelDevice are already set before - OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd - -commit adfdbf1211914b631c038f0867a447db7b519937 -Author: Damien Miller -Date: Fri Jul 3 15:15:15 2020 +1000 - - sync sys-queue.h with OpenBSD upstream + overriding. Prevents values in config files from overriding values supplied + on the command line. bz#3319, ok markus. - needed for TAILQ_CONCAT + OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74 -commit 1b90ddde49e2ff377204082b6eb130a096411dc1 +commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457 Author: djm@openbsd.org -Date: Fri Jul 3 05:08:41 2020 +0000 +Date: Tue Jun 8 06:54:40 2021 +0000 - upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovsky - - via bz3189 ok dtucker + upstream: Allow argv_split() to optionally terminate tokenisation - OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde - -commit 55ef3e9cbd5b336bd0f89205716924886fcf86de -Author: markus@openbsd.org -Date: Wed Jul 1 16:28:31 2020 +0000 - - upstream: free kex in ssh_packet_close; ok djm semarie + when it encounters an unquoted comment. - OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2 - -commit e1c401109b61f7dbc199b5099933d579e7fc5dc9 -Author: bket@openbsd.org -Date: Sat Jun 27 13:39:09 2020 +0000 - - upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT + Add some additional utility function for working with argument + vectors, since we'll be switching to using them to parse + ssh/sshd_config shortly. - OK djm@ + ok markus@ as part of a larger diff; tested in snaps - OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef + OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac -commit 14beca57ac92d62830c42444c26ba861812dc837 -Author: semarie@openbsd.org -Date: Fri Jun 26 11:26:01 2020 +0000 +commit da9f9acaac5bab95dca642b48e0c8182b246ab69 +Author: Darren Tucker +Date: Mon Jun 7 19:19:23 2021 +1000 - upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus - - request - - the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after - calling ssh_packet_clear_keys()) - - OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484 + Save logs on failure for upstream test -commit 598c3a5e3885080ced0d7c40fde00f1d5cdbb32b -Author: Damien Miller -Date: Fri Jun 26 16:07:12 2020 +1000 +commit 76883c60161e5f3808787085a27a8c37f8cc4e08 +Author: Darren Tucker +Date: Mon Jun 7 14:36:32 2021 +1000 - document a PAM spec problem in a frustrated comment + Add obsdsnap-i386 upstream test target. -commit 976c4f86286d52a0cb2aadf4a095d379c0da752e +commit d45b9c63f947ec5ec314696e70281f6afddc0ac3 Author: djm@openbsd.org -Date: Fri Jun 26 05:42:16 2020 +0000 +Date: Mon Jun 7 03:38:38 2021 +0000 - upstream: avoid spurious error message when ssh-keygen creates files + upstream: fix debug message when finding a private key to match a - outside ~/.ssh; with dtucker@ + certificate being attempted for user authentication. Previously it would + print the certificate's path, whereas it was supposed to be showing the + private key's path. Patch from Alex Sherwin via GHPR247 - OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08 - -commit 32b2502a9dfdfded1ccdc1fd6dc2b3fe41bfc205 -Author: Damien Miller -Date: Fri Jun 26 15:30:06 2020 +1000 - - missing ifdef SELINUX; spotted by dtucker + OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b -commit e073106f370cdd2679e41f6f55a37b491f0e82fe +commit 530739d42f6102668aecd699be0ce59815c1eceb Author: djm@openbsd.org -Date: Fri Jun 26 05:12:21 2020 +0000 +Date: Sun Jun 6 11:34:16 2021 +0000 - upstream: regress test for ssh-add -d; ok dtucker@ + upstream: Match host certificates against host public keys, not private - OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf - -commit c809daaa1bad6b1c305b0e0b5440360f32546c84 -Author: markus@openbsd.org -Date: Wed Jun 24 15:16:23 2020 +0000 - - upstream: add test for mux w/-Oproxy; ok djm + keys. Allows use of certificates with private keys held in a ssh-agent. + Reported by Miles Zhou in bz3524; ok dtucker@ - OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027 + OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a -commit 3d06ff4bbd3dca8054c238d2a94c0da563ef7eee +commit 4265215d7300901fd7097061c7517688ade82f8e Author: djm@openbsd.org -Date: Fri Jun 26 05:16:38 2020 +0000 +Date: Sun Jun 6 03:40:39 2021 +0000 - upstream: handle EINTR in waitfd() and timeout_connect() helpers; + upstream: Client-side workaround for a bug in OpenSSH 7.4: this release + + allows RSA/SHA2 signatures for public key authentication but fails to + advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these + server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse + to offer valid keys. - bz#3071; ok dtucker@ + Reported by and based on patch from Gordon Messmer via bz3213, thanks + also for additional analysis by Jakub Jelen. ok dtucker - OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee + OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7 -commit fe2ec0b9c19adeab0cd9f04b8152dc17f31c31e5 +commit bda270d7fb8522d43c21a79a4b02a052d7c64de8 Author: djm@openbsd.org -Date: Fri Jun 26 05:04:07 2020 +0000 +Date: Sun Jun 6 03:17:02 2021 +0000 - upstream: allow "ssh-add -d -" to read keys to be deleted from + upstream: degrade gracefully if a sftp-server offers the - stdin bz#3180; ok dtucker@ + limits@openssh.com extension but fails when the client tries to invoke it. + Reported by Hector Martin via bz3318 - OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff + OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967 -commit a3e0c376ffc11862fa3568b28188bd12965973e1 +commit d345d5811afdc2d6923019b653cdd93c4cc95f76 Author: djm@openbsd.org -Date: Fri Jun 26 05:03:36 2020 +0000 +Date: Sun Jun 6 03:15:39 2021 +0000 - upstream: constify a few things; ok dtucker (as part of another + upstream: the limits@openssh.com extension was incorrectly marked - diff) + as an operation that writes to the filesystem, which made it unavailable in + sftp-server read-only mode. Spotted by Hector Martin via bz3318 - OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6 + OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067 -commit 74344c3ca42c3f53b00b025daf09ae7f6aa38076 -Author: dtucker@openbsd.org -Date: Fri Jun 26 05:02:03 2020 +0000 +commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a +Author: naddy@openbsd.org +Date: Sat Jun 5 13:47:00 2021 +0000 - upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to - - write to it so we don't leave an empty .ssh directory when it's not needed. - Use the same function to replace the code in ssh-keygen that does the same - thing. bz#3156, ok djm@ + upstream: PROTOCOL.certkeys: update reference from IETF draft to - OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f - -commit c9e24daac6324fcbdba171392c325bf9ccc3c768 -Author: dtucker@openbsd.org -Date: Fri Jun 26 04:45:11 2020 +0000 - - upstream: Expand path to ~/.ssh/rc rather than relying on it + RFC - being relative to the current directory, so that it'll still be found if the - shell startup changes its directory. Since the path is potentially longer, - make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@ + Also fix some typos. + ok djm@ - OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf + OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44 -commit 07f5f369a25e228a7357ef6c57205f191f073d99 -Author: markus@openbsd.org -Date: Wed Jun 24 15:12:09 2020 +0000 +commit aa99b2d9a3e45b943196914e8d8bf086646fdb54 +Author: Darren Tucker +Date: Fri Jun 4 23:41:29 2021 +1000 - upstream: fix kex mem-leak in ssh_packet_close; ok djm + Clear notify_pipe from readset if present. - OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4 + Prevents leaking an implementation detail to the caller. -commit e35995088cd6691a712bfd586bae8084a3a922ba -Author: markus@openbsd.org -Date: Wed Jun 24 15:10:38 2020 +0000 +commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b +Author: Darren Tucker +Date: Fri Jun 4 23:24:25 2021 +1000 - upstream: fix ssh -O proxy w/mux which got broken by no longer - - making ssh->kex optional in packet.c revision 1.278 ok djm@ - - OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917 + space->tabs. -commit 250246fef22b87a54a63211c60a2def9be431fbd -Author: markus@openbsd.org -Date: Wed Jun 24 15:09:53 2020 +0000 +commit c8677065070ee34c05c7582a9c2f58d8642e552d +Author: Darren Tucker +Date: Fri Jun 4 18:39:48 2021 +1000 - upstream: support loading big sshd_config files w/o realloc; ok - - djm + Add pselect implementation for platforms without. - OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171 - -commit 89b54900ac61986760452f132bbe3fb7249cfdac -Author: markus@openbsd.org -Date: Wed Jun 24 15:08:53 2020 +0000 - - upstream: allow sshd_config longer than 256k; ok djm + This is basically the existing notify_pipe kludge from serverloop.c + moved behind a pselect interface. It works by installing a signal + handler that writes to a pipe that the select is watching, then calls + the original handler. - OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3 + The select call in serverloop will become pselect soon, at which point the + kludge will be removed from thereand will only exist in the compat layer. + Original code by markus, help from djm. -commit e3fa6249e6d9ceb57c14b04dd4c0cfab12fa7cd5 -Author: markus@openbsd.org -Date: Wed Jun 24 15:07:33 2020 +0000 +commit 7cd7f302d3a072748299f362f9e241d81fcecd26 +Author: Vincent Brillault +Date: Sun May 24 09:15:06 2020 +0200 - upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; ok - - djm + auth_log: dont log partial successes as failures - OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096 + By design, 'partial' logins are successful logins, so initially with + authenticated set to 1, for which another authentication is required. As + a result, authenticated is always reset to 0 when partial is set to 1. + However, even if authenticated is 0, those are not failed login + attempts, similarly to attempts with authctxt->postponed set to 1. -commit 37f2da069c0619f2947fb92785051d82882876d7 +commit e7606919180661edc7f698e6a1b4ef2cfb363ebf Author: djm@openbsd.org -Date: Mon Jun 22 23:44:27 2020 +0000 - - upstream: some clarifying comments - - OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2 - -commit b659319a5bc9e8adf3c4facc51f37b670d2a7426 -Author: jmc@openbsd.org -Date: Mon Jun 22 06:37:38 2020 +0000 +Date: Fri Jun 4 06:19:07 2021 +0000 - upstream: updated argument name for -P in first synopsis was - - missed in previous; + upstream: The RB_GENERATE_STATIC(3) macro expands to a series of - OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7 - -commit 02a9222cbce7131d639984c2f6c71d1551fc3333 -Author: jmc@openbsd.org -Date: Mon Jun 22 06:36:40 2020 +0000 - - upstream: supply word missing in previous; + function definitions and not a statement, so there should be no semicolon + following them. Patch from Michael Forney - OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23 - -commit 5098b3b6230852a80ac6cef5d53a785c789a5a56 -Author: Damien Miller -Date: Mon Jun 22 16:54:02 2020 +1000 - - missing files for webauthn/sshsig unit test + OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd -commit 354535ff79380237924ac8fdc98f8cdf83e67da6 +commit c298c4da574ab92df2f051561aeb3e106b0ec954 Author: djm@openbsd.org -Date: Mon Jun 22 06:00:06 2020 +0000 +Date: Fri Jun 4 05:59:18 2021 +0000 - upstream: add support for verification of webauthn sshsig signature, + upstream: rework authorized_keys example section, removing irrelevant - and example HTML/JS to generate webauthn signatures in SSH formats (also used - to generate the testdata/* for the test). + stuff, de-wrapping the example lines and better aligning the examples with + common usage and FAQs; ok jmc - OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb + OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c -commit bb52e70fa5330070ec9a23069c311d9e277bbd6f +commit d9cb35bbec5f623589d7c58fc094817b33030f35 Author: djm@openbsd.org -Date: Mon Jun 22 05:58:35 2020 +0000 +Date: Fri Jun 4 05:10:03 2021 +0000 - upstream: Add support for FIDO webauthn (verification only). - - webauthn is a standard for using FIDO keys in web browsers. webauthn - signatures are a slightly different format to plain FIDO signatures - this - support allows verification of these. Feedback and ok markus@ + upstream: adjust SetEnv description to clarify $TERM handling - OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad + OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22 -commit 64bc121097f377142f1387ffb2df7592c49935af -Author: djm@openbsd.org -Date: Mon Jun 22 05:56:23 2020 +0000 +commit 771f57a8626709f2ad207058efd68fbf30d31553 +Author: dtucker@openbsd.org +Date: Fri Jun 4 05:09:08 2021 +0000 - upstream: refactor ECDSA-SK verification a little ahead of adding + upstream: Switch the listening select loop from select() to - support for FIDO webauthn signature verification support; ok markus@ + pselect() and mask signals while checking signal flags, umasking for pselect + and restoring afterwards. Also restore signals before sighup_restart so they + don't remain blocked after restart. - OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e - -commit 12848191f8fe725af4485d3600e0842d92f8637f -Author: djm@openbsd.org -Date: Mon Jun 22 05:54:10 2020 +0000 - - upstream: support for RFC4648 base64url encoding; ok markus + This prevents a race where a SIGTERM or SIGHUP can arrive between + checking the flag and calling select (eg if sshd is processing a + new connection) resulting in sshd not shutting down until the next + time it receives a new connection. bz#2158, with & ok djm@ - OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4 + OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f -commit 473b4af43db12127137c7fc1a10928313f5a16d2 +commit f64f8c00d158acc1359b8a096835849b23aa2e86 Author: djm@openbsd.org -Date: Mon Jun 22 05:53:26 2020 +0000 +Date: Fri Jun 4 05:02:40 2021 +0000 - upstream: better terminology for permissions; feedback & ok markus@ + upstream: allow ssh_config SetEnv to override $TERM, which is otherwise - OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9 - -commit fc270baf264248c3ee3050b13a6c8c0919e6559f -Author: djm@openbsd.org -Date: Mon Jun 22 05:52:05 2020 +0000 - - upstream: better terminology for permissions; feedback & ok markus@ + handled specially by the protocol. Useful in ~/.ssh/config to set TERM to + something generic (e.g. "xterm" instead of "xterm-256color") for destinations + that lack terminfo entries. feedback and ok dtucker@ - OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c + OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758 -commit 00531bb42f1af17ddabea59c3d9c4b0629000d27 -Author: dtucker@openbsd.org -Date: Fri Jun 19 07:21:42 2020 +0000 +commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5 +Author: djm@openbsd.org +Date: Fri Jun 4 04:02:21 2021 +0000 - upstream: Correct synopsis and usage for the options accepted when + upstream: correct extension name "no-presence-required" => - passing a command to ssh-agent. ok jmc@ + "no-touch-required" - OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846 - -commit b4556c8ad7177e379f0b60305a0cd70f12180e7c -Author: Darren Tucker -Date: Fri Jun 19 19:22:00 2020 +1000 - - Add OPENBSD ORIGINAL marker to bcrypt_pbkdf. - -commit 1babb8bb14c423011ca34c2f563bb1c51c8fbf1d -Author: Darren Tucker -Date: Fri Jun 19 19:10:47 2020 +1000 - - Extra brackets around sizeof() in bcrypt. + document "verify-required" option - Prevents following warning from clang 10: - bcrypt_pbkdf.c:94:40: error: expression does not compute the number of - elements in this array; element type is ´uint32_tÂ[...] - place parentheses around the ´sizeof(uint64_t)´ expression to - silence this warning + OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5 -commit 9e065729592633290e5ddb6852792913b2286545 +commit ecc186e46e3e30f27539b4311366dfda502f0a08 Author: Darren Tucker -Date: Fri Jun 19 18:47:56 2020 +1000 +Date: Wed Jun 2 13:54:11 2021 +1000 - Add includes.h to new test. + Retire fbsd7 test target. - Fixes warnings eg "´bounded´ attribute directive ignor" from gcc. + It's the slowest of the selfhosted targets (since it's 32bit but has + most of the crypto algos). We still have coverage for 32bit i386. -commit e684b1ea365e070433f282a3c1dabc3e2311ce49 +commit 5de0867b822ec48b5eec9abde0f5f95d1d646546 Author: Darren Tucker -Date: Fri Jun 19 18:38:39 2020 +1000 +Date: Wed Jun 2 11:21:40 2021 +1000 - Skip OpenSSL specific tests w/out OpenSSL. - - Allows unit tests to pass when configure'ed --without-openssl. + Check for $OPENSSL in md5 fallback too. -commit 80610e97a76407ca982e62fd051c9be03622fe7b +commit 1db69d1b6542f8419c04cee7fd523a4a11004be2 Author: Darren Tucker -Date: Fri Jun 19 17:15:27 2020 +1000 +Date: Wed Jun 2 11:17:54 2021 +1000 - Hook sshsig tests up to Portable Makefiles. + Add dfly60 target. -commit 5dba1fcabacaab46693338ec829b42a1293d1f52 +commit a3f2dd955f1c19cad387a139f0e719af346ca6ef Author: dtucker@openbsd.org -Date: Fri Jun 19 05:07:09 2020 +0000 +Date: Wed Jun 2 00:17:45 2021 +0000 - upstream: Test that ssh-agent exits when running as as subprocess - - of a specified command (ie "ssh-agent command"). Would have caught bz#3181. + upstream: Merge back shell portability changes - OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3 - -commit 68e8294f6b04f9590ea227e63d3e129398a49e27 -Author: djm@openbsd.org -Date: Fri Jun 19 04:34:21 2020 +0000 - - upstream: run sshsig unit tests + bringing it back in sync with -portable. - OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a + OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1 -commit 5edfa1690e9a75048971fd8775f7c16d153779db -Author: djm@openbsd.org -Date: Fri Jun 19 04:32:09 2020 +0000 +commit 9d482295c9f073e84d75af46b720a1c0f7ec2867 +Author: dtucker@openbsd.org +Date: Tue Jun 1 23:56:20 2021 +0000 - upstream: basic unit test for sshsig.[ch], including FIDO keys - - verification only so far + upstream: Use a default value for $OPENSSL, - OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896 - -commit e95c0a0e964827722d29b4bc00d5c0ff4afe0ed2 -Author: djm@openbsd.org -Date: Fri Jun 19 03:48:49 2020 +0000 - - upstream: basic unit test for FIDO kep parsing + allowing it to be overridden. Do the same in the PuTTY tests since it's + needed there and not exported by test-exec.sh. - OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82 + OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16 -commit 7775819c6de3e9547ac57b87c7dd2bfd28cefcc5 -Author: djm@openbsd.org -Date: Thu Jun 18 23:34:19 2020 +0000 +commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1 +Author: dtucker@openbsd.org +Date: Mon May 24 10:25:18 2021 +0000 - upstream: check public host key matches private; ok markus@ (as + upstream: Find openssl binary via environment variable. This - part of previous diff) + allows overriding if necessary (eg in -portable where we're testing against a + specific version of OpenSSL). - OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63 + OpenBSD-Regress-ID: 491f39cae9e762c71aa4bf045803d077139815c5 -commit c514f3c0522855b4d548286eaa113e209051a6d2 +commit 1a4d1da9188d7c88f646b61f0d6a3b34f47c5439 Author: djm@openbsd.org -Date: Thu Jun 18 23:33:38 2020 +0000 +Date: Fri May 21 04:03:47 2021 +0000 - upstream: avoid spurious "Unable to load host key" message when - - sshd can load a private key but no public counterpart; with & ok markus@ + upstream: fix memleak in test - OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b + OpenBSD-Regress-ID: 5e529d0982aa04666604936df43242e97a7a6f81 -commit 7fafaeb5da365f4a408fec355dac04a774f27193 +commit 60455a5d98065a73ec9a1f303345856bbd49aecc Author: djm@openbsd.org -Date: Fri Jun 12 05:26:37 2020 +0000 +Date: Fri May 21 03:59:01 2021 +0000 - upstream: correct RFC number; from HARUYAMA Seigo via GH PR191 + upstream: also check contents of remaining string - OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10 + OpenBSD-Regress-ID: d526fa07253f4eebbc7d6205a0ab3d491ec71a28 -commit 3a7f654d5bcb20df24a134b6581b0d235da4564a +commit 39f6cd207851d7b67ca46903bfce4a9f615b5b1c Author: djm@openbsd.org -Date: Fri Jun 5 06:18:07 2020 +0000 +Date: Fri May 21 03:48:07 2021 +0000 - upstream: unbreak "sshd -ddd" - close of config passing fd happened too - - early. ok markus@ + upstream: unit test for misc.c:strdelim() that mostly servces to - OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0 - -commit 3de02be39e5c0c2208d9682a3844991651620fcc -Author: Andreas Schwab -Date: Mon May 25 11:10:44 2020 +0200 - - Add support for AUDIT_ARCH_RISCV64 - -commit ea547eb0329c2f8da77a4ac05f6c330bd49bdaab -Author: djm@openbsd.org -Date: Fri Jun 5 03:25:35 2020 +0000 - - upstream: make sshbuf_putb(b, NULL) a no-op + highlight its inconsistencies - OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7 + OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195 -commit 69796297c812640415c6cea074ea61afc899cbaa -Author: djm@openbsd.org -Date: Fri Jun 5 03:24:36 2020 +0000 +commit 7a3a1dd2c7d4461962acbcc0ebee9445ba892be0 +Author: Darren Tucker +Date: Thu May 27 21:23:15 2021 +1000 - upstream: make sshbuf_dump() args const - - OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd + Put minix3 config in the host-specific block. -commit 670428895739d1f79894bdb2457891c3afa60a59 +commit 59a194825f12fff8a7f75d91bf751ea17645711b Author: djm@openbsd.org -Date: Fri Jun 5 03:24:16 2020 +0000 +Date: Mon May 31 06:48:42 2021 +0000 - upstream: wrap long line + upstream: Hash challenge supplied by client during FIDO key enrollment - OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2 - -commit 2f648cf222882719040906722b3593b01df4ad1a -Author: dtucker@openbsd.org -Date: Fri Jun 5 03:15:26 2020 +0000 - - upstream: Correct historical comment: provos@ modified OpenSSH to + prior to passing it to libfido2, which does expect a hash. - work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok - deraadt, historical context markus@ + There is no effect for users who are simply generating FIDO keys using + ssh-keygen - by default we generate a random 256 bit challenge, but + people building attestation workflows around our tools should now have + a more consistent experience (esp. fewer failures when they fail to + guess the magic 32-byte challenge length requirement). - OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90 - -commit 56548e4efcc3e3e8093c2eba30c75b23e561b172 -Author: dtucker@openbsd.org -Date: Wed Jun 3 08:23:18 2020 +0000 - - upstream: Import regenerated moduli file. + ok markus@ - OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54 + OpenBSD-Commit-ID: b8d5363a6a7ca3b23dc28f3ca69470472959f2b5 -commit 8da801f585dd9c534c0cbe487a3b1648036bf2fb +commit eb68e669bc8ab968d4cca5bf1357baca7136a826 Author: Darren Tucker -Date: Fri Jun 5 13:20:10 2020 +1000 +Date: Thu May 27 21:14:15 2021 +1000 - Test fallthrough in OSSH_CHECK_CFLAG_COMPILE. + Include login_cap.h for login_getpwclass override. - clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */ - comments and we don't use the __attribute__((fallthrough)) that it's - looking for. This has the effect of turning off -Wimplicit-fallthrough - where it does not currently help (particularly with -Werror). ok djm@ + On minix3, login_getpwclass is __RENAME'ed to __login_getpwclass50 so + without this the include overriding login_getpwclass causes a compile + error. -commit 049297de975b92adcc2db77e3fb7046c0e3c695d -Author: dtucker@openbsd.org -Date: Wed Jun 3 08:23:18 2020 +0000 +commit 2063af71422501b65c7a92a5e14c0e6a3799ed89 +Author: Darren Tucker +Date: Thu May 27 21:13:38 2021 +1000 - upstream: Import regenerated moduli file. - - OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54 + Add minix3 test target. -commit b458423a38a3140ac022ffcffcb332609faccfe3 -Author: dtucker@openbsd.org -Date: Mon Jun 1 07:11:38 2020 +0000 +commit 2e1efcfd9f94352ca5f4b6958af8a454f8cf48cd +Author: djm@openbsd.org +Date: Wed May 26 01:47:24 2021 +0000 - upstream: Remove now-unused proto_spec and associated definitions. + upstream: fix SEGV in UpdateHostkeys debug() message, triggered - ok djm@ + when the update removed more host keys than remain present. Fix tested by + reporter James Cook, via bugs@ - OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362 + OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3 -commit 5ad3c3a33ef038b55a14ebd31faeeec46073db2c -Author: millert@openbsd.org -Date: Fri May 29 21:22:02 2020 +0000 +commit 9acd76e6e4d2b519773e7119c33cf77f09534909 +Author: naddy@openbsd.org +Date: Sun May 23 18:22:57 2021 +0000 - upstream: Fix error message on close(2) and add printf format + upstream: ssh: The client configuration keyword is - attributes. From Christos Zoulas, OK markus@ + "hostbasedacceptedalgorithms" - OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e - -commit 712ac1efb687a945a89db6aa3e998c1a17b38653 -Author: dtucker@openbsd.org -Date: Fri May 29 11:17:56 2020 +0000 - - upstream: Make dollar_expand variadic and pass a real va_list to + This fixes a mistake that slipped in when "HostbasedKeyTypes" was + renamed to "HostbasedAcceptedAlgorithms". - vdollar_percent_expand. Fixes build error on arm64 spotted by otto@. + Bug report by zack@philomathiclife.com - OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279 + OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38 -commit 837ffa9699a9cba47ae7921d2876afaccc027133 +commit 078a0e60c92700da4c536c93c007257828ccd05b Author: Darren Tucker -Date: Fri May 29 20:39:00 2020 +1000 +Date: Tue May 25 11:40:47 2021 +1000 - Omit ToS setting if we don't have IPV6_TCLASS too. + Rename README.md to ci-status.md. - Fixes tests on old BSDs. + The original intent was to provide a status page for the CIs configured + in that directory, but it had the side effect of replacing the top-level + README.md. -commit f85b118d2150847cc333895296bc230e367be6b5 -Author: dtucker@openbsd.org -Date: Fri May 29 09:02:44 2020 +0000 +commit 7be4ac813662f68e89f23c50de058a49aa32f7e4 +Author: djm@openbsd.org +Date: Wed May 19 01:24:05 2021 +0000 - upstream: Pass a NULL instead of zeroed out va_list from - - dollar_expand. The original intent was in case there's some platform where - va_list is not a pointer equivalent, but on i386 this chokes on the memset. - This unbreaks that build, but will require further consideration. + upstream: restore blocking status on stdio fds before close - OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7 - -commit ec1d50b01c84ff667240ed525f669454c4ebc8e9 -Author: jmc@openbsd.org -Date: Fri May 29 05:48:39 2020 +0000 - - upstream: remove a stray .El; + ssh(1) needs to set file descriptors to non-blocking mode to operate + but it was not restoring the original state on exit. This could cause + problems with fds shared with other programs via the shell, e.g. - OpenBSD-Commit-ID: 58ddfe6f8a15fe10209db6664ecbe7896f1d167c - -commit 058674a62ffe33f01d871d46e624bc2a2c22d91f -Author: dtucker@openbsd.org -Date: Fri May 29 04:32:26 2020 +0000 - - upstream: Add regression and unit tests for ${ENV} style + > $ cat > test.sh << _EOF + > #!/bin/sh + > { + > ssh -Fnone -oLogLevel=verbose ::1 hostname + > cat /usr/share/dict/words + > } | sleep 10 + > _EOF + > $ ./test.sh + > Authenticated to ::1 ([::1]:22). + > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds + > Bytes per second: sent 44338.9, received 55197.4 + > cat: stdout: Resource temporarily unavailable - environment variable expansion in various keywords (bz#3140). ok djm@ + This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) + abandons/closes them. - OpenBSD-Regress-ID: 4d9ceb95d89365b7b674bc26cf064c15a5bbb197 - -commit 0b15892fc47d6840eba1291a6be9be1a70bc8972 -Author: dtucker@openbsd.org -Date: Fri May 29 01:21:35 2020 +0000 - - upstream: Unit test for convtime. ok djm@ + This was reported as bz3280 and GHPR246; ok dtucker@ - OpenBSD-Regress-ID: cec4239efa2fc4c7062064f07a847e1cbdbcd5dd + OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce -commit 188e332d1c8f9f24e5b6659e9680bf083f837df9 +commit c4902e1a653c67fea850ec99c7537f358904c0af Author: djm@openbsd.org -Date: Fri May 29 05:37:03 2020 +0000 +Date: Mon May 17 11:43:16 2021 +0000 - upstream: mention that wildcards are processed in lexical order; + upstream: fix breakage of -W forwaring introduced in 1.554; reported by - bz#3165 + naddy@ and sthen@, ok sthen@ - OpenBSD-Commit-ID: 8856f3d1612bd42e9ee606d89386cae456dd165c + OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd -commit 4a1b46e6d032608b7ec00ae51c4e25b82f460b05 +commit afea01381ad1fcea1543b133040f75f7542257e6 Author: dtucker@openbsd.org -Date: Fri May 29 04:25:40 2020 +0000 +Date: Mon May 17 07:22:45 2021 +0000 - upstream: Allow some keywords to expand shell-style ${ENV} - - environment variables on the client side. The supported keywords are - CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus - LocalForward and RemoteForward when used for Unix domain socket paths. This - would for example allow forwarding of Unix domain socket paths that change at - runtime. bz#3140, ok djm@ + upstream: Regenerate moduli. - OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa + OpenBSD-Commit-ID: 83c93a2a07c584c347ac6114d6329b18ce515557 -commit c9bab1d3a9e183cef3a3412f57880a0374cc8cb2 +commit be2866d6207b090615ff083c9ef212b603816a56 Author: Damien Miller -Date: Fri May 29 14:49:16 2020 +1000 - - depend - -commit 0b0d219313bf9239ca043f20b1a095db0245588f -Author: sobrado -Date: Thu Sep 3 23:06:28 2015 +0000 - - partial sync of regress/netcat.c with upstream - - synchronize synopsis and usage. - -commit 0f04c8467f589f85a523e19fd684c4f6c4ed9482 -Author: chl -Date: Sun Jul 26 19:12:28 2015 +0000 - - partial sync of regress/netcat.c with upstream - - remove unused variable - - ok tedu@ - -commit d6a81050ace2630b06c3c6dd39bb4eef5d1043f8 -Author: tobias -Date: Thu Mar 26 21:22:50 2015 +0000 - - partial sync of regress/netcat.c with upstream - - The code in socks.c writes multiple times in a row to a socket. If the socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :) - - with input by and ok djm - -commit bf3893dddd35e16def04bf48ed2ee1ad695b8f82 -Author: tobias -Date: Thu Mar 26 10:36:03 2015 +0000 - - partial sync of regress/netcat.c with upstream - - Check for short writes in fdpass(). Clean up while at it. - - ok djm - -commit e18435fec124b4c08eb6bbbbee9693dc04f4befb -Author: jca -Date: Sat Feb 14 22:40:22 2015 +0000 +Date: Mon May 17 09:40:23 2021 +1000 - partial sync of regress/netcat.c with upstream - - Support for nc -T on IPv6 addresses. + Handle Android libc returning NULL pw->pw_passwd - ok sthen@ + Reported by Luke Dashjr -commit 4c607244054a036ad3b2449a6cb4c15feb846a76 +commit 5953c143008259d87342fb5155bd0b8835ba88e5 Author: djm@openbsd.org -Date: Fri May 29 03:14:02 2020 +0000 +Date: Fri May 14 05:20:32 2021 +0000 - upstream: fix compilation on !HAVE_DLOPEN platforms; stub function + upstream: fix previous: test saved no_shell_flag, not the one that just - was not updated to match API change. From Dale Rahn via beck@ ok markus@ + got clobbered - OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b836 + OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d -commit 224418cf55611869a4ace1b8b07bba0dff77a9c3 +commit 1e9fa55f4dc4b334651d569d3448aaa3841f736f Author: djm@openbsd.org -Date: Fri May 29 03:11:54 2020 +0000 +Date: Fri May 14 03:09:48 2021 +0000 - upstream: fix exit status for downloading of FIDO resident keys; + upstream: Fix ssh started with ControlPersist incorrectly executing a - from Pedro Martelletto, ok markus@ + shell when the -N (no shell) option was specified. bz3290 reported by Richard + Schwab; patch from markus@ ok me - OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef + OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1 -commit 1001dd148ed7c57bccf56afb40cb77482ea343a6 +commit d1320c492f655d8f5baef8c93899d79dded217a5 Author: dtucker@openbsd.org -Date: Fri May 29 01:20:46 2020 +0000 +Date: Wed May 12 11:34:30 2021 +0000 - upstream: Fix multiplier in convtime when handling seconds after + upstream: Clarify language about moduli. While both ends of the - other units. bz#3171, spotted by ronf at timeheart.net, ok djm@. + connection do need to use the same parameters (ie groups), the DH-GEX + protocol takes care of that and both ends do not need the same contents in + the moduli file, which is what the previous text suggested. ok djm@ jmc@ - OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be + OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a -commit 7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01 +commit d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d Author: djm@openbsd.org -Date: Wed May 27 22:37:53 2020 +0000 +Date: Fri May 7 04:11:51 2021 +0000 - upstream: fix Include before Match in sshd_config; bz#3122 patch - - from Jakub Jelen + upstream: include pid in LogVerbose spam - OpenBSD-Commit-ID: 1b0aaf135fe6732b5d326946042665dd3beba5f4 + OpenBSD-Commit-ID: aacb86f96ee90c7cb84ec27452374285f89a7f00 -commit 0a9a611619b0a1fecd0195ec86a9885f5d681c84 +commit e3c032333be5fdbbaf2751f6f478e044922b4ec4 Author: djm@openbsd.org -Date: Wed May 27 21:59:11 2020 +0000 +Date: Fri May 7 03:09:38 2021 +0000 - upstream: Do not call process_queued_listen_addrs() for every + upstream: don't sigdie() in signal handler in privsep child process; - included file from sshd_config; patch from Jakub Jelen + this can end up causing sandbox violations per bz3286; ok dtucker@ - OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49 + OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda -commit 16ea1fdbe736648f79a827219134331f8d9844fb -Author: djm@openbsd.org -Date: Wed May 27 21:25:18 2020 +0000 +commit a4039724a3f2abac810735fc95cf9114a3856049 +Author: dtucker@openbsd.org +Date: Fri May 7 09:23:40 2021 +0000 - upstream: fix crash in recallocarray when deleting SendEnv + upstream: Increase ConnectionAttempts from 4 to 10 as the tests - variables; spotted by & ok sthen@ + occasionally time out on heavily loaded hosts. - OpenBSD-Commit-ID: b881e8e849edeec5082b5c0a87d8d7cff091a8fd + OpenBSD-Regress-ID: 29a8cdef354fc9da471a301f7f65184770434f3a -commit 47adfdc07f4f8ea0064a1495500244de08d311ed +commit c0d7e36e979fa3cdb60f5dcb6ac9ad3fd018543b Author: djm@openbsd.org -Date: Wed May 27 22:35:19 2020 +0000 +Date: Fri May 7 02:26:55 2021 +0000 - upstream: two new tests for Include in sshd_config, checking whether - - Port directives are processed correctly and handling of Include directives - that appear before Match. Both tests currently fail. bz#3122 and bz#3169 - - patch from Jakub Jelen + upstream: dump out a usable private key string too; inspired by Tyson - OpenBSD-Regress-ID: 8ad5a4a385a63f0a1c59c59c763ff029b45715df - -commit 47faad8f794516c33864d866aa1b55d88416f94c -Author: Darren Tucker -Date: Wed May 27 23:26:23 2020 +1000 - - Document that libfido2 >= 1.4.0 is needed. - -commit 4be563994c0cbe9856e7dd3078909f41beae4a9c -Author: djm@openbsd.org -Date: Tue May 26 01:59:46 2020 +0000 - - upstream: fix memleak of signature; from Pedro Martelletto + Whitehead - OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb + OpenBSD-Regress-ID: 65572d5333801cb2f650ebc778cbdc955e372058 -commit 0c111eb84efba7c2a38b2cc3278901a0123161b9 +commit 24fee8973abdf1c521cd2c0047d89e86d9c3fc38 Author: djm@openbsd.org -Date: Tue May 26 01:26:58 2020 +0000 +Date: Fri May 7 02:29:40 2021 +0000 - upstream: Restrict ssh-agent from signing web challenges for FIDO - - keys. - - When signing messages in ssh-agent using a FIDO key that has an - application string that does not start with "ssh:", ensure that the - message being signed is one of the forms expected for the SSH protocol - (currently pubkey authentication and sshsig signatures). - - This prevents ssh-agent forwarding on a host that has FIDO keys - attached granting the ability for the remote side to sign challenges - for web authentication using those keys too. - - Note that the converse case of web browsers signing SSH challenges is - already precluded because no web RP can have the "ssh:" prefix in the - application string that we require. + upstream: correct mistake in spec - the private key blobs are encoded - ok markus@ + verbatim and not as strings (i.e. no 4-byte length header) - OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19 + OpenBSD-Commit-ID: 3606b5d443d72118c5b76c4af6dd87a5d5a4f837 -commit 9c5f64b6cb3a68b99915202d318b842c6c76cf14 -Author: djm@openbsd.org -Date: Tue May 26 01:09:05 2020 +0000 +commit f43859159cc62396ad5d080f0b1f2635a67dac02 +Author: dtucker@openbsd.org +Date: Tue May 4 22:53:52 2021 +0000 - upstream: improve logging for MaxStartups connection throttling: + upstream: Don't pass NULL as a string in debugging as it does not work - have sshd log when it starts and stops throttling and periodically while in - this state. bz#3055 ok markus@ + on some platforms in -portable. ok djm@ - OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9 + OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9 -commit 756c6f66aee83a5862a6f936a316f761532f3320 +commit ac31aa3c6341905935e75f0539cf4a61bbe99779 Author: djm@openbsd.org -Date: Tue May 26 01:06:52 2020 +0000 +Date: Mon May 3 00:16:45 2021 +0000 - upstream: add fmt_timeframe() (from bgpd) to format a time - - interval in a human- friendly format. Switch copyright for this file from BSD - to MIT to make it easier to add Henning's copyright for this function. ok - markus@ + upstream: more debugging for UpdateHostKeys signature failures - OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9 + OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36 -commit 2a63ce5cd6d0e782783bf721462239b03757dd49 -Author: djm@openbsd.org -Date: Mon May 18 04:29:35 2020 +0000 +commit 8e32e97e788e0676ce83018a742203614df6a2b3 +Author: Darren Tucker +Date: Sat May 1 20:07:47 2021 +1000 - upstream: avoid possible NULL deref; from Pedro Martelletto - - OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721 + Add obsd69 test target. -commit 4b307faf2fb0e63e51a550b37652f7f972df9676 -Author: markus@openbsd.org -Date: Fri May 15 08:34:03 2020 +0000 +commit f06893063597c5bb9d9e93f851c4070e77d2fba9 +Author: djm@openbsd.org +Date: Fri Apr 30 04:29:53 2021 +0000 - upstream: sshd listener must not block if reexecd sshd exits + upstream: a little debugging in the main mux process for status - in write(2) on config_s[0] if the forked child exits early before finishing - recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the - parent. this prevents the parent from accepting new connections. ok djm, - deraadt + confirmation failures in multiplexed sessions - OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef + OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49 -commit af8b16fb2cce880341c0ee570ceb0d84104bdcc0 -Author: djm@openbsd.org -Date: Fri May 15 03:57:33 2020 +0000 +commit e65cf00da6bc31e5f54603b7feb7252dc018c033 +Author: dtucker@openbsd.org +Date: Fri Apr 30 04:02:52 2021 +0000 - upstream: fix off-by-one error that caused sftp downloads to make + upstream: Remove now-unused skey function prototypes leftover from - one more concurrent request that desired. This prevented using sftp(1) in - unpipelined request/response mode, which is useful when debugging. Patch from - Stephen Goetze in bz#3054 + skey removal. - OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28 + OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3 -commit d7d753e2979f2d3c904b03a08d30856cd2a6e892 -Author: deraadt@openbsd.org -Date: Wed May 13 22:38:41 2020 +0000 +commit ae5f9b0d5c8126214244ee6b35aae29c21028133 +Author: Darren Tucker +Date: Thu Apr 29 13:01:50 2021 +1000 - upstream: we are still aiming for pre-C99 ... + Wrap sntrup761x25519 inside ifdef. - OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38 + From balu.gajjala at gmail.com via bz#3306. -commit 2ad7b7e46408dbebf2a4efc4efd75a9544197d57 -Author: djm@openbsd.org -Date: Wed May 13 10:08:02 2020 +0000 +commit 70a8dc138a6480f85065cdb239915ad4b7f928cf +Author: Darren Tucker +Date: Wed Apr 28 14:44:07 2021 +1000 - upstream: Enable credProtect extension when generating a resident - - key. - - The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" - feature to better protect resident keys. This option allows (amone other - possibilities) requiring a PIN prior to all operations that may retrieve - the key handle. - - Patch by Pedro Martelletto; ok djm and markus - - OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73 + Add status badges for Actions-based tests. -commit 1e70dc3285fc9b4f6454975acb81e8702c23dd89 -Author: djm@openbsd.org -Date: Wed May 13 09:57:17 2020 +0000 +commit 40b59024cc3365815381474cdf4fe423102e391b +Author: Darren Tucker +Date: Wed Apr 28 12:22:11 2021 +1000 - upstream: always call fido_init(); previous behaviour only called - - fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but - this isn't guaranteed in the future. - - OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864 + Add obsdsnap (OpenBSD snapshot) test target. -commit f2d84f1b3fa68d77c99238d4c645d0266fae2a74 -Author: djm@openbsd.org -Date: Wed May 13 09:55:57 2020 +0000 +commit e627067ec8ef9ae8e7a638f4dbac91d52dee3e6d +Author: Darren Tucker +Date: Wed Apr 28 11:35:28 2021 +1000 - upstream: preserve group/world read permission on known_hosts - - file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove - all rights for group/other. bz#3146 ok dtucker@ - - OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a + Add test building upstream OpenBSD source. -commit 05a651400da6fbe12296c34e3d3bcf09f034fbbf -Author: djm@openbsd.org -Date: Wed May 13 09:52:41 2020 +0000 +commit 1b8108ebd12fc4ed0fb39ef94c5ba122558ac373 +Author: Darren Tucker +Date: Tue Apr 27 14:22:20 2021 +1000 - upstream: when ordering the hostkey algorithms to request from a - - server, prefer certificate types if the known_hosts files contain a key - marked as a @cert-authority; bz#3157 ok markus@ + Test against OpenSSL 1.1.0h instead of 1.1.0g. - OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db + 1.1.0g requires a perl glob module that's not installed by default. -commit 829451815ec207e14bd54ff5cf7e22046816f042 -Author: djm@openbsd.org -Date: Tue May 12 01:41:32 2020 +0000 +commit 9bc20efd39ce8525be33df3ee009f5a4564224f1 +Author: Darren Tucker +Date: Tue Apr 27 12:37:59 2021 +1000 - upstream: fix non-ASCII quote that snuck in; spotted by Gabriel - - Kihlman - - OpenBSD-Commit-ID: 04bcde311de2325d9e45730c744c8de079b49800 + Use the default VM type for libcrypto ver tests. -commit 5a442cec92c0efd6fffb4af84bf99c70af248ef3 -Author: djm@openbsd.org -Date: Mon May 11 02:11:29 2020 +0000 +commit 9f79e80dc40965c2e73164531250b83b176c1eea +Author: Darren Tucker +Date: Tue Apr 27 12:24:10 2021 +1000 - upstream: clarify role of FIDO tokens in multi-factor - - authentictation; mostly from Pedro Martelletto + Always build OpenSSL shared. - OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac + This is the default for current versions but we need it to test against + earlier versions. -commit ecb2c02d994b3e21994f31a70ff911667c262f1f -Author: djm@openbsd.org -Date: Fri May 8 05:13:14 2020 +0000 +commit b3cc9fbdff2782eca79e33e02ac22450dc63bce9 +Author: Darren Tucker +Date: Tue Apr 27 09:18:02 2021 +1000 - upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@ + Fix custom OpenSSL tests. - OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a + Check out specified OpenSSL version. Install custom libcrypto where + configure expects to find it. Remove unneeded OpenSSL config time + options. Older OpenSSL versions were not make -j safe so remove it. -commit 3ab6fccc3935e9b778ff52f9c8d40f215d58e01d -Author: Damien Miller -Date: Thu May 14 12:22:09 2020 +1000 +commit 77532609874a99a19e3e2eb2d1b7fa93aef963bb +Author: Darren Tucker +Date: Mon Apr 26 17:18:25 2021 +1000 - prefer ln to cp for temporary copy of sshd - - I saw failures on the reexec fallback test on Darwin 19.4 where - fork()ed children of a process that had it's executable removed - would instantly fail. Using ln to preserve the inode avoids this. + Export CC and CFLAGS for c89 test. -commit f700d316c6b15a9cfbe87230d2dca81a5d916279 +commit 33f62dfbe865f4de77980ab88774bf1eb5e4e040 Author: Darren Tucker -Date: Wed May 13 15:24:51 2020 +1000 +Date: Mon Apr 26 17:13:44 2021 +1000 - Actually skip pty tests when needed. + Add c89 here too. -commit 08ce6b2210f46f795e7db747809f8e587429dfd2 +commit da9d59f526fce58e11cba49cd8eb011dc0bf5677 Author: Darren Tucker -Date: Wed May 13 13:56:45 2020 +1000 +Date: Mon Apr 26 15:34:23 2021 +1000 - Skip building sk-dummy library if no SK support. + Add test against OpenSSL w/out ECC. -commit 102d106bc2e50347d0e545fad6ff5ce408d67247 -Author: Damien Miller -Date: Wed May 13 12:08:34 2020 +1000 +commit 29e194a752359ebf85bf7fce100f23a0477fc4de +Author: Darren Tucker +Date: Mon Apr 26 14:49:59 2021 +1000 - explicitly manage .depend and .depend.bak - - Bring back removal of .depend to give the file a known state before - running makedepend, but manually move aside the current .depend file - and restore it as .depend.bak afterwards so the stale .depend check - works as expected. + Ensure we can still build with C89. -commit 83a6dc6ba1e03b3fa39d12a8522b8b0e68dd6390 -Author: Damien Miller -Date: Wed May 13 12:03:42 2020 +1000 +commit a38016d369d21df5d35f761f2b67e175e132ba22 +Author: Darren Tucker +Date: Mon Apr 26 14:29:03 2021 +1000 - make depend + Interop test agains PuTTY. -commit 7c0bbed967abed6301a63e0267cc64144357a99a -Author: Damien Miller -Date: Wed May 13 12:01:10 2020 +1000 +commit 095b0307a77be8803768857cc6c0963fa52ed85b +Author: Darren Tucker +Date: Mon Apr 26 14:02:03 2021 +1000 - revert removal of .depend before makedepend - - Commit 83657eac4 started removing .depend before running makedepend - to reset the contents of .depend to a known state. Unfortunately - this broke the depend-check step as now .depend.bak would only ever - be created as an empty file. + Support testing against arbitary libcrytpo vers. - ok dtucker + Add tests against various LibreSSL and OpenSSL versions. -commit 58ad004acdcabf3b9f40bc3aaa206b25d998db8c -Author: Damien Miller -Date: Tue May 12 12:58:46 2020 +1000 +commit b16082aa110fa7128ece2a9037ff420c4a285317 +Author: Darren Tucker +Date: Mon Apr 26 13:35:44 2021 +1000 - prepare for 8.3 release + Add fbsd10 test target. -commit 4fa9e048c2af26beb7dc2ee9479ff3323e92a7b5 +commit 2c805f16b24ea37cc051c6018fcb05defab6e57a Author: Darren Tucker -Date: Fri May 8 21:50:43 2020 +1000 +Date: Sun Apr 25 14:15:02 2021 +1000 - Ensure SA_SIGNAL test only signals itself. + Disable compiler hardening on nbsd4. - When the test's child signals its parent and it exits the result of - getppid changes. On Ubuntu 20.04 this results in the ppid being that - of the GDM session, causing it to exit. Analysis and testing from pedro - at ambientworks.net + The system compiler supports -fstack-protector-all, but using it will + result in an internal compiler error on some files. -commit dc2da29aae76e170d22f38bb36f1f5d1edd5ec2b -Author: Damien Miller -Date: Fri May 8 13:31:53 2020 +1000 +commit 6a5d39305649da5dff1934ee54292ee0cebd579d +Author: Darren Tucker +Date: Sun Apr 25 13:01:34 2021 +1000 - sync config.guess/config.sub with latest versions - - ok dtucker@ + Add nbsd3, nbsd4 and nbsd9 test targets. -commit a8265bd64c14881fc7f4fa592f46dfc66b911f17 -Author: djm@openbsd.org -Date: Wed May 6 20:58:01 2020 +0000 +commit d1aed05bd2e4ae70f359a394dc60a2d96b88f78c +Author: Darren Tucker +Date: Sat Apr 24 22:03:46 2021 +1000 - upstream: openssh-8.3; ok deraadt@ - - OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1 + Comment out nbsd2 test target for now. -commit 955854cafca88e0cdcd3d09ca1ad4ada465364a1 -Author: djm@openbsd.org -Date: Wed May 6 20:57:38 2020 +0000 +commit a6b4ec94e5bd5a8a18cd2c9942d829d2e5698837 +Author: Darren Tucker +Date: Sat Apr 24 17:52:24 2021 +1000 - upstream: another case where a utimes() failure could make scp send - - a desynchronising error; reminded by Aymeric Vincent ok deraadt markus - - OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381 + Add OPENBSD ORIGINAL marker. -commit 59d531553fd90196946743da391f3a27cf472f4e +commit 3737c9f66ee590255546c4b637b6d2be669a11eb Author: Darren Tucker -Date: Thu May 7 15:34:12 2020 +1000 +Date: Fri Apr 23 19:49:46 2021 +1000 - Check if -D_REENTRANT is needed for localtime_r. - - On at least HP-UX 11.11, the localtime_r declararation is behind - ifdef _REENTRANT. Check for and add if needed. + Replace "==" (a bashism) with "=". -commit c13403e55de8cdbb9da628ed95017b1d4c0f205f +commit a116b6f5be17a1dd345b7d54bf8aa3779a28a0df Author: Darren Tucker -Date: Tue May 5 11:32:43 2020 +1000 +Date: Fri Apr 23 16:34:48 2021 +1000 - Skip security key tests if ENABLE_SK not set. + Add nbsd2 test target. -commit 4da393f87cd52d788c84112ee3f2191c9bcaaf30 -Author: djm@openbsd.org -Date: Fri May 1 04:03:14 2020 +0000 +commit 196bf2a9bb771f45d9b0429cee7d325962233c44 +Author: Darren Tucker +Date: Fri Apr 23 14:54:10 2021 +1000 - upstream: sure enough, some of the test data that we though were in - - new format were actually in the old format; fix from Michael Forney - - OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933 + Add obsd68 test target. -commit 15bfafc1db4c8792265ada9623a96f387990f732 -Author: djm@openbsd.org -Date: Fri May 1 04:00:29 2020 +0000 +commit e3ba6574ed69e8b7af725cf5e8a9edaac04ff077 +Author: Darren Tucker +Date: Fri Apr 23 14:53:32 2021 +1000 - upstream: make mktestdata.sh generate old/new format keys that we - - expect. This script was written before OpenSSH switched to new-format private - keys by default and was never updated to the change (until now) From Michael - Forney - - OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7 + Remove dependency on bash. -commit 7882d2eda6ad3eb82220a85294de545d20ef82db -Author: djm@openbsd.org -Date: Fri May 1 03:58:02 2020 +0000 +commit db1f9ab8feb838aee9f5b99c6fd3f211355dfdcf +Author: Darren Tucker +Date: Fri Apr 23 14:41:13 2021 +1000 - upstream: portability fix for sed that always emil a newline even - - if the input does not contain one; from Michael Forney - - OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7 + Add obsd67 test target. -commit 8074f9499e454df0acdacea33598858a1453a357 -Author: djm@openbsd.org -Date: Fri May 1 03:36:25 2020 +0000 +commit c039a6bf79192fe1daa9ddcc7c87dd98e258ae7c +Author: Darren Tucker +Date: Fri Apr 23 11:08:23 2021 +1000 - upstream: remove obsolete RSA1 test keys; spotted by Michael Forney - - OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da + Re-add macos-11.0 test target. -commit c697e46c314aa94574af0d393d80f23e0ebc9748 +commit a6db3a47b56adb76870d59225ffb90a65bc4daf2 Author: Darren Tucker -Date: Sat May 2 18:34:47 2020 +1000 +Date: Fri Apr 23 10:28:28 2021 +1000 - Update .depend. + Add openindiana test target. -commit 83657eac42941f270c4b02b2c46d9a21f616ef99 +commit 3fe7e73b025c07eda46d78049f1da8ed7dfc0c69 Author: Darren Tucker -Date: Sat May 2 18:29:40 2020 +1000 +Date: Fri Apr 23 10:26:35 2021 +1000 - Remove use of tail for 'make depend'. - - Not every tail supports +N and we can do with out it so just remove it. - Prompted by mforney at mforney.org. + Test krb5 on Solaris 11 too. -commit d25d630d24c5a1c64d4e646510e79dc22d6d7b88 -Author: djm@openbsd.org -Date: Sat May 2 07:19:43 2020 +0000 +commit f57fbfe5eb02df1a91f1a237c4d27165afd87c13 +Author: Darren Tucker +Date: Thu Apr 22 22:27:26 2021 +1000 - upstream: we have a sshkey_save_public() function to save public keys; - - use it and save a bunch of redundant code. - - Patch from loic AT venez.fr; ok markus@ djm@ + Don't always set SUDO. - OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f + Rely on sourcing configs to set as appropriate. -commit e9dc9863723e111ae05e353d69df857f0169544a +commit e428f29402fb6ac140b52f8f12e06ece7bb104a0 Author: Darren Tucker -Date: Fri May 1 18:32:25 2020 +1000 +Date: Thu Apr 22 22:26:08 2021 +1000 - Use LONG_LONG_MAX and friends if available. - - If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} - then use those instead. We do calculate these values in configure, - but it turns out that at least one compiler (old HP ANSI C) can't - parse "-9223372036854775808LL" without mangling it. (It can parse - "-9223372036854775807LL" which is presumably why its limits.h defines - LONG_LONG_MIN as the latter minus 1.) - - Fixes rekey test when compiled with the aforementioned compiler. + Remove now-unused 2nd arg to configs. -commit aad87b88fc2536b1ea023213729aaf4eaabe1894 -Author: djm@openbsd.org -Date: Fri May 1 06:31:42 2020 +0000 +commit cb4ff640d79b3c736879582139778f016bbb2cd7 +Author: Darren Tucker +Date: Wed Apr 21 01:08:04 2021 +1000 - upstream: when receving a file in sink(), be careful to send at - - most a single error response after the file has been opened. Otherwise the - source() and sink() can become desyncronised. Reported by Daniel Goujot, - Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. - - ok deraadt@ markus@ - - OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035 + Add win10 test target. -commit 31909696c4620c431dd55f6cd15db65c4e9b98da -Author: djm@openbsd.org -Date: Fri May 1 06:28:52 2020 +0000 +commit 4457837238072836b2fa3107d603aac809624983 +Author: Darren Tucker +Date: Tue Apr 20 23:31:29 2021 +1000 - upstream: expose vasnmprintf(); ok (as part of other commit) markus - - deraadt - - OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5 + Add nbsd8 test target. -commit 99ce9cefbe532ae979744c6d956b49f4b02aff82 -Author: djm@openbsd.org -Date: Fri May 1 04:23:11 2020 +0000 +commit bd4fba22e14da2fa196009010aabec5a8ba9dd42 +Author: Darren Tucker +Date: Sat Apr 17 09:55:47 2021 +1000 - upstream: avoid NULL dereference when attempting to convert invalid - - ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney - - OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298 + Add obsd51 target. -commit 6c6072ba8b079e6f5caa38b011a6f4570c14ed38 +commit 9403d0e805c77a5741ea8c3281bbe92558c2f125 Author: Darren Tucker -Date: Fri May 1 15:09:26 2020 +1000 +Date: Fri Apr 16 18:14:25 2021 +1000 - See if SA_RESTART signals will interrupt select(). - - On some platforms (at least older HP-UXes such as 11.11, possibly others) - setting SA_RESTART on signal handers will cause it to not interrupt - select(), at least for calls that do not specify a timeout. Try to - detect this and if found, don't use SA_RESTART. - - POSIX says "If SA_RESTART has been set for the interrupting signal, it - is implementation-dependent whether select() restarts or returns with - [EINTR]" so this behaviour is within spec. + Add fbsd13 target. -commit 90a0b434ed41f9c505662dba8782591818599cb3 +commit e86968280e358e62649d268d41f698d64d0dc9fa Author: Damien Miller -Date: Fri May 1 13:55:03 2020 +1000 +Date: Fri Apr 16 13:55:25 2021 +1000 - fix reversed test + depend -commit c0dfd18dd1c2107c73d18f70cd164f7ebd434b08 +commit 2fb25ca11e8b281363a2a2a4dec4c497a1475d9a Author: Damien Miller -Date: Fri May 1 13:29:16 2020 +1000 +Date: Fri Apr 16 13:53:02 2021 +1000 - wrap sha2.h inclusion in #ifdef HAVE_SHA2_H + crank version in README and RPM spec files -commit a01817a9f63dbcbbc6293aacc4019993a4cdc7e3 +commit b2b60ebab0cb77b5bc02d364d72e13db882f33ae Author: djm@openbsd.org -Date: Tue Apr 28 04:59:29 2020 +0000 - - upstream: adapt dummy FIDO middleware to API change; ok markus@ - - OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f - -commit 261571ddf02ea38fdb5e4a97c69ee53f847ca5b7 -Author: jmc@openbsd.org -Date: Thu Apr 30 18:28:37 2020 +0000 +Date: Fri Apr 16 03:42:00 2021 +0000 - upstream: tweak previous; ok markus + upstream: openssh-8.6 - OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd + OpenBSD-Commit-ID: b5f3e133c846127ec114812248bc17eff07c3e19 -commit 5de21c82e1d806d3e401b5338371e354b2e0a66f +commit faf2b86a46c9281d237bcdec18c99e94a4eb820a Author: markus@openbsd.org -Date: Thu Apr 30 17:12:20 2020 +0000 +Date: Thu Apr 15 16:24:31 2021 +0000 - upstream: bring back debug() removed in rev 1.74; noted by pradeep + upstream: do not pass file/func to monitor; noted by Ilja van Sprundel; - kumar + ok djm@ - OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65 + OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa -commit ea14103ce9a5e13492e805f7e9277516ff5a4273 -Author: markus@openbsd.org -Date: Thu Apr 30 17:07:10 2020 +0000 +commit 2dc328023f60212cd29504fc05d849133ae47355 +Author: Damien Miller +Date: Wed Apr 14 11:42:55 2021 +1000 - upstream: run the 2nd ssh with BatchMode for scp -3 + sshd don't exit on transient read errors - OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748 + openssh-8.5 introduced a regression that would cause sshd to exit + because of transient read errors on the network socket (e.g. EINTR, + EAGAIN). Reported by balu.gajjala AT gmail.com via bz3297 -commit 59d2de956ed29aa5565ed5e5947a7abdb27ac013 -Author: djm@openbsd.org -Date: Tue Apr 28 04:02:29 2020 +0000 +commit d5d6b7d76d171a2e6861609dcd92e714ee62ad88 +Author: Damien Miller +Date: Sat Apr 10 18:45:00 2021 +1000 + + perform report_failed_grab() inline - upstream: when signing a challenge using a FIDO toke, perform the +commit ea996ce2d023aa3c6d31125e2c3ebda1cb42db8c +Author: Damien Miller +Date: Sat Apr 10 18:22:57 2021 +1000 + + dedicated gnome-ssk-askpass3 source + + Compatibility with Wayland requires that we use the gdk_seat_grab() + API for grabbing mouse/keyboard, however these API don't exist in + Gtk+2. - hashing in the middleware layer rather than in ssh code. This allows - middlewares that call APIs that perform the hashing implicitly (including - Microsoft's AFAIK). ok markus@ + This branches gnome-ssk-askpass2.c => gnome-ssk-askpass3.c and + makes the changes to use the gdk_seat_grab() instead of grabbing + mouse/focus separately via GDK. - OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d + In the future, we can also use the branched file to avoid some + API that has been soft-deprecated in GTK+3, e.g. gtk_widget_modify_fg -commit c9d10dbc0ccfb1c7568bbb784f7aeb7a0b5ded12 -Author: dtucker@openbsd.org -Date: Sun Apr 26 09:38:14 2020 +0000 +commit bfa5405da05d906ffd58216eb77c4375b62d64c2 +Author: Darren Tucker +Date: Thu Apr 8 15:18:15 2021 +1000 - upstream: Fix comment typo. Patch from mforney at mforney.org. + Ensure valgrind-out exists. - OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b + Normally the regress tests would create it, but running the unit tests + on their own would fail because the directory did not exist. -commit 4d2c87b4d1bde019cdd0f00552fcf97dd8b39940 -Author: dtucker@openbsd.org -Date: Sat Apr 25 06:59:36 2020 +0000 +commit 1f189181f3ea09a9b08aa866f78843fec800874f +Author: Darren Tucker +Date: Thu Apr 8 15:17:19 2021 +1000 - upstream: We've standardized on memset over bzero, replace a couple - - that had slipped in. ok deraadt markus djm. + Pass OBJ to unit test make invocation. - OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6 + At least the Valgrind unit tests uses $OBJ. + +commit f42b550c281d28bd19e9dd6ce65069164f3482b0 +Author: Darren Tucker +Date: Thu Apr 8 14:20:12 2021 +1000 -commit 7f23f42123d64272a7b00754afa6b0841d676691 + Add pattern for valgrind-unit. + +commit 19e534462710e98737478fd9c44768b50c27c4c6 Author: Darren Tucker -Date: Fri May 1 12:21:58 2020 +1000 +Date: Thu Apr 8 13:31:08 2021 +1000 - Include sys/byteorder.h for htons and friends. + Run unit tests under valgrind. - These are usually in netinet/in.h but on HP-UX they are not defined if - _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression - tests. + Run a separate build for the unit tests under Valgrind. They take long + enough that running in parallel with the other Valgrind tests helps. -commit d27cba58c972d101a5de976777e518f34ac779cb +commit 80032102d05e866dc2a48a5caf760cf42c2e090e Author: Darren Tucker -Date: Fri May 1 09:21:52 2020 +1000 +Date: Thu Apr 8 13:25:57 2021 +1000 - Fix conditional for openssl-based chacha20. + ifdef out MIN and MAX. - Fixes warnings or link errors when building against older OpenSSLs. - ok djm + In -portable, defines.h ensures that these are defined, so redefining + potentially causes a warning. We don't just delete it to make any + future code syncs a little but easier. bz#3293. -commit 20819b962dc1467cd6fad5486a7020c850efdbee +commit d1bd184046bc310c405f45da3614a1dc5b3e521a Author: Darren Tucker -Date: Fri Apr 24 15:07:55 2020 +1000 +Date: Wed Apr 7 10:23:51 2021 +1000 - Error out if given RDomain if unsupported. + Remove only use of warn(). - If the config contained 'RDomain %D' on a platform that did not support - it, the error would not be detected until runtime resulting in a broken - sshd. Detect this earlier and error out if found. bz#3126, based on a - patch from jjelen at redhat.com, tweaks and ok djm@ + The warn() function is only used in one place in portable and does not + exist upstream. Upgrade the only instance it's used to fail() + (the privsep/sandbox+proxyconnect, from back when that was new) and + remove the now-unused function. -commit 2c1690115a585c624eed2435075a93a463a894e2 -Author: dtucker@openbsd.org -Date: Fri Apr 24 03:33:21 2020 +0000 +commit fea8f4b1aa85026ad5aee5ad8e1599a8d5141fe0 +Author: Darren Tucker +Date: Wed Apr 7 10:18:32 2021 +1000 - upstream: Fix incorrect error message for "too many known hosts files." - - bz#3149, patch from jjelen at redhat.com. + Move make_tmpdir() into portable-specific area. - OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5 + Reduces diff vs OpenBSD and makes it more likely diffs will apply + cleanly. -commit 3beb7276e7a8aedd3d4a49f9c03b97f643448c92 +commit 13e5fa2acffd26e754c6ee1d070d0afd035d4cb7 Author: dtucker@openbsd.org -Date: Fri Apr 24 02:19:40 2020 +0000 - - upstream: Remove leave_non_blocking() which is now dead code - - because nothing sets in_non_blocking_mode any more. Patch from - michaael.meeks at collabora.com, ok djm@ - - OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c - -commit 8654e3561772f0656e7663a0bd6a1a8cb6d43300 -Author: jmc@openbsd.org -Date: Thu Apr 23 21:28:09 2020 +0000 +Date: Tue Apr 6 23:57:56 2021 +0000 - upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and + upstream: Add TEST_SSH_ELAPSED_TIMES environment variable to print the - stop the spread; + elapsed time in seconds of each test. This depends on "date +%s" which is + not specified by POSIX but is commonly implemented. - OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705 + OpenBSD-Regress-ID: ec3c8c19ff49b2192116a0a646ee7c9b944e8a9c -commit 67697e4a8246dd8423e44b8785f3ee31fee72d07 +commit ef4f46ab4387bb863b471bad124d46e8d911a79a Author: Darren Tucker -Date: Fri Apr 24 11:10:18 2020 +1000 +Date: Wed Apr 7 09:59:15 2021 +1000 - Update .depend. + Move the TEST_SSH_PORT section down a bit. + + This groups the portable-specific changes together and makes it a + little more likely that patches will apply cleanly. -commit d6cc76176216fe3fac16cd20d148d75cb9c50876 +commit 3674e33fa70dfa1fe69b345bf576113af7b7be11 Author: Darren Tucker -Date: Wed Apr 22 14:07:00 2020 +1000 +Date: Wed Apr 7 10:05:10 2021 +1000 - Mailing list is now closed to non-subscribers. + Further split Valgrind tests. - While there, add a reference to the bugzilla. ok djm@ + Even split in two, the Valgrind tests take by far the longest to run, + so split them four ways to further increase parallelism. -commit cecde6a41689d0ae585ec903b190755613a6de79 -Author: Darren Tucker -Date: Wed Apr 22 12:09:40 2020 +1000 +commit 961af266b861e30fce1e26170ee0dbb5bf591f29 +Author: djm@openbsd.org +Date: Tue Apr 6 23:24:30 2021 +0000 - Put the values from env vars back. + upstream: include "ssherr.h" not ; from Balu Gajjala via - This merges the values from the recently removed environment into make's - command line arguments since we actually need those. + bz#3292 + + OpenBSD-Commit-ID: e9535cd9966eb2e69e73d1ede1f44905c30310bd -commit 300c4322b92e98d3346efa0aec1c094c94d0f964 -Author: Darren Tucker -Date: Wed Apr 22 11:33:15 2020 +1000 +commit e7d0a285dbdd65d8df16123ad90f15e91862f959 +Author: Damien Miller +Date: Wed Apr 7 08:50:38 2021 +1000 - Pass configure's egrep through to test-exec.sh. - - Use it to create a wrapper function to call it from tests. Fixes the - keygen-comment test on platforms with impoverished default egrep (eg - Solaris). + wrap struct rlimit in HAVE_GETRLIMIT too -commit c8d9796cfe046f00eb8b2096d2b7028d6a523a84 -Author: Darren Tucker -Date: Wed Apr 22 10:56:44 2020 +1000 +commit f283a6c2e0a9bd9369e18462acd00be56fbe5b0d +Author: Damien Miller +Date: Wed Apr 7 08:20:35 2021 +1000 - Remove unneeded env vars from t-exec invocation. + wrap getrlimit call in HAVE_GETRLIMIT; bz3291 -commit 01d4cdcd4514e99a4b6eb9523cd832bbf008d1d7 +commit 679bdc4a5c9244f427a7aee9c14b0a0ed086da1f Author: dtucker@openbsd.org -Date: Tue Apr 21 23:14:58 2020 +0000 +Date: Tue Apr 6 09:07:33 2021 +0000 - upstream: Backslash '$' at then end of string. Prevents warning on + upstream: Don't check return value of unsetenv(). It's part of the - some shells. + environment setup and not part of the actual test, and some platforms + -portable runs on declare it as returning void, which prevents the test from + compiling. - OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f + OpenBSD-Regress-ID: 24f08543ee3cdebc404f2951f3e388cc82b844a1 -commit 8854724ccefc1fa16f10b37eda2e759c98148caa -Author: Darren Tucker -Date: Tue Apr 21 18:27:23 2020 +1000 +commit 320af2f3de6333aa123f1b088eca146a245e968a +Author: jmc@openbsd.org +Date: Sun Apr 4 11:36:56 2021 +0000 - Sync rev 1.49. + upstream: remove stray inserts; from matthias schmidt - Prevent infinite for loop since i went from ssize_t to size_t. Patch from - eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@ + OpenBSD-Commit-ID: 2c36ebdc54e14bbf1daad70c6a05479a073d5c63 -commit d00d07b6744d3b4bb7aca46c734ecd670148da23 -Author: djm@openbsd.org -Date: Mon Apr 20 04:44:47 2020 +0000 +commit 801f710953b24dd2f21939171c622eac77c7484d +Author: jmc@openbsd.org +Date: Sun Apr 4 06:11:24 2021 +0000 - upstream: regression test for printing of private key fingerprints and - - key comments, mostly by loic AT venez.fr (slightly tweaked for portability) - ok dtucker@ + upstream: missing comma; from kawashima james - OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004 + OpenBSD-Commit-ID: 31cec6bf26c6db4ffefc8a070715ebef274e68ea -commit a98d5ba31e5e7e01317352f85fa63b846a960f8c -Author: djm@openbsd.org -Date: Mon Apr 20 04:43:57 2020 +0000 +commit b3ca08cb174266884d44ec710a84cd64c12414ea +Author: Darren Tucker +Date: Mon Apr 5 23:46:42 2021 +1000 - upstream: fix a bug I introduced in r1.406: when printing private key - - fingerprint of old-format key, key comments were not being displayed. Spotted - by loic AT venez.fr, ok dtucker - - OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533 + Install libcbor with libfido2. -commit 32f2d0aad42c15e19bd3b07496076ca891573a58 -Author: djm@openbsd.org -Date: Fri Apr 17 07:16:07 2020 +0000 +commit f3ca8af87a4c32ada660da12ae95cf03d190c083 +Author: Damien Miller +Date: Sat Apr 3 18:21:08 2021 +1100 - upstream: repair private key fingerprint printing to also print - - comment after regression caused by my recent pubkey loading refactor. - Reported by loic AT venez.fr, ok dtucker@ + enable authopt and misc unit tests - OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e + Neither were wired into the build, both required some build + adaptations for -portable -commit 094dd513f4b42e6a3cebefd18d1837eb709b4d99 +commit dc1b45841fb97e3d7f655ddbcfef3839735cae5f Author: djm@openbsd.org -Date: Fri Apr 17 07:15:11 2020 +0000 +Date: Sat Apr 3 06:58:30 2021 +0000 - upstream: refactor out some duplicate private key loading code; - - based on patch from loic AT venez.fr, ok dtucker@ + upstream: typos in comments; GHPR#180 from Vill - OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e - -commit 4e04f46f248f1708e39b900b76c9693c820eff68 -Author: jmc@openbsd.org -Date: Fri Apr 17 06:12:41 2020 +0000 - - upstream: add space beteen macro arg and punctuation; + =?UTF-8?q?e=20Skytt=C3=A4?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44 + OpenBSD-Commit-ID: 93c732381ae0e2b680c79e67c40c1814b7ceed2c -commit 44ae009a0112081d0d541aeaa90088bedb6f21ce +commit 53ea05e09b04fd7b6dea66b42b34d65fe61b9636 Author: djm@openbsd.org -Date: Fri Apr 17 04:27:03 2020 +0000 +Date: Sat Apr 3 06:55:52 2021 +0000 - upstream: auth2-pubkey r1.89 changed the order of operations to + upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from - checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand - if no key was found in a file. Document this order here; bz3134 + Matt Hazinski - OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12 + OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696 -commit f96f17f920f38ceea6f3c5cb0b075c46b8929fdc +commit 57ed647ee07bb883a2f2264231bcd1df6a5b9392 Author: Damien Miller -Date: Fri Apr 17 14:07:15 2020 +1000 +Date: Sat Apr 3 17:47:37 2021 +1100 - sys/sysctl.h is only used on OpenBSD - - so change the preprocessor test used to include it to check - __OpenBSD__, matching the code that uses the symbols it declares. + polish whitespace for portable files -commit 54688e937a69c7aebef8a3d50cbd4c6345bab2ca +commit 31d8d231eb9377df474746a822d380c5d68d7ad6 Author: djm@openbsd.org -Date: Fri Apr 17 03:38:47 2020 +0000 +Date: Sat Apr 3 06:18:40 2021 +0000 - upstream: fix reversed test that caused IdentitiesOnly=yes to not + upstream: highly polished whitespace, mostly fixing spaces-for-tab - apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ + and bad indentation on continuation lines. Prompted by GHPR#185 - OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677 + OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9 -commit 267cbc87b5b6e78973ac4d3c7a6f807ed226928c +commit 34afde5c73b5570d6f8cce9b49993b23b77bfb86 Author: djm@openbsd.org -Date: Fri Apr 17 03:34:42 2020 +0000 +Date: Sat Apr 3 05:54:14 2021 +0000 - upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are - - not considered for HostbasedAuthentication when the target user is root; - bz3148 + upstream: whitespace (tab after space) - OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752 + OpenBSD-Commit-ID: 0e2b3f7674e985d3f7c27ff5028e690ba1c2efd4 + +commit 7cd262c1c5a08cc7f4f30e3cab108ef089d0a57b +Author: Darren Tucker +Date: Sat Apr 3 16:59:10 2021 +1100 + + Save config.h and config.log on failure too. -commit c90f72d29e84b4a2709078bf5546a72c29a65177 +commit 460aee9298f365357e9fd26851c22e0dca51fd6a Author: djm@openbsd.org -Date: Fri Apr 17 03:30:05 2020 +0000 +Date: Sat Apr 3 05:46:41 2021 +0000 - upstream: make IgnoreRhosts a tri-state option: "yes" ignore + upstream: fix incorrect plural; from Ville Skyt - rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow - .shosts files but not .rhosts. ok dtucker@ + =?UTF-8?q?t=C3=A4=20via=20GHPR#181?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9 + OpenBSD-Commit-ID: 92f31754c6296d8f403d7c293e09dc27292d22c9 -commit 321c7147079270f3a154f91b59e66219aac3d514 +commit 082804c14e548cada75c81003a3c68ee098138ee Author: djm@openbsd.org -Date: Fri Apr 17 03:23:13 2020 +0000 +Date: Sat Apr 3 05:40:39 2021 +0000 - upstream: allow the IgnoreRhosts directive to appear anywhere in a + upstream: ensure that pkcs11_del_provider() is called before exit - - sshd_config, not just before any Match blocks; bz3148, ok dtucker@ + some PKCS#11 providers get upset if C_Initialize is not matched with + C_Finalize. - OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8 - -commit ca5403b085a735055ec7b7cdcd5b91f2662df94c -Author: jmc@openbsd.org -Date: Sat Apr 11 20:20:09 2020 +0000 - - upstream: add space between macro arg and punctuation; + From Adithya Baglody via GHPR#234; ok markus - OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c + OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6 -commit 8af0244d7b4a65eed2e62f9c89141c7c8e63f09d -Author: Darren Tucker -Date: Wed Apr 15 10:58:02 2020 +1000 +commit 464ebc82aa926dd132ec75a0b064574ef375675e +Author: djm@openbsd.org +Date: Sat Apr 3 05:28:43 2021 +0000 - Add sys/syscall.h for syscall numbers. + upstream: unused variable - In some architecture/libc configurations we need to explicitly include - sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, - patch from blowfist at xroutine.net. + OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205 -commit 3779b50ee952078018a5d9e1df20977f4355df17 +commit dc3c0be8208c488e64a8bcb7d9efad98514e0ffb Author: djm@openbsd.org -Date: Sat Apr 11 10:16:11 2020 +0000 +Date: Sat Apr 3 05:21:46 2021 +0000 - upstream: Refactor private key parsing. Eliminates a fair bit of - - duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key - type check in the ECDSA_CERT parsing path. + upstream: Fix two problems in string->argv conversion: 1) multiple - feedback and ok markus@ + backslashes were not being dequoted correctly and 2) quoted space in the + middle of a string was being incorrectly split. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9 - -commit b6a4013647db67ec622c144a9e05dd768f1966b3 -Author: dtucker@openbsd.org -Date: Fri Apr 10 00:54:03 2020 +0000 - - upstream: Add tests for TOKEN expansion of LocalForward and + A unit test for these cases has already been committed - RemoteForward. + prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@ - OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89 + OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4 -commit abc3e0a5179c13c0469a1b11fe17d832abc39999 -Author: dtucker@openbsd.org -Date: Mon Apr 6 09:43:55 2020 +0000 +commit f75bcbba58a08c670727ece5e3f8812125969799 +Author: Damien Miller +Date: Sat Apr 3 16:22:48 2021 +1100 - upstream: Add utf8.c for asmprintf used by krl.c - - OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37 + missing bits from 259d648e -commit 990687a0336098566c3a854d23cce74a31ec6fe2 -Author: dtucker@openbsd.org -Date: Fri Apr 10 00:52:07 2020 +0000 +commit 4cbc4a722873d9b68cb5496304dc050d7168df78 +Author: djm@openbsd.org +Date: Wed Mar 31 21:59:26 2021 +0000 - upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward + upstream: cannot effectively test posix-rename extension after - when used for Unix domain socket forwarding. Factor out the code for the - config keywords that use the most common subset of TOKENS into its own - function. bz#3014, ok jmc@ (man page bits) djm@ + changes in feature advertisment. - OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97 + OpenBSD-Regress-ID: 5e390bf88d379162aaa81b60ed86b34cb0c54d29 -commit 2b13d3934d5803703c04803ca3a93078ecb5b715 +commit 259d648e63e82ade4fe2c2c73c8b67fe57d9d049 Author: djm@openbsd.org -Date: Wed Apr 8 00:10:37 2020 +0000 +Date: Fri Mar 19 04:23:50 2021 +0000 - upstream: let sshkey_try_load_public() load public keys from the - - unencrypted envelope of private key files if not sidecar public key file is - present. - - ok markus@ + upstream: add a test for misc.c:argv_split(), currently fails - OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040 + OpenBSD-Regress-ID: ad6b96d6ebeb9643b698b3575bdd6f78bb144200 -commit d01f39304eaab0352793b490a25e1ab5f59a5366 +commit 473ddfc2d6b602cb2d1d897e0e5c204de145cd9a Author: djm@openbsd.org -Date: Wed Apr 8 00:09:24 2020 +0000 +Date: Fri Mar 19 03:25:01 2021 +0000 - upstream: simplify sshkey_try_load_public() - - ok markus@ + upstream: split - OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad + OpenBSD-Regress-ID: f6c03c0e4c58b3b9e04b161757b8c10dc8378c34 -commit f290ab0833e44355fc006e4e67b92446c14673ef +commit 1339800fef8d0dfbfeabff71b34670105bcfddd2 Author: djm@openbsd.org -Date: Wed Apr 8 00:08:46 2020 +0000 +Date: Wed Mar 31 22:16:34 2021 +0000 - upstream: add sshkey_parse_pubkey_from_private_fileblob_type() + upstream: Use new limits@openssh.com protocol extension to let the - Extracts a public key from the unencrypted envelope of a new-style - OpenSSH private key. + client select good limits based on what the server supports. Split the + download and upload buffer sizes to allow them to be chosen independently. - ok markus@ + In practice (and assuming upgraded sftp/sftp-server at each end), this + increases the download buffer 32->64KiB and the upload buffer + 32->255KiB. + + Patches from Mike Frysinger; ok dtucker@ - OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa + OpenBSD-Commit-ID: ebd61c80d85b951b794164acc4b2f2fd8e88606c -commit 8d514eea4ae089626a55e11c7bc1745c8d9683e4 +commit 6653c61202d104e59c8e741329fcc567f7bc36b8 Author: djm@openbsd.org -Date: Wed Apr 8 00:07:19 2020 +0000 +Date: Wed Mar 31 21:58:07 2021 +0000 - upstream: simplify sshkey_parse_private_fileblob_type() - - Try new format parser for all key types first, fall back to PEM - parser only for invalid format errors. + upstream: do not advertise protocol extensions that have been - ok markus@ + disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@ - OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77 + OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205 + +commit 71241fc05db4bbb11bb29340b44b92e2575373d8 +Author: Damien Miller +Date: Mon Mar 29 15:14:25 2021 +1100 -commit 421169d0e758351b105eabfcebf42378ebf17217 + gnome-ssh-askpass3 is a valid target here + +commit 8a9520836e71830f4fccca066dba73fea3d16bda Author: djm@openbsd.org -Date: Wed Apr 8 00:05:59 2020 +0000 +Date: Fri Mar 19 02:22:34 2021 +0000 - upstream: check private key type against requested key type in + upstream: return non-zero exit status when killed by signal; bz#3281 ok - new-style private decoding; ok markus@ + dtucker@ - OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662 + OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816 -commit 6aabfb6d22b36d07f584cba97f4cdc4363a829da +commit 1269b8a686bf1254b03cd38af78167a04aa6ec88 Author: djm@openbsd.org -Date: Wed Apr 8 00:04:32 2020 +0000 +Date: Fri Mar 19 02:18:28 2021 +0000 - upstream: check that pubkey in private key envelope matches actual - - private key - - (this public key is currently unusued) + upstream: increase maximum SSH2_FXP_READ to match the maximum - ok markus@ + packet size. Also handle zero-length reads that are borderline nonsensical + but not explicitly banned by the spec. Based on patch from Mike Frysinger, + feedback deraadt@ ok dtucker@ - OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c + OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c -commit c0f5b2294796451001fd328c44f0d00f1114eddf +commit 860b67604416640e8db14f365adc3f840aebcb1f Author: djm@openbsd.org -Date: Wed Apr 8 00:01:52 2020 +0000 +Date: Tue Mar 16 06:15:43 2021 +0000 - upstream: refactor private key parsing a little - - Split out the base64 decoding and private section decryption steps in - to separate functions. This will make the decryption step easier to fuzz - as well as making it easier to write a "load public key from new-format - private key" function. - - ok markus@ + upstream: don't let logging clobber errno before use - OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e + OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec diff --git a/gsi_openssh/source/INSTALL b/gsi_openssh/source/INSTALL index b6e53ab6c0..68b15e1319 100644 --- a/gsi_openssh/source/INSTALL +++ b/gsi_openssh/source/INSTALL @@ -1,9 +1,10 @@ 1. Prerequisites ---------------- -A C compiler. Any C89 or better compiler should work. Where supported, -configure will attempt to enable the compiler's run-time integrity checking -options. Some notes about specific compilers: +A C compiler. Any C89 or better compiler that supports variadic macros +should work. Where supported, configure will attempt to enable the +compiler's run-time integrity checking options. Some notes about +specific compilers: - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure) @@ -16,7 +17,7 @@ The remaining items are optional. A working installation of zlib: Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): -http://www.gzip.org/zlib/ +https://zlib.net/ libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto is supported but severely restricts the available ciphers and algorithms. diff --git a/gsi_openssh/source/LICENCE b/gsi_openssh/source/LICENCE index 77ef576997..4b0db548a1 100644 --- a/gsi_openssh/source/LICENCE +++ b/gsi_openssh/source/LICENCE @@ -231,6 +231,7 @@ OpenSSH contains no GPL code. Eric P. Allman The Regents of the University of California Constantin S. Svintsoff + Kungliga Tekniska Högskolan * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/gsi_openssh/source/Makefile.in b/gsi_openssh/source/Makefile.in index e5f4e8a9f5..77cf90dafb 100644 --- a/gsi_openssh/source/Makefile.in +++ b/gsi_openssh/source/Makefile.in @@ -55,6 +55,7 @@ CFLAGS_NOPIE=@CFLAGS_NOPIE@ @GLOBUS_CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ PICFLAG=@PICFLAG@ LIBS=@GLOBUS_LIBS@ @LIBS@ -lpthread +CHANNELLIBS=@CHANNELLIBS@ K5LIBS=@K5LIBS@ GSSLIBS=@GSSLIBS@ SSHLIBS=@SSHLIBS@ @@ -102,7 +103,7 @@ LIBOPENSSH_OBJS=\ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ authfd.o authfile.o \ canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - cipher-ctr.o cleanup.o cipher-ctr-mt.o \ + cipher-ctr-mt.o cleanup.o \ compat.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o \ readpass.o ttymodes.o xmalloc.o addr.o addrmatch.o \ @@ -113,7 +114,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ ssh-ed25519.o digest-openssl.o digest-libc.o \ - hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ + hmac.o ed25519.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ kexsntrup761x25519.o sntrup761.o kexgen.o \ @@ -132,7 +133,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ auth.o auth2.o auth-options.o session.o \ auth2-chall.o groupaccess.o \ auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ - auth2-none.o auth2-passwd.o auth2-pubkey.o \ + auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-pubkeyfile.o \ monitor.o monitor_wrap.o auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ gss-serv-gsi.o \ @@ -162,7 +163,7 @@ SSHKEYSCAN_OBJS=ssh-keyscan.o $(SKOBJS) SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o -SFTP_OBJS= sftp.o progressmeter.o $(SFTP_CLIENT_OBJS) +SFTP_OBJS= sftp.o sftp-usergroup.o progressmeter.o $(SFTP_CLIENT_OBJS) MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5 @@ -194,16 +195,11 @@ FIXPATHSCMD = $(SED) $(PATHSUBS) FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ @UNSUPPORTED_ALGORITHMS@ -all: configure-check $(CONFIGFILES) $(MANPAGES) $(TARGETS) +all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) $(LIBSSH_OBJS): Makefile.in config.h $(SSHOBJS): Makefile.in config.h $(SSHDOBJS): Makefile.in config.h -configure-check: $(srcdir)/configure - -$(srcdir)/configure: configure.ac $(srcdir)/m4/*.m4 - @echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2 - @exit 1 .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ @@ -218,37 +214,37 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS) + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS) $(CHANNELLIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS) $(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS) - $(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS) - $(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS) - $(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSIGN_OBJS) - $(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS) - $(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS) - $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) + $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS) ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS) - $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS) $(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -558,26 +554,31 @@ regress-prep: ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile REGRESSLIBS=libssh.a $(LIBCOMPAT) +TESTLIBS=$(LIBS) $(CHANNELLIBS) $(GSSLIBS) regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ - $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) + +regress/timestamp$(EXEEXT): $(srcdir)/regress/timestamp.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/timestamp.c \ + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \ - $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/netcat.c \ - $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \ - $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) regress/mkdtemp$(EXEEXT): $(srcdir)/regress/mkdtemp.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/mkdtemp.c \ - $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_HELPER_OBJS=\ regress/unittests/test_helper/test_helper.o \ @@ -601,7 +602,7 @@ regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_SSHKEY_OBJS=\ regress/unittests/sshkey/test_fuzz.o \ @@ -615,7 +616,7 @@ regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_SSHSIG_OBJS=\ sshsig.o \ @@ -626,7 +627,7 @@ regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHSIG_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_BITMAP_OBJS=\ regress/unittests/bitmap/tests.o @@ -635,7 +636,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_BITMAP_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_AUTHOPT_OBJS=\ regress/unittests/authopt/tests.o \ @@ -647,7 +648,7 @@ regress/unittests/authopt/test_authopt$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_AUTHOPT_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_CONVERSION_OBJS=\ regress/unittests/conversion/tests.o @@ -657,18 +658,19 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ regress/unittests/kex/test_kex.o \ + regress/unittests/kex/test_proposal.o \ $(SKOBJS) regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_KEX_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_HOSTKEYS_OBJS=\ regress/unittests/hostkeys/tests.o \ @@ -680,7 +682,7 @@ regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_HOSTKEYS_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_MATCH_OBJS=\ regress/unittests/match/tests.o @@ -690,7 +692,7 @@ regress/unittests/match/test_match$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_MATCH_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_MISC_OBJS=\ regress/unittests/misc/tests.o \ @@ -699,14 +701,15 @@ UNITTESTS_TEST_MISC_OBJS=\ regress/unittests/misc/test_convtime.o \ regress/unittests/misc/test_argv.o \ regress/unittests/misc/test_strdelim.o \ - regress/unittests/misc/test_hpdelim.o + regress/unittests/misc/test_hpdelim.o \ + regress/unittests/misc/test_ptimeout.o regress/unittests/misc/test_misc$(EXEEXT): \ ${UNITTESTS_TEST_MISC_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_MISC_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_UTF8_OBJS=\ regress/unittests/utf8/tests.o @@ -716,7 +719,7 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_UTF8_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) UNITTESTS_TEST_PKCS11_OBJS=\ regress/unittests/pkcs11/tests.o @@ -726,13 +729,13 @@ regress/unittests/pkcs11/test_pkcs11$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a libssh.a $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_PKCS11_OBJS) \ regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + -lssh -lopenbsd-compat -lcrypto $(LIBS) # These all need to be compiled -fPIC, so they are treated differently. SK_DUMMY_OBJS=\ regress/misc/sk-dummy/sk-dummy.lo \ regress/misc/sk-dummy/fatal.lo \ - ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo + ed25519.lo hash.lo SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@ @@ -741,10 +744,11 @@ SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@ regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS) $(CC) $(CFLAGS) $(CPPFLAGS) $(PICFLAG) -shared -o $@ $(SK_DUMMY_OBJS) \ - -L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS) + -L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(TESTLIBS) regress-binaries: regress-prep $(LIBCOMPAT) \ regress/modpipe$(EXEEXT) \ + regress/timestamp$(EXEEXT) \ regress/setuid-allowed$(EXEEXT) \ regress/netcat$(EXEEXT) \ regress/check-perm$(EXEEXT) \ @@ -779,6 +783,7 @@ unit: regress-unit-binaries interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS) cd $(srcdir)/regress || exit $$?; \ EGREP='@EGREP@' \ + OPENSSL_BIN='@OPENSSL_BIN@' \ $(MAKE) \ .CURDIR="$(abs_top_srcdir)/regress" \ .OBJDIR="$(BUILDDIR)/regress" \ diff --git a/gsi_openssh/source/PROTOCOL b/gsi_openssh/source/PROTOCOL index 2d50b5cb05..27804d0cad 100644 --- a/gsi_openssh/source/PROTOCOL +++ b/gsi_openssh/source/PROTOCOL @@ -102,6 +102,8 @@ OpenSSH supports the use of ECDH in Curve25519 for key exchange as described at: http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519 +This is identical to curve25519-sha256 as later published in RFC8731. + 2. Connection protocol changes 2.1. connection: Channel write close extension "eow@openssh.com" @@ -613,6 +615,67 @@ This request is identical to the "copy-data" request documented in: https://tools.ietf.org/html/draft-ietf-secsh-filexfer-extensions-00#section-7 +4.11. sftp: Extension request "home-directory" + +This request asks the server to expand the specified user's home directory. +An empty username implies the current user. This can be used by the client +to expand ~/ type paths locally. + + byte SSH_FXP_EXTENDED + uint32 id + string "home-directory" + string username + +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + +This provides similar information as the "expand-path@openssh.com" extension. + +This request is identical to the "home-directory" request documented in: + +https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-extensions-00#section-5 + +4.12. sftp: Extension request "users-groups-by-id@openssh.com" + +This request asks the server to return user and/or group names that +correspond to one or more IDs (e.g. as returned from a SSH_FXP_STAT +request). This may be used by the client to provide usernames in +directory listings. + + byte SSH_FXP_EXTENDED + uint32 id + string "users-groups-by-id@openssh.com" + string uids + string gids + +Where "uids" and "gids" consists of one or more integer user or group +identifiers: + + uint32 id-0 + ... + +The server will reply with a SSH_FXP_EXTENDED_REPLY: + + byte SSH_FXP_EXTENDED_REPLY + string usernames + string groupnames + +Where "username" and "groupnames" consists of names in identical request +order to "uids" and "gids" respectively: + + string name-0 + ... + +If a name cannot be identified for a given user or group ID, an empty +string will be returned in its place. + +It is acceptable for either "uids" or "gids" to be an empty set, in +which case the respective "usernames" or "groupnames" list will also +be empty. + +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + 5. Miscellaneous changes 5.1 Public key format @@ -649,4 +712,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.44 2022/03/31 03:05:49 djm Exp $ +$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $ diff --git a/gsi_openssh/source/PROTOCOL.agent b/gsi_openssh/source/PROTOCOL.agent index 67302c3449..dba76b0c01 100644 --- a/gsi_openssh/source/PROTOCOL.agent +++ b/gsi_openssh/source/PROTOCOL.agent @@ -1,7 +1,7 @@ The SSH agent protocol is described in https://tools.ietf.org/html/draft-miller-ssh-agent-04 -This file document's OpenSSH's extensions to the agent protocol. +This file documents OpenSSH's extensions to the agent protocol. 1. session-bind@openssh.com extension @@ -54,7 +54,7 @@ Where a constraint consists of: string to_hostname keyspec[] to_hostkeys -An a keyspec consists of: +And a keyspec consists of: string keyblob bool is_ca @@ -81,4 +81,4 @@ the constraint is: This option is only valid for XMSS keys. -$OpenBSD: PROTOCOL.agent,v 1.16 2022/01/01 01:55:30 jsg Exp $ +$OpenBSD: PROTOCOL.agent,v 1.18 2022/09/21 22:26:50 dtucker Exp $ diff --git a/gsi_openssh/source/PROTOCOL.key b/gsi_openssh/source/PROTOCOL.key index 38df268b65..cbf7a70272 100644 --- a/gsi_openssh/source/PROTOCOL.key +++ b/gsi_openssh/source/PROTOCOL.key @@ -11,7 +11,7 @@ an encrypted list of matching private keys. string ciphername string kdfname string kdfoptions - int number of keys N + uint32 number of keys N string publickey1 string publickey2 ... @@ -42,11 +42,11 @@ of the cipher block size. ... string privatekeyN string commentN - char 1 - char 2 - char 3 + byte 1 + byte 2 + byte 3 ... - char padlen % 255 + byte padlen % 255 where each private key is encoded using the same rules as used for SSH agent. @@ -68,4 +68,4 @@ For unencrypted keys the cipher "none" and the KDF "none" are used with empty passphrases. The options if the KDF "none" are the empty string. -$OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $ +$OpenBSD: PROTOCOL.key,v 1.3 2022/07/01 04:45:50 djm Exp $ diff --git a/gsi_openssh/source/README b/gsi_openssh/source/README index 70a8f814ca..796101c7ab 100644 --- a/gsi_openssh/source/README +++ b/gsi_openssh/source/README @@ -1,4 +1,5 @@ -See https://www.openssh.com/releasenotes.html#9.0p1 for the release notes. +See https://www.openssh.com/releasenotes.html#9.3p1 for the release +notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/gsi_openssh/source/README.md b/gsi_openssh/source/README.md index de4717737e..9431b0ffdd 100644 --- a/gsi_openssh/source/README.md +++ b/gsi_openssh/source/README.md @@ -2,6 +2,7 @@ [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) +[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. @@ -30,11 +31,13 @@ Stable release tarballs are available from a number of [download mirrors](https: Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers. -``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms. +``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used. OpenSSH may be built without either of these, but the resulting binaries will have only a subset of the cryptographic algorithms normally available. [zlib](https://www.zlib.net/) is optional; without it transport compression is not supported. -FIDO security token support needs [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies; see README.platform for details. +FIDO security token support needs [libfido2](https://github.com/Yubico/libfido2) and its dependencies and will be enabled automatically if they are found. + +In addition, certain platforms and build-time options may require additional dependencies; see README.platform for details about your platform. ### Building a release @@ -65,7 +68,7 @@ make && make tests There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH). -For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. +For a full list of available flags, run ``./configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed. Flag | Meaning --- | --- @@ -73,7 +76,6 @@ Flag | Meaning ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp. ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported. ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. -``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed. ## Development diff --git a/gsi_openssh/source/addr.c b/gsi_openssh/source/addr.c index 1ad10ae0fd..db9ab7ac1d 100644 --- a/gsi_openssh/source/addr.c +++ b/gsi_openssh/source/addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addr.c,v 1.4 2021/10/22 10:51:57 dtucker Exp $ */ +/* $OpenBSD: addr.c,v 1.6 2022/10/28 02:29:34 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -227,6 +227,28 @@ addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b) } } +int +addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b) +{ + int i; + + if (dst == NULL || a == NULL || b == NULL || a->af != b->af) + return (-1); + + memcpy(dst, a, sizeof(*dst)); + switch (a->af) { + case AF_INET: + dst->v4.s_addr |= b->v4.s_addr; + return (0); + case AF_INET6: + for (i = 0; i < 4; i++) + dst->addr32[i] |= b->addr32[i]; + return (0); + default: + return (-1); + } +} + int addr_cmp(const struct xaddr *a, const struct xaddr *b) { @@ -278,6 +300,29 @@ addr_is_all0s(const struct xaddr *a) } } +/* Increment the specified address. Note, does not do overflow checking */ +void +addr_increment(struct xaddr *a) +{ + int i; + uint32_t n; + + switch (a->af) { + case AF_INET: + a->v4.s_addr = htonl(ntohl(a->v4.s_addr) + 1); + break; + case AF_INET6: + for (i = 0; i < 4; i++) { + /* Increment with carry */ + n = ntohl(a->addr32[3 - i]) + 1; + a->addr32[3 - i] = htonl(n); + if (n != 0) + break; + } + break; + } +} + /* * Test whether host portion of address 'a', as determined by 'masklen' * is all zeros. @@ -297,6 +342,32 @@ addr_host_is_all0s(const struct xaddr *a, u_int masklen) return addr_is_all0s(&tmp_result); } +#if 0 +int +addr_host_to_all0s(struct xaddr *a, u_int masklen) +{ + struct xaddr tmp_mask; + + if (addr_netmask(a->af, masklen, &tmp_mask) == -1) + return (-1); + if (addr_and(a, a, &tmp_mask) == -1) + return (-1); + return (0); +} +#endif + +int +addr_host_to_all1s(struct xaddr *a, u_int masklen) +{ + struct xaddr tmp_mask; + + if (addr_hostmask(a->af, masklen, &tmp_mask) == -1) + return (-1); + if (addr_or(a, a, &tmp_mask) == -1) + return (-1); + return (0); +} + /* * Parse string address 'p' into 'n'. * Returns 0 on success, -1 on failure. @@ -397,7 +468,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) *mp = '\0'; mp++; masklen = strtoul(mp, &cp, 10); - if (*mp == '\0' || *cp != '\0' || masklen > 128) + if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128) return -1; } diff --git a/gsi_openssh/source/addr.h b/gsi_openssh/source/addr.h index 5eff026285..180e9fdc64 100644 --- a/gsi_openssh/source/addr.h +++ b/gsi_openssh/source/addr.h @@ -52,9 +52,13 @@ int addr_sa_pton(const char *h, const char *s, struct sockaddr *sa, int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l); int addr_ntop(const struct xaddr *n, char *p, size_t len); int addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b); +int addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b); int addr_cmp(const struct xaddr *a, const struct xaddr *b); int addr_is_all0s(const struct xaddr *n); int addr_host_is_all0s(const struct xaddr *n, u_int masklen); +int addr_host_to_all0s(struct xaddr *a, u_int masklen); +int addr_host_to_all1s(struct xaddr *a, u_int masklen); int addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen); +void addr_increment(struct xaddr *a); #endif /* _ADDR_H */ diff --git a/gsi_openssh/source/audit-bsm.c b/gsi_openssh/source/audit-bsm.c index a49abb929a..c6f5655323 100644 --- a/gsi_openssh/source/audit-bsm.c +++ b/gsi_openssh/source/audit-bsm.c @@ -405,7 +405,7 @@ audit_session_close(struct logininfo *li) } int -audit_keyusage(struct ssh *ssh, int host_user, char *fp, int rv) +audit_keyusage(struct ssh *ssh, int host_user, char *key_fp, const struct sshkey_cert *cert, const char *issuer_fp, int rv) { /* not implemented */ } diff --git a/gsi_openssh/source/audit-linux.c b/gsi_openssh/source/audit-linux.c index a823c30fe3..f133409f1b 100644 --- a/gsi_openssh/source/audit-linux.c +++ b/gsi_openssh/source/audit-linux.c @@ -137,10 +137,12 @@ linux_audit_user_auth(int uid, const char *username, } int -audit_keyusage(struct ssh *ssh, int host_user, char *fp, int rv) +audit_keyusage(struct ssh *ssh, int host_user, const char *key_fp, const struct sshkey_cert *cert, const char *issuer_fp, int rv) { char buf[AUDIT_LOG_SIZE]; int audit_fd, rc, saved_errno; + const char *rip; + u_int i; audit_fd = audit_open(); if (audit_fd < 0) { @@ -150,14 +152,44 @@ audit_keyusage(struct ssh *ssh, int host_user, char *fp, int rv) else return 0; /* Must prevent login */ } + rip = ssh_remote_ipaddr(ssh); snprintf(buf, sizeof(buf), "%s_auth grantors=auth-key", host_user ? "pubkey" : "hostbased"); rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, - buf, audit_username(), -1, NULL, ssh_remote_ipaddr(ssh), NULL, rv); + buf, audit_username(), -1, NULL, rip, NULL, rv); if ((rc < 0) && ((rc != -1) || (getuid() == 0))) goto out; - snprintf(buf, sizeof(buf), "op=negotiate kind=auth-key fp=%s", fp); + snprintf(buf, sizeof(buf), "op=negotiate kind=auth-key fp=%s", key_fp); rc = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, buf, NULL, - ssh_remote_ipaddr(ssh), NULL, rv); + rip, NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; + + if (cert) { + char *pbuf; + + pbuf = audit_encode_nv_string("key_id", cert->key_id, 0); + if (pbuf == NULL) + goto out; + snprintf(buf, sizeof(buf), "cert %s cert_serial=%llu cert_issuer_alg=\"%s\" cert_issuer_fp=\"%s\"", + pbuf, (unsigned long long)cert->serial, sshkey_type(cert->signature_key), issuer_fp); + free(pbuf); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, rip, NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; + + for (i = 0; cert->principals != NULL && i < cert->nprincipals; i++) { + pbuf = audit_encode_nv_string("cert_principal", cert->principals[i], 0); + if (pbuf == NULL) + goto out; + snprintf(buf, sizeof(buf), "principal %s", pbuf); + free(pbuf); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, rip, NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; + } + } out: saved_errno = errno; audit_close(audit_fd); diff --git a/gsi_openssh/source/audit.c b/gsi_openssh/source/audit.c index c8d54b183e..f2bb08d265 100644 --- a/gsi_openssh/source/audit.c +++ b/gsi_openssh/source/audit.c @@ -116,12 +116,22 @@ audit_event_lookup(ssh_audit_event_t ev) void audit_key(struct ssh *ssh, int host_user, int *rv, const struct sshkey *key) { - char *fp; + char *key_fp = NULL; + char *issuer_fp = NULL; + struct sshkey_cert *cert = NULL; - fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); - if (audit_keyusage(ssh, host_user, fp, (*rv == 0)) == 0) + key_fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); + if (sshkey_is_cert(key) && key->cert != NULL && key->cert->signature_key != NULL) { + cert = key->cert; + issuer_fp = sshkey_fingerprint(cert->signature_key, + options.fingerprint_hash, SSH_FP_DEFAULT); + } + if (audit_keyusage(ssh, host_user, key_fp, cert, issuer_fp, (*rv == 0)) == 0) *rv = -SSH_ERR_INTERNAL_ERROR; - free(fp); + if (key_fp) + free(key_fp); + if (issuer_fp) + free(issuer_fp); } void diff --git a/gsi_openssh/source/audit.h b/gsi_openssh/source/audit.h index 45d66ccff1..05ac132cfa 100644 --- a/gsi_openssh/source/audit.h +++ b/gsi_openssh/source/audit.h @@ -64,7 +64,7 @@ void audit_session_close(struct logininfo *); int audit_run_command(struct ssh *, const char *); void audit_end_command(struct ssh *, int, const char *); ssh_audit_event_t audit_classify_auth(const char *); -int audit_keyusage(struct ssh *, int, char *, int); +int audit_keyusage(struct ssh *, int, const char *, const struct sshkey_cert *, const char *, int); void audit_key(struct ssh *, int, int *, const struct sshkey *); void audit_unsupported(struct ssh *, int); void audit_kex(struct ssh *, int, char *, char *, char *, char *); diff --git a/gsi_openssh/source/auth-pam.c b/gsi_openssh/source/auth-pam.c index f933429093..1adb394b2f 100644 --- a/gsi_openssh/source/auth-pam.c +++ b/gsi_openssh/source/auth-pam.c @@ -252,7 +252,6 @@ static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; static char *sshpam_rhost = NULL; static char *sshpam_laddr = NULL; -static char *sshpam_conninfo = NULL; static struct ssh *sshpam_ssh = NULL; /* Some PAM implementations don't implement this */ @@ -416,11 +415,12 @@ import_environments(struct sshbuf *b) /* Import environment from subprocess */ if ((r = sshbuf_get_u32(b, &num_env)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (num_env > 1024) - fatal("%s: received %u environment variables, expected <= 1024", - __func__, num_env); + if (num_env > 1024) { + fatal_f("received %u environment variables, expected <= 1024", + num_env); + } sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); - debug3("PAM: num env strings %d", num_env); + debug3("PAM: num env strings %u", num_env); for(i = 0; i < num_env; i++) { if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -430,7 +430,11 @@ import_environments(struct sshbuf *b) /* Import PAM environment from subprocess */ if ((r = sshbuf_get_u32(b, &num_env)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug("PAM: num PAM env strings %d", num_env); + if (num_env > 1024) { + fatal_f("received %u PAM env variables, expected <= 1024", + num_env); + } + debug("PAM: num PAM env strings %u", num_env); for (i = 0; i < num_env; i++) { if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -772,6 +776,7 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) { const char *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; + int r; #if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE) /* Protect buggy PAM implementations from excessively long usernames */ @@ -813,9 +818,6 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) options.use_dns)); sshpam_laddr = get_local_ipaddr( ssh_packet_get_connection_in(ssh)); - xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - sshpam_laddr, ssh_local_port(ssh)); /* Save so allowed_user can be called later */ sshpam_ssh = ssh; } @@ -828,8 +830,17 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) sshpam_handle = NULL; return (-1); } + } + if (ssh != NULL && sshpam_laddr != NULL) { + char *conninfo; + /* Put SSH_CONNECTION in the PAM environment too */ - pam_putenv(sshpam_handle, sshpam_conninfo); + xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + sshpam_laddr, ssh_local_port(ssh)); + if ((r = pam_putenv(sshpam_handle, conninfo)) != PAM_SUCCESS) + logit("pam_putenv: %s", pam_strerror(sshpam_handle, r)); + free(conninfo); } #ifdef PAM_TTY_KLUDGE diff --git a/gsi_openssh/source/auth-rhosts.c b/gsi_openssh/source/auth-rhosts.c index 4fc9252a6b..56724677a9 100644 --- a/gsi_openssh/source/auth-rhosts.c +++ b/gsi_openssh/source/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.57 2022/12/09 00:17:40 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,7 @@ #include #include +#include #include #ifdef HAVE_NETGROUP_H # include @@ -283,6 +284,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, xasprintf(&path, "%s/%s", pw->pw_dir, rhosts_files[rhosts_file_index]); if (stat(path, &st) == -1) { + debug3_f("stat %s: %s", path, strerror(errno)); free(path); continue; } diff --git a/gsi_openssh/source/auth-shadow.c b/gsi_openssh/source/auth-shadow.c index c77ee8da9b..b1e3aa9fc1 100644 --- a/gsi_openssh/source/auth-shadow.c +++ b/gsi_openssh/source/auth-shadow.c @@ -56,13 +56,13 @@ int auth_shadow_acctexpired(struct spwd *spw) { time_t today; - int daysleft; + long long daysleft; int r; today = time(NULL) / DAY; daysleft = spw->sp_expire - today; - debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, - (int)spw->sp_expire, daysleft); + debug3("%s: today %lld sp_expire %lld days left %lld", __func__, + (long long)today, (long long)spw->sp_expire, daysleft); if (spw->sp_expire == -1) { debug3("account expiration disabled"); @@ -70,9 +70,9 @@ auth_shadow_acctexpired(struct spwd *spw) logit("Account %.100s has expired", spw->sp_namp); return 1; } else if (daysleft <= spw->sp_warn) { - debug3("account will expire in %d days", daysleft); + debug3("account will expire in %lld days", daysleft); if ((r = sshbuf_putf(loginmsg, - "Your account will expire in %d day%s.\n", daysleft, + "Your account will expire in %lld day%s.\n", daysleft, daysleft == 1 ? "" : "s")) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } @@ -98,8 +98,8 @@ auth_shadow_pwexpired(Authctxt *ctxt) } today = time(NULL) / DAY; - debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, - (int)spw->sp_lstchg, (int)spw->sp_max); + debug3_f("today %lld sp_lstchg %lld sp_max %lld", (long long)today, + (long long)spw->sp_lstchg, (long long)spw->sp_max); #if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) { diff --git a/gsi_openssh/source/auth.c b/gsi_openssh/source/auth.c index c2e34bd348..d884eb0bef 100644 --- a/gsi_openssh/source/auth.c +++ b/gsi_openssh/source/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.154 2022/02/23 11:17:10 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -74,7 +74,6 @@ #include "authfile.h" #include "monitor_wrap.h" #include "ssherr.h" -#include "compat.h" #include "channels.h" /* import */ @@ -462,62 +461,6 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, return host_status; } -static FILE * -auth_openfile(const char *file, struct passwd *pw, int strict_modes, - int log_missing, char *file_type) -{ - char line[1024]; - struct stat st; - int fd; - FILE *f; - - if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { - if (log_missing || errno != ENOENT) - debug("Could not open %s '%s': %s", file_type, file, - strerror(errno)); - return NULL; - } - - if (fstat(fd, &st) == -1) { - close(fd); - return NULL; - } - if (!S_ISREG(st.st_mode)) { - logit("User %s %s %s is not a regular file", - pw->pw_name, file_type, file); - close(fd); - return NULL; - } - unset_nonblock(fd); - if ((f = fdopen(fd, "r")) == NULL) { - close(fd); - return NULL; - } - if (strict_modes && - safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) { - fclose(f); - logit("Authentication refused: %s", line); - auth_debug_add("Ignored %s: %s", file_type, line); - return NULL; - } - - return f; -} - - -FILE * -auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) -{ - return auth_openfile(file, pw, strict_modes, 1, "authorized keys"); -} - -FILE * -auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) -{ - return auth_openfile(file, pw, strict_modes, 0, - "authorized principals"); -} - struct passwd * getpwnamallow(struct ssh *ssh, const char *user) { @@ -631,14 +574,13 @@ auth_debug_add(const char *fmt,...) va_list args; int r; - if (auth_debug == NULL) - return; - va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); - if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) - fatal_fr(r, "sshbuf_put_cstring"); + debug3("%s", buf); + if (auth_debug != NULL) + if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) + fatal_fr(r, "sshbuf_put_cstring"); } void @@ -816,7 +758,8 @@ auth_restrict_session(struct ssh *ssh) debug_f("restricting session"); /* A blank sshauthopt defaults to permitting nothing */ - restricted = sshauthopt_new(); + if ((restricted = sshauthopt_new()) == NULL) + fatal_f("sshauthopt_new failed"); restricted->permit_pty_flag = 1; restricted->restricted = 1; @@ -824,97 +767,3 @@ auth_restrict_session(struct ssh *ssh) fatal_f("failed to restrict session"); sshauthopt_free(restricted); } - -int -auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw, - struct sshauthopt *opts, int allow_cert_authority, const char *loc) -{ - const char *remote_ip = ssh_remote_ipaddr(ssh); - const char *remote_host = auth_get_canonical_hostname(ssh, - options.use_dns); - time_t now = time(NULL); - char buf[64]; - - /* - * Check keys/principals file expiry time. - * NB. validity interval in certificate is handled elsewhere. - */ - if (opts->valid_before && now > 0 && - opts->valid_before < (uint64_t)now) { - format_absolute_time(opts->valid_before, buf, sizeof(buf)); - debug("%s: entry expired at %s", loc, buf); - auth_debug_add("%s: entry expired at %s", loc, buf); - return -1; - } - /* Consistency checks */ - if (opts->cert_principals != NULL && !opts->cert_authority) { - debug("%s: principals on non-CA key", loc); - auth_debug_add("%s: principals on non-CA key", loc); - /* deny access */ - return -1; - } - /* cert-authority flag isn't valid in authorized_principals files */ - if (!allow_cert_authority && opts->cert_authority) { - debug("%s: cert-authority flag invalid here", loc); - auth_debug_add("%s: cert-authority flag invalid here", loc); - /* deny access */ - return -1; - } - - /* Perform from= checks */ - if (opts->required_from_host_keys != NULL) { - switch (match_host_and_ip(remote_host, remote_ip, - opts->required_from_host_keys )) { - case 1: - /* Host name matches. */ - break; - case -1: - default: - debug("%s: invalid from criteria", loc); - auth_debug_add("%s: invalid from criteria", loc); - /* FALLTHROUGH */ - case 0: - logit("%s: Authentication tried for %.100s with " - "correct key but not from a permitted " - "host (host=%.200s, ip=%.200s, required=%.200s).", - loc, pw->pw_name, remote_host, remote_ip, - opts->required_from_host_keys); - auth_debug_add("%s: Your host '%.200s' is not " - "permitted to use this key for login.", - loc, remote_host); - /* deny access */ - return -1; - } - } - /* Check source-address restriction from certificate */ - if (opts->required_from_host_cert != NULL) { - switch (addr_match_cidr_list(remote_ip, - opts->required_from_host_cert)) { - case 1: - /* accepted */ - break; - case -1: - default: - /* invalid */ - error("%s: Certificate source-address invalid", loc); - /* FALLTHROUGH */ - case 0: - logit("%s: Authentication tried for %.100s with valid " - "certificate but not from a permitted source " - "address (%.200s).", loc, pw->pw_name, remote_ip); - auth_debug_add("%s: Your address '%.200s' is not " - "permitted to use this certificate for login.", - loc, remote_ip); - return -1; - } - } - /* - * - * XXX this is spammy. We should report remotely only for keys - * that are successful in actual auth attempts, and not PK_OK - * tests. - */ - auth_log_authopts(loc, opts, 1); - - return 0; -} diff --git a/gsi_openssh/source/auth.h b/gsi_openssh/source/auth.h index 9ae79b269f..819275c4ee 100644 --- a/gsi_openssh/source/auth.h +++ b/gsi_openssh/source/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.102 2021/12/19 22:12:07 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.106 2022/06/15 16:08:25 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -29,6 +29,7 @@ #define AUTH_H #include +#include #ifdef HAVE_LOGIN_CAP #include @@ -44,6 +45,7 @@ struct passwd; struct ssh; struct sshbuf; struct sshkey; +struct sshkey_cert; struct sshauthopt; typedef struct Authctxt Authctxt; @@ -139,8 +141,8 @@ int auth_password(struct ssh *, const char *); int hostbased_key_allowed(struct ssh *, struct passwd *, const char *, char *, struct sshkey *); -int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, - struct sshauthopt **); +int user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *, + int, struct sshauthopt **); int auth2_key_already_used(Authctxt *, const struct sshkey *); /* @@ -196,11 +198,7 @@ struct passwd * getpwnamallow(struct ssh *, const char *user); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); -int user_key_verify(struct ssh *, const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); -FILE *auth_openkeyfile(const char *, struct passwd *, int); -FILE *auth_openprincipals(const char *, struct passwd *, int); int auth_key_is_revoked(struct sshkey *); const char *auth_get_canonical_hostname(struct ssh *, int); @@ -224,8 +222,6 @@ int hostbased_key_verify(struct ssh *, const struct sshkey *, const u_char *, s const struct sshauthopt *auth_options(struct ssh *); int auth_activate_options(struct ssh *, struct sshauthopt *); void auth_restrict_session(struct ssh *); -int auth_authorise_keyopts(struct ssh *, struct passwd *pw, - struct sshauthopt *, int, const char *); void auth_log_authopts(const char *, const struct sshauthopt *, int); /* debug messages during authentication */ @@ -236,6 +232,22 @@ void auth_debug_reset(void); struct passwd *fakepw(void); +/* auth2-pubkeyfile.c */ +int auth_authorise_keyopts(struct passwd *, struct sshauthopt *, int, + const char *, const char *, const char *); +int auth_check_principals_line(char *, const struct sshkey_cert *, + const char *, struct sshauthopt **); +int auth_process_principals(FILE *, const char *, + const struct sshkey_cert *, struct sshauthopt **); +int auth_check_authkey_line(struct passwd *, struct sshkey *, + char *, const char *, const char *, const char *, struct sshauthopt **); +int auth_check_authkeys_file(struct passwd *, FILE *, char *, + struct sshkey *, const char *, const char *, struct sshauthopt **); +int user_key_verify(struct ssh *, const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); +FILE *auth_openkeyfile(const char *, struct passwd *, int); +FILE *auth_openprincipals(const char *, struct passwd *, int); + int sys_auth_passwd(struct ssh *, const char *); #if defined(KRB5) && !defined(HEIMDAL) diff --git a/gsi_openssh/source/auth2-hostbased.c b/gsi_openssh/source/auth2-hostbased.c index c680289a57..2e1180d534 100644 --- a/gsi_openssh/source/auth2-hostbased.c +++ b/gsi_openssh/source/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.49 2022/01/06 22:01:14 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -40,7 +40,6 @@ #include "log.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "sshkey.h" #include "hostfile.h" #include "auth.h" @@ -101,12 +100,6 @@ userauth_hostbased(struct ssh *ssh, const char *method) "(received %d, expected %d)", key->type, pktype); goto done; } - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - error("Refusing RSA key because peer uses unsafe " - "signature format"); - goto done; - } if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) { logit_f("signature algorithm %s not in " "HostbasedAcceptedAlgorithms", pkalg); diff --git a/gsi_openssh/source/auth2-none.c b/gsi_openssh/source/auth2-none.c index d9f97223c9..8966fd082f 100644 --- a/gsi_openssh/source/auth2-none.c +++ b/gsi_openssh/source/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.25 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -44,7 +44,6 @@ #include "log.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "ssh2.h" #include "ssherr.h" #ifdef GSSAPI diff --git a/gsi_openssh/source/auth2-passwd.c b/gsi_openssh/source/auth2-passwd.c index f8a6dbc193..cc12cfbc1f 100644 --- a/gsi_openssh/source/auth2-passwd.c +++ b/gsi_openssh/source/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -51,16 +51,18 @@ extern ServerOptions options; static int userauth_passwd(struct ssh *ssh, const char *method) { - char *password; + char *password = NULL; int authenticated = 0, r; u_char change; - size_t len; + size_t len = 0; if ((r = sshpkt_get_u8(ssh, &change)) != 0 || (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 || (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) || - (r = sshpkt_get_end(ssh)) != 0) + (r = sshpkt_get_end(ssh)) != 0) { + freezero(password, len); fatal_fr(r, "parse packet"); + } if (change) logit("password change not supported"); diff --git a/gsi_openssh/source/auth2-pubkey.c b/gsi_openssh/source/auth2-pubkey.c index 18eb2ea2df..3671296270 100644 --- a/gsi_openssh/source/auth2-pubkey.c +++ b/gsi_openssh/source/auth2-pubkey.c @@ -1,6 +1,7 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.113 2022/02/27 01:33:59 naddy Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.118 2023/02/17 04:22:50 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,11 +27,9 @@ #include "includes.h" #include -#include #include #include -#include #ifdef HAVE_PATHS_H # include #endif @@ -67,7 +66,6 @@ #include "authfile.h" #include "match.h" #include "ssherr.h" -#include "kex.h" #include "channels.h" /* XXX for session.h */ #include "session.h" /* XXX for child_set_env(); refactor? */ #include "sk-api.h" @@ -158,12 +156,6 @@ userauth_pubkey(struct ssh *ssh, const char *method) "(received %d, expected %d)", key->type, pktype); goto done; } - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - logit("Refusing RSA key because client uses unsafe " - "signature scheme"); - goto done; - } if (auth2_key_already_used(authctxt, key)) { logit("refusing previously-used %s key", sshkey_type(key)); goto done; @@ -346,121 +338,7 @@ user_key_verify(struct ssh *ssh, const struct sshkey *key, const u_char *sig, } static int -match_principals_option(const char *principal_list, struct sshkey_cert *cert) -{ - char *result; - u_int i; - - /* XXX percent_expand() sequences for authorized_principals? */ - - for (i = 0; i < cert->nprincipals; i++) { - if ((result = match_list(cert->principals[i], - principal_list, NULL)) != NULL) { - debug3("matched principal from key options \"%.100s\"", - result); - free(result); - return 1; - } - } - return 0; -} - -/* - * Process a single authorized_principals format line. Returns 0 and sets - * authoptsp is principal is authorised, -1 otherwise. "loc" is used as a - * log preamble for file/line information. - */ -static int -check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert, - const char *loc, struct sshauthopt **authoptsp) -{ - u_int i, found = 0; - char *ep, *line_opts; - const char *reason = NULL; - struct sshauthopt *opts = NULL; - - if (authoptsp != NULL) - *authoptsp = NULL; - - /* Trim trailing whitespace. */ - ep = cp + strlen(cp) - 1; - while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) - *ep-- = '\0'; - - /* - * If the line has internal whitespace then assume it has - * key options. - */ - line_opts = NULL; - if ((ep = strrchr(cp, ' ')) != NULL || - (ep = strrchr(cp, '\t')) != NULL) { - for (; *ep == ' ' || *ep == '\t'; ep++) - ; - line_opts = cp; - cp = ep; - } - if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) { - debug("%s: bad principals options: %s", loc, reason); - auth_debug_add("%s: bad principals options: %s", loc, reason); - return -1; - } - /* Check principals in cert against those on line */ - for (i = 0; i < cert->nprincipals; i++) { - if (strcmp(cp, cert->principals[i]) != 0) - continue; - debug3("%s: matched principal \"%.100s\"", - loc, cert->principals[i]); - found = 1; - } - if (found && authoptsp != NULL) { - *authoptsp = opts; - opts = NULL; - } - sshauthopt_free(opts); - return found ? 0 : -1; -} - -static int -process_principals(struct ssh *ssh, FILE *f, const char *file, - const struct sshkey_cert *cert, struct sshauthopt **authoptsp) -{ - char loc[256], *line = NULL, *cp, *ep; - size_t linesize = 0; - u_long linenum = 0, nonblank = 0; - u_int found_principal = 0; - - if (authoptsp != NULL) - *authoptsp = NULL; - - while (getline(&line, &linesize, f) != -1) { - linenum++; - /* Always consume entire input */ - if (found_principal) - continue; - - /* Skip leading whitespace. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - /* Skip blank and comment lines. */ - if ((ep = strchr(cp, '#')) != NULL) - *ep = '\0'; - if (!*cp || *cp == '\n') - continue; - - nonblank++; - snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); - if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0) - found_principal = 1; - } - debug2_f("%s: processed %lu/%lu lines", file, nonblank, linenum); - free(line); - return found_principal; -} - -/* XXX remove pw args here and elsewhere once ssh->authctxt is guaranteed */ - -static int -match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, +match_principals_file(struct passwd *pw, char *file, struct sshkey_cert *cert, struct sshauthopt **authoptsp) { FILE *f; @@ -475,7 +353,7 @@ match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, restore_uid(); return 0; } - success = process_principals(ssh, f, file, cert, authoptsp); + success = auth_process_principals(f, file, cert, authoptsp); fclose(f); restore_uid(); return success; @@ -486,7 +364,7 @@ match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, * returns 1 if the principal is allowed or 0 otherwise. */ static int -match_principals_command(struct ssh *ssh, struct passwd *user_pw, +match_principals_command(struct passwd *user_pw, const struct sshkey *key, struct sshauthopt **authoptsp) { struct passwd *runas_pw = NULL; @@ -592,7 +470,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, uid_swapped = 1; temporarily_use_uid(runas_pw); - ok = process_principals(ssh, f, "(command)", cert, authoptsp); + ok = auth_process_principals(f, "(command)", cert, authoptsp); fclose(f); f = NULL; @@ -620,188 +498,10 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, return found_principal; } -/* - * Check a single line of an authorized_keys-format file. Returns 0 if key - * matches, -1 otherwise. Will return key/cert options via *authoptsp - * on success. "loc" is used as file/line location in log messages. - */ -static int -check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, - char *cp, const char *loc, struct sshauthopt **authoptsp) -{ - int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type; - struct sshkey *found = NULL; - struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL; - char *key_options = NULL, *fp = NULL; - const char *reason = NULL; - int ret = -1; - - if (authoptsp != NULL) - *authoptsp = NULL; - - if ((found = sshkey_new(want_keytype)) == NULL) { - debug3_f("keytype %d failed", want_keytype); - goto out; - } - - /* XXX djm: peek at key type in line and skip if unwanted */ - - if (sshkey_read(found, &cp) != 0) { - /* no key? check for options */ - debug2("%s: check options: '%s'", loc, cp); - key_options = cp; - if (sshkey_advance_past_options(&cp) != 0) { - reason = "invalid key option string"; - goto fail_reason; - } - skip_space(&cp); - if (sshkey_read(found, &cp) != 0) { - /* still no key? advance to next line*/ - debug2("%s: advance: '%s'", loc, cp); - goto out; - } - } - /* Parse key options now; we need to know if this is a CA key */ - if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) { - debug("%s: bad key options: %s", loc, reason); - auth_debug_add("%s: bad key options: %s", loc, reason); - goto out; - } - /* Ignore keys that don't match or incorrectly marked as CAs */ - if (sshkey_is_cert(key)) { - /* Certificate; check signature key against CA */ - if (!sshkey_equal(found, key->cert->signature_key) || - !keyopts->cert_authority) - goto out; - } else { - /* Plain key: check it against key found in file */ - if (!sshkey_equal(found, key) || keyopts->cert_authority) - goto out; - } - - /* We have a candidate key, perform authorisation checks */ - if ((fp = sshkey_fingerprint(found, - options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal_f("fingerprint failed"); - - debug("%s: matching %s found: %s %s", loc, - sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); - - if (auth_authorise_keyopts(ssh, pw, keyopts, - sshkey_is_cert(key), loc) != 0) { - reason = "Refused by key options"; - goto fail_reason; - } - /* That's all we need for plain keys. */ - if (!sshkey_is_cert(key)) { - verbose("Accepted key %s %s found at %s", - sshkey_type(found), fp, loc); - finalopts = keyopts; - keyopts = NULL; - goto success; - } - - /* - * Additional authorisation for certificates. - */ - - /* Parse and check options present in certificate */ - if ((certopts = sshauthopt_from_cert(key)) == NULL) { - reason = "Invalid certificate options"; - goto fail_reason; - } - if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0) { - reason = "Refused by certificate options"; - goto fail_reason; - } - if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL) - goto fail_reason; - - /* - * If the user has specified a list of principals as - * a key option, then prefer that list to matching - * their username in the certificate principals list. - */ - if (keyopts->cert_principals != NULL && - !match_principals_option(keyopts->cert_principals, key->cert)) { - reason = "Certificate does not contain an authorized principal"; - goto fail_reason; - } - if (sshkey_cert_check_authority_now(key, 0, 0, 0, - keyopts->cert_principals == NULL ? pw->pw_name : NULL, - &reason) != 0) - goto fail_reason; - - verbose("Accepted certificate ID \"%s\" (serial %llu) " - "signed by CA %s %s found at %s", - key->cert->key_id, - (unsigned long long)key->cert->serial, - sshkey_type(found), fp, loc); - - success: - if (finalopts == NULL) - fatal_f("internal error: missing options"); - if (authoptsp != NULL) { - *authoptsp = finalopts; - finalopts = NULL; - } - /* success */ - ret = 0; - goto out; - - fail_reason: - error("%s", reason); - auth_debug_add("%s", reason); - out: - free(fp); - sshauthopt_free(keyopts); - sshauthopt_free(certopts); - sshauthopt_free(finalopts); - sshkey_free(found); - return ret; -} - -/* - * Checks whether key is allowed in authorized_keys-format file, - * returns 1 if the key is allowed or 0 otherwise. - */ -static int -check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, - char *file, struct sshkey *key, struct sshauthopt **authoptsp) -{ - char *cp, *line = NULL, loc[256]; - size_t linesize = 0; - int found_key = 0; - u_long linenum = 0, nonblank = 0; - - if (authoptsp != NULL) - *authoptsp = NULL; - - while (getline(&line, &linesize, f) != -1) { - linenum++; - /* Always consume entire file */ - if (found_key) - continue; - - /* Skip leading whitespace, empty and comment lines. */ - cp = line; - skip_space(&cp); - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - nonblank++; - snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); - if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0) - found_key = 1; - } - free(line); - debug2_f("%s: processed %lu/%lu lines", file, nonblank, linenum); - return found_key; -} - /* Authenticate a certificate key against TrustedUserCAKeys */ static int -user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, +user_cert_trusted_ca(struct passwd *pw, struct sshkey *key, + const char *remote_ip, const char *remote_host, struct sshauthopt **authoptsp) { char *ca_fp, *principals_file = NULL; @@ -833,12 +533,12 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, * against the username. */ if ((principals_file = authorized_principals_file(pw)) != NULL) { - if (match_principals_file(ssh, pw, principals_file, + if (match_principals_file(pw, principals_file, key->cert, &principals_opts)) found_principal = 1; } /* Try querying command if specified */ - if (!found_principal && match_principals_command(ssh, pw, key, + if (!found_principal && match_principals_command(pw, key, &principals_opts)) found_principal = 1; /* If principals file or command is specified, then require a match */ @@ -859,7 +559,8 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, reason = "Invalid certificate options"; goto fail_reason; } - if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0) { + if (auth_authorise_keyopts(pw, cert_opts, 0, + remote_ip, remote_host, "cert") != 0) { reason = "Refused by certificate options"; goto fail_reason; } @@ -867,8 +568,8 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, final_opts = cert_opts; cert_opts = NULL; } else { - if (auth_authorise_keyopts(ssh, pw, principals_opts, 0, - "principals") != 0) { + if (auth_authorise_keyopts(pw, principals_opts, 0, + remote_ip, remote_host, "principals") != 0) { reason = "Refused by certificate principals options"; goto fail_reason; } @@ -906,8 +607,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, - char *file, struct sshauthopt **authoptsp) +user_key_allowed2(struct passwd *pw, struct sshkey *key, + char *file, const char *remote_ip, const char *remote_host, + struct sshauthopt **authoptsp) { FILE *f; int found_key = 0; @@ -920,8 +622,8 @@ user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, debug("trying public key file %s", file); if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) { - found_key = check_authkeys_file(ssh, pw, f, file, - key, authoptsp); + found_key = auth_check_authkeys_file(pw, f, file, + key, remote_ip, remote_host, authoptsp); fclose(f); } @@ -934,8 +636,9 @@ user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, - struct sshkey *key, struct sshauthopt **authoptsp) +user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key, + const char *remote_ip, const char *remote_host, + struct sshauthopt **authoptsp) { struct passwd *runas_pw = NULL; FILE *f = NULL; @@ -1036,8 +739,9 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, uid_swapped = 1; temporarily_use_uid(runas_pw); - ok = check_authkeys_file(ssh, user_pw, f, - options.authorized_keys_command, key, authoptsp); + ok = auth_check_authkeys_file(user_pw, f, + options.authorized_keys_command, key, remote_ip, + remote_host, authoptsp); fclose(f); f = NULL; @@ -1073,6 +777,9 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, u_int success = 0, i; char *file; struct sshauthopt *opts = NULL; + const char *remote_ip = ssh_remote_ipaddr(ssh); + const char *remote_host = auth_get_canonical_hostname(ssh, + options.use_dns); if (authoptsp != NULL) *authoptsp = NULL; @@ -1088,7 +795,8 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, continue; file = expand_authorized_keys( options.authorized_keys_files[i], pw); - success = user_key_allowed2(ssh, pw, key, file, &opts); + success = user_key_allowed2(pw, key, file, + remote_ip, remote_host, &opts); free(file); if (!success) { sshauthopt_free(opts); @@ -1098,12 +806,14 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, if (success) goto out; - if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0) + if ((success = user_cert_trusted_ca(pw, key, remote_ip, remote_host, + &opts)) != 0) goto out; sshauthopt_free(opts); opts = NULL; - if ((success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0) + if ((success = user_key_command_allowed2(pw, key, remote_ip, + remote_host, &opts)) != 0) goto out; sshauthopt_free(opts); opts = NULL; diff --git a/gsi_openssh/source/auth2-pubkeyfile.c b/gsi_openssh/source/auth2-pubkeyfile.c new file mode 100644 index 0000000000..31e7481fbe --- /dev/null +++ b/gsi_openssh/source/auth2-pubkeyfile.c @@ -0,0 +1,500 @@ +/* $OpenBSD: auth2-pubkeyfile.c,v 1.4 2023/03/05 05:34:09 dtucker Exp $ */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ssh.h" +#include "log.h" +#include "misc.h" +#include "sshkey.h" +#include "digest.h" +#include "hostfile.h" +#include "auth.h" +#include "auth-options.h" +#include "authfile.h" +#include "match.h" +#include "ssherr.h" + +int +auth_authorise_keyopts(struct passwd *pw, struct sshauthopt *opts, + int allow_cert_authority, const char *remote_ip, const char *remote_host, + const char *loc) +{ + time_t now = time(NULL); + char buf[64]; + + /* + * Check keys/principals file expiry time. + * NB. validity interval in certificate is handled elsewhere. + */ + if (opts->valid_before && now > 0 && + opts->valid_before < (uint64_t)now) { + format_absolute_time(opts->valid_before, buf, sizeof(buf)); + debug("%s: entry expired at %s", loc, buf); + auth_debug_add("%s: entry expired at %s", loc, buf); + return -1; + } + /* Consistency checks */ + if (opts->cert_principals != NULL && !opts->cert_authority) { + debug("%s: principals on non-CA key", loc); + auth_debug_add("%s: principals on non-CA key", loc); + /* deny access */ + return -1; + } + /* cert-authority flag isn't valid in authorized_principals files */ + if (!allow_cert_authority && opts->cert_authority) { + debug("%s: cert-authority flag invalid here", loc); + auth_debug_add("%s: cert-authority flag invalid here", loc); + /* deny access */ + return -1; + } + + /* Perform from= checks */ + if (opts->required_from_host_keys != NULL) { + switch (match_host_and_ip(remote_host, remote_ip, + opts->required_from_host_keys )) { + case 1: + /* Host name matches. */ + break; + case -1: + default: + debug("%s: invalid from criteria", loc); + auth_debug_add("%s: invalid from criteria", loc); + /* FALLTHROUGH */ + case 0: + logit("%s: Authentication tried for %.100s with " + "correct key but not from a permitted " + "host (host=%.200s, ip=%.200s, required=%.200s).", + loc, pw->pw_name, remote_host, remote_ip, + opts->required_from_host_keys); + auth_debug_add("%s: Your host '%.200s' is not " + "permitted to use this key for login.", + loc, remote_host); + /* deny access */ + return -1; + } + } + /* Check source-address restriction from certificate */ + if (opts->required_from_host_cert != NULL) { + switch (addr_match_cidr_list(remote_ip, + opts->required_from_host_cert)) { + case 1: + /* accepted */ + break; + case -1: + default: + /* invalid */ + error("%s: Certificate source-address invalid", loc); + /* FALLTHROUGH */ + case 0: + logit("%s: Authentication tried for %.100s with valid " + "certificate but not from a permitted source " + "address (%.200s).", loc, pw->pw_name, remote_ip); + auth_debug_add("%s: Your address '%.200s' is not " + "permitted to use this certificate for login.", + loc, remote_ip); + return -1; + } + } + /* + * + * XXX this is spammy. We should report remotely only for keys + * that are successful in actual auth attempts, and not PK_OK + * tests. + */ + auth_log_authopts(loc, opts, 1); + + return 0; +} + +static int +match_principals_option(const char *principal_list, struct sshkey_cert *cert) +{ + char *result; + u_int i; + + /* XXX percent_expand() sequences for authorized_principals? */ + + for (i = 0; i < cert->nprincipals; i++) { + if ((result = match_list(cert->principals[i], + principal_list, NULL)) != NULL) { + debug3("matched principal from key options \"%.100s\"", + result); + free(result); + return 1; + } + } + return 0; +} + +/* + * Process a single authorized_principals format line. Returns 0 and sets + * authoptsp is principal is authorised, -1 otherwise. "loc" is used as a + * log preamble for file/line information. + */ +int +auth_check_principals_line(char *cp, const struct sshkey_cert *cert, + const char *loc, struct sshauthopt **authoptsp) +{ + u_int i, found = 0; + char *ep, *line_opts; + const char *reason = NULL; + struct sshauthopt *opts = NULL; + + if (authoptsp != NULL) + *authoptsp = NULL; + + /* Trim trailing whitespace. */ + ep = cp + strlen(cp) - 1; + while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) + *ep-- = '\0'; + + /* + * If the line has internal whitespace then assume it has + * key options. + */ + line_opts = NULL; + if ((ep = strrchr(cp, ' ')) != NULL || + (ep = strrchr(cp, '\t')) != NULL) { + for (; *ep == ' ' || *ep == '\t'; ep++) + ; + line_opts = cp; + cp = ep; + } + if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) { + debug("%s: bad principals options: %s", loc, reason); + auth_debug_add("%s: bad principals options: %s", loc, reason); + return -1; + } + /* Check principals in cert against those on line */ + for (i = 0; i < cert->nprincipals; i++) { + if (strcmp(cp, cert->principals[i]) != 0) + continue; + debug3("%s: matched principal \"%.100s\"", + loc, cert->principals[i]); + found = 1; + } + if (found && authoptsp != NULL) { + *authoptsp = opts; + opts = NULL; + } + sshauthopt_free(opts); + return found ? 0 : -1; +} + +int +auth_process_principals(FILE *f, const char *file, + const struct sshkey_cert *cert, struct sshauthopt **authoptsp) +{ + char loc[256], *line = NULL, *cp, *ep; + size_t linesize = 0; + u_long linenum = 0, nonblank = 0; + u_int found_principal = 0; + + if (authoptsp != NULL) + *authoptsp = NULL; + + while (getline(&line, &linesize, f) != -1) { + linenum++; + /* Always consume entire input */ + if (found_principal) + continue; + + /* Skip leading whitespace. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; + /* Skip blank and comment lines. */ + if ((ep = strchr(cp, '#')) != NULL) + *ep = '\0'; + if (!*cp || *cp == '\n') + continue; + + nonblank++; + snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); + if (auth_check_principals_line(cp, cert, loc, authoptsp) == 0) + found_principal = 1; + } + debug2_f("%s: processed %lu/%lu lines", file, nonblank, linenum); + free(line); + return found_principal; +} + +/* + * Check a single line of an authorized_keys-format file. Returns 0 if key + * matches, -1 otherwise. Will return key/cert options via *authoptsp + * on success. "loc" is used as file/line location in log messages. + */ +int +auth_check_authkey_line(struct passwd *pw, struct sshkey *key, + char *cp, const char *remote_ip, const char *remote_host, const char *loc, + struct sshauthopt **authoptsp) +{ + int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type; + struct sshkey *found = NULL; + struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL; + char *key_options = NULL, *fp = NULL; + const char *reason = NULL; + int ret = -1; + + if (authoptsp != NULL) + *authoptsp = NULL; + + if ((found = sshkey_new(want_keytype)) == NULL) { + debug3_f("keytype %d failed", want_keytype); + goto out; + } + + /* XXX djm: peek at key type in line and skip if unwanted */ + + if (sshkey_read(found, &cp) != 0) { + /* no key? check for options */ + debug2("%s: check options: '%s'", loc, cp); + key_options = cp; + if (sshkey_advance_past_options(&cp) != 0) { + reason = "invalid key option string"; + goto fail_reason; + } + skip_space(&cp); + if (sshkey_read(found, &cp) != 0) { + /* still no key? advance to next line*/ + debug2("%s: advance: '%s'", loc, cp); + goto out; + } + } + /* Parse key options now; we need to know if this is a CA key */ + if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) { + debug("%s: bad key options: %s", loc, reason); + auth_debug_add("%s: bad key options: %s", loc, reason); + goto out; + } + /* Ignore keys that don't match or incorrectly marked as CAs */ + if (sshkey_is_cert(key)) { + /* Certificate; check signature key against CA */ + if (!sshkey_equal(found, key->cert->signature_key) || + !keyopts->cert_authority) + goto out; + } else { + /* Plain key: check it against key found in file */ + if (!sshkey_equal(found, key) || keyopts->cert_authority) + goto out; + } + + /* We have a candidate key, perform authorisation checks */ + if ((fp = sshkey_fingerprint(found, + SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) + fatal_f("fingerprint failed"); + + debug("%s: matching %s found: %s %s", loc, + sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); + + if (auth_authorise_keyopts(pw, keyopts, + sshkey_is_cert(key), remote_ip, remote_host, loc) != 0) { + reason = "Refused by key options"; + goto fail_reason; + } + /* That's all we need for plain keys. */ + if (!sshkey_is_cert(key)) { + verbose("Accepted key %s %s found at %s", + sshkey_type(found), fp, loc); + finalopts = keyopts; + keyopts = NULL; + goto success; + } + + /* + * Additional authorisation for certificates. + */ + + /* Parse and check options present in certificate */ + if ((certopts = sshauthopt_from_cert(key)) == NULL) { + reason = "Invalid certificate options"; + goto fail_reason; + } + if (auth_authorise_keyopts(pw, certopts, 0, + remote_ip, remote_host, loc) != 0) { + reason = "Refused by certificate options"; + goto fail_reason; + } + if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL) + goto fail_reason; + + /* + * If the user has specified a list of principals as + * a key option, then prefer that list to matching + * their username in the certificate principals list. + */ + if (keyopts->cert_principals != NULL && + !match_principals_option(keyopts->cert_principals, key->cert)) { + reason = "Certificate does not contain an authorized principal"; + goto fail_reason; + } + if (sshkey_cert_check_authority_now(key, 0, 0, 0, + keyopts->cert_principals == NULL ? pw->pw_name : NULL, + &reason) != 0) + goto fail_reason; + + verbose("Accepted certificate ID \"%s\" (serial %llu) " + "signed by CA %s %s found at %s", + key->cert->key_id, + (unsigned long long)key->cert->serial, + sshkey_type(found), fp, loc); + + success: + if (finalopts == NULL) + fatal_f("internal error: missing options"); + if (authoptsp != NULL) { + *authoptsp = finalopts; + finalopts = NULL; + } + /* success */ + ret = 0; + goto out; + + fail_reason: + error("%s", reason); + auth_debug_add("%s", reason); + out: + free(fp); + sshauthopt_free(keyopts); + sshauthopt_free(certopts); + sshauthopt_free(finalopts); + sshkey_free(found); + return ret; +} + +/* + * Checks whether key is allowed in authorized_keys-format file, + * returns 1 if the key is allowed or 0 otherwise. + */ +int +auth_check_authkeys_file(struct passwd *pw, FILE *f, char *file, + struct sshkey *key, const char *remote_ip, + const char *remote_host, struct sshauthopt **authoptsp) +{ + char *cp, *line = NULL, loc[256]; + size_t linesize = 0; + int found_key = 0; + u_long linenum = 0, nonblank = 0; + + if (authoptsp != NULL) + *authoptsp = NULL; + + while (getline(&line, &linesize, f) != -1) { + linenum++; + /* Always consume entire file */ + if (found_key) + continue; + + /* Skip leading whitespace, empty and comment lines. */ + cp = line; + skip_space(&cp); + if (!*cp || *cp == '\n' || *cp == '#') + continue; + + nonblank++; + snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); + if (auth_check_authkey_line(pw, key, cp, + remote_ip, remote_host, loc, authoptsp) == 0) + found_key = 1; + } + free(line); + debug2_f("%s: processed %lu/%lu lines", file, nonblank, linenum); + return found_key; +} + +static FILE * +auth_openfile(const char *file, struct passwd *pw, int strict_modes, + int log_missing, char *file_type) +{ + char line[1024]; + struct stat st; + int fd; + FILE *f; + + if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { + if (errno != ENOENT) { + logit("Could not open user '%s' %s '%s': %s", + pw->pw_name, file_type, file, strerror(errno)); + } else if (log_missing) { + debug("Could not open user '%s' %s '%s': %s", + pw->pw_name, file_type, file, strerror(errno)); + } + return NULL; + } + + if (fstat(fd, &st) == -1) { + close(fd); + return NULL; + } + if (!S_ISREG(st.st_mode)) { + logit("User '%s' %s '%s' is not a regular file", + pw->pw_name, file_type, file); + close(fd); + return NULL; + } + unset_nonblock(fd); + if ((f = fdopen(fd, "r")) == NULL) { + close(fd); + return NULL; + } + if (strict_modes && + safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) { + fclose(f); + logit("Authentication refused: %s", line); + auth_debug_add("Ignored %s: %s", file_type, line); + return NULL; + } + + return f; +} + + +FILE * +auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes) +{ + return auth_openfile(file, pw, strict_modes, 1, "authorized keys"); +} + +FILE * +auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) +{ + return auth_openfile(file, pw, strict_modes, 0, + "authorized principals"); +} + diff --git a/gsi_openssh/source/auth2.c b/gsi_openssh/source/auth2.c index e31af7f632..0555a19175 100644 --- a/gsi_openssh/source/auth2.c +++ b/gsi_openssh/source/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.166 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -46,7 +46,6 @@ #include "sshbuf.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "sshkey.h" #include "hostfile.h" #include "auth.h" @@ -184,7 +183,6 @@ do_authentication2(struct ssh *ssh) ssh->authctxt = NULL; } -/*ARGSUSED*/ static int input_service_request(int type, u_int32_t seq, struct ssh *ssh) { @@ -262,7 +260,6 @@ ensure_minimum_time_since(double start, double seconds) nanosleep(&ts, NULL); } -/*ARGSUSED*/ static int input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) { diff --git a/gsi_openssh/source/authfd.c b/gsi_openssh/source/authfd.c index 76e48aab77..25a363664c 100644 --- a/gsi_openssh/source/authfd.c +++ b/gsi_openssh/source/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.129 2021/12/19 22:10:24 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.133 2023/03/09 21:06:24 jcs Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -55,7 +55,6 @@ #include "sshkey.h" #include "authfd.h" #include "cipher.h" -#include "compat.h" #include "log.h" #include "atomicio.h" #include "misc.h" @@ -92,6 +91,7 @@ ssh_get_authentication_socket_path(const char *authsocket, int *fdp) int sock, oerrno; struct sockaddr_un sunaddr; + debug3_f("path '%s'", authsocket); memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); @@ -490,8 +490,8 @@ encode_dest_constraint(struct sshbuf *m, const struct dest_constraint *dc) if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = encode_dest_constraint_hop(b, &dc->from) != 0) || - (r = encode_dest_constraint_hop(b, &dc->to) != 0) || + if ((r = encode_dest_constraint_hop(b, &dc->from)) != 0 || + (r = encode_dest_constraint_hop(b, &dc->to)) != 0 || (r = sshbuf_put_string(b, NULL, 0)) != 0) /* reserved */ goto out; if ((r = sshbuf_put_stringb(m, b)) != 0) @@ -665,7 +665,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin, struct dest_constraint **dest_constraints, size_t ndest_constraints) { struct sshbuf *msg; - int r, constrained = (life || confirm); + int r, constrained = (life || confirm || dest_constraints); u_char type; if (add) { diff --git a/gsi_openssh/source/authfile.c b/gsi_openssh/source/authfile.c index a399efc3e7..445f2dd541 100644 --- a/gsi_openssh/source/authfile.c +++ b/gsi_openssh/source/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.142 2022/01/01 01:55:30 jsg Exp $ */ +/* $OpenBSD: authfile.c,v 1.144 2023/03/14 07:26:25 dtucker Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -211,6 +211,8 @@ sshkey_try_load_public(struct sshkey **kp, const char *filename, int r; struct sshkey *k = NULL; + if (kp == NULL) + return SSH_ERR_INVALID_ARGUMENT; *kp = NULL; if (commentp != NULL) *commentp = NULL; @@ -501,20 +503,25 @@ sshkey_save_public(const struct sshkey *key, const char *path, return SSH_ERR_SYSTEM_ERROR; if ((f = fdopen(fd, "w")) == NULL) { r = SSH_ERR_SYSTEM_ERROR; + close(fd); goto fail; } if ((r = sshkey_write(key, f)) != 0) goto fail; fprintf(f, " %s\n", comment); - if (ferror(f) || fclose(f) != 0) { + if (ferror(f)) { r = SSH_ERR_SYSTEM_ERROR; + goto fail; + } + if (fclose(f) != 0) { + r = SSH_ERR_SYSTEM_ERROR; + f = NULL; fail: - oerrno = errno; - if (f != NULL) + if (f != NULL) { + oerrno = errno; fclose(f); - else - close(fd); - errno = oerrno; + errno = oerrno; + } return r; } return 0; diff --git a/gsi_openssh/source/canohost.c b/gsi_openssh/source/canohost.c index e2213c8103..0132507d52 100644 --- a/gsi_openssh/source/canohost.c +++ b/gsi_openssh/source/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.76 2023/03/03 05:00:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -166,6 +166,9 @@ get_socket_address(int sock, int remote, int flags) char ntop[NI_MAXHOST]; int r; + if (sock < 0) + return NULL; + /* Get IP address of client. */ addrlen = sizeof(addr); memset(&addr, 0, sizeof(addr)); diff --git a/gsi_openssh/source/channels.c b/gsi_openssh/source/channels.c index 7b8a7dc2b5..7aec82aef9 100644 --- a/gsi_openssh/source/channels.c +++ b/gsi_openssh/source/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.415 2022/03/30 21:10:25 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.430 2023/03/10 03:01:51 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -151,6 +151,12 @@ struct permission_set { int all_permitted; }; +/* Used to record timeouts per channel type */ +struct ssh_channel_timeout { + char *type_pattern; + u_int timeout_secs; +}; + /* Master structure for channels state */ struct ssh_channels { /* @@ -192,7 +198,7 @@ struct ssh_channels { u_int x11_saved_data_len; /* Deadline after which all X11 connections are refused */ - u_int x11_refuse_time; + time_t x11_refuse_time; /* * Fake X11 authentication data. This is what the server will be @@ -204,6 +210,10 @@ struct ssh_channels { /* AF_UNSPEC or AF_INET or AF_INET6 */ int IPv4or6; + + /* Channel timeouts by type */ + struct ssh_channel_timeout *timeouts; + size_t ntimeouts; }; /* helper */ @@ -299,6 +309,76 @@ channel_lookup(struct ssh *ssh, int id) return NULL; } +/* + * Add a timeout for open channels whose c->ctype (or c->xctype if it is set) + * match type_pattern. + */ +void +channel_add_timeout(struct ssh *ssh, const char *type_pattern, + u_int timeout_secs) +{ + struct ssh_channels *sc = ssh->chanctxt; + + debug2_f("channel type \"%s\" timeout %u seconds", + type_pattern, timeout_secs); + sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts, + sc->ntimeouts + 1, sizeof(*sc->timeouts)); + sc->timeouts[sc->ntimeouts].type_pattern = xstrdup(type_pattern); + sc->timeouts[sc->ntimeouts].timeout_secs = timeout_secs; + sc->ntimeouts++; +} + +/* Clears all previously-added channel timeouts */ +void +channel_clear_timeouts(struct ssh *ssh) +{ + struct ssh_channels *sc = ssh->chanctxt; + size_t i; + + debug3_f("clearing"); + for (i = 0; i < sc->ntimeouts; i++) + free(sc->timeouts[i].type_pattern); + free(sc->timeouts); + sc->timeouts = NULL; + sc->ntimeouts = 0; +} + +static u_int +lookup_timeout(struct ssh *ssh, const char *type) +{ + struct ssh_channels *sc = ssh->chanctxt; + size_t i; + + for (i = 0; i < sc->ntimeouts; i++) { + if (match_pattern(type, sc->timeouts[i].type_pattern)) + return sc->timeouts[i].timeout_secs; + } + + return 0; +} + +/* + * Sets "extended type" of a channel; used by session layer to add additional + * information about channel types (e.g. shell, login, subsystem) that can then + * be used to select timeouts. + * Will reset c->inactive_deadline as a side-effect. + */ +void +channel_set_xtype(struct ssh *ssh, int id, const char *xctype) +{ + Channel *c; + + if ((c = channel_by_id(ssh, id)) == NULL) + fatal_f("missing channel %d", id); + if (c->xctype != NULL) + free(c->xctype); + c->xctype = xstrdup(xctype); + /* Type has changed, so look up inactivity deadline again */ + c->inactive_deadline = lookup_timeout(ssh, c->xctype); + debug2_f("labeled channel %d as %s (inactive timeout %u)", id, xctype, + c->inactive_deadline); +} + /* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd @@ -307,12 +387,14 @@ static void channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, int extusage, int nonblock, int is_tty) { + int val; + if (rfd != -1) - fcntl(rfd, F_SETFD, FD_CLOEXEC); + (void)fcntl(rfd, F_SETFD, FD_CLOEXEC); if (wfd != -1 && wfd != rfd) - fcntl(wfd, F_SETFD, FD_CLOEXEC); + (void)fcntl(wfd, F_SETFD, FD_CLOEXEC); if (efd != -1 && efd != rfd && efd != wfd) - fcntl(efd, F_SETFD, FD_CLOEXEC); + (void)fcntl(efd, F_SETFD, FD_CLOEXEC); c->rfd = rfd; c->wfd = wfd; @@ -336,15 +418,21 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, * restore their blocking state on exit to avoid interfering * with other programs that follow. */ - if (rfd != -1 && !isatty(rfd) && fcntl(rfd, F_GETFL) == 0) { + if (rfd != -1 && !isatty(rfd) && + (val = fcntl(rfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags[0] = val; c->restore_block |= CHANNEL_RESTORE_RFD; set_nonblock(rfd); } - if (wfd != -1 && !isatty(wfd) && fcntl(wfd, F_GETFL) == 0) { + if (wfd != -1 && !isatty(wfd) && + (val = fcntl(wfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags[1] = val; c->restore_block |= CHANNEL_RESTORE_WFD; set_nonblock(wfd); } - if (efd != -1 && !isatty(efd) && fcntl(efd, F_GETFL) == 0) { + if (efd != -1 && !isatty(efd) && + (val = fcntl(efd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags[2] = val; c->restore_block |= CHANNEL_RESTORE_EFD; set_nonblock(efd); } @@ -359,15 +447,15 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, } /* - * Allocate a new channel object and set its type and socket. This will cause - * remote_name to be freed. + * Allocate a new channel object and set its type and socket. */ Channel * channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, - u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) + u_int window, u_int maxpack, int extusage, const char *remote_name, + int nonblock) { struct ssh_channels *sc = ssh->chanctxt; - u_int i, found; + u_int i, found = 0; Channel *c; int r; @@ -414,8 +502,10 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, c->remote_name = xstrdup(remote_name); c->ctl_chan = -1; c->delayed = 1; /* prevent call to channel_post handler */ + c->inactive_deadline = lookup_timeout(ssh, c->ctype); TAILQ_INIT(&c->status_confirms); - debug("channel %d: new [%s]", found, remote_name); + debug("channel %d: new %s [%s] (inactive timeout: %u)", + found, c->ctype, remote_name, c->inactive_deadline); return c; } @@ -427,10 +517,16 @@ channel_close_fd(struct ssh *ssh, Channel *c, int *fdp) if (fd == -1) return 0; - if ((*fdp == c->rfd && (c->restore_block & CHANNEL_RESTORE_RFD) != 0) || - (*fdp == c->wfd && (c->restore_block & CHANNEL_RESTORE_WFD) != 0) || - (*fdp == c->efd && (c->restore_block & CHANNEL_RESTORE_EFD) != 0)) - (void)fcntl(*fdp, F_SETFL, 0); /* restore blocking */ + /* restore blocking */ + if (*fdp == c->rfd && + (c->restore_block & CHANNEL_RESTORE_RFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags[0]); + else if (*fdp == c->wfd && + (c->restore_block & CHANNEL_RESTORE_WFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags[1]); + else if (*fdp == c->efd && + (c->restore_block & CHANNEL_RESTORE_EFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags[2]); if (*fdp == c->rfd) { c->io_want &= ~SSH_CHAN_IO_RFD; @@ -655,6 +751,8 @@ channel_free(struct ssh *ssh, Channel *c) c->path = NULL; free(c->listening_addr); c->listening_addr = NULL; + free(c->xctype); + c->xctype = NULL; while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(ssh, c, cc->ctx); @@ -870,9 +968,9 @@ channel_format_status(const Channel *c) { char *ret = NULL; - xasprintf(&ret, "t%d %s%u i%u/%zu o%u/%zu e[%s]/%zu " + xasprintf(&ret, "t%d [%s] %s%u i%u/%zu o%u/%zu e[%s]/%zu " "fd %d/%d/%d sock %d cc %d io 0x%02x/0x%02x", - c->type, + c->type, c->xctype != NULL ? c->xctype : c->ctype, c->have_remote_id ? "r" : "nr", c->remote_id, c->istate, sshbuf_len(c->input), c->ostate, sshbuf_len(c->output), @@ -1086,6 +1184,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd, channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty); c->type = SSH_CHANNEL_OPEN; + c->lastused = monotime(); c->local_window = c->local_window_max = window_max; if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || @@ -1185,7 +1284,7 @@ x11_open_helper(struct ssh *ssh, struct sshbuf *b) /* Is this being called after the refusal deadline? */ if (sc->x11_refuse_time != 0 && - (u_int)monotime() >= sc->x11_refuse_time) { + monotime() >= sc->x11_refuse_time) { verbose("Rejected X11 connection after ForwardX11Timeout " "expired"); return -1; @@ -1243,6 +1342,32 @@ x11_open_helper(struct ssh *ssh, struct sshbuf *b) return 1; } +void +channel_force_close(struct ssh *ssh, Channel *c, int abandon) +{ + debug3_f("channel %d: forcibly closing", c->self); + if (c->istate == CHAN_INPUT_OPEN) + chan_read_failed(ssh, c); + if (c->istate == CHAN_INPUT_WAIT_DRAIN) { + sshbuf_reset(c->input); + chan_ibuf_empty(ssh, c); + } + if (c->ostate == CHAN_OUTPUT_OPEN || + c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { + sshbuf_reset(c->output); + chan_write_failed(ssh, c); + } + if (c->detach_user) + c->detach_user(ssh, c->self, 1, NULL); + if (c->efd != -1) + channel_close_fd(ssh, c, &c->efd); + if (abandon) + c->type = SSH_CHANNEL_ABANDONED; + /* exempt from inactivity timeouts */ + c->inactive_deadline = 0; + c->lastused = 0; +} + static void channel_pre_x11_open(struct ssh *ssh, Channel *c) { @@ -1252,17 +1377,14 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c) if (ret == 1) { c->type = SSH_CHANNEL_OPEN; + c->lastused = monotime(); channel_pre_open(ssh, c); } else if (ret == -1) { - logit("X11 connection rejected because of wrong authentication."); + logit("X11 connection rejected because of wrong " + "authentication."); debug2("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate); - chan_read_failed(ssh, c); - sshbuf_reset(c->input); - chan_ibuf_empty(ssh, c); - sshbuf_reset(c->output); - chan_write_failed(ssh, c); - debug2("X11 closed %d i%d/o%d", c->self, c->istate, c->ostate); + channel_force_close(ssh, c, 0); } } @@ -1612,11 +1734,7 @@ static void rdynamic_close(struct ssh *ssh, Channel *c) { c->type = SSH_CHANNEL_OPEN; - chan_read_failed(ssh, c); - sshbuf_reset(c->input); - chan_ibuf_empty(ssh, c); - sshbuf_reset(c->output); - chan_write_failed(ssh, c); + channel_force_close(ssh, c, 0); } /* reverse dynamic port forwarding */ @@ -1714,7 +1832,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c) snprintf(buf, sizeof buf, "X11 connection from %.200s port %d", remote_ipaddr, remote_port); - nc = channel_new(ssh, "accepted x11 socket", + nc = channel_new(ssh, "x11-connection", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, buf, 1); open_preamble(ssh, __func__, nc, "x11"); @@ -1787,7 +1905,7 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype) } void -channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time) +channel_set_x11_refuse_time(struct ssh *ssh, time_t refuse_time) { ssh->chanctxt->x11_refuse_time = refuse_time; } @@ -1873,7 +1991,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c) c->notbefore = monotime() + 1; return; } - nc = channel_new(ssh, "accepted auth socket", + nc = channel_new(ssh, "agent-connection", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, "accepted auth socket", 1); @@ -1894,15 +2012,19 @@ channel_post_connecting(struct ssh *ssh, Channel *c) fatal_f("channel %d: no remote id", c->self); /* for rdynamic the OPEN_CONFIRMATION has been sent already */ isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) { err = errno; error("getsockopt SO_ERROR failed"); } + if (err == 0) { + /* Non-blocking connection completed */ debug("channel %d: connected to %s port %d", c->self, c->connect_ctx.host, c->connect_ctx.port); channel_connect_ctx_free(&c->connect_ctx); c->type = SSH_CHANNEL_OPEN; + c->lastused = monotime(); if (isopen) { /* no message necessary */ } else { @@ -1915,16 +2037,17 @@ channel_post_connecting(struct ssh *ssh, Channel *c) (r = sshpkt_send(ssh)) != 0) fatal_fr(r, "channel %i open confirm", c->self); } - } else { - debug("channel %d: connection failed: %s", - c->self, strerror(err)); - /* Try next address, if any */ - if ((sock = connect_next(&c->connect_ctx)) > 0) { - close(c->sock); - c->sock = c->rfd = c->wfd = sock; - return; - } - /* Exhausted all addresses */ + return; + } + if (err == EINTR || err == EAGAIN || err == EINPROGRESS) + return; + + /* Non-blocking connection failed */ + debug("channel %d: connection failed: %s", c->self, strerror(err)); + + /* Try next address, if any */ + if ((sock = connect_next(&c->connect_ctx)) == -1) { + /* Exhausted all addresses for this destination */ error("connect_to %.100s port %d: failed.", c->connect_ctx.host, c->connect_ctx.port); channel_connect_ctx_free(&c->connect_ctx); @@ -1943,6 +2066,10 @@ channel_post_connecting(struct ssh *ssh, Channel *c) chan_mark_dead(ssh, c); } } + + /* New non-blocking connection in progress */ + close(c->sock); + c->sock = c->rfd = c->wfd = sock; } static int @@ -1951,7 +2078,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) char buf[CHAN_RBUF]; ssize_t len; int r, force; - size_t have, avail, maxlen = CHANNEL_MAX_READ; + size_t nr = 0, have, avail, maxlen = CHANNEL_MAX_READ; int pty_zeroread = 0; #ifdef PTY_ZEROREAD @@ -1980,7 +2107,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) } if (maxlen > avail) maxlen = avail; - if ((r = sshbuf_read(c->rfd, c->input, maxlen, NULL)) != 0) { + if ((r = sshbuf_read(c->rfd, c->input, maxlen, &nr)) != 0) { if (errno == EINTR || (!force && (errno == EAGAIN || errno == EWOULDBLOCK))) return 1; @@ -1988,6 +2115,8 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) c->self, c->rfd, maxlen, ssh_err(r)); goto rfail; } + if (nr != 0) + c->lastused = monotime(); return 1; } @@ -2013,6 +2142,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) } return -1; } + c->lastused = monotime(); if (c->input_filter != NULL) { if (c->input_filter(ssh, c, buf, len) == -1) { debug2("channel %d: filter stops", c->self); @@ -2093,6 +2223,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c) } return -1; } + c->lastused = monotime(); #ifndef BROKEN_TCGETATTR_ICANON if (c->isatty && dlen >= 1 && buf[0] != '\r') { if (tcgetattr(c->wfd, &tio) == 0 && @@ -2141,6 +2272,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c) if ((r = sshbuf_consume(c->extended, len)) != 0) fatal_fr(r, "channel %i: consume", c->self); c->local_consumed += len; + c->lastused = monotime(); } return 1; } @@ -2165,7 +2297,10 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c) if (len <= 0) { debug2("channel %d: closing read-efd %d", c->self, c->efd); channel_close_fd(ssh, c, &c->efd); - } else if (c->extended_usage == CHAN_EXTENDED_IGNORE) + return 1; + } + c->lastused = monotime(); + if (c->extended_usage == CHAN_EXTENDED_IGNORE) debug3("channel %d: discard efd", c->self); else if ((r = sshbuf_put(c->extended, buf, len)) != 0) fatal_fr(r, "channel %i: append", c->self); @@ -2363,7 +2498,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c) close(newsock); return; } - nc = channel_new(ssh, "multiplex client", SSH_CHANNEL_MUX_CLIENT, + nc = channel_new(ssh, "mux-control", SSH_CHANNEL_MUX_CLIENT, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, "mux-control", 1); nc->mux_rcb = c->mux_rcb; @@ -2425,7 +2560,7 @@ channel_garbage_collect(struct ssh *ssh, Channel *c) return; debug2("channel %d: gc: notify user", c->self); - c->detach_user(ssh, c->self, NULL); + c->detach_user(ssh, c->self, 0, NULL); /* if we still have a callback */ if (c->detach_user != NULL) return; @@ -2440,7 +2575,7 @@ channel_garbage_collect(struct ssh *ssh, Channel *c) enum channel_table { CHAN_PRE, CHAN_POST }; static void -channel_handler(struct ssh *ssh, int table, time_t *unpause_secs) +channel_handler(struct ssh *ssh, int table, struct timespec *timeout) { struct ssh_channels *sc = ssh->chanctxt; chan_fn **ftab = table == CHAN_PRE ? sc->channel_pre : sc->channel_post; @@ -2449,12 +2584,13 @@ channel_handler(struct ssh *ssh, int table, time_t *unpause_secs) time_t now; now = monotime(); - if (unpause_secs != NULL) - *unpause_secs = 0; for (i = 0, oalloc = sc->channels_alloc; i < oalloc; i++) { c = sc->channels[i]; if (c == NULL) continue; + /* Try to keep IO going while rekeying */ + if (ssh_packet_is_rekeying(ssh) && c->type != SSH_CHANNEL_OPEN) + continue; if (c->delayed) { if (table == CHAN_PRE) c->delayed = 0; @@ -2462,29 +2598,37 @@ channel_handler(struct ssh *ssh, int table, time_t *unpause_secs) continue; } if (ftab[c->type] != NULL) { - /* - * Run handlers that are not paused. - */ - if (c->notbefore <= now) + if (table == CHAN_PRE && + c->type == SSH_CHANNEL_OPEN && + c->inactive_deadline != 0 && c->lastused != 0 && + now >= c->lastused + c->inactive_deadline) { + /* channel closed for inactivity */ + verbose("channel %d: closing after %u seconds " + "of inactivity", c->self, + c->inactive_deadline); + channel_force_close(ssh, c, 1); + } else if (c->notbefore <= now) { + /* Run handlers that are not paused. */ (*ftab[c->type])(ssh, c); - else if (unpause_secs != NULL) { + /* inactivity timeouts must interrupt poll() */ + if (timeout != NULL && + c->type == SSH_CHANNEL_OPEN && + c->lastused != 0 && + c->inactive_deadline != 0) { + ptimeout_deadline_monotime(timeout, + c->lastused + c->inactive_deadline); + } + } else if (timeout != NULL) { /* - * Collect the time that the earliest - * channel comes off pause. + * Arrange for poll() wakeup when channel pause + * timer expires. */ - debug3_f("chan %d: skip for %d more " - "seconds", c->self, - (int)(c->notbefore - now)); - if (*unpause_secs == 0 || - (c->notbefore - now) < *unpause_secs) - *unpause_secs = c->notbefore - now; + ptimeout_deadline_monotime(timeout, + c->notbefore); } } channel_garbage_collect(ssh, c); } - if (unpause_secs != NULL && *unpause_secs != 0) - debug3_f("first channel unpauses in %d seconds", - (int)*unpause_secs); } /* @@ -2630,30 +2774,31 @@ channel_prepare_pollfd(Channel *c, u_int *next_pollfd, /* * Allocate/prepare poll structure */ void channel_prepare_poll(struct ssh *ssh, struct pollfd **pfdp, u_int *npfd_allocp, - u_int *npfd_activep, u_int npfd_reserved, time_t *minwait_secs) + u_int *npfd_activep, u_int npfd_reserved, struct timespec *timeout) { struct ssh_channels *sc = ssh->chanctxt; u_int i, oalloc, p, npfd = npfd_reserved; channel_before_prepare_io(ssh); /* might create a new channel */ - + /* clear out I/O flags from last poll */ + for (i = 0; i < sc->channels_alloc; i++) { + if (sc->channels[i] == NULL) + continue; + sc->channels[i]->io_want = sc->channels[i]->io_ready = 0; + } /* Allocate 4x pollfd for each channel (rfd, wfd, efd, sock) */ if (sc->channels_alloc >= (INT_MAX / 4) - npfd_reserved) fatal_f("too many channels"); /* shouldn't happen */ - if (!ssh_packet_is_rekeying(ssh)) - npfd += sc->channels_alloc * 4; + npfd += sc->channels_alloc * 4; if (npfd > *npfd_allocp) { *pfdp = xrecallocarray(*pfdp, *npfd_allocp, npfd, sizeof(**pfdp)); *npfd_allocp = npfd; } *npfd_activep = npfd_reserved; - if (ssh_packet_is_rekeying(ssh)) - return; - oalloc = sc->channels_alloc; - channel_handler(ssh, CHAN_PRE, minwait_secs); + channel_handler(ssh, CHAN_PRE, timeout); if (oalloc != sc->channels_alloc) { /* shouldn't happen */ @@ -3002,7 +3147,7 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) error_fr(r, "parse"); goto out; } - c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY, + c = channel_new(ssh, "mux-proxy", SSH_CHANNEL_MUX_PROXY, -1, -1, -1, 0, 0, 0, ctype, 1); c->mux_ctx = downstream; /* point to mux client */ c->mux_downstream_id = id; /* original downstream id */ @@ -3029,7 +3174,7 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) error_fr(r, "parse"); goto out; } - c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY, + c = channel_new(ssh, "mux-proxy", SSH_CHANNEL_MUX_PROXY, -1, -1, -1, 0, 0, 0, "mux-down-connect", 1); c->mux_ctx = downstream; /* point to mux client */ c->mux_downstream_id = id; @@ -3412,6 +3557,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx); debug2_f("channel %d: callback done", c->self); } + c->lastused = monotime(); debug2("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); return 0; @@ -3754,7 +3900,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, /* Allocate a channel number for the socket. */ /* explicitly test for hpn disabled option. if true use smaller window size */ - c = channel_new(ssh, "port listener", type, sock, sock, -1, + c = channel_new(ssh, "port-listener", type, sock, sock, -1, hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); @@ -3838,7 +3984,7 @@ channel_setup_fwd_listener_streamlocal(struct ssh *ssh, int type, debug("Local forwarding listening on path %s.", fwd->listen_path); /* Allocate a channel number for the socket. */ - c = channel_new(ssh, "unix listener", type, sock, sock, -1, + c = channel_new(ssh, "unix-listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "unix listener", 1); c->path = xstrdup(path); @@ -4117,7 +4263,7 @@ int channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) { int r, success = 0, idx = -1; - char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL; + const char *host_to_connect, *listen_host, *listen_path; int port_to_connect, listen_port; /* Send the forward request to the remote side. */ @@ -4145,29 +4291,26 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) success = 1; if (success) { /* Record that connection to this host/port is permitted. */ + host_to_connect = listen_host = listen_path = NULL; port_to_connect = listen_port = 0; if (fwd->connect_path != NULL) { - host_to_connect = xstrdup(fwd->connect_path); + host_to_connect = fwd->connect_path; port_to_connect = PORT_STREAMLOCAL; } else { - host_to_connect = xstrdup(fwd->connect_host); + host_to_connect = fwd->connect_host; port_to_connect = fwd->connect_port; } if (fwd->listen_path != NULL) { - listen_path = xstrdup(fwd->listen_path); + listen_path = fwd->listen_path; listen_port = PORT_STREAMLOCAL; } else { - if (fwd->listen_host != NULL) - listen_host = xstrdup(fwd->listen_host); + listen_host = fwd->listen_host; listen_port = fwd->listen_port; } idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, host_to_connect, port_to_connect, listen_host, listen_path, listen_port, NULL); } - free(host_to_connect); - free(listen_host); - free(listen_path); return idx; } @@ -4441,13 +4584,15 @@ connect_next(struct channel_connect *cctx) if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("connect_next: getnameinfo failed"); + error_f("getnameinfo failed"); continue; } break; default: continue; } + debug_f("start for host %.100s ([%.100s]:%s)", + cctx->host, ntop, strport); if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, cctx->ai->ai_protocol)) == -1) { if (cctx->ai->ai_next == NULL) @@ -4460,9 +4605,8 @@ connect_next(struct channel_connect *cctx) fatal_f("set_nonblock(%d)", sock); if (connect(sock, cctx->ai->ai_addr, cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) { - debug("connect_next: host %.100s ([%.100s]:%s): " - "%.100s", cctx->host, ntop, strport, - strerror(errno)); + debug_f("host %.100s ([%.100s]:%s): %.100s", + cctx->host, ntop, strport, strerror(errno)); saved_errno = errno; close(sock); errno = saved_errno; @@ -4470,8 +4614,8 @@ connect_next(struct channel_connect *cctx) } if (cctx->ai->ai_family != AF_UNIX) set_nodelay(sock); - debug("connect_next: host %.100s ([%.100s]:%s) " - "in progress, fd=%d", cctx->host, ntop, strport, sock); + debug_f("connect host %.100s ([%.100s]:%s) in progress, fd=%d", + cctx->host, ntop, strport, sock); cctx->ai = cctx->ai->ai_next; return sock; } @@ -4940,7 +5084,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; - nc = channel_new(ssh, "x11 listener", + nc = channel_new(ssh, "x11-listener", SSH_CHANNEL_X11_LISTENER, sock, sock, -1, hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, diff --git a/gsi_openssh/source/channels.h b/gsi_openssh/source/channels.h index b63ab0fef8..f56d233842 100644 --- a/gsi_openssh/source/channels.h +++ b/gsi_openssh/source/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.142 2022/03/30 21:10:25 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.149 2023/03/04 03:22:59 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -88,7 +88,7 @@ typedef struct Channel Channel; struct fwd_perm_list; typedef void channel_open_fn(struct ssh *, int, int, void *); -typedef void channel_callback_fn(struct ssh *, int, void *); +typedef void channel_callback_fn(struct ssh *, int, int, void *); typedef int channel_infilter_fn(struct ssh *, struct Channel *, char *, int); typedef void channel_filter_cleanup_fn(struct ssh *, int, void *); typedef u_char *channel_outfilter_fn(struct ssh *, struct Channel *, @@ -153,6 +153,7 @@ struct Channel { * this way post-IO handlers are not * accidentally called if a FD gets reused */ int restore_block; /* fd mask to restore blocking status */ + int restore_flags[3];/* flags to restore */ struct sshbuf *input; /* data read from socket, to be sent over * encrypted connection */ struct sshbuf *output; /* data received over encrypted connection for @@ -177,7 +178,8 @@ struct Channel { int single_connection; u_int tcpwinsz; - char *ctype; /* type */ + char *ctype; /* const type - NB. not freed on channel_free */ + char *xctype; /* extended type */ /* callback */ channel_open_fn *open_confirm; @@ -204,6 +206,13 @@ struct Channel { void *mux_ctx; int mux_pause; int mux_downstream_id; + + /* Inactivity timeouts */ + + /* Last traffic seen for OPEN channels */ + time_t lastused; + /* Inactivity timeout deadline in seconds (0 = no timeout) */ + u_int inactive_deadline; }; #define CHAN_EXTENDED_IGNORE 0 @@ -277,12 +286,14 @@ Channel *channel_by_id(struct ssh *, int); Channel *channel_by_remote_id(struct ssh *, u_int); Channel *channel_lookup(struct ssh *, int); Channel *channel_new(struct ssh *, char *, int, int, int, int, - u_int, u_int, int, char *, int); + u_int, u_int, int, const char *, int); void channel_set_fds(struct ssh *, int, int, int, int, int, int, int, u_int); void channel_free(struct ssh *, Channel *); void channel_free_all(struct ssh *); void channel_stop_listening(struct ssh *); +void channel_force_close(struct ssh *, Channel *, int); +void channel_set_xtype(struct ssh *, int, const char *); void channel_send_open(struct ssh *, int); void channel_request_start(struct ssh *, int, char *, int); @@ -298,6 +309,10 @@ void channel_cancel_cleanup(struct ssh *, int); int channel_close_fd(struct ssh *, Channel *, int *); void channel_send_window_changes(struct ssh *); +/* channel inactivity timeouts */ +void channel_add_timeout(struct ssh *, const char *, u_int); +void channel_clear_timeouts(struct ssh *); + /* mux proxy support */ int channel_proxy_downstream(struct ssh *, Channel *mc); @@ -317,9 +332,10 @@ int channel_input_status_confirm(int, u_int32_t, struct ssh *); /* file descriptor handling (read/write) */ struct pollfd; +struct timespec; void channel_prepare_poll(struct ssh *, struct pollfd **, - u_int *, u_int *, u_int, time_t *); + u_int *, u_int *, u_int, struct timespec *); void channel_after_poll(struct ssh *, struct pollfd *, u_int); void channel_output_poll(struct ssh *); @@ -361,7 +377,7 @@ int permitopen_port(const char *); /* x11 forwarding */ -void channel_set_x11_refuse_time(struct ssh *, u_int); +void channel_set_x11_refuse_time(struct ssh *, time_t); int x11_connect_display(struct ssh *); int x11_create_display_inet(struct ssh *, int, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int, diff --git a/gsi_openssh/source/cipher-ctr.c b/gsi_openssh/source/cipher-ctr.c deleted file mode 100644 index bc0687d32f..0000000000 --- a/gsi_openssh/source/cipher-ctr.c +++ /dev/null @@ -1,187 +0,0 @@ -/* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include "includes.h" - -#if defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) -#include - -#include -#include - -#include - -#include "xmalloc.h" -#include "log.h" - -/* compatibility with old or broken OpenSSL versions */ -#include "openbsd-compat/openssl-compat.h" - -#ifndef USE_BUILTIN_RIJNDAEL -#include -#endif - -struct ssh_aes_ctr_ctx -{ - EVP_CIPHER_CTX ecbctx; - u_char aes_counter[AES_BLOCK_SIZE]; -}; - -/* - * increment counter 'ctr', - * the counter is of size 'len' bytes and stored in network-byte-order. - * (LSB at ctr[len-1], MSB at ctr[0]) - */ -static void -ssh_ctr_inc(u_char *ctr, size_t len) -{ - int i; - - for (i = len - 1; i >= 0; i--) - if (++ctr[i]) /* continue on overflow */ - return; -} - -static int -ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - LIBCRYPTO_EVP_INL_TYPE len) -{ - struct ssh_aes_ctr_ctx *c; - size_t n = 0; - u_char ctrbuf[AES_BLOCK_SIZE*256]; - u_char buf[AES_BLOCK_SIZE*256]; - - if (len == 0) - return (1); - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) - return (0); - - for (; len > 0; len -= sizeof(u_int)) { - u_int r,a,b; - - if (n == 0) { - int outl, i, buflen; - - buflen = MIN(len, sizeof(ctrbuf)); - - for(i = 0; i < buflen; i += AES_BLOCK_SIZE) { - memcpy(&ctrbuf[i], c->aes_counter, AES_BLOCK_SIZE); - ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); - } - - EVP_EncryptUpdate(&c->ecbctx, buf, &outl, - ctrbuf, buflen); - } - - memcpy(&a, src, sizeof(a)); - memcpy(&b, &buf[n], sizeof(b)); - r = a ^ b; - memcpy(dest, &r, sizeof(r)); - src += sizeof(a); - dest += sizeof(r); - - n = (n + sizeof(b)) % sizeof(buf); - } - memset(ctrbuf, '\0', sizeof(ctrbuf)); - memset(buf, '\0', sizeof(buf)); - return (1); -} - -static int -ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - int enc) -{ - struct ssh_aes_ctr_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - c = xmalloc(sizeof(*c)); - EVP_CIPHER_CTX_set_app_data(ctx, c); - } - - EVP_CIPHER_CTX_init(&c->ecbctx); - - if (key != NULL) { - const EVP_CIPHER *cipher; - switch(EVP_CIPHER_CTX_key_length(ctx)*8) { - case 128: - cipher = EVP_aes_128_ecb(); - break; - case 192: - cipher = EVP_aes_192_ecb(); - break; - case 256: - cipher = EVP_aes_256_ecb(); - break; - default: - fatal("ssh_aes_ctr_init: wrong aes key length"); - } - if(!EVP_EncryptInit_ex(&c->ecbctx, cipher, NULL, key, NULL)) - fatal("ssh_aes_ctr_init: cannot initialize aes encryption"); - EVP_CIPHER_CTX_set_padding(&c->ecbctx, 0); - } - if (iv != NULL) - memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); - return (1); -} - -static int -ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) -{ - struct ssh_aes_ctr_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { - EVP_CIPHER_CTX_cleanup(&c->ecbctx); - memset(c, 0, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); - } - return (1); -} - -void -ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len) -{ - struct ssh_aes_ctr_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - fatal("ssh_aes_ctr_iv: no context"); - if (doset) - memcpy(c->aes_counter, iv, len); - else - memcpy(iv, c->aes_counter, len); -} - -const EVP_CIPHER * -evp_aes_128_ctr(void) -{ - static EVP_CIPHER aes_ctr; - - memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); - aes_ctr.nid = NID_undef; - aes_ctr.block_size = AES_BLOCK_SIZE; - aes_ctr.iv_len = AES_BLOCK_SIZE; - aes_ctr.key_len = 16; - aes_ctr.init = ssh_aes_ctr_init; - aes_ctr.cleanup = ssh_aes_ctr_cleanup; - aes_ctr.do_cipher = ssh_aes_ctr; -#ifndef SSH_OLD_EVP - aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | - EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; -#endif - return (&aes_ctr); -} - -#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) */ diff --git a/gsi_openssh/source/cipher.c b/gsi_openssh/source/cipher.c index 219b48a230..dca911dabc 100644 --- a/gsi_openssh/source/cipher.c +++ b/gsi_openssh/source/cipher.c @@ -79,12 +79,10 @@ static struct sshcipher ciphers[] = { { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -# ifdef OPENSSL_HAVE_EVPGCM { "aes128-gcm@openssh.com", 16, 16, 12, 16, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -# endif /* OPENSSL_HAVE_EVPGCM */ #else { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, @@ -496,11 +494,6 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) return SSH_ERR_LIBCRYPTO_ERROR; if ((size_t)evplen != len) return SSH_ERR_INVALID_ARGUMENT; -#ifndef OPENSSL_HAVE_EVPCTR - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 0, iv, len); - else -#endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) @@ -530,12 +523,6 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) return SSH_ERR_LIBCRYPTO_ERROR; if ((size_t)evplen != len) return SSH_ERR_INVALID_ARGUMENT; -#ifndef OPENSSL_HAVE_EVPCTR - /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen); - else -#endif if (cipher_authlen(c)) { /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ if (!EVP_CIPHER_CTX_ctrl(cc->evp, diff --git a/gsi_openssh/source/clientloop.c b/gsi_openssh/source/clientloop.c index 5ec98d3e6d..10fddc81f7 100644 --- a/gsi_openssh/source/clientloop.c +++ b/gsi_openssh/source/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.378 2022/01/22 00:49:34 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.390 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -162,8 +162,10 @@ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed; /* In SSH2: login session closed. */ -static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ +static time_t x11_refuse_time; /* If >0, refuse x11 opens after this time. */ static time_t server_alive_time; /* Time to do server_alive_check */ +static int hostkeys_update_complete; +static int session_setup_complete; static void client_init_dispatch(struct ssh *ssh); int session_ident = -1; @@ -217,7 +219,6 @@ quit_message(const char *fmt, ...) * Signal handler for the window change signal (SIGWINCH). This just sets a * flag indicating that the window has changed. */ -/*ARGSUSED */ static void window_change_handler(int sig) { @@ -228,7 +229,6 @@ window_change_handler(int sig) * Signal handler for signals that cause the program to terminate. These * signals must be trapped to restore terminal modes. */ -/*ARGSUSED */ static void signal_handler(int sig) { @@ -378,8 +378,8 @@ client_x11_get_proto(struct ssh *ssh, const char *display, if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; - if (UINT_MAX - timeout < now) - x11_refuse_time = UINT_MAX; + if (SSH_TIME_T_MAX - timeout < now) + x11_refuse_time = SSH_TIME_T_MAX; else x11_refuse_time = now + timeout; channel_set_x11_refuse_time(ssh, @@ -520,16 +520,15 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, u_int *npfd_allocp, u_int *npfd_activep, int rekeying, int *conn_in_readyp, int *conn_out_readyp) { - int timeout_secs, pollwait; - time_t minwait_secs = 0, now = monotime(); + struct timespec timeout; int ret; u_int p; *conn_in_readyp = *conn_out_readyp = 0; /* Prepare channel poll. First two pollfd entries are reserved */ - channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, - &minwait_secs); + ptimeout_init(&timeout); + channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout); if (*npfd_activep < 2) fatal_f("bad npfd %u", *npfd_activep); /* shouldn't happen */ @@ -553,30 +552,17 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp, * some polled descriptor can be read, written, or has some other * event pending, or a timeout expires. */ - - timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ + set_control_persist_exit_time(ssh); + if (control_persist_exit_time > 0) + ptimeout_deadline_monotime(&timeout, control_persist_exit_time); if (options.server_alive_interval > 0) - timeout_secs = MAXIMUM(server_alive_time - now, 0); - if (options.rekey_interval > 0 && !rekeying) - timeout_secs = MINIMUM(timeout_secs, + ptimeout_deadline_monotime(&timeout, server_alive_time); + if (options.rekey_interval > 0 && !rekeying) { + ptimeout_deadline_sec(&timeout, ssh_packet_get_rekey_timeout(ssh)); - set_control_persist_exit_time(ssh); - if (control_persist_exit_time > 0) { - timeout_secs = MINIMUM(timeout_secs, - control_persist_exit_time - now); - if (timeout_secs < 0) - timeout_secs = 0; - } - if (minwait_secs != 0) - timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs); - if (timeout_secs == INT_MAX) - pollwait = -1; - else if (timeout_secs >= INT_MAX / 1000) - pollwait = INT_MAX; - else - pollwait = timeout_secs * 1000; + } - ret = poll(*pfdp, *npfd_activep, pollwait); + ret = poll(*pfdp, *npfd_activep, ptimeout_get_ms(&timeout)); if (ret == -1) { /* @@ -761,6 +747,72 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx) TAILQ_INSERT_TAIL(&global_confirms, gc, entry); } +/* + * Returns non-zero if the client is able to handle a hostkeys-00@openssh.com + * hostkey update request. + */ +static int +can_update_hostkeys(void) +{ + if (hostkeys_update_complete) + return 0; + if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && + options.batch_mode) + return 0; /* won't ask in batchmode, so don't even try */ + if (!options.update_hostkeys || options.num_user_hostfiles <= 0) + return 0; + return 1; +} + +static void +client_repledge(void) +{ + debug3_f("enter"); + + /* Might be able to tighten pledge now that session is established */ + if (options.control_master || options.control_path != NULL || + options.forward_x11 || options.fork_after_authentication || + can_update_hostkeys() || + (session_ident != -1 && !session_setup_complete)) { + /* Can't tighten */ + return; + } + /* + * LocalCommand and UpdateHostkeys have finished, so can get rid of + * filesystem. + * + * XXX protocol allows a server can to change hostkeys during the + * connection at rekey time that could trigger a hostkeys update + * but AFAIK no implementations support this. Could improve by + * forcing known_hosts to be read-only or via unveil(2). + */ + if (options.num_local_forwards != 0 || + options.num_remote_forwards != 0 || + options.num_permitted_remote_opens != 0 || + options.enable_escape_commandline != 0) { + /* rfwd needs inet */ + debug("pledge: network"); + if (pledge("stdio unix inet dns proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } else if (options.forward_agent != 0) { + /* agent forwarding needs to open $SSH_AUTH_SOCK at will */ + debug("pledge: agent"); + if (pledge("stdio unix proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } else { + debug("pledge: fork"); + if (pledge("stdio proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } + /* XXX further things to do: + * + * - might be able to get rid of proc if we kill ~^Z + * - ssh -N (no session) + * - stdio forwarding + * - sessions without tty + */ +} + static void process_cmdline(struct ssh *ssh) { @@ -850,8 +902,15 @@ process_cmdline(struct ssh *ssh) } logit("Canceled forwarding."); } else { - if (!parse_forward(&fwd, s, dynamic, remote)) { - logit("Bad forwarding specification."); + /* -R specs can be both dynamic or not, so check both. */ + if (remote) { + if (!parse_forward(&fwd, s, 0, remote) && + !parse_forward(&fwd, s, 1, remote)) { + logit("Bad remote forwarding specification."); + goto out; + } + } else if (!parse_forward(&fwd, s, dynamic, remote)) { + logit("Bad local forwarding specification."); goto out; } if (local || dynamic) { @@ -884,6 +943,7 @@ process_cmdline(struct ssh *ssh) #define SUPPRESS_MUXCLIENT 1 /* don't show in mux client sessions */ #define SUPPRESS_MUXMASTER 2 /* don't show in mux master sessions */ #define SUPPRESS_SYSLOG 4 /* don't show when logging to syslog */ +#define SUPPRESS_NOCMDLINE 8 /* don't show when cmdline disabled*/ struct escape_help_text { const char *cmd; const char *text; @@ -894,7 +954,7 @@ static struct escape_help_text esc_txt[] = { {".", "terminate connection (and any multiplexed sessions)", SUPPRESS_MUXCLIENT}, {"B", "send a BREAK to the remote system", SUPPRESS_NEVER}, - {"C", "open a command line", SUPPRESS_MUXCLIENT}, + {"C", "open a command line", SUPPRESS_MUXCLIENT|SUPPRESS_NOCMDLINE}, {"R", "request rekey", SUPPRESS_NEVER}, {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT}, {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT}, @@ -918,7 +978,8 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client, suppress_flags = (mux_client ? SUPPRESS_MUXCLIENT : 0) | (mux_client ? 0 : SUPPRESS_MUXMASTER) | - (using_stderr ? 0 : SUPPRESS_SYSLOG); + (using_stderr ? 0 : SUPPRESS_SYSLOG) | + (options.enable_escape_commandline == 0 ? SUPPRESS_NOCMDLINE : 0); for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { if (esc_txt[i].flags & suppress_flags) @@ -974,15 +1035,7 @@ process_escapes(struct ssh *ssh, Channel *c, efc->escape_char)) != 0) fatal_fr(r, "sshbuf_putf"); if (c && c->ctl_chan != -1) { - chan_read_failed(ssh, c); - chan_write_failed(ssh, c); - if (c->detach_user) { - c->detach_user(ssh, - c->self, NULL); - } - c->type = SSH_CHANNEL_ABANDONED; - sshbuf_reset(c->input); - chan_ibuf_empty(ssh, c); + channel_force_close(ssh, c, 1); return 0; } else quit_pending = 1; @@ -1112,6 +1165,12 @@ process_escapes(struct ssh *ssh, Channel *c, case 'C': if (c && c->ctl_chan != -1) goto noescape; + if (options.enable_escape_commandline == 0) { + if ((r = sshbuf_putf(berr, + "commandline disabled\r\n")) != 0) + fatal_fr(r, "sshbuf_putf"); + continue; + } process_cmdline(ssh); continue; @@ -1202,7 +1261,7 @@ client_simple_escape_filter(struct ssh *ssh, Channel *c, char *buf, int len) } static void -client_channel_closed(struct ssh *ssh, int id, void *arg) +client_channel_closed(struct ssh *ssh, int id, int force, void *arg) { channel_cancel_cleanup(ssh, id); session_closed = 1; @@ -1227,6 +1286,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, int conn_in_ready, conn_out_ready; debug("Entering interactive session."); + session_ident = ssh2_chan_id; if (options.control_master && !option_clear_or_none(options.control_path)) { @@ -1259,6 +1319,9 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, fatal_f("pledge(): %s", strerror(errno)); } + /* might be able to tighten now */ + client_repledge(); + start_time = monotime_double(); /* Initialize variables. */ @@ -1292,7 +1355,6 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if (have_pty) enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); - session_ident = ssh2_chan_id; if (session_ident != -1) { if (escape_char_arg != SSH_ESCAPECHAR_NONE) { channel_register_filter(ssh, session_ident, @@ -1352,9 +1414,8 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if (quit_pending) break; - /* Do channel operations unless rekeying in progress. */ - if (!ssh_packet_is_rekeying(ssh)) { - channel_after_poll(ssh, pfd, npfd_active); + /* Do channel operations. */ + channel_after_poll(ssh, pfd, npfd_active); #ifdef GSSAPI if (options.gss_renewal_rekey && @@ -1363,7 +1424,6 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, need_rekeying = 1; } #endif - } /* Buffer input from the connection. */ if (conn_in_ready) @@ -1567,7 +1627,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) "malicious server."); return NULL; } - if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { + if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { verbose("Rejected X11 connection after ForwardX11Timeout " "expired"); return NULL; @@ -1810,7 +1870,7 @@ struct hostkeys_update_ctx { * Keys received from the server and a flag for each indicating * whether they already exist in known_hosts. * keys_match is filled in by hostkeys_find() and later (for new - * keys) by client_global_hostkeys_private_confirm(). + * keys) by client_global_hostkeys_prove_confirm(). */ struct sshkey **keys; u_int *keys_match; /* mask of HKF_MATCH_* from hostfile.h */ @@ -2066,7 +2126,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) free(response); response = read_passphrase("Accept updated hostkeys? " "(yes/no): ", RP_ECHO); - if (strcasecmp(response, "yes") == 0) + if (response != NULL && strcasecmp(response, "yes") == 0) break; else if (quit_pending || response == NULL || strcasecmp(response, "no") == 0) { @@ -2118,7 +2178,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) } static void -client_global_hostkeys_private_confirm(struct ssh *ssh, int type, +client_global_hostkeys_prove_confirm(struct ssh *ssh, int type, u_int32_t seq, void *_ctx) { struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; @@ -2212,6 +2272,8 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, update_known_hosts(ctx); out: hostkeys_update_ctx_free(ctx); + hostkeys_update_complete = 1; + client_repledge(); } /* @@ -2245,7 +2307,7 @@ client_input_hostkeys(struct ssh *ssh) size_t i, len = 0; struct sshbuf *buf = NULL; struct sshkey *key = NULL, **tmp; - int r; + int r, prove_sent = 0; char *fp; static int hostkeys_seen = 0; /* XXX use struct ssh */ extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */ @@ -2254,11 +2316,9 @@ client_input_hostkeys(struct ssh *ssh) if (hostkeys_seen) fatal_f("server already sent hostkeys"); - if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && - options.batch_mode) - return 1; /* won't ask in batchmode, so don't even try */ - if (!options.update_hostkeys || options.num_user_hostfiles <= 0) + if (!can_update_hostkeys()) return 1; + hostkeys_seen = 1; ctx = xcalloc(1, sizeof(*ctx)); while (ssh_packet_remaining(ssh) > 0) { @@ -2425,14 +2485,20 @@ client_input_hostkeys(struct ssh *ssh) if ((r = sshpkt_send(ssh)) != 0) fatal_fr(r, "send hostkeys-prove"); client_register_global_confirm( - client_global_hostkeys_private_confirm, ctx); + client_global_hostkeys_prove_confirm, ctx); ctx = NULL; /* will be freed in callback */ + prove_sent = 1; /* Success */ out: hostkeys_update_ctx_free(ctx); sshkey_free(key); sshbuf_free(buf); + if (!prove_sent) { + /* UpdateHostkeys handling completed */ + hostkeys_update_complete = 1; + client_repledge(); + } /* * NB. Return success for all cases. The server doesn't need to know * what the client does with its hosts file. @@ -2485,7 +2551,8 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, char **env) { - int i, j, matched, len, r; + size_t i, j, len; + int matched, r; char *name, *val; Channel *c = NULL; @@ -2568,13 +2635,13 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, len = 900; if (want_subsystem) { debug("Sending subsystem: %.*s", - len, (const u_char*)sshbuf_ptr(cmd)); + (int)len, (const u_char*)sshbuf_ptr(cmd)); channel_request_start(ssh, id, "subsystem", 1); client_expect_confirm(ssh, id, "subsystem", CONFIRM_CLOSE); } else { debug("Sending command: %.*s", - len, (const u_char*)sshbuf_ptr(cmd)); + (int)len, (const u_char*)sshbuf_ptr(cmd)); channel_request_start(ssh, id, "exec", 1); client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE); } @@ -2587,6 +2654,9 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, if ((r = sshpkt_send(ssh)) != 0) fatal_fr(r, "send shell"); } + + session_setup_complete = 1; + client_repledge(); } static void diff --git a/gsi_openssh/source/compat.c b/gsi_openssh/source/compat.c index 2bd7e47e13..7a22076a5c 100644 --- a/gsi_openssh/source/compat.c +++ b/gsi_openssh/source/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.119 2021/09/10 05:46:09 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.126 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -36,13 +36,13 @@ #include "compat.h" #include "log.h" #include "match.h" -#include "kex.h" /* determine bug flags from SSH protocol banner */ void compat_banner(struct ssh *ssh, const char *version) { int i; + int forbid_ssh_rsa = 0; static struct { char *pat; int bugs; @@ -77,26 +77,8 @@ compat_banner(struct ssh *ssh, const char *version) { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, - { "1.2.18*," - "1.2.19*," - "1.2.20*," - "1.2.21*," - "1.2.22*", SSH_BUG_IGNOREMSG }, - { "1.3.2*", /* F-Secure */ - SSH_BUG_IGNOREMSG }, { "Cisco-1.*", SSH_BUG_DHGEX_LARGE| SSH_BUG_HOSTKEYS }, - { "*SSH Compatible Server*", /* Netscreen */ - SSH_BUG_PASSWORDPAD }, - { "*OSU_0*," - "OSU_1.0*," - "OSU_1.1*," - "OSU_1.2*," - "OSU_1.3*," - "OSU_1.4*," - "OSU_1.5alpha1*," - "OSU_1.5alpha2*," - "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, { "*SSH_Version_Mapper*", SSH_BUG_SCANNER }, { "PuTTY_Local:*," /* dev versions < Sep 2014 */ @@ -144,12 +126,15 @@ compat_banner(struct ssh *ssh, const char *version) }; /* process table, return first match */ + forbid_ssh_rsa = (ssh->compat & SSH_RH_RSASIGSHA); ssh->compat = 0; for (i = 0; check[i].pat; i++) { if (match_pattern_list(version, check[i].pat, 0) == 1) { debug_f("match: %s pat %s compat 0x%08x", version, check[i].pat, check[i].bugs); ssh->compat = check[i].bugs; + if (forbid_ssh_rsa) + ssh->compat |= SSH_RH_RSASIGSHA; /* Check to see if the remote side is OpenSSH and not HPN */ /* TODO: See if we can work this into the new method for bug checks */ if (strstr(version, "OpenSSH") != NULL) { @@ -165,41 +150,13 @@ compat_banner(struct ssh *ssh, const char *version) } } debug_f("no match: %s", version); + if (forbid_ssh_rsa) + ssh->compat |= SSH_RH_RSASIGSHA; } /* Always returns pointer to allocated memory, caller must free. */ char * -compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) -{ - if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) - return xstrdup(cipher_prop); - debug2_f("original cipher proposal: %s", cipher_prop); - if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) - fatal("match_filter_denylist failed"); - debug2_f("compat cipher proposal: %s", cipher_prop); - if (*cipher_prop == '\0') - fatal("No supported ciphers found"); - return cipher_prop; -} - -/* Always returns pointer to allocated memory, caller must free. */ -char * -compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) -{ - if (!(ssh->compat & SSH_BUG_RSASIGMD5)) - return xstrdup(pkalg_prop); - debug2_f("original public key proposal: %s", pkalg_prop); - if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) - fatal("match_filter_denylist failed"); - debug2_f("compat public key proposal: %s", pkalg_prop); - if (*pkalg_prop == '\0') - fatal("No supported PK algorithms found"); - return pkalg_prop; -} - -/* Always returns pointer to allocated memory, caller must free. */ -char * -compat_kex_proposal(struct ssh *ssh, char *p) +compat_kex_proposal(struct ssh *ssh, const char *p) { char *cp = NULL, *cp2 = NULL; diff --git a/gsi_openssh/source/compat.h b/gsi_openssh/source/compat.h index 86f7dbe617..40d00fd7f6 100644 --- a/gsi_openssh/source/compat.h +++ b/gsi_openssh/source/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.62 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -30,17 +30,17 @@ #define SSH_BUG_UTF8TTYMODE 0x00000001 #define SSH_BUG_SIGTYPE 0x00000002 #define SSH_BUG_SIGTYPE74 0x00000004 -/* #define unused 0x00000008 */ +#define SSH_RH_RSASIGSHA 0x00000008 #define SSH_OLD_SESSIONID 0x00000010 /* #define unused 0x00000020 */ #define SSH_BUG_DEBUG 0x00000040 /* #define unused 0x00000080 */ -#define SSH_BUG_IGNOREMSG 0x00000100 +/* #define unused 0x00000100 */ /* #define unused 0x00000200 */ -#define SSH_BUG_PASSWORDPAD 0x00000400 +/* #define unused 0x00000400 */ #define SSH_BUG_SCANNER 0x00000800 -#define SSH_BUG_BIGENDIANAES 0x00001000 -#define SSH_BUG_RSASIGMD5 0x00002000 +/* #define unused 0x00001000 */ +/* #define unused 0x00002000 */ #define SSH_OLD_DHGEX 0x00004000 #define SSH_BUG_NOREKEY 0x00008000 /* #define unused 0x00010000 */ @@ -62,7 +62,5 @@ struct ssh; void compat_banner(struct ssh *, const char *); -char *compat_cipher_proposal(struct ssh *, char *); -char *compat_pkalg_proposal(struct ssh *, char *); -char *compat_kex_proposal(struct ssh *, char *); +char *compat_kex_proposal(struct ssh *, const char *); #endif diff --git a/gsi_openssh/source/config.guess b/gsi_openssh/source/config.guess index 11fda528bc..980b020838 100755 --- a/gsi_openssh/source/config.guess +++ b/gsi_openssh/source/config.guess @@ -1,12 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2020 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. -timestamp='2020-04-26' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2022-09-17' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -27,11 +29,19 @@ timestamp='2020-04-26' # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess # # Please send patches to . +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -50,7 +60,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2020 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,6 +94,9 @@ if test $# != 0; then exit 1 fi +# Just in case it came from the environment. +GUESS= + # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -102,7 +115,7 @@ set_cc_for_build() { # prevent multiple calls if $tmp is already set test "$tmp" && return 0 : "${TMPDIR=/tmp}" - # shellcheck disable=SC2039 + # shellcheck disable=SC2039,SC3028 { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || @@ -112,7 +125,7 @@ set_cc_for_build() { ,,) echo "int x;" > "$dummy.c" for driver in cc gcc c89 c99 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$driver" + CC_FOR_BUILD=$driver break fi done @@ -133,14 +146,12 @@ fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "$UNAME_SYSTEM" in +case $UNAME_SYSTEM in Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu + LIBC=unknown set_cc_for_build cat <<-EOF > "$dummy.c" @@ -149,24 +160,37 @@ Linux|GNU|GNU/*) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc - #else + #elif defined(__GLIBC__) LIBC=gnu + #else + #include + /* First heuristic to detect musl libc. */ + #ifdef __DEFINED_va_list + LIBC=musl + #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "$cc_set_libc" - # If ldd exists, use it to detect musl libc. - if command -v ldd >/dev/null && \ - ldd --version 2>&1 | grep -q ^musl - then - LIBC=musl + # Second heuristic to detect musl libc. + if [ "$LIBC" = unknown ] && + command -v ldd >/dev/null && + ldd --version 2>&1 | grep -q ^musl; then + LIBC=musl + fi + + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + if [ "$LIBC" = unknown ]; then + LIBC=gnu fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in +case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -178,12 +202,12 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - "/sbin/$sysctl" 2>/dev/null || \ - "/usr/sbin/$sysctl" 2>/dev/null || \ + /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ echo unknown)` - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in + aarch64eb) machine=aarch64_be-unknown ;; armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; @@ -192,13 +216,13 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in earmv*) arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` - machine="${arch}${endian}"-unknown + machine=${arch}${endian}-unknown ;; - *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + *) machine=$UNAME_MACHINE_ARCH-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) os=netbsdelf ;; @@ -219,7 +243,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in ;; esac # Determine ABI tags. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` @@ -230,7 +254,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "$UNAME_VERSION" in + case $UNAME_VERSION in Debian*) release='-gnu' ;; @@ -241,51 +265,57 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi-}" - exit ;; + GUESS=$machine-${os}${release}${abi-} + ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE + ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE + ;; + *:SecBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE + ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE + ;; *:MidnightBSD:*:*) - echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE + ;; *:ekkoBSD:*:*) - echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE + ;; *:SolidBSD:*:*) - echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE + ;; *:OS108:*:*) - echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE + ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE + ;; *:MirBSD:*:*) - echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE + ;; *:Sortix:*:*) - echo "$UNAME_MACHINE"-unknown-sortix - exit ;; + GUESS=$UNAME_MACHINE-unknown-sortix + ;; *:Twizzler:*:*) - echo "$UNAME_MACHINE"-unknown-twizzler - exit ;; + GUESS=$UNAME_MACHINE-unknown-twizzler + ;; *:Redox:*:*) - echo "$UNAME_MACHINE"-unknown-redox - exit ;; + GUESS=$UNAME_MACHINE-unknown-redox + ;; mips:OSF1:*.*) - echo mips-dec-osf1 - exit ;; + GUESS=mips-dec-osf1 + ;; alpha:OSF1:*:*) + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + trap '' 0 case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` @@ -299,7 +329,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in + case $ALPHA_CPU_TYPE in "EV4 (21064)") UNAME_MACHINE=alpha ;; "EV4.5 (21064)") @@ -336,117 +366,121 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; + OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + GUESS=$UNAME_MACHINE-dec-osf$OSF_REL + ;; Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; + GUESS=m68k-unknown-sysv4 + ;; *:[Aa]miga[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-amigaos - exit ;; + GUESS=$UNAME_MACHINE-unknown-amigaos + ;; *:[Mm]orph[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-morphos - exit ;; + GUESS=$UNAME_MACHINE-unknown-morphos + ;; *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; + GUESS=i370-ibm-openedition + ;; *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; + GUESS=s390-ibm-zvmoe + ;; *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; + GUESS=powerpc-ibm-os400 + ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix"$UNAME_RELEASE" - exit ;; + GUESS=arm-acorn-riscix$UNAME_RELEASE + ;; arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; + GUESS=arm-unknown-riscos + ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; + GUESS=hppa1.1-hitachi-hiuxmpp + ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; + case `(/bin/universe) 2>/dev/null` in + att) GUESS=pyramid-pyramid-sysv3 ;; + *) GUESS=pyramid-pyramid-bsd ;; + esac + ;; NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; + GUESS=pyramid-pyramid-svr4 + ;; DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; + GUESS=sparc-icl-nx6 + ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; + sparc) GUESS=sparc-icl-nx7 ;; + esac + ;; s390x:SunOS:*:*) - echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL + ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-hal-solaris2$SUN_REL + ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris2$SUN_REL + ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux"$UNAME_RELEASE" - exit ;; + GUESS=i386-pc-auroraux$UNAME_RELEASE + ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) set_cc_for_build SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH=x86_64 fi fi - echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$SUN_ARCH-pc-solaris2$SUN_REL + ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris3$SUN_REL + ;; sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in + case `/usr/bin/arch -k` in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` + GUESS=sparc-sun-sunos$SUN_REL + ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-sun-sunos$UNAME_RELEASE + ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 - case "`/bin/arch`" in + case `/bin/arch` in sun3) - echo m68k-sun-sunos"$UNAME_RELEASE" + GUESS=m68k-sun-sunos$UNAME_RELEASE ;; sun4) - echo sparc-sun-sunos"$UNAME_RELEASE" + GUESS=sparc-sun-sunos$UNAME_RELEASE ;; esac - exit ;; + ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-auspex-sunos$UNAME_RELEASE + ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -456,41 +490,41 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-milan-mint$UNAME_RELEASE + ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-hades-mint$UNAME_RELEASE + ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-mint$UNAME_RELEASE + ;; m68k:machten:*:*) - echo m68k-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-machten$UNAME_RELEASE + ;; powerpc:machten:*:*) - echo powerpc-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-machten$UNAME_RELEASE + ;; RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; + GUESS=mips-dec-mach_bsd4.3 + ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=mips-dec-ultrix$UNAME_RELEASE + ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=vax-dec-ultrix$UNAME_RELEASE + ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix"$UNAME_RELEASE" - exit ;; + GUESS=clipper-intergraph-clix$UNAME_RELEASE + ;; mips:*:*:UMIPS | mips:*:*:RISCos) set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" @@ -518,75 +552,76 @@ EOF dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos"$UNAME_RELEASE" - exit ;; + GUESS=mips-mips-riscos$UNAME_RELEASE + ;; Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; + GUESS=powerpc-motorola-powermax + ;; Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; + GUESS=powerpc-harris-powerunix + ;; m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; + GUESS=m88k-harris-cxux7 + ;; m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; + GUESS=m88k-motorola-sysv4 + ;; m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 then - if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ - [ "$TARGET_BINARY_INTERFACE"x = x ] + if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ + test "$TARGET_BINARY_INTERFACE"x = x then - echo m88k-dg-dgux"$UNAME_RELEASE" + GUESS=m88k-dg-dgux$UNAME_RELEASE else - echo m88k-dg-dguxbcs"$UNAME_RELEASE" + GUESS=m88k-dg-dguxbcs$UNAME_RELEASE fi else - echo i586-dg-dgux"$UNAME_RELEASE" + GUESS=i586-dg-dgux$UNAME_RELEASE fi - exit ;; + ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; + GUESS=m88k-dolphin-sysv3 + ;; M88*:*:R3*:*) # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; + GUESS=m88k-tektronix-sysv3 + ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; + GUESS=m68k-tektronix-bsd + ;; *:IRIX*:*:*) - echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" - exit ;; + IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'` + GUESS=mips-sgi-irix$IRIX_REL + ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id + ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; + GUESS=i386-ibm-aix + ;; ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then + if test -x /usr/bin/oslevel ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV + ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then set_cc_for_build @@ -603,16 +638,16 @@ EOF EOF if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then - echo "$SYSTEM_NAME" + GUESS=$SYSTEM_NAME else - echo rs6000-ibm-aix3.2.5 + GUESS=rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 + GUESS=rs6000-ibm-aix3.2.4 else - echo rs6000-ibm-aix3.2 + GUESS=rs6000-ibm-aix3.2 fi - exit ;; + ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then @@ -620,56 +655,56 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/lslpp ] ; then - IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + if test -x /usr/bin/lslpp ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \ awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$IBM_ARCH"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$IBM_ARCH-ibm-aix$IBM_REV + ;; *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; + GUESS=rs6000-ibm-aix + ;; ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) - echo romp-ibm-bsd4.4 - exit ;; + GUESS=romp-ibm-bsd4.4 + ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 + GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to + ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; + GUESS=rs6000-bull-bosx + ;; DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; + GUESS=m68k-bull-sysv3 + ;; 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; + GUESS=m68k-hp-bsd + ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; + GUESS=m68k-hp-bsd4.4 + ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - case "$UNAME_MACHINE" in + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + case $UNAME_MACHINE in 9000/31?) HP_ARCH=m68000 ;; 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then + if test -x /usr/bin/getconf; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "$sc_cpu_version" in + case $sc_cpu_version in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "$sc_kernel_bits" in + case $sc_kernel_bits in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "$HP_ARCH" = "" ]; then + if test "$HP_ARCH" = ""; then set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" @@ -708,7 +743,7 @@ EOF test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ "$HP_ARCH" = hppa2.0w ] + if test "$HP_ARCH" = hppa2.0w then set_cc_for_build @@ -729,12 +764,12 @@ EOF HP_ARCH=hppa64 fi fi - echo "$HP_ARCH"-hp-hpux"$HPUX_REV" - exit ;; + GUESS=$HP_ARCH-hp-hpux$HPUX_REV + ;; ia64:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux"$HPUX_REV" - exit ;; + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + GUESS=ia64-hp-hpux$HPUX_REV + ;; 3050*:HI-UX:*:*) set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" @@ -764,36 +799,36 @@ EOF EOF $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; + GUESS=unknown-hitachi-hiuxwe2 + ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) - echo hppa1.1-hp-bsd - exit ;; + GUESS=hppa1.1-hp-bsd + ;; 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; + GUESS=hppa1.0-hp-bsd + ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; + GUESS=hppa1.0-hp-mpeix + ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) - echo hppa1.1-hp-osf - exit ;; + GUESS=hppa1.1-hp-osf + ;; hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; + GUESS=hppa1.0-hp-osf + ;; i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo "$UNAME_MACHINE"-unknown-osf1mk + if test -x /usr/sbin/sysversion ; then + GUESS=$UNAME_MACHINE-unknown-osf1mk else - echo "$UNAME_MACHINE"-unknown-osf1 + GUESS=$UNAME_MACHINE-unknown-osf1 fi - exit ;; + ;; parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; + GUESS=hppa1.1-hp-lites + ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; + GUESS=c1-convex-bsd + ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd @@ -801,17 +836,18 @@ EOF fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; + GUESS=c34-convex-bsd + ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; + GUESS=c38-convex-bsd + ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; + GUESS=c4-convex-bsd + ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=ymp-cray-unicos$CRAY_REL + ;; CRAY*[A-Z]90:*:*:*) echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ @@ -819,112 +855,133 @@ EOF -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=t90-cray-unicos$CRAY_REL + ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=alphaev5-cray-unicosmk$CRAY_REL + ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=sv1-cray-unicos$CRAY_REL + ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=craynv-cray-unicosmp$CRAY_REL + ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE + ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-bsdi$UNAME_RELEASE + ;; *:BSD/OS:*:*) - echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE + ;; arm:FreeBSD:*:*) UNAME_PROCESSOR=`uname -p` set_cc_for_build if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi else - echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf fi - exit ;; + ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case "$UNAME_PROCESSOR" in + case $UNAME_PROCESSOR in amd64) UNAME_PROCESSOR=x86_64 ;; i386) UNAME_PROCESSOR=i586 ;; esac - echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL + ;; i*:CYGWIN*:*) - echo "$UNAME_MACHINE"-pc-cygwin - exit ;; + GUESS=$UNAME_MACHINE-pc-cygwin + ;; *:MINGW64*:*) - echo "$UNAME_MACHINE"-pc-mingw64 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw64 + ;; *:MINGW*:*) - echo "$UNAME_MACHINE"-pc-mingw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw32 + ;; *:MSYS*:*) - echo "$UNAME_MACHINE"-pc-msys - exit ;; + GUESS=$UNAME_MACHINE-pc-msys + ;; i*:PW*:*) - echo "$UNAME_MACHINE"-pc-pw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-pw32 + ;; + *:SerenityOS:*:*) + GUESS=$UNAME_MACHINE-pc-serenity + ;; *:Interix*:*) - case "$UNAME_MACHINE" in + case $UNAME_MACHINE in x86) - echo i586-pc-interix"$UNAME_RELEASE" - exit ;; + GUESS=i586-pc-interix$UNAME_RELEASE + ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=x86_64-unknown-interix$UNAME_RELEASE + ;; IA64) - echo ia64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=ia64-unknown-interix$UNAME_RELEASE + ;; esac ;; i*:UWIN*:*) - echo "$UNAME_MACHINE"-pc-uwin - exit ;; + GUESS=$UNAME_MACHINE-pc-uwin + ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-pc-cygwin - exit ;; + GUESS=x86_64-pc-cygwin + ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=powerpcle-unknown-solaris2$SUN_REL + ;; *:GNU:*:*) # the GNU system - echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" - exit ;; + GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'` + GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL + ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" - exit ;; + GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC + ;; + x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*) + GUESS="$UNAME_MACHINE-pc-managarm-mlibc" + ;; + *:[Mm]anagarm:*:*) + GUESS="$UNAME_MACHINE-unknown-managarm-mlibc" + ;; *:Minix:*:*) - echo "$UNAME_MACHINE"-unknown-minix - exit ;; + GUESS=$UNAME_MACHINE-unknown-minix + ;; aarch64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -937,60 +994,63 @@ EOF esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; arm*:Linux:*:*) set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi else - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf fi fi - exit ;; + ;; avr32*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; cris:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; crisv32:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; e2k:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; frv:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; hexagon:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBC + ;; ia64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; k1om:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + loongarch32:Linux:*:* | loongarch64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m32r*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m68*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; mips:Linux:*:* | mips64:Linux:*:*) set_cc_for_build IS_GLIBC=0 @@ -1035,113 +1095,135 @@ EOF #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`" + cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'` + eval "$cc_set_vars" test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } ;; mips64el:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-"$LIBC" - exit ;; + GUESS=or1k-unknown-linux-$LIBC + ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; padre:Linux:*:*) - echo sparc-unknown-linux-"$LIBC" - exit ;; + GUESS=sparc-unknown-linux-$LIBC + ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-"$LIBC" - exit ;; + GUESS=hppa64-unknown-linux-$LIBC + ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; - PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; - *) echo hppa-unknown-linux-"$LIBC" ;; + PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;; + PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;; + *) GUESS=hppa-unknown-linux-$LIBC ;; esac - exit ;; + ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64-unknown-linux-$LIBC + ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc-unknown-linux-$LIBC + ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64le-unknown-linux-$LIBC + ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-"$LIBC" - exit ;; - riscv32:Linux:*:* | riscv64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpcle-unknown-linux-$LIBC + ;; + riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; s390:Linux:*:* | s390x:Linux:*:*) - echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-ibm-linux-$LIBC + ;; sh64*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sh*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; tile*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; vax:Linux:*:*) - echo "$UNAME_MACHINE"-dec-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-dec-linux-$LIBC + ;; x86_64:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" - exit ;; + set_cc_for_build + CPU=$UNAME_MACHINE + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __i386__ + ABI=x86 + #else + #ifdef __ILP32__ + ABI=x32 + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + x86) CPU=i686 ;; + x32) LIBCABI=${LIBC}x32 ;; + esac + fi + GUESS=$CPU-pc-linux-$LIBCABI + ;; xtensa*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; + GUESS=i386-sequent-sysv4 + ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" - exit ;; + GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION + ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo "$UNAME_MACHINE"-pc-os2-emx - exit ;; + GUESS=$UNAME_MACHINE-pc-os2-emx + ;; i*86:XTS-300:*:STOP) - echo "$UNAME_MACHINE"-unknown-stop - exit ;; + GUESS=$UNAME_MACHINE-unknown-stop + ;; i*86:atheos:*:*) - echo "$UNAME_MACHINE"-unknown-atheos - exit ;; + GUESS=$UNAME_MACHINE-unknown-atheos + ;; i*86:syllable:*:*) - echo "$UNAME_MACHINE"-pc-syllable - exit ;; + GUESS=$UNAME_MACHINE-pc-syllable + ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=i386-unknown-lynxos$UNAME_RELEASE + ;; i*86:*DOS:*:*) - echo "$UNAME_MACHINE"-pc-msdosdjgpp - exit ;; + GUESS=$UNAME_MACHINE-pc-msdosdjgpp + ;; i*86:*:4.*:*) UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL fi - exit ;; + ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in @@ -1149,12 +1231,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" - exit ;; + GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1164,11 +1246,11 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv32 + GUESS=$UNAME_MACHINE-pc-sysv32 fi - exit ;; + ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about @@ -1176,31 +1258,31 @@ EOF # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; + GUESS=i586-pc-msdosdjgpp + ;; Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; + GUESS=i386-pc-mach3 + ;; paragon:*:*:*) - echo i860-intel-osf1 - exit ;; + GUESS=i860-intel-osf1 + ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4 fi - exit ;; + ;; mini*:CTIX:SYS*5:*) # "miniframe" - echo m68010-convergent-sysv - exit ;; + GUESS=m68010-convergent-sysv + ;; mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; + GUESS=m68k-convergent-sysv + ;; M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; + GUESS=m68k-diab-dnix + ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) @@ -1225,113 +1307,119 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-lynxos$UNAME_RELEASE + ;; mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; + GUESS=m68k-atari-sysv4 + ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-lynxos$UNAME_RELEASE + ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=rs6000-unknown-lynxos$UNAME_RELEASE + ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-lynxos$UNAME_RELEASE + ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv"$UNAME_RELEASE" - exit ;; + GUESS=mips-dde-sysv$UNAME_RELEASE + ;; RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo "$UNAME_MACHINE"-sni-sysv4 + GUESS=$UNAME_MACHINE-sni-sysv4 else - echo ns32k-sni-sysv + GUESS=ns32k-sni-sysv fi - exit ;; + ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says - echo i586-unisys-sysv4 - exit ;; + GUESS=i586-unisys-sysv4 + ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; + GUESS=hppa1.1-stratus-sysv4 + ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; + GUESS=i860-stratus-sysv4 + ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo "$UNAME_MACHINE"-stratus-vos - exit ;; + GUESS=$UNAME_MACHINE-stratus-vos + ;; *:VOS:*:*) # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; + GUESS=hppa1.1-stratus-vos + ;; mc68*:A/UX:*:*) - echo m68k-apple-aux"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-aux$UNAME_RELEASE + ;; news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; + GUESS=mips-sony-newsos6 + ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv"$UNAME_RELEASE" + if test -d /usr/nec; then + GUESS=mips-nec-sysv$UNAME_RELEASE else - echo mips-unknown-sysv"$UNAME_RELEASE" + GUESS=mips-unknown-sysv$UNAME_RELEASE fi - exit ;; + ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; + GUESS=powerpc-be-beos + ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; + GUESS=powerpc-apple-beos + ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; + GUESS=i586-pc-beos + ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; - x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; + GUESS=i586-pc-haiku + ;; + ppc:Haiku:*:*) # Haiku running on Apple PowerPC + GUESS=powerpc-apple-haiku + ;; + *:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat) + GUESS=$UNAME_MACHINE-unknown-haiku + ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx4-nec-superux$UNAME_RELEASE + ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx5-nec-superux$UNAME_RELEASE + ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx6-nec-superux$UNAME_RELEASE + ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx7-nec-superux$UNAME_RELEASE + ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8-nec-superux$UNAME_RELEASE + ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8r-nec-superux$UNAME_RELEASE + ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sxace-nec-superux$UNAME_RELEASE + ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-rhapsody$UNAME_RELEASE + ;; *:Rhapsody:*:*) - echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE + ;; + arm64:Darwin:*:*) + GUESS=aarch64-apple-darwin$UNAME_RELEASE + ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` case $UNAME_PROCESSOR in @@ -1346,7 +1434,7 @@ EOF else set_cc_for_build fi - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null @@ -1367,109 +1455,119 @@ EOF # uname -m returns i386 or x86_64 UNAME_PROCESSOR=$UNAME_MACHINE fi - echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE + ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE + ;; *:QNX:*:4*) - echo i386-pc-qnx - exit ;; + GUESS=i386-pc-qnx + ;; NEO-*:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=neo-tandem-nsk$UNAME_RELEASE + ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nse-tandem-nsk$UNAME_RELEASE + ;; NSR-*:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsr-tandem-nsk$UNAME_RELEASE + ;; NSV-*:NONSTOP_KERNEL:*:*) - echo nsv-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsv-tandem-nsk$UNAME_RELEASE + ;; NSX-*:NONSTOP_KERNEL:*:*) - echo nsx-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsx-tandem-nsk$UNAME_RELEASE + ;; *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; + GUESS=mips-compaq-nonstopux + ;; BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; + GUESS=bs2000-siemens-sysv + ;; DS/*:UNIX_System_V:*:*) - echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE + ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - # shellcheck disable=SC2154 - if test "$cputype" = 386; then + if test "${cputype-}" = 386; then UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" + elif test "x${cputype-}" != x; then + UNAME_MACHINE=$cputype fi - echo "$UNAME_MACHINE"-unknown-plan9 - exit ;; + GUESS=$UNAME_MACHINE-unknown-plan9 + ;; *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; + GUESS=pdp10-unknown-tops10 + ;; *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; + GUESS=pdp10-unknown-tenex + ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; + GUESS=pdp10-dec-tops20 + ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; + GUESS=pdp10-xkl-tops20 + ;; *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; + GUESS=pdp10-unknown-tops20 + ;; *:ITS:*:*) - echo pdp10-unknown-its - exit ;; + GUESS=pdp10-unknown-its + ;; SEI:*:*:SEIUX) - echo mips-sei-seiux"$UNAME_RELEASE" - exit ;; + GUESS=mips-sei-seiux$UNAME_RELEASE + ;; *:DragonFly:*:*) - echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL + ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "$UNAME_MACHINE" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; + case $UNAME_MACHINE in + A*) GUESS=alpha-dec-vms ;; + I*) GUESS=ia64-dec-vms ;; + V*) GUESS=vax-dec-vms ;; esac ;; *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; + GUESS=i386-pc-xenix + ;; i*86:skyos:*:*) - echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" - exit ;; + SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'` + GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL + ;; i*86:rdos:*:*) - echo "$UNAME_MACHINE"-pc-rdos - exit ;; - i*86:AROS:*:*) - echo "$UNAME_MACHINE"-pc-aros - exit ;; + GUESS=$UNAME_MACHINE-pc-rdos + ;; + i*86:Fiwix:*:*) + GUESS=$UNAME_MACHINE-pc-fiwix + ;; + *:AROS:*:*) + GUESS=$UNAME_MACHINE-unknown-aros + ;; x86_64:VMkernel:*:*) - echo "$UNAME_MACHINE"-unknown-esx - exit ;; + GUESS=$UNAME_MACHINE-unknown-esx + ;; amd64:Isilon\ OneFS:*:*) - echo x86_64-unknown-onefs - exit ;; + GUESS=x86_64-unknown-onefs + ;; *:Unleashed:*:*) - echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE + ;; esac +# Do we have a guess based on uname results? +if test "x$GUESS" != x; then + echo "$GUESS" + exit +fi + # No uname command or uname output not recognized. set_cc_for_build cat > "$dummy.c" </dev/null && SYSTEM_NAME=`$dummy` && +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. @@ -1609,7 +1707,7 @@ test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } echo "$0: unable to guess system type" >&2 -case "$UNAME_MACHINE:$UNAME_SYSTEM" in +case $UNAME_MACHINE:$UNAME_SYSTEM in mips:Linux | mips64:Linux) # If we got here on MIPS GNU/Linux, output extra information. cat >&2 <&2 <&2 - exit 1 + # No normalization, but not necessarily accepted, that comes below. ;; esac + else # Here we handle the default operating systems that come with various machines. @@ -1528,6 +1531,7 @@ else # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. +kernel= case $cpu-$vendor in score-*) os=elf @@ -1539,7 +1543,8 @@ case $cpu-$vendor in os=riscix1.2 ;; arm*-rebel) - os=linux + kernel=linux + os=gnu ;; arm*-semi) os=aout @@ -1705,84 +1710,193 @@ case $cpu-$vendor in os=none ;; esac + fi +# Now, validate our (potentially fixed-up) OS. +case $os in + # Sometimes we do "kernel-libc", so those need to count as OSes. + musl* | newlib* | relibc* | uclibc*) + ;; + # Likewise for "kernel-abi" + eabi* | gnueabi*) + ;; + # VxWorks passes extra cpu info in the 4th filed. + simlinux | simwindows | spe) + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ + | hiux* | abug | nacl* | netware* | windows* \ + | os9* | macos* | osx* | ios* \ + | mpw* | magic* | mmixware* | mon960* | lnews* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* | twizzler* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | mirbsd* | netbsd* | dicos* | openedition* | ose* \ + | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ + | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* | serenity* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | mint* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ + | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ + | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ + | fiwix* | mlibc* ) + ;; + # This one is extra strict with allowed versions + sco3.2v2 | sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + none) + ;; + kernel* ) + # Restricted further below + ;; + *) + echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac + +# As a final step for OS-related things, validate the OS-kernel combination +# (given a valid OS), if there is a kernel. +case $kernel-$os in + linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \ + | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc* ) + ;; + uclinux-uclibc* ) + ;; + managarm-mlibc* | managarm-kernel* ) + ;; + -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* ) + # These are just libc implementations, not actual OSes, and thus + # require a kernel. + echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + -kernel* ) + echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + *-kernel* ) + echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2 + exit 1 + ;; + kfreebsd*-gnu* | kopensolaris*-gnu*) + ;; + vxworks-simlinux | vxworks-simwindows | vxworks-spe) + ;; + nto-qnx*) + ;; + os2-emx) + ;; + *-eabi* | *-gnueabi*) + ;; + -*) + # Blank kernel with real OS is always fine. + ;; + *-*) + echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + exit 1 + ;; +esac + # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. case $vendor in unknown) - case $os in - riscix*) + case $cpu-$os in + *-riscix*) vendor=acorn ;; - sunos*) + *-sunos*) vendor=sun ;; - cnk*|-aix*) + *-cnk* | *-aix*) vendor=ibm ;; - beos*) + *-beos*) vendor=be ;; - hpux*) + *-hpux*) vendor=hp ;; - mpeix*) + *-mpeix*) vendor=hp ;; - hiux*) + *-hiux*) vendor=hitachi ;; - unos*) + *-unos*) vendor=crds ;; - dgux*) + *-dgux*) vendor=dg ;; - luna*) + *-luna*) vendor=omron ;; - genix*) + *-genix*) vendor=ns ;; - clix*) + *-clix*) vendor=intergraph ;; - mvs* | opened*) + *-mvs* | *-opened*) + vendor=ibm + ;; + *-os400*) vendor=ibm ;; - os400*) + s390-* | s390x-*) vendor=ibm ;; - ptx*) + *-ptx*) vendor=sequent ;; - tpf*) + *-tpf*) vendor=ibm ;; - vxsim* | vxworks* | windiss*) + *-vxsim* | *-vxworks* | *-windiss*) vendor=wrs ;; - aux*) + *-aux*) vendor=apple ;; - hms*) + *-hms*) vendor=hitachi ;; - mpw* | macos*) + *-mpw* | *-macos*) vendor=apple ;; - *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) vendor=atari ;; - vos*) + *-vos*) vendor=stratus ;; esac ;; esac -echo "$cpu-$vendor-$os" +echo "$cpu-$vendor-${kernel:+$kernel-}$os" exit # Local variables: diff --git a/gsi_openssh/source/configure.ac b/gsi_openssh/source/configure.ac index 50acd35fe6..0735d17923 100644 --- a/gsi_openssh/source/configure.ac +++ b/gsi_openssh/source/configure.ac @@ -16,6 +16,14 @@ AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([ssh.c]) + +# Check for stale configure as early as possible. +for i in $srcdir/configure.ac $srcdir/m4/*.m4; do + if test "$i" -nt "$srcdir/configure"; then + AC_MSG_ERROR([$i newer than configure, run autoreconf]) + fi +done + AC_LANG([C]) LT_INIT @@ -56,6 +64,7 @@ AC_PATH_PROG([SH], [sh]) AC_PATH_PROG([GROFF], [groff]) AC_PATH_PROG([NROFF], [nroff awf]) AC_PATH_PROG([MANDOC], [mandoc]) +AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) AC_SUBST([TEST_SHELL], [sh]) m4_include([../version.m4]) @@ -126,10 +135,12 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ ]) openssl=yes +openssl_bin=openssl AC_ARG_WITH([openssl], [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], [ if test "x$withval" = "xno" ; then openssl=no + openssl_bin="" fi ] ) @@ -168,6 +179,22 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], CFLAGS="$saved_CFLAGS" if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + AC_MSG_CHECKING([gcc version]) + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case "$GCC_VER" in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + AC_MSG_RESULT([$GCC_VER]) + + AC_MSG_CHECKING([clang version]) + CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` + AC_MSG_RESULT([$CLANG_VER]) + OSSH_CHECK_CFLAG_COMPILE([-pipe]) OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) @@ -199,20 +226,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then # actually links. The test program compiled/linked includes a number # of integer operations that should exercise this. OSSH_CHECK_CFLAG_LINK([-ftrapv]) - OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) + # clang 15 seems to have a bug in -fzero-call-used-regs=all. See + # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and + # https://github.com/llvm/llvm-project/issues/59242 + case "$CLANG_VER" in + 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;; + *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;; + esac OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) fi - AC_MSG_CHECKING([gcc version]) - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - AC_MSG_RESULT([$GCC_VER]) AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) saved_CFLAGS="$CFLAGS" @@ -413,6 +435,14 @@ AC_ARG_WITH([Werror], ] ) +dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's +dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we +dnl haven't detected it, recheck. +if test "x$ac_cv_header_sys_stat_h" != "xyes"; then + unset ac_cv_header_sys_stat_h + AC_CHECK_HEADERS([sys/stat.h]) +fi + AC_CHECK_HEADERS([ \ blf.h \ bstring.h \ @@ -471,7 +501,6 @@ AC_CHECK_HEADERS([ \ sys/ptrace.h \ sys/random.h \ sys/select.h \ - sys/stat.h \ sys/stream.h \ sys/stropts.h \ sys/strtio.h \ @@ -509,12 +538,24 @@ AC_CHECK_HEADERS([sys/audit.h], [], [], [ ]) # sys/capsicum.h requires sys/types.h -AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ +AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ #ifdef HAVE_SYS_TYPES_H # include #endif ]) +AC_MSG_CHECKING([for caph_cache_tzdata]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include ]], + [[caph_cache_tzdata();]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], + [Define if you have caph_cache_tzdata]) + ], + [ AC_MSG_RESULT([no]) ] +) + # net/route.h requires sys/socket.h and sys/types.h. # sys/sysctl.h also requires sys/param.h AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ @@ -666,7 +707,6 @@ case "$host" in AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) ;; *-*-cygwin*) - check_for_libcrypt_later=1 LIBS="$LIBS /usr/lib/textreadmode.o" AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) @@ -698,7 +738,7 @@ case "$host" in AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) +int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) exit(0); else exit(1); @@ -769,7 +809,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) [System poll(2) implementation is broken]) ;; *-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" + SSHDLIBS="$SSHDLIBS" TEST_MALLOC_OPTIONS="AFGJPRX" ;; *-*-haiku*) @@ -860,7 +900,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) ;; *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) - check_for_libcrypt_later=1 AC_DEFINE([PAM_TTY_KLUDGE]) AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) @@ -870,11 +909,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) *-*-linux*) no_dev_ptmx=1 use_pie=auto - check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE - CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" + dnl _GNU_SOURCE is needed for setres*id prototypes. + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) AC_DEFINE([PAM_TTY_KLUDGE], [1], [Work around problematic Linux PAM modules handling of PAM_TTY]) @@ -955,6 +994,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) s390-*) seccomp_audit_arch=AUDIT_ARCH_S390 ;; + powerpc-*) + seccomp_audit_arch=AUDIT_ARCH_PPC + ;; powerpc64-*) seccomp_audit_arch=AUDIT_ARCH_PPC64 ;; @@ -1010,7 +1052,6 @@ mips-sony-bsd|mips-sony-newsos4) SONY=1 ;; *-*-netbsd*) - check_for_libcrypt_before=1 if test "x$withval" != "xno" ; then rpath_opt="-R" fi @@ -1025,7 +1066,6 @@ mips-sony-bsd|mips-sony-newsos4) [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) ;; *-*-freebsd*) - check_for_libcrypt_later=1 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) AC_CHECK_HEADER([net/if_tap.h], , @@ -1198,7 +1238,6 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([PASSWD_NEEDS_USERNAME]) AC_DEFINE([BROKEN_TCGETATTR_ICANON]) TEST_SHELL=$SHELL # let configure find us a capable shell - check_for_libcrypt_later=1 case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x maildir=/var/spool/mail @@ -1407,18 +1446,21 @@ AC_ARG_WITH([zlib], fi ] ) +# These libraries are needed for anything that links in the channel code. +CHANNELLIBS="" AC_MSG_CHECKING([for zlib]) if test "x${zlib}" = "xno"; then AC_MSG_RESULT([no]) else - AC_MSG_RESULT([yes]) - AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) + saved_LIBS="$LIBS" + CHANNELLIBS="$CHANNELLIBS -lz" + AC_MSG_RESULT([yes]) + AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) - AC_CHECK_LIB([z], [deflate], , + AC_CHECK_LIB([z], [deflate], [], [ saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" dnl Check default zlib install dir if test -n "${rpath_opt}"; then LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" @@ -1426,7 +1468,6 @@ else LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" fi CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], [ AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) @@ -1483,6 +1524,7 @@ See http://www.gzip.org/zlib/ for details.]) ], [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] ) + LIBS="$saved_LIBS" fi dnl UnixWare 2.x @@ -1666,7 +1708,7 @@ AC_ARG_WITH(ldns, # include #endif #include -int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } +int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } ]]) ], [AC_MSG_RESULT(yes)], @@ -1683,7 +1725,6 @@ AC_ARG_WITH([libedit], [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then if test "x$withval" = "xyes" ; then - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) if "$PKGCONFIG" libedit; then @@ -1888,6 +1929,7 @@ AC_CHECK_FUNCS([ \ futimes \ getaddrinfo \ getcwd \ + getentropy \ getgrouplist \ getline \ getnameinfo \ @@ -1975,6 +2017,7 @@ AC_CHECK_FUNCS([ \ swap32 \ sysconf \ tcgetpgrp \ + timegm \ timingsafe_bcmp \ truncate \ unsetenv \ @@ -2042,13 +2085,8 @@ AC_ARG_ENABLE([security-key], enable_sk_internal= AC_ARG_WITH([security-key-builtin], [ --with-security-key-builtin include builtin U2F/FIDO support], - [ - if test "x$withval" != "xno" ; then - enable_sk_internal=yes - fi - ] + [ enable_sk_internal=$withval ] ) -test "x$disable_sk" != "x" && enable_sk_internal="" AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) @@ -2160,7 +2198,7 @@ AC_CHECK_DECLS([O_NONBLOCK], , , #endif ]) -AC_CHECK_DECLS([ftruncate], , , +AC_CHECK_DECLS([ftruncate, getentropy], , , [ #include #include @@ -2216,8 +2254,9 @@ AC_CHECK_FUNCS([setresuid], [ AC_MSG_CHECKING([if setresuid seems to work]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ -#include #include +#include +#include ]], [[ errno=0; setresuid(0,0,0); @@ -2239,8 +2278,9 @@ AC_CHECK_FUNCS([setresgid], [ AC_MSG_CHECKING([if setresgid seems to work]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ -#include #include +#include +#include ]], [[ errno=0; setresgid(0,0,0); @@ -2421,6 +2461,9 @@ if test ! -z "$check_for_openpty_ctty_bug"; then #include #include #include +#ifdef HAVE_PTY_H +# include +#endif #include #include #include @@ -2705,6 +2748,7 @@ AC_CHECK_FUNCS([getpgrp],[ # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" +openssl_bin_PATH="$PATH" AC_ARG_WITH([ssl-dir], [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ @@ -2734,9 +2778,12 @@ AC_ARG_WITH([ssl-dir], else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi + openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" fi ] ) +AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) +AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) AC_ARG_WITH([openssl-header-check], [ --without-openssl-header-check Disable OpenSSL version consistency check], @@ -2760,8 +2807,10 @@ AC_ARG_WITH([ssl-engine], ] ) +nocrypto_saved_LIBS="$LIBS" if test "x$openssl" = "xyes" ; then LIBS="-lcrypto $LIBS" + CHANNELLIBS="-lcrypto $CHANNELLIBS" AC_TRY_LINK_FUNC([RAND_add], , [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) AC_CHECK_HEADER([openssl/opensslv.h], , @@ -2854,8 +2903,14 @@ if test "x$openssl" = "xyes" ; then ;; 101*) ;; # 1.1.x 200*) ;; # LibreSSL - 300*) ;; # OpenSSL 3 - 301*) ;; # OpenSSL development branch. + 300*) + # OpenSSL 3; we use the 1.1x API + CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" + ;; + 301*|302*) + # OpenSSL development branch; request 1.1x API + CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" + ;; *) AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) ;; @@ -2871,6 +2926,15 @@ if test "x$openssl" = "xyes" ; then ] ) + case "$host" in + x86_64-*) + case "$ssl_library_ver" in + 3000004*) + AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) + ;; + esac + esac + # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( @@ -2917,7 +2981,6 @@ if test "x$openssl" = "xyes" ; then ], [ AC_MSG_RESULT([no]) - saved_LIBS="$LIBS" LIBS="$LIBS -ldl" AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) AC_LINK_IFELSE( @@ -2925,10 +2988,10 @@ if test "x$openssl" = "xyes" ; then [[ ERR_load_crypto_strings(); ]])], [ AC_MSG_RESULT([yes]) + CHANNELLIBS="$CHANNELLIBS -ldl" ], [ AC_MSG_RESULT([no]) - LIBS="$saved_LIBS" ] ) ] @@ -2936,8 +2999,8 @@ if test "x$openssl" = "xyes" ; then AC_CHECK_FUNCS([ \ BN_is_prime_ex \ + DES_crypt \ DSA_generate_parameters_ex \ - EVP_CIPHER_CTX_ctrl \ EVP_DigestFinal_ex \ EVP_DigestInit_ex \ EVP_MD_CTX_cleanup \ @@ -3033,57 +3096,6 @@ if test "x$openssl" = "xyes" ; then ] ) - # Check for OpenSSL with EVP_aes_*ctr - AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ - #include - #include - #include - ]], [[ - exit(EVP_aes_128_ctr() == NULL || - EVP_aes_192_cbc() == NULL || - EVP_aes_256_cbc() == NULL); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], - [libcrypto has EVP AES CTR]) - ], - [ - AC_MSG_RESULT([no]) - ] - ) - - # Check for OpenSSL with EVP_aes_*gcm - AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ - #include - #include - #include - ]], [[ - exit(EVP_aes_128_gcm() == NULL || - EVP_aes_256_gcm() == NULL || - EVP_CTRL_GCM_SET_IV_FIXED == 0 || - EVP_CTRL_GCM_IV_GEN == 0 || - EVP_CTRL_GCM_SET_TAG == 0 || - EVP_CTRL_GCM_GET_TAG == 0 || - EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], - [libcrypto has EVP AES GCM]) - ], - [ - AC_MSG_RESULT([no]) - unsupported_algorithms="$unsupported_cipers \ - aes128-gcm@openssh.com \ - aes256-gcm@openssh.com" - ] - ) - AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ @@ -3104,19 +3116,6 @@ if test "x$openssl" = "xyes" ; then ] ) - # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, - # because the system crypt() is more featureful. - if test "x$check_for_libcrypt_before" = "x1"; then - AC_CHECK_LIB([crypt], [crypt]) - fi - - # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the - # version in OpenSSL. - if test "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) - fi - AC_CHECK_FUNCS([crypt DES_crypt]) - # Check for SHA256, SHA384 and SHA512 support in OpenSSL AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) @@ -3228,10 +3227,6 @@ if test "x$openssl" = "xyes" ; then ecdsa-sha2-nistp521 \ ecdsa-sha2-nistp521-cert-v01@openssh.com" fi - -else - AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) - AC_CHECK_FUNCS([crypt]) fi # PKCS11/U2F depend on OpenSSL and dlopen(). @@ -3272,8 +3267,7 @@ fi AC_MSG_RESULT([$enable_sk]) # Now check for built-in security key support. -if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) +if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then use_pkgconfig_for_libfido2= if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) @@ -3291,33 +3285,45 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then LIBFIDO2="-lfido2 -lcbor" fi OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` + fido2_error= AC_CHECK_LIB([fido2], [fido_init], - [ - AC_SUBST([LIBFIDO2]) - AC_DEFINE([ENABLE_SK_INTERNAL], [], - [Enable for built-in U2F/FIDO support]) - enable_sk="built-in" - ], [ AC_MSG_ERROR([no usable libfido2 found]) ], + [ ], + [ fido2_error="missing/unusable libfido2" ], [ $OTHERLIBS ] ) - saved_LIBS="$LIBS" - LIBS="$LIBS $LIBFIDO2" - AC_CHECK_FUNCS([ \ - fido_assert_set_clientdata \ - fido_cred_prot \ - fido_cred_set_prot \ - fido_cred_set_clientdata \ - fido_dev_get_touch_begin \ - fido_dev_get_touch_status \ - fido_dev_supports_cred_prot \ - ]) - LIBS="$saved_LIBS" AC_CHECK_HEADER([fido.h], [], - AC_MSG_ERROR([missing fido.h from libfido2])) + [ fido2_error="missing fido.h from libfido2" ]) AC_CHECK_HEADER([fido/credman.h], [], - AC_MSG_ERROR([missing fido/credman.h from libfido2]), - [#include ] + [ fido2_error="missing fido/credman.h from libfido2" ], + [ #include ] ) + AC_MSG_CHECKING([for usable libfido2 installation]) + if test ! -z "$fido2_error" ; then + AC_MSG_RESULT([$fido2_error]) + if test "x$enable_sk_internal" = "xyes" ; then + AC_MSG_ERROR([No usable libfido2 library/headers found]) + fi + LIBFIDO2="" + else + AC_MSG_RESULT([yes]) + AC_SUBST([LIBFIDO2]) + AC_DEFINE([ENABLE_SK_INTERNAL], [], + [Enable for built-in U2F/FIDO support]) + enable_sk="built-in" + saved_LIBS="$LIBS" + LIBS="$LIBFIDO2 $LIBS" + AC_CHECK_FUNCS([ \ + fido_assert_set_clientdata \ + fido_cred_prot \ + fido_cred_set_prot \ + fido_cred_set_clientdata \ + fido_dev_get_touch_begin \ + fido_dev_get_touch_status \ + fido_dev_supports_cred_prot \ + fido_dev_is_winhello \ + ]) + LIBS="$saved_LIBS" + fi fi AC_CHECK_FUNCS([ \ @@ -3326,17 +3332,6 @@ AC_CHECK_FUNCS([ \ arc4random_stir \ arc4random_uniform \ ]) - -saved_LIBS="$LIBS" -AC_CHECK_LIB([iaf], [ia_openinfo], [ - LIBS="$LIBS -liaf" - AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" - AC_DEFINE([HAVE_LIBIAF], [1], - [Define if system has libiaf that supports set_id]) - ]) -]) -LIBS="$saved_LIBS" - ### Configure cryptographic random number support # Check whether OpenSSL seeds itself @@ -3453,6 +3448,26 @@ elif test "x$openssl" = "xno" ; then else AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) fi +LIBS="$nocrypto_saved_LIBS" + +saved_LIBS="$LIBS" +AC_CHECK_LIB([iaf], [ia_openinfo], [ + LIBS="$LIBS -liaf" + AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" + AC_DEFINE([HAVE_LIBIAF], [1], + [Define if system has libiaf that supports set_id]) + ]) +]) +LIBS="$saved_LIBS" + +# Check for crypt() in libcrypt. If we have it, we only need it for sshd. +saved_LIBS="$LIBS" +AC_CHECK_LIB([crypt], [crypt], [ + LIBS="-lcrypt $LIBS" + SSHDLIBS="-lcrypt $SSHDLIBS" +]) +AC_CHECK_FUNCS([crypt]) +LIBS="$saved_LIBS" # Check for PAM libs PAM_MSG="no" @@ -3582,6 +3597,26 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ ) fi +AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ +#include +#ifdef HAVE_POLL_H +#include +#endif +#ifdef HAVE_SYS_POLL_H +#include +#endif +]]) + +AC_CHECK_TYPES([nfds_t], , , [ +#include +#ifdef HAVE_POLL_H +#include +#endif +#ifdef HAVE_SYS_POLL_H +#include +#endif +]) + # Decide which sandbox style to use sandbox_arg="" AC_ARG_WITH([sandbox], @@ -3595,12 +3630,13 @@ AC_ARG_WITH([sandbox], ] ) +if test "x$sandbox_arg" != "xno"; then # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument # is greater than OPEN_MAX". On some platforms that includes implementions -# ofselect in userspace on top of poll() so check both work with rlimit NOFILES -# so check that both work before enabling the rlimit sandbox. -AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) -AC_RUN_IFELSE( +# of select in userspace on top of poll() so check both work with rlimit +# NOFILES so check that both work before enabling the rlimit sandbox. + AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) + AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ #include #ifdef HAVE_SYS_TIME_H @@ -3653,30 +3689,10 @@ AC_RUN_IFELSE( select_works_with_rlimit=no], [AC_MSG_WARN([cross compiling: assuming no]) select_works_with_rlimit=no] -) - -AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ -#include -#ifdef HAVE_POLL_H -#include -#endif -#ifdef HAVE_SYS_POLL_H -#include -#endif -]]) - -AC_CHECK_TYPES([nfds_t], , , [ -#include -#ifdef HAVE_POLL_H -#include -#endif -#ifdef HAVE_SYS_POLL_H -#include -#endif -]) + ) -AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) -AC_RUN_IFELSE( + AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) + AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ #include #ifdef HAVE_SYS_TIME_H @@ -3699,10 +3715,10 @@ AC_RUN_IFELSE( rlimit_nofile_zero_works=no], [AC_MSG_WARN([cross compiling: assuming yes]) rlimit_nofile_zero_works=yes] -) + ) -AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) -AC_RUN_IFELSE( + AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) + AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ #include #include @@ -3718,7 +3734,8 @@ AC_RUN_IFELSE( AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, [setrlimit RLIMIT_FSIZE works])], [AC_MSG_WARN([cross compiling: assuming yes])] -) + ) +fi if test "x$sandbox_arg" = "xpledge" || \ ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then @@ -4340,7 +4357,7 @@ dnl test snprintf (broken on SCO w/gcc) #include #include #ifdef HAVE_SNPRINTF -main() +int main(void) { char buf[50]; char expected_out[50]; @@ -4357,7 +4374,7 @@ main() exit(0); } #else -main() { exit(0); } +int main(void) { exit(0); } #endif ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], AC_MSG_WARN([cross compiling: Assuming working snprintf()]) @@ -4406,6 +4423,16 @@ AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [sta #include ]]) +AC_CHECK_MEMBER([struct sockaddr_in.sin_len], + [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], + [], + [AC_LANG_SOURCE([[ +#include +#include +#include + ]])] +) + AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], ac_cv_have_ss_family_in_struct_ss, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ @@ -4727,7 +4754,6 @@ AC_ARG_WITH([kerberos5], AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) KRB5_MSG="yes" - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) use_pkgconfig_for_krb5= if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) @@ -4887,6 +4913,7 @@ AC_ARG_WITH([kerberos5], ) AC_SUBST([GSSLIBS]) AC_SUBST([K5LIBS]) +AC_SUBST([CHANNELLIBS]) # Check whether the user wants GSI (Globus) support gsi="no" @@ -5774,6 +5801,12 @@ echo " Libraries: ${LIBS}" if test ! -z "${GLOBUS_LIBS}"; then echo " +for GSI: ${GLOBUS_LIBS}" fi +if test ! -z "${CHANNELLIBS}"; then +echo " +for channels: ${CHANNELLIBS}" +fi +if test ! -z "${LIBFIDO2}"; then +echo " +for FIDO2: ${LIBFIDO2}" +fi if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi diff --git a/gsi_openssh/source/contrib/redhat/openssh.spec b/gsi_openssh/source/contrib/redhat/openssh.spec index b8ba8bae04..a665aa20bc 100644 --- a/gsi_openssh/source/contrib/redhat/openssh.spec +++ b/gsi_openssh/source/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%global ver 9.0p1 +%global ver 9.3p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/gsi_openssh/source/contrib/suse/openssh.spec b/gsi_openssh/source/contrib/suse/openssh.spec index 28b9086f4c..406b7c0b86 100644 --- a/gsi_openssh/source/contrib/suse/openssh.spec +++ b/gsi_openssh/source/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 9.0p1 +Version: 9.3p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/gsi_openssh/source/crypto_api.h b/gsi_openssh/source/crypto_api.h index 5c3d97eaa4..5d552ef023 100644 --- a/gsi_openssh/source/crypto_api.h +++ b/gsi_openssh/source/crypto_api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */ +/* $OpenBSD: crypto_api.h,v 1.8 2023/01/15 23:05:32 djm Exp $ */ /* * Assembled from generated headers and source files by Markus Friedl. @@ -32,8 +32,6 @@ typedef uint64_t crypto_uint64; int crypto_hash_sha512(unsigned char *, const unsigned char *, unsigned long long); -int crypto_verify_32(const unsigned char *, const unsigned char *); - #define crypto_sign_ed25519_SECRETKEYBYTES 64U #define crypto_sign_ed25519_PUBLICKEYBYTES 32U #define crypto_sign_ed25519_BYTES 64U diff --git a/gsi_openssh/source/dh.c b/gsi_openssh/source/dh.c index 5c22524191..c10ca88736 100644 --- a/gsi_openssh/source/dh.c +++ b/gsi_openssh/source/dh.c @@ -36,6 +36,12 @@ #include #include +#include +#include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif #include "dh.h" #include "pathnames.h" @@ -287,6 +293,108 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) return 1; } +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +dh_gen_key(DH *dh, int need) +{ + const BIGNUM *dh_p, *dh_g; + BIGNUM *pub_key = NULL, *priv_key = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params = NULL; + int pbits, r = 0; + + DH_get0_pqg(dh, &dh_p, NULL, &dh_g); + + if (need < 0 || dh_p == NULL || + (pbits = BN_num_bits(dh_p)) <= 0 || + need > INT_MAX / 2 || 2 * need > pbits) + return SSH_ERR_INVALID_ARGUMENT; + if (need < 256) + need = 256; + + if ((param_bld = OSSL_PARAM_BLD_new()) == NULL || + (ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL) { + OSSL_PARAM_BLD_free(param_bld); + return SSH_ERR_ALLOC_FAIL; + } + + if (OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_FFC_P, dh_p) != 1 || + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_FFC_G, dh_g) != 1) { + error_f("Could not set p,q,g parameters"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + /* + * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), + * so double requested need here. + */ + if (OSSL_PARAM_BLD_push_int(param_bld, + OSSL_PKEY_PARAM_DH_PRIV_LEN, + MINIMUM(need * 2, pbits - 1)) != 1 || + (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EVP_PKEY_fromdata_init(ctx) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EVP_PKEY_fromdata(ctx, &pkey, + EVP_PKEY_KEY_PARAMETERS, params) != 1) { + error_f("Failed key generation"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + /* reuse context for key generation */ + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL || + EVP_PKEY_keygen_init(ctx) != 1) { + error_f("Could not create or init context"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EVP_PKEY_generate(ctx, &pkey) != 1) { + error_f("Could not generate keys"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EVP_PKEY_public_check(ctx) != 1) { + error_f("The public key is incorrect"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, + &pub_key) != 1 || + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, + &priv_key) != 1 || + DH_set0_key(dh, pub_key, priv_key) != 1) { + error_f("Could not set pub/priv keys to DH struct"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + /* transferred */ + pub_key = NULL; + priv_key = NULL; +out: + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(param_bld); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + BN_clear_free(pub_key); + BN_clear_free(priv_key); + return r; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ int dh_gen_key(DH *dh, int need) { @@ -315,6 +423,7 @@ dh_gen_key(DH *dh, int need) return SSH_ERR_INVALID_FORMAT; return 0; } +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ DH * dh_new_group_asc(const char *gen, const char *modulus) @@ -509,6 +618,31 @@ dh_estimate(int bits) return 8192; } +# if (OPENSSL_VERSION_NUMBER < 0x10100000L) +/* + * taken from + * https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/dh/dh_lib.c + */ +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} + +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} +# endif + /* * Compares the received DH parameters with known-good groups, * which might be either from group14, group16 or group18. diff --git a/gsi_openssh/source/dh.h b/gsi_openssh/source/dh.h index e51e292b8b..db8a209b6f 100644 --- a/gsi_openssh/source/dh.h +++ b/gsi_openssh/source/dh.h @@ -50,6 +50,13 @@ int dh_is_known_group(const DH *); u_int dh_estimate(int); void dh_set_moduli_file(const char *); +# if (OPENSSL_VERSION_NUMBER < 0x10100000L) +void DH_get0_pqg(const DH *dh, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, + const BIGNUM **priv_key); +# endif + /* * Max value from RFC4419. * Min value from RFC8270. diff --git a/gsi_openssh/source/dispatch.c b/gsi_openssh/source/dispatch.c index 6e4c501e05..6118147bf1 100644 --- a/gsi_openssh/source/dispatch.c +++ b/gsi_openssh/source/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.32 2019/01/19 21:33:13 djm Exp $ */ +/* $OpenBSD: dispatch.c,v 1.33 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -34,7 +34,6 @@ #include "log.h" #include "dispatch.h" #include "packet.h" -#include "compat.h" #include "ssherr.h" int diff --git a/gsi_openssh/source/dns.c b/gsi_openssh/source/dns.c index 15218f14c0..9392414407 100644 --- a/gsi_openssh/source/dns.c +++ b/gsi_openssh/source/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.44 2023/03/10 04:06:21 dtucker Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -258,8 +258,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating key fingerprint."); + free(dnskey_digest); freerrset(fingerprints); - free(dnskey_digest); return -1; } @@ -302,7 +302,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, * Export the fingerprint of a key as a DNS resource record */ int -export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) +export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic, + int alg) { u_int8_t rdata_pubkey_algorithm = 0; u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; @@ -312,6 +313,8 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) int success = 0; for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + if (alg != -1 && dtype != alg) + continue; rdata_digest_type = dtype; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, &rdata_digest, &rdata_digest_len, key)) { diff --git a/gsi_openssh/source/dns.h b/gsi_openssh/source/dns.h index c9b61c4f28..864ab7d00a 100644 --- a/gsi_openssh/source/dns.h +++ b/gsi_openssh/source/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.19 2021/07/19 03:13:28 dtucker Exp $ */ +/* $OpenBSD: dns.h,v 1.20 2023/02/10 04:56:30 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -54,6 +54,6 @@ enum sshfp_hashes { int verify_host_key_dns(const char *, struct sockaddr *, struct sshkey *, int *); -int export_dns_rr(const char *, struct sshkey *, FILE *, int); +int export_dns_rr(const char *, struct sshkey *, FILE *, int, int); #endif /* DNS_H */ diff --git a/gsi_openssh/source/ed25519.c b/gsi_openssh/source/ed25519.c index 767ec24d6d..0e167ae1f6 100644 --- a/gsi_openssh/source/ed25519.c +++ b/gsi_openssh/source/ed25519.c @@ -1,52 +1,1935 @@ -/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ +/* $OpenBSD: ed25519.c,v 1.4 2023/01/15 23:05:32 djm Exp $ */ /* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c + * Public Domain, Authors: + * - Daniel J. Bernstein + * - Niels Duif + * - Tanja Lange + * - lead: Peter Schwabe + * - Bo-Yin Yang */ #include "includes.h" + +#include + #include "crypto_api.h" -#include "ge25519.h" +#define int8 crypto_int8 +#define uint8 crypto_uint8 +#define int16 crypto_int16 +#define uint16 crypto_uint16 +#define int32 crypto_int32 +#define uint32 crypto_uint32 +#define int64 crypto_int64 +#define uint64 crypto_uint64 + +/* from supercop-20221122/crypto_verify/32/ref/verify.c */ -static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +static int crypto_verify_32(const unsigned char *x,const unsigned char *y) { - unsigned long long i; + unsigned int differentbits = 0; +#define F(i) differentbits |= x[i] ^ y[i]; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} +/* from supercop-20221122/crypto_sign/ed25519/ref/fe25519.h */ +#ifndef FE25519_H +#define FE25519_H + - for (i = 0;i < 32;++i) playground[i] = sm[i]; - for (i = 32;i < 64;++i) playground[i] = pk[i-32]; - for (i = 64;i < smlen;++i) playground[i] = sm[i]; +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 - crypto_hash_sha512(hram,playground,smlen); +typedef struct +{ + crypto_uint32 v[32]; } +fe25519; +static void fe25519_freeze(fe25519 *r); -int crypto_sign_ed25519_keypair( - unsigned char *pk, - unsigned char *sk - ) +static void fe25519_unpack(fe25519 *r, const unsigned char x[32]); + +static void fe25519_pack(unsigned char r[32], const fe25519 *x); + +static int fe25519_iszero(const fe25519 *x); + +static int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +static void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +static void fe25519_setone(fe25519 *r); + +static void fe25519_setzero(fe25519 *r); + +static void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +static void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); + +static void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +static void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +static void fe25519_square(fe25519 *r, const fe25519 *x); + +static void fe25519_invert(fe25519 *r, const fe25519 *x); + +static void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif +/* from supercop-20221122/crypto_sign/ed25519/ref/fe25519.c */ +#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} + +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); +} + +static void fe25519_reduce_add_sub(fe25519 *r) { + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<2;rep++) + { + t = r->v[31] >> 7; + r->v[31] &= 127; + t = times19(t); + r->v[0] += t; + for(i=0;i<31;i++) + { + t = r->v[i] >> 8; + r->v[i+1] += t; + r->v[i] &= 255; + } + } +} + +/* reduction modulo 2^255-19 */ +static void fe25519_freeze(fe25519 *r) +{ + int i; + crypto_uint32 m = fe25519_equal(r->v[31],127); + for(i=30;i>0;i--) + m &= fe25519_equal(r->v[i],255); + m &= ge(r->v[0],237); + + m = -m; + + r->v[31] -= m&127; + for(i=30;i>0;i--) + r->v[i] -= m&255; + r->v[0] -= m&237; +} + +static void fe25519_unpack(fe25519 *r, const unsigned char x[32]) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x[i]; + r->v[31] &= 127; +} + +/* Assumes input x being reduced below 2^255 */ +static void fe25519_pack(unsigned char r[32], const fe25519 *x) +{ + int i; + fe25519 y = *x; + fe25519_freeze(&y); + for(i=0;i<32;i++) + r[i] = y.v[i]; +} + +static int fe25519_iszero(const fe25519 *x) +{ + int i; + int r; + fe25519 t = *x; + fe25519_freeze(&t); + r = fe25519_equal(t.v[0],0); + for(i=1;i<32;i++) + r &= fe25519_equal(t.v[i],0); + return r; +} + +static int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) +{ + int i; + fe25519 t1 = *x; + fe25519 t2 = *y; + fe25519_freeze(&t1); + fe25519_freeze(&t2); + for(i=0;i<32;i++) + if(t1.v[i] != t2.v[i]) return 0; + return 1; +} + +static void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) +{ + int i; + crypto_uint32 mask = b; + mask = -mask; + for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); +} + +unsigned char fe25519_getparity(const fe25519 *x) +{ + fe25519 t = *x; + fe25519_freeze(&t); + return t.v[0] & 1; +} + +static void fe25519_setone(fe25519 *r) +{ + int i; + r->v[0] = 1; + for(i=1;i<32;i++) r->v[i]=0; +} + +static void fe25519_setzero(fe25519 *r) +{ + int i; + for(i=0;i<32;i++) r->v[i]=0; +} + +static void fe25519_neg(fe25519 *r, const fe25519 *x) +{ + fe25519 t; + int i; + for(i=0;i<32;i++) t.v[i]=x->v[i]; + fe25519_setzero(r); + fe25519_sub(r, r, &t); +} + +static void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + fe25519_reduce_add_sub(r); +} + +static void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i; + crypto_uint32 t[32]; + t[0] = x->v[0] + 0x1da; + t[31] = x->v[31] + 0xfe; + for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; + for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; + fe25519_reduce_add_sub(r); +} + +static void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) +{ + int i,j; + crypto_uint32 t[63]; + for(i=0;i<63;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + for(i=32;i<63;i++) + r->v[i-32] = t[i-32] + times38(t[i]); + r->v[31] = t[31]; /* result now in r[0]...r[31] */ + + reduce_mul(r); +} + +static void fe25519_square(fe25519 *r, const fe25519 *x) +{ + fe25519_mul(r, x, x); +} + +static void fe25519_invert(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t0; + fe25519 t1; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t1,&z2); + /* 8 */ fe25519_square(&t0,&t1); + /* 9 */ fe25519_mul(&z9,&t0,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t0,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); + /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); + /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); + /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); + /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); + /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); + /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); + /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } + /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); + /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } + /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); + /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); + /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); + /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); + /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); + /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); +} + +static void fe25519_pow2523(fe25519 *r, const fe25519 *x) +{ + fe25519 z2; + fe25519 z9; + fe25519 z11; + fe25519 z2_5_0; + fe25519 z2_10_0; + fe25519 z2_20_0; + fe25519 z2_50_0; + fe25519 z2_100_0; + fe25519 t; + int i; + + /* 2 */ fe25519_square(&z2,x); + /* 4 */ fe25519_square(&t,&z2); + /* 8 */ fe25519_square(&t,&t); + /* 9 */ fe25519_mul(&z9,&t,x); + /* 11 */ fe25519_mul(&z11,&z9,&z2); + /* 22 */ fe25519_square(&t,&z11); + /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); + + /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); + /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } + /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); + + /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); + /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); + + /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); + /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } + /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); + + /* 2^41 - 2^1 */ fe25519_square(&t,&t); + /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } + /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); + + /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); + /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); + + /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); + /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } + /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); + + /* 2^201 - 2^1 */ fe25519_square(&t,&t); + /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } + /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); + + /* 2^251 - 2^1 */ fe25519_square(&t,&t); + /* 2^252 - 2^2 */ fe25519_square(&t,&t); + /* 2^252 - 3 */ fe25519_mul(r,&t,x); +} +/* from supercop-20221122/crypto_sign/ed25519/ref/sc25519.h */ +#ifndef SC25519_H +#define SC25519_H + + +#define sc25519 crypto_sign_ed25519_ref_sc25519 +#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 +#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes +#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes +#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes +#define sc25519_add crypto_sign_ed25519_ref_sc25519_add +#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul +#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 +#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 + +typedef struct +{ + crypto_uint32 v[32]; +} +sc25519; + +typedef struct +{ + crypto_uint32 v[16]; +} +shortsc25519; + +static void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); + + +static void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); + + +static void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); + + + + +static void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); + + +static void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); + + +/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 + * with r[i] in {-4,...,3} + */ +static void sc25519_window3(signed char r[85], const sc25519 *s); + +/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 + * with r[i] in {-16,...,15} + */ + +static void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); + +#endif +/* from supercop-20221122/crypto_sign/ed25519/ref/sc25519.c */ + +/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ + +static const crypto_uint32 sc25519_m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; + +static const crypto_uint32 sc25519_mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, + 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; + +static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ + x >>= 31; /* 0: no; 1: yes */ + return x; +} + +/* Reduce coefficients of r before calling sc25519_reduce_add_sub */ +static void sc25519_reduce_add_sub(sc25519 *r) +{ + crypto_uint32 pb = 0; + crypto_uint32 b; + crypto_uint32 mask; + int i; + unsigned char t[32]; + + for(i=0;i<32;i++) + { + pb += sc25519_m[i]; + b = lt(r->v[i],pb); + t[i] = r->v[i]-pb+(b<<8); + pb = b; + } + mask = b - 1; + for(i=0;i<32;i++) + r->v[i] ^= mask & (r->v[i] ^ t[i]); +} + +/* Reduce coefficients of x before calling barrett_reduce */ +static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) +{ + /* See HAC, Alg. 14.42 */ + int i,j; + crypto_uint32 q2[66]; + crypto_uint32 *q3 = q2 + 33; + crypto_uint32 r1[33]; + crypto_uint32 r2[33]; + crypto_uint32 carry; + crypto_uint32 pb = 0; + crypto_uint32 b; + + for (i = 0;i < 66;++i) q2[i] = 0; + for (i = 0;i < 33;++i) r2[i] = 0; + + for(i=0;i<33;i++) + for(j=0;j<33;j++) + if(i+j >= 31) q2[i+j] += sc25519_mu[i]*x[j+31]; + carry = q2[31] >> 8; + q2[32] += carry; + carry = q2[32] >> 8; + q2[33] += carry; + + for(i=0;i<33;i++)r1[i] = x[i]; + for(i=0;i<32;i++) + for(j=0;j<33;j++) + if(i+j < 33) r2[i+j] += sc25519_m[i]*q3[j]; + + for(i=0;i<32;i++) + { + carry = r2[i] >> 8; + r2[i+1] += carry; + r2[i] &= 0xff; + } + + for(i=0;i<32;i++) + { + pb += r2[i]; + b = lt(r1[i],pb); + r->v[i] = r1[i]-pb+(b<<8); + pb = b; + } + + /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 + * If so: Handle it here! + */ + + sc25519_reduce_add_sub(r); + sc25519_reduce_add_sub(r); +} + +static void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<32;i++) t[i] = x[i]; + for(i=32;i<64;++i) t[i] = 0; + barrett_reduce(r, t); +} + + +static void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) +{ + int i; + crypto_uint32 t[64]; + for(i=0;i<64;i++) t[i] = x[i]; + barrett_reduce(r, t); +} + + +static void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + int i; + for(i=0;i<32;i++) r[i] = x->v[i]; +} + + + + +static void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i, carry; + for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; + for(i=0;i<31;i++) + { + carry = r->v[i] >> 8; + r->v[i+1] += carry; + r->v[i] &= 0xff; + } + sc25519_reduce_add_sub(r); +} + + +static void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) +{ + int i,j,carry; + crypto_uint32 t[64]; + for(i=0;i<64;i++)t[i] = 0; + + for(i=0;i<32;i++) + for(j=0;j<32;j++) + t[i+j] += x->v[i] * y->v[j]; + + /* Reduce coefficients */ + for(i=0;i<63;i++) + { + carry = t[i] >> 8; + t[i+1] += carry; + t[i] &= 0xff; + } + + barrett_reduce(r, t); +} + + +static void sc25519_window3(signed char r[85], const sc25519 *s) +{ + char carry; + int i; + for(i=0;i<10;i++) + { + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + r[8*i+5] = (s->v[3*i+1] >> 7) & 7; + r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; + r[8*i+6] = (s->v[3*i+2] >> 2) & 7; + r[8*i+7] = (s->v[3*i+2] >> 5) & 7; + } + r[8*i+0] = s->v[3*i+0] & 7; + r[8*i+1] = (s->v[3*i+0] >> 3) & 7; + r[8*i+2] = (s->v[3*i+0] >> 6) & 7; + r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; + r[8*i+3] = (s->v[3*i+1] >> 1) & 7; + r[8*i+4] = (s->v[3*i+1] >> 4) & 7; + + /* Making it signed */ + carry = 0; + for(i=0;i<84;i++) + { + r[i] += carry; + r[i+1] += r[i] >> 3; + r[i] &= 7; + carry = r[i] >> 2; + r[i] -= carry<<3; + } + r[84] += carry; +} + + +static void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) +{ + int i; + for(i=0;i<31;i++) + { + r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); + r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); + r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); + r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); + } + r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); + r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); + r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); +} +/* from supercop-20221122/crypto_sign/ed25519/ref/ge25519.h */ +#ifndef GE25519_H +#define GE25519_H + + +#define ge25519 crypto_sign_ed25519_ref_ge25519 +#define ge25519_base crypto_sign_ed25519_ref_ge25519_base +#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime +#define ge25519_pack crypto_sign_ed25519_ref_pack +#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime +#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime +#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; + fe25519 t; +} ge25519; + +const ge25519 ge25519_base; + +int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); + +static void ge25519_pack(unsigned char r[32], const ge25519 *p); + +int ge25519_isneutral_vartime(const ge25519 *p); + +static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); + +static void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); + +#endif +/* from supercop-20221122/crypto_sign/ed25519/ref/ge25519.c */ + +/* + * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 + * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 + * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); + */ + +/* d */ +static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, + 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; +/* 2*d */ +static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, + 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; +/* sqrt(-1) */ +static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, + 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; + +#define ge25519_p3 ge25519 + +typedef struct +{ + fe25519 x; + fe25519 z; + fe25519 y; + fe25519 t; +} ge25519_p1p1; + +typedef struct +{ + fe25519 x; + fe25519 y; + fe25519 z; +} ge25519_p2; + +typedef struct +{ + fe25519 x; + fe25519 y; +} ge25519_aff; + + +/* Packed coordinates of the base point */ +const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, + 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, + 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; + +/* Multiples of the base point in affine representation */ +static const ge25519_aff ge25519_base_multiples_affine[425] = { +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , + {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, +{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , + {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, +{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , + {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, +{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , + {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , + {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, +{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , + {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, +{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , + {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, +{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , + {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , + {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, +{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , + {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, +{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , + {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, +{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , + {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , + {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, +{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , + {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, +{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , + {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, +{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , + {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , + {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, +{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , + {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, +{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , + {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, +{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , + {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , + {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, +{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , + {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, +{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , + {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, +{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , + {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , + {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, +{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , + {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, +{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , + {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, +{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , + {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , + {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, +{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , + {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, +{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , + {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, +{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , + {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , + {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, +{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , + {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, +{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , + {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, +{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , + {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , + {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, +{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , + {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, +{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , + {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, +{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , + {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , + {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, +{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , + {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, +{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , + {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, +{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , + {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , + {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, +{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , + {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, +{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , + {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, +{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , + {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , + {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, +{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , + {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, +{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , + {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, +{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , + {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , + {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, +{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , + {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, +{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , + {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, +{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , + {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , + {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, +{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , + {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, +{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , + {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, +{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , + {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , + {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, +{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , + {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, +{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , + {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, +{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , + {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , + {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, +{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , + {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, +{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , + {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, +{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , + {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , + {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, +{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , + {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, +{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , + {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, +{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , + {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , + {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, +{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , + {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, +{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , + {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, +{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , + {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , + {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, +{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , + {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, +{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , + {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, +{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , + {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , + {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, +{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , + {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, +{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , + {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, +{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , + {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , + {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, +{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , + {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, +{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , + {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, +{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , + {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , + {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, +{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , + {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, +{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , + {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, +{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , + {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , + {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, +{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , + {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, +{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , + {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, +{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , + {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , + {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, +{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , + {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, +{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , + {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, +{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , + {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , + {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, +{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , + {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, +{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , + {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, +{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , + {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , + {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, +{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , + {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, +{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , + {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, +{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , + {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , + {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, +{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , + {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, +{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , + {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, +{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , + {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , + {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, +{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , + {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, +{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , + {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, +{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , + {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , + {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, +{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , + {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, +{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , + {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, +{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , + {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , + {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, +{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , + {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, +{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , + {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, +{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , + {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , + {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, +{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , + {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, +{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , + {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, +{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , + {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , + {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, +{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , + {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, +{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , + {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, +{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , + {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , + {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, +{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , + {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, +{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , + {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, +{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , + {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , + {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, +{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , + {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, +{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , + {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, +{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , + {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , + {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, +{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , + {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, +{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , + {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, +{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , + {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , + {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, +{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , + {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, +{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , + {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, +{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , + {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , + {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, +{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , + {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, +{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , + {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, +{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , + {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , + {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, +{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , + {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, +{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , + {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, +{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , + {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , + {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, +{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , + {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, +{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , + {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, +{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , + {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , + {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, +{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , + {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, +{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , + {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, +{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , + {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , + {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, +{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , + {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, +{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , + {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, +{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , + {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , + {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, +{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , + {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, +{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , + {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, +{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , + {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , + {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, +{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , + {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, +{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , + {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, +{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , + {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , + {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, +{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , + {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, +{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , + {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, +{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , + {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , + {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, +{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , + {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, +{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , + {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, +{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , + {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , + {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, +{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , + {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, +{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , + {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, +{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , + {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , + {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, +{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , + {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, +{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , + {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, +{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , + {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , + {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, +{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , + {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, +{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , + {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, +{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , + {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , + {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, +{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , + {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, +{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , + {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, +{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , + {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , + {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, +{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , + {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, +{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , + {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, +{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , + {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , + {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, +{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , + {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, +{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , + {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, +{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , + {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , + {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, +{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , + {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, +{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , + {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, +{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , + {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , + {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, +{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , + {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, +{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , + {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, +{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , + {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , + {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, +{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , + {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, +{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , + {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, +{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , + {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , + {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, +{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , + {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, +{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , + {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, +{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , + {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , + {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, +{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , + {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, +{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , + {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, +{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , + {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , + {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, +{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , + {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, +{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , + {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, +{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , + {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , + {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, +{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , + {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, +{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , + {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, +{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , + {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , + {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, +{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , + {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, +{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , + {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, +{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , + {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , + {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, +{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , + {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, +{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , + {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, +{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , + {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , + {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, +{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , + {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, +{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , + {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, +{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , + {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , + {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, +{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , + {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, +{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , + {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, +{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , + {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , + {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, +{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , + {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, +{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , + {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, +{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , + {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , + {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, +{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , + {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, +{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , + {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, +{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , + {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , + {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, +{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , + {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, +{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , + {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, +{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , + {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , + {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, +{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , + {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, +{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , + {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, +{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , + {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , + {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, +{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , + {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, +{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , + {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, +{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , + {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , + {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, +{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , + {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, +{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , + {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, +{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , + {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , + {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, +{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , + {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, +{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , + {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, +{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , + {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , + {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, +{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , + {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, +{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , + {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, +{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , + {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , + {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, +{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , + {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, +{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , + {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, +{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , + {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , + {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, +{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , + {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, +{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , + {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, +{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , + {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , + {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, +{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , + {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, +{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , + {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, +{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , + {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , + {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, +{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , + {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, +{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , + {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, +{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , + {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , + {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, +{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , + {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, +{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , + {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, +{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , + {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , + {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, +{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , + {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, +{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , + {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, +{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , + {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , + {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, +{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , + {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, +{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , + {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, +{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , + {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , + {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, +{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , + {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, +{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , + {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, +{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , + {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , + {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, +{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , + {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, +{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , + {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, +{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , + {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , + {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, +{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , + {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, +{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , + {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, +{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , + {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , + {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, +{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , + {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, +{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , + {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, +{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , + {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , + {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, +{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , + {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, +{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , + {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, +{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , + {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , + {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, +{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , + {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, +{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , + {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, +{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , + {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, +{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, +{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , + {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, +{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , + {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, +{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , + {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, +{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , + {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} +}; + +static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) +{ + fe25519_mul(&r->x, &p->x, &p->t); + fe25519_mul(&r->y, &p->y, &p->z); + fe25519_mul(&r->z, &p->z, &p->t); +} + +static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) +{ + p1p1_to_p2((ge25519_p2 *)r, p); + fe25519_mul(&r->t, &p->x, &p->y); +} + +static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) +{ + fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; + fe25519_mul(&qt, &q->x, &q->y); + fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_sub(&t1, &q->y, &q->x); + fe25519_add(&t2, &q->y, &q->x); + fe25519_mul(&a, &a, &t1); + fe25519_mul(&b, &b, &t2); + fe25519_sub(&e, &b, &a); /* E = B-A */ + fe25519_add(&h, &b, &a); /* H = B+A */ + fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ + fe25519_sub(&f, &d, &c); /* F = D-C */ + fe25519_add(&g, &d, &c); /* G = D+C */ + fe25519_mul(&r->x, &e, &f); + fe25519_mul(&r->y, &h, &g); + fe25519_mul(&r->z, &g, &f); + fe25519_mul(&r->t, &e, &h); +} + +static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) +{ + fe25519 a, b, c, d, t; + + fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ + fe25519_sub(&t, &q->y, &q->x); + fe25519_mul(&a, &a, &t); + fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ + fe25519_add(&t, &q->x, &q->y); + fe25519_mul(&b, &b, &t); + fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ + fe25519_mul(&c, &c, &ge25519_ec2d); + fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ + fe25519_add(&d, &d, &d); + fe25519_sub(&r->x, &b, &a); /* E = B-A */ + fe25519_sub(&r->t, &d, &c); /* F = D-C */ + fe25519_add(&r->z, &d, &c); /* G = D+C */ + fe25519_add(&r->y, &b, &a); /* H = B+A */ +} + +/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ +static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) +{ + fe25519 a,b,c,d; + fe25519_square(&a, &p->x); + fe25519_square(&b, &p->y); + fe25519_square(&c, &p->z); + fe25519_add(&c, &c, &c); + fe25519_neg(&d, &a); + + fe25519_add(&r->x, &p->x, &p->y); + fe25519_square(&r->x, &r->x); + fe25519_sub(&r->x, &r->x, &a); + fe25519_sub(&r->x, &r->x, &b); + fe25519_add(&r->z, &d, &b); + fe25519_sub(&r->t, &r->z, &c); + fe25519_sub(&r->y, &d, &b); +} + +/* Constant-time version of: if(b) r = p */ +static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) +{ + fe25519_cmov(&r->x, &p->x, b); + fe25519_cmov(&r->y, &p->y, b); +} + +static unsigned char equal(signed char b,signed char c) +{ + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + crypto_uint32 y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static unsigned char negative(signed char b) +{ + unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return x; +} + +static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) +{ + /* constant time */ + fe25519 v; + *t = ge25519_base_multiples_affine[5*pos+0]; + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); + cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); + fe25519_neg(&v, &t->x); + fe25519_cmov(&t->x, &v, negative(b)); +} + +static void setneutral(ge25519 *r) +{ + fe25519_setzero(&r->x); + fe25519_setone(&r->y); + fe25519_setone(&r->z); + fe25519_setzero(&r->t); +} + +/* ******************************************************************** + * EXPORTED FUNCTIONS + ******************************************************************** */ + +/* return 0 on success, -1 otherwise */ +int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) +{ + unsigned char par; + fe25519 t, chk, num, den, den2, den4, den6; + fe25519_setone(&r->z); + par = p[31] >> 7; + fe25519_unpack(&r->y, p); + fe25519_square(&num, &r->y); /* x = y^2 */ + fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ + fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ + fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + fe25519_square(&den2, &den); + fe25519_square(&den4, &den2); + fe25519_mul(&den6, &den4, &den2); + fe25519_mul(&t, &den6, &num); + fe25519_mul(&t, &t, &den); + + fe25519_pow2523(&t, &t); + /* 2. computation of r->x = t * num * den^3 */ + fe25519_mul(&t, &t, &num); + fe25519_mul(&t, &t, &den); + fe25519_mul(&t, &t, &den); + fe25519_mul(&r->x, &t, &den); + + /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); + + /* 4. Now we have one of the two square roots, except if input was not a square */ + fe25519_square(&chk, &r->x); + fe25519_mul(&chk, &chk, &den); + if (!fe25519_iseq_vartime(&chk, &num)) + return -1; + + /* 5. Choose the desired square root according to parity: */ + if(fe25519_getparity(&r->x) != (1-par)) + fe25519_neg(&r->x, &r->x); + + fe25519_mul(&r->t, &r->x, &r->y); + return 0; +} + +static void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) +{ + fe25519 tx, ty, zi; + fe25519_invert(&zi, &p->z); + fe25519_mul(&tx, &p->x, &zi); + fe25519_mul(&ty, &p->y, &zi); + fe25519_pack(r, &ty); + r[31] ^= fe25519_getparity(&tx) << 7; +} + +int ge25519_isneutral_vartime(const ge25519_p3 *p) +{ + int ret = 1; + if(!fe25519_iszero(&p->x)) ret = 0; + if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; + return ret; +} + +/* computes [s1]p1 + [s2]p2 */ +static void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) +{ + ge25519_p1p1 tp1p1; + ge25519_p3 pre[16]; + unsigned char b[127]; + int i; + + /* precomputation s2 s1 */ + setneutral(pre); /* 00 00 */ + pre[1] = *p1; /* 00 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ + pre[4] = *p2; /* 01 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ + add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ + add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ + add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ + add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ + add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ + add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ + + sc25519_2interleave2(b,s1,s2); + + /* scalar multiplication */ + *r = pre[b[126]]; + for(i=125;i>=0;i--) + { + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + p1p1_to_p2((ge25519_p2 *) r, &tp1p1); + dbl_p1p1(&tp1p1, (ge25519_p2 *)r); + if(b[i]!=0) + { + p1p1_to_p3(r, &tp1p1); + add_p1p1(&tp1p1, r, &pre[b[i]]); + } + if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + else p1p1_to_p3(r, &tp1p1); + } +} + +static void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[85]; + int i; + ge25519_aff t; + sc25519_window3(b,s); + + choose_t((ge25519_aff *)r, 0, b[0]); + fe25519_setone(&r->z); + fe25519_mul(&r->t, &r->x, &r->y); + for(i=1;i<85;i++) + { + choose_t(&t, (unsigned long long) i, b[i]); + ge25519_mixadd2(r, &t); + } +} +/* from supercop-20221122/crypto_sign/ed25519/ref/keypair.c */ + +int crypto_sign_ed25519_keypair(unsigned char *pk,unsigned char *sk) +{ + unsigned char az[64]; sc25519 scsk; ge25519 gepk; - unsigned char extsk[64]; - int i; - randombytes(sk, 32); - crypto_hash_sha512(extsk, sk, 32); - extsk[0] &= 248; - extsk[31] &= 127; - extsk[31] |= 64; + randombytes(sk,32); + crypto_hash_sha512(az,sk,32); + az[0] &= 248; + az[31] &= 127; + az[31] |= 64; + + sc25519_from32bytes(&scsk,az); - sc25519_from32bytes(&scsk,extsk); - ge25519_scalarmult_base(&gepk, &scsk); ge25519_pack(pk, &gepk); - for(i=0;i<32;i++) - sk[32 + i] = pk[i]; + memmove(sk + 32,pk,32); return 0; } +/* from supercop-20221122/crypto_sign/ed25519/ref/sign.c */ int crypto_sign_ed25519( unsigned char *sm,unsigned long long *smlen, @@ -54,51 +1937,53 @@ int crypto_sign_ed25519( const unsigned char *sk ) { + unsigned char pk[32]; + unsigned char az[64]; + unsigned char nonce[64]; + unsigned char hram[64]; sc25519 sck, scs, scsk; ge25519 ger; - unsigned char r[32]; - unsigned char s[32]; - unsigned char extsk[64]; - unsigned long long i; - unsigned char hmg[crypto_hash_sha512_BYTES]; - unsigned char hram[crypto_hash_sha512_BYTES]; - - crypto_hash_sha512(extsk, sk, 32); - extsk[0] &= 248; - extsk[31] &= 127; - extsk[31] |= 64; - - *smlen = mlen+64; - for(i=0;i' +echo +echo '#include "crypto_api.h"' +echo +# Map the types used in this code to the ones in crypto_api.h. We use #define +# instead of typedef since some systems have existing intXX types and do not +# permit multiple typedefs even if they do not conflict. +for t in int8 uint8 int16 uint16 int32 uint32 int64 uint64; do + echo "#define $t crypto_${t}" +done +echo +for i in $FILES; do + echo "/* from $i */" + # Changes to all files: + # - inline ge25519_base.data where it is included + # - expand CRYPTO_NAMESPACE() namespacing define + # - remove all includes, we inline everything required. + # - make functions not required elsewhere static. + # - rename the functions we do use. + sed \ + -e "/#include \"ge25519_base.data\"/r $DATA" \ + -e "/#include/d" \ + -e "s/^void /static void /g" \ + -e 's/CRYPTO_NAMESPACE[(]\([a-zA-Z0-9_]*\)[)]/crypto_sign_ed25519_ref_\1/g' \ + $i | \ + case "$i" in + */crypto_verify/32/ref/verify.c) + # rename crypto_verify() to the name that the ed25519 code expects. + sed -e "/^#include.*/d" \ + -e "s/crypto_verify/crypto_verify_32/g" \ + -e "s/^int /static int /g" + ;; + */crypto_sign/ed25519/ref/sign.c) + # rename signing function to the name OpenSSH expects + sed -e "s/crypto_sign/crypto_sign_ed25519/g" + ;; + */crypto_sign/ed25519/ref/keypair.c) + # rename key generation function to the name OpenSSH expects + sed -e "s/crypto_sign_keypair/crypto_sign_ed25519_keypair/g" + ;; + */crypto_sign/ed25519/ref/open.c) + # rename verification function to the name OpenSSH expects + sed -e "s/crypto_sign_open/crypto_sign_ed25519_open/g" + ;; + */crypto_sign/ed25519/ref/fe25519.*) + # avoid a couple of name collions with other files + sed -e "s/reduce_add_sub/fe25519_reduce_add_sub/g" \ + -e "s/ equal[(]/ fe25519_equal(/g" \ + -e "s/^int /static int /g" + ;; + */crypto_sign/ed25519/ref/sc25519.h) + # Lots of unused prototypes to remove + sed -e "s/^int /static int /g" \ + -e '/shortsc25519_from16bytes/d' \ + -e '/sc25519_iszero_vartime/d' \ + -e '/sc25519_isshort_vartime/d' \ + -e '/sc25519_lt_vartime/d' \ + -e '/sc25519_sub_nored/d' \ + -e '/sc25519_mul_shortsc/d' \ + -e '/sc25519_from_shortsc/d' \ + -e '/sc25519_window5/d' + ;; + */crypto_sign/ed25519/ref/sc25519.c) + # Lots of unused code to remove, some name collisions to avoid + sed -e "s/reduce_add_sub/sc25519_reduce_add_sub/g" \ + -e "s/ equal[(]/ sc25519_equal(/g" \ + -e "s/^int /static int /g" \ + -e "s/m[[]/sc25519_m[/g" \ + -e "s/mu[[]/sc25519_mu[/g" \ + -e '/shortsc25519_from16bytes/,/^}$/d' \ + -e '/sc25519_iszero_vartime/,/^}$/d' \ + -e '/sc25519_isshort_vartime/,/^}$/d' \ + -e '/sc25519_lt_vartime/,/^}$/d' \ + -e '/sc25519_sub_nored/,/^}$/d' \ + -e '/sc25519_mul_shortsc/,/^}$/d' \ + -e '/sc25519_from_shortsc/,/^}$/d' \ + -e '/sc25519_window5/,/^}$/d' + ;; + */crypto_sign/ed25519/ref//ge25519.*) + sed -e "s/^int /static int /g" + ;; + # Default: pass through. + *) + cat + ;; + esac | \ + sed -e 's/[ ]*$//' +done diff --git a/gsi_openssh/source/entropy.c b/gsi_openssh/source/entropy.c index a4088e43cd..842c66fd6d 100644 --- a/gsi_openssh/source/entropy.c +++ b/gsi_openssh/source/entropy.c @@ -57,40 +57,6 @@ * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from * PRNGd. */ -#ifndef OPENSSL_PRNG_ONLY - -void -rexec_send_rng_seed(struct sshbuf *m) -{ - u_char buf[RANDOM_SEED_SIZE]; - size_t len = sizeof(buf); - int r; - - if (RAND_bytes(buf, sizeof(buf)) <= 0) { - error("Couldn't obtain random bytes (error %ld)", - ERR_get_error()); - len = 0; - } - if ((r = sshbuf_put_string(m, buf, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - explicit_bzero(buf, sizeof(buf)); -} - -void -rexec_recv_rng_seed(struct sshbuf *m) -{ - const u_char *buf = NULL; - size_t len = 0; - int r; - - if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - debug3("rexec_recv_rng_seed: seeding rng with %lu bytes", - (unsigned long)len); - RAND_add(buf, len, len); -} -#endif /* OPENSSL_PRNG_ONLY */ void seed_rng(void) diff --git a/gsi_openssh/source/fe25519.c b/gsi_openssh/source/fe25519.c deleted file mode 100644 index e54fd15473..0000000000 --- a/gsi_openssh/source/fe25519.c +++ /dev/null @@ -1,337 +0,0 @@ -/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c - */ - -#include "includes.h" - -#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ -#define WINDOWMASK ((1<>= 31; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ - x >>= 31; /* 0: yes; 1: no */ - x ^= 1; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 times19(crypto_uint32 a) -{ - return (a << 4) + (a << 1) + a; -} - -static crypto_uint32 times38(crypto_uint32 a) -{ - return (a << 5) + (a << 2) + (a << 1); -} - -static void reduce_add_sub(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<4;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t = times19(t); - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -static void reduce_mul(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<2;rep++) - { - t = r->v[31] >> 7; - r->v[31] &= 127; - t = times19(t); - r->v[0] += t; - for(i=0;i<31;i++) - { - t = r->v[i] >> 8; - r->v[i+1] += t; - r->v[i] &= 255; - } - } -} - -/* reduction modulo 2^255-19 */ -void fe25519_freeze(fe25519 *r) -{ - int i; - crypto_uint32 m = equal(r->v[31],127); - for(i=30;i>0;i--) - m &= equal(r->v[i],255); - m &= ge(r->v[0],237); - - m = -m; - - r->v[31] -= m&127; - for(i=30;i>0;i--) - r->v[i] -= m&255; - r->v[0] -= m&237; -} - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x[i]; - r->v[31] &= 127; -} - -/* Assumes input x being reduced below 2^255 */ -void fe25519_pack(unsigned char r[32], const fe25519 *x) -{ - int i; - fe25519 y = *x; - fe25519_freeze(&y); - for(i=0;i<32;i++) - r[i] = y.v[i]; -} - -int fe25519_iszero(const fe25519 *x) -{ - int i; - int r; - fe25519 t = *x; - fe25519_freeze(&t); - r = equal(t.v[0],0); - for(i=1;i<32;i++) - r &= equal(t.v[i],0); - return r; -} - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) -{ - int i; - fe25519 t1 = *x; - fe25519 t2 = *y; - fe25519_freeze(&t1); - fe25519_freeze(&t2); - for(i=0;i<32;i++) - if(t1.v[i] != t2.v[i]) return 0; - return 1; -} - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) -{ - int i; - crypto_uint32 mask = b; - mask = -mask; - for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); -} - -unsigned char fe25519_getparity(const fe25519 *x) -{ - fe25519 t = *x; - fe25519_freeze(&t); - return t.v[0] & 1; -} - -void fe25519_setone(fe25519 *r) -{ - int i; - r->v[0] = 1; - for(i=1;i<32;i++) r->v[i]=0; -} - -void fe25519_setzero(fe25519 *r) -{ - int i; - for(i=0;i<32;i++) r->v[i]=0; -} - -void fe25519_neg(fe25519 *r, const fe25519 *x) -{ - fe25519 t; - int i; - for(i=0;i<32;i++) t.v[i]=x->v[i]; - fe25519_setzero(r); - fe25519_sub(r, r, &t); -} - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - reduce_add_sub(r); -} - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - crypto_uint32 t[32]; - t[0] = x->v[0] + 0x1da; - t[31] = x->v[31] + 0xfe; - for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; - for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; - reduce_add_sub(r); -} - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i,j; - crypto_uint32 t[63]; - for(i=0;i<63;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - for(i=32;i<63;i++) - r->v[i-32] = t[i-32] + times38(t[i]); - r->v[31] = t[31]; /* result now in r[0]...r[31] */ - - reduce_mul(r); -} - -void fe25519_square(fe25519 *r, const fe25519 *x) -{ - fe25519_mul(r, x, x); -} - -void fe25519_invert(fe25519 *r, const fe25519 *x) -{ - fe25519 z2; - fe25519 z9; - fe25519 z11; - fe25519 z2_5_0; - fe25519 z2_10_0; - fe25519 z2_20_0; - fe25519 z2_50_0; - fe25519 z2_100_0; - fe25519 t0; - fe25519 t1; - int i; - - /* 2 */ fe25519_square(&z2,x); - /* 4 */ fe25519_square(&t1,&z2); - /* 8 */ fe25519_square(&t0,&t1); - /* 9 */ fe25519_mul(&z9,&t0,x); - /* 11 */ fe25519_mul(&z11,&z9,&z2); - /* 22 */ fe25519_square(&t0,&z11); - /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); - - /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); - /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); - /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); - /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); - /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); - - /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); - /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); - - /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); - /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); - - /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); - - /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); - /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); - - /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); - /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } - /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); - - /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); - /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); - /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } - /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); - - /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); - /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); - /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); - /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); - /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); - /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); -} - -void fe25519_pow2523(fe25519 *r, const fe25519 *x) -{ - fe25519 z2; - fe25519 z9; - fe25519 z11; - fe25519 z2_5_0; - fe25519 z2_10_0; - fe25519 z2_20_0; - fe25519 z2_50_0; - fe25519 z2_100_0; - fe25519 t; - int i; - - /* 2 */ fe25519_square(&z2,x); - /* 4 */ fe25519_square(&t,&z2); - /* 8 */ fe25519_square(&t,&t); - /* 9 */ fe25519_mul(&z9,&t,x); - /* 11 */ fe25519_mul(&z11,&z9,&z2); - /* 22 */ fe25519_square(&t,&z11); - /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); - - /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); - /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } - /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); - - /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); - /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } - /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); - - /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); - /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } - /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); - - /* 2^41 - 2^1 */ fe25519_square(&t,&t); - /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } - /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); - - /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); - /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } - /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); - - /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); - /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } - /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); - - /* 2^201 - 2^1 */ fe25519_square(&t,&t); - /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } - /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); - - /* 2^251 - 2^1 */ fe25519_square(&t,&t); - /* 2^252 - 2^2 */ fe25519_square(&t,&t); - /* 2^252 - 3 */ fe25519_mul(r,&t,x); -} diff --git a/gsi_openssh/source/fe25519.h b/gsi_openssh/source/fe25519.h deleted file mode 100644 index 41b3cbb49d..0000000000 --- a/gsi_openssh/source/fe25519.h +++ /dev/null @@ -1,70 +0,0 @@ -/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h - */ - -#ifndef FE25519_H -#define FE25519_H - -#include "crypto_api.h" - -#define fe25519 crypto_sign_ed25519_ref_fe25519 -#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack -#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero -#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov -#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone -#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero -#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_ref_fe25519_add -#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul -#define fe25519_square crypto_sign_ed25519_ref_fe25519_square -#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert -#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 - -typedef struct -{ - crypto_uint32 v[32]; -} -fe25519; - -void fe25519_freeze(fe25519 *r); - -void fe25519_unpack(fe25519 *r, const unsigned char x[32]); - -void fe25519_pack(unsigned char r[32], const fe25519 *x); - -int fe25519_iszero(const fe25519 *x); - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); - -void fe25519_setone(fe25519 *r); - -void fe25519_setzero(fe25519 *r); - -void fe25519_neg(fe25519 *r, const fe25519 *x); - -unsigned char fe25519_getparity(const fe25519 *x); - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_invert(fe25519 *r, const fe25519 *x); - -void fe25519_pow2523(fe25519 *r, const fe25519 *x); - -#endif diff --git a/gsi_openssh/source/ge25519.c b/gsi_openssh/source/ge25519.c deleted file mode 100644 index dfe3849b93..0000000000 --- a/gsi_openssh/source/ge25519.c +++ /dev/null @@ -1,321 +0,0 @@ -/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c - */ - -#include "includes.h" - -#include "fe25519.h" -#include "sc25519.h" -#include "ge25519.h" - -/* - * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 - * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 - * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); - */ - -/* d */ -static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, - 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; -/* 2*d */ -static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, - 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; -/* sqrt(-1) */ -static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, - 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; - -#define ge25519_p3 ge25519 - -typedef struct -{ - fe25519 x; - fe25519 z; - fe25519 y; - fe25519 t; -} ge25519_p1p1; - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; -} ge25519_p2; - -typedef struct -{ - fe25519 x; - fe25519 y; -} ge25519_aff; - - -/* Packed coordinates of the base point */ -const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, - 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, - 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; - -/* Multiples of the base point in affine representation */ -static const ge25519_aff ge25519_base_multiples_affine[425] = { -#include "ge25519_base.data" -}; - -static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) -{ - fe25519_mul(&r->x, &p->x, &p->t); - fe25519_mul(&r->y, &p->y, &p->z); - fe25519_mul(&r->z, &p->z, &p->t); -} - -static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) -{ - p1p1_to_p2((ge25519_p2 *)r, p); - fe25519_mul(&r->t, &p->x, &p->y); -} - -static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) -{ - fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; - fe25519_mul(&qt, &q->x, &q->y); - fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_sub(&t1, &q->y, &q->x); - fe25519_add(&t2, &q->y, &q->x); - fe25519_mul(&a, &a, &t1); - fe25519_mul(&b, &b, &t2); - fe25519_sub(&e, &b, &a); /* E = B-A */ - fe25519_add(&h, &b, &a); /* H = B+A */ - fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ - fe25519_sub(&f, &d, &c); /* F = D-C */ - fe25519_add(&g, &d, &c); /* G = D+C */ - fe25519_mul(&r->x, &e, &f); - fe25519_mul(&r->y, &h, &g); - fe25519_mul(&r->z, &g, &f); - fe25519_mul(&r->t, &e, &h); -} - -static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) -{ - fe25519 a, b, c, d, t; - - fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_sub(&t, &q->y, &q->x); - fe25519_mul(&a, &a, &t); - fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_add(&t, &q->x, &q->y); - fe25519_mul(&b, &b, &t); - fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ - fe25519_add(&d, &d, &d); - fe25519_sub(&r->x, &b, &a); /* E = B-A */ - fe25519_sub(&r->t, &d, &c); /* F = D-C */ - fe25519_add(&r->z, &d, &c); /* G = D+C */ - fe25519_add(&r->y, &b, &a); /* H = B+A */ -} - -/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ -static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) -{ - fe25519 a,b,c,d; - fe25519_square(&a, &p->x); - fe25519_square(&b, &p->y); - fe25519_square(&c, &p->z); - fe25519_add(&c, &c, &c); - fe25519_neg(&d, &a); - - fe25519_add(&r->x, &p->x, &p->y); - fe25519_square(&r->x, &r->x); - fe25519_sub(&r->x, &r->x, &a); - fe25519_sub(&r->x, &r->x, &b); - fe25519_add(&r->z, &d, &b); - fe25519_sub(&r->t, &r->z, &c); - fe25519_sub(&r->y, &d, &b); -} - -/* Constant-time version of: if(b) r = p */ -static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) -{ - fe25519_cmov(&r->x, &p->x, b); - fe25519_cmov(&r->y, &p->y, b); -} - -static unsigned char equal(signed char b,signed char c) -{ - unsigned char ub = b; - unsigned char uc = c; - unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - crypto_uint32 y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - return y; -} - -static unsigned char negative(signed char b) -{ - unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ - x >>= 63; /* 1: yes; 0: no */ - return x; -} - -static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) -{ - /* constant time */ - fe25519 v; - *t = ge25519_base_multiples_affine[5*pos+0]; - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); - cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); - fe25519_neg(&v, &t->x); - fe25519_cmov(&t->x, &v, negative(b)); -} - -static void setneutral(ge25519 *r) -{ - fe25519_setzero(&r->x); - fe25519_setone(&r->y); - fe25519_setone(&r->z); - fe25519_setzero(&r->t); -} - -/* ******************************************************************** - * EXPORTED FUNCTIONS - ******************************************************************** */ - -/* return 0 on success, -1 otherwise */ -int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) -{ - unsigned char par; - fe25519 t, chk, num, den, den2, den4, den6; - fe25519_setone(&r->z); - par = p[31] >> 7; - fe25519_unpack(&r->y, p); - fe25519_square(&num, &r->y); /* x = y^2 */ - fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ - fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ - fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ - - /* Computation of sqrt(num/den) */ - /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ - fe25519_square(&den2, &den); - fe25519_square(&den4, &den2); - fe25519_mul(&den6, &den4, &den2); - fe25519_mul(&t, &den6, &num); - fe25519_mul(&t, &t, &den); - - fe25519_pow2523(&t, &t); - /* 2. computation of r->x = t * num * den^3 */ - fe25519_mul(&t, &t, &num); - fe25519_mul(&t, &t, &den); - fe25519_mul(&t, &t, &den); - fe25519_mul(&r->x, &t, &den); - - /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ - fe25519_square(&chk, &r->x); - fe25519_mul(&chk, &chk, &den); - if (!fe25519_iseq_vartime(&chk, &num)) - fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); - - /* 4. Now we have one of the two square roots, except if input was not a square */ - fe25519_square(&chk, &r->x); - fe25519_mul(&chk, &chk, &den); - if (!fe25519_iseq_vartime(&chk, &num)) - return -1; - - /* 5. Choose the desired square root according to parity: */ - if(fe25519_getparity(&r->x) != (1-par)) - fe25519_neg(&r->x, &r->x); - - fe25519_mul(&r->t, &r->x, &r->y); - return 0; -} - -void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) -{ - fe25519 tx, ty, zi; - fe25519_invert(&zi, &p->z); - fe25519_mul(&tx, &p->x, &zi); - fe25519_mul(&ty, &p->y, &zi); - fe25519_pack(r, &ty); - r[31] ^= fe25519_getparity(&tx) << 7; -} - -int ge25519_isneutral_vartime(const ge25519_p3 *p) -{ - int ret = 1; - if(!fe25519_iszero(&p->x)) ret = 0; - if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0; - return ret; -} - -/* computes [s1]p1 + [s2]p2 */ -void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2) -{ - ge25519_p1p1 tp1p1; - ge25519_p3 pre[16]; - unsigned char b[127]; - int i; - - /* precomputation s2 s1 */ - setneutral(pre); /* 00 00 */ - pre[1] = *p1; /* 00 01 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ - add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ - pre[4] = *p2; /* 01 00 */ - add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ - add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ - add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ - add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ - dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ - add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ - add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ - add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ - add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ - add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ - - sc25519_2interleave2(b,s1,s2); - - /* scalar multiplication */ - *r = pre[b[126]]; - for(i=125;i>=0;i--) - { - dbl_p1p1(&tp1p1, (ge25519_p2 *)r); - p1p1_to_p2((ge25519_p2 *) r, &tp1p1); - dbl_p1p1(&tp1p1, (ge25519_p2 *)r); - if(b[i]!=0) - { - p1p1_to_p3(r, &tp1p1); - add_p1p1(&tp1p1, r, &pre[b[i]]); - } - if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); - else p1p1_to_p3(r, &tp1p1); - } -} - -void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) -{ - signed char b[85]; - int i; - ge25519_aff t; - sc25519_window3(b,s); - - choose_t((ge25519_aff *)r, 0, b[0]); - fe25519_setone(&r->z); - fe25519_mul(&r->t, &r->x, &r->y); - for(i=1;i<85;i++) - { - choose_t(&t, (unsigned long long) i, b[i]); - ge25519_mixadd2(r, &t); - } -} diff --git a/gsi_openssh/source/ge25519.h b/gsi_openssh/source/ge25519.h deleted file mode 100644 index a097637609..0000000000 --- a/gsi_openssh/source/ge25519.h +++ /dev/null @@ -1,43 +0,0 @@ -/* $OpenBSD: ge25519.h,v 1.4 2015/02/16 18:26:26 miod Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h - */ - -#ifndef GE25519_H -#define GE25519_H - -#include "fe25519.h" -#include "sc25519.h" - -#define ge25519 crypto_sign_ed25519_ref_ge25519 -#define ge25519_base crypto_sign_ed25519_ref_ge25519_base -#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime -#define ge25519_pack crypto_sign_ed25519_ref_pack -#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime -#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime -#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; - fe25519 t; -} ge25519; - -extern const ge25519 ge25519_base; - -int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); - -void ge25519_pack(unsigned char r[32], const ge25519 *p); - -int ge25519_isneutral_vartime(const ge25519 *p); - -void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); - -void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); - -#endif diff --git a/gsi_openssh/source/ge25519_base.data b/gsi_openssh/source/ge25519_base.data deleted file mode 100644 index 66fb1b61c6..0000000000 --- a/gsi_openssh/source/ge25519_base.data +++ /dev/null @@ -1,858 +0,0 @@ -/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data - */ - -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, -{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , - {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, -{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , - {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, -{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , - {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , - {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, -{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , - {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, -{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , - {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, -{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , - {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , - {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, -{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , - {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, -{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , - {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, -{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , - {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , - {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, -{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , - {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, -{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , - {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, -{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , - {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , - {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, -{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , - {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, -{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , - {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, -{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , - {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , - {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, -{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , - {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, -{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , - {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, -{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , - {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , - {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, -{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , - {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, -{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , - {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, -{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , - {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , - {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, -{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , - {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, -{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , - {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, -{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , - {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , - {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, -{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , - {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, -{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , - {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, -{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , - {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , - {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, -{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , - {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, -{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , - {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, -{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , - {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , - {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, -{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , - {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, -{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , - {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, -{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , - {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , - {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, -{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , - {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, -{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , - {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, -{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , - {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , - {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, -{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , - {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, -{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , - {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, -{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , - {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , - {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, -{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , - {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, -{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , - {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, -{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , - {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , - {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, -{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , - {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, -{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , - {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, -{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , - {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , - {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, -{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , - {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, -{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , - {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, -{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , - {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , - {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, -{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , - {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, -{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , - {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, -{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , - {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , - {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, -{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , - {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, -{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , - {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, -{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , - {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , - {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, -{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , - {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, -{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , - {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, -{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , - {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} , - {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}}, -{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} , - {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}}, -{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} , - {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}}, -{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} , - {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} , - {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}}, -{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} , - {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}}, -{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} , - {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}}, -{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} , - {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} , - {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}}, -{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} , - {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}}, -{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} , - {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}}, -{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} , - {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} , - {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}}, -{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} , - {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}}, -{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} , - {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}}, -{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} , - {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} , - {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}}, -{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} , - {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}}, -{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} , - {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}}, -{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} , - {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} , - {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}}, -{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} , - {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}}, -{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} , - {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}}, -{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} , - {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} , - {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}}, -{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} , - {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}}, -{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} , - {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}}, -{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} , - {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} , - {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}}, -{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} , - {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}}, -{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} , - {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}}, -{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} , - {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} , - {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}}, -{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} , - {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}}, -{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} , - {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}}, -{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} , - {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} , - {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}}, -{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} , - {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}}, -{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} , - {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}}, -{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} , - {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} , - {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}}, -{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} , - {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}}, -{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} , - {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}}, -{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} , - {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} , - {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}}, -{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} , - {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}}, -{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} , - {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}}, -{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} , - {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} , - {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}}, -{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} , - {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}}, -{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} , - {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}}, -{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} , - {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} , - {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}}, -{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} , - {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}}, -{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} , - {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}}, -{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} , - {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} , - {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}}, -{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} , - {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}}, -{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} , - {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}}, -{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} , - {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} , - {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}}, -{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} , - {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}}, -{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} , - {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}}, -{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} , - {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} , - {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}}, -{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} , - {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}}, -{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} , - {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}}, -{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} , - {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} , - {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}}, -{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} , - {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}}, -{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} , - {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}}, -{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} , - {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} , - {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}}, -{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} , - {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}}, -{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} , - {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}}, -{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} , - {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} , - {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}}, -{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} , - {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}}, -{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} , - {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}}, -{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} , - {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} , - {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}}, -{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} , - {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}}, -{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} , - {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}}, -{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} , - {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} , - {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}}, -{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} , - {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}}, -{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} , - {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}}, -{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} , - {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} , - {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}}, -{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} , - {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}}, -{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} , - {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}}, -{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} , - {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} , - {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}}, -{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} , - {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}}, -{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} , - {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}}, -{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} , - {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} , - {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}}, -{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} , - {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}}, -{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} , - {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}}, -{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} , - {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} , - {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}}, -{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} , - {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}}, -{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} , - {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}}, -{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} , - {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} , - {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}}, -{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} , - {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}}, -{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} , - {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}}, -{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} , - {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} , - {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}}, -{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} , - {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}}, -{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} , - {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}}, -{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} , - {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} , - {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}}, -{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} , - {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}}, -{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} , - {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}}, -{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} , - {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} , - {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}}, -{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} , - {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}}, -{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} , - {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}}, -{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} , - {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} , - {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}}, -{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} , - {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}}, -{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} , - {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}}, -{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} , - {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} , - {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}}, -{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} , - {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}}, -{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} , - {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}}, -{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} , - {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} , - {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}}, -{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} , - {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}}, -{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} , - {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}}, -{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} , - {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} , - {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}}, -{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} , - {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}}, -{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} , - {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}}, -{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} , - {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} , - {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}}, -{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} , - {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}}, -{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} , - {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}}, -{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} , - {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} , - {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}}, -{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} , - {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}}, -{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} , - {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}}, -{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} , - {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} , - {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}}, -{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} , - {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}}, -{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} , - {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}}, -{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} , - {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} , - {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}}, -{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} , - {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}}, -{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} , - {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}}, -{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} , - {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} , - {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}}, -{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} , - {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}}, -{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} , - {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}}, -{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} , - {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} , - {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}}, -{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} , - {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}}, -{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} , - {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}}, -{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} , - {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} , - {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}}, -{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} , - {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}}, -{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} , - {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}}, -{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} , - {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} , - {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}}, -{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} , - {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}}, -{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} , - {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}}, -{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} , - {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} , - {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}}, -{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} , - {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}}, -{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} , - {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}}, -{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} , - {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} , - {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}}, -{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} , - {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}}, -{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} , - {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}}, -{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} , - {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} , - {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}}, -{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} , - {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}}, -{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} , - {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}}, -{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} , - {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} , - {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}}, -{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} , - {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}}, -{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} , - {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}}, -{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} , - {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} , - {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}}, -{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} , - {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}}, -{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} , - {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}}, -{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} , - {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} , - {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}}, -{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} , - {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}}, -{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} , - {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}}, -{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} , - {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} , - {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}}, -{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} , - {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}}, -{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} , - {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}}, -{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} , - {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} , - {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}}, -{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} , - {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}}, -{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} , - {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}}, -{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} , - {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} , - {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}}, -{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} , - {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}}, -{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} , - {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}}, -{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} , - {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} , - {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}}, -{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} , - {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}}, -{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} , - {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}}, -{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} , - {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} , - {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}}, -{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} , - {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}}, -{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} , - {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}}, -{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} , - {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} , - {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}}, -{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} , - {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}}, -{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} , - {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}}, -{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} , - {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} , - {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}}, -{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} , - {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}}, -{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} , - {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}}, -{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} , - {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} , - {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}}, -{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} , - {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}}, -{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} , - {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}}, -{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} , - {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} , - {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}}, -{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} , - {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}}, -{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} , - {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}}, -{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} , - {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} , - {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}}, -{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} , - {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}}, -{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} , - {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}}, -{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} , - {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} , - {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}}, -{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} , - {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}}, -{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} , - {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}}, -{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} , - {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} , - {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}}, -{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} , - {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}}, -{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} , - {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}}, -{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} , - {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} , - {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}}, -{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} , - {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}}, -{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} , - {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}}, -{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} , - {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} , - {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}}, -{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} , - {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}}, -{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} , - {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}}, -{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} , - {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} , - {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}}, -{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} , - {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}}, -{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} , - {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}}, -{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} , - {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} , - {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}}, -{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} , - {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}}, -{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} , - {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}}, -{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} , - {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} , - {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}}, -{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} , - {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}}, -{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} , - {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}}, -{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} , - {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} , - {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}}, -{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} , - {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}}, -{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} , - {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}}, -{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} , - {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}} diff --git a/gsi_openssh/source/gss-serv-krb5.c b/gsi_openssh/source/gss-serv-krb5.c index a24d07aed3..a88e508b40 100644 --- a/gsi_openssh/source/gss-serv-krb5.c +++ b/gsi_openssh/source/gss-serv-krb5.c @@ -213,8 +213,8 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) /* NOTE: .k5login and .k5users must opened as root, not the user, * because if they are on a krb5-protected filesystem, user credentials * to access these files aren't available yet. */ - if (ssh_krb5_kuserok(krb_context, princ, name, k5login_exists) - && k5login_exists) { + if (k5login_exists && + ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)) { retval = 1; logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", name, (char *)client->displayname.value); diff --git a/gsi_openssh/source/hostfile.c b/gsi_openssh/source/hostfile.c index bd49e3ac7c..c5669c7037 100644 --- a/gsi_openssh/source/hostfile.c +++ b/gsi_openssh/source/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.93 2022/01/06 22:02:52 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.95 2023/02/21 06:48:18 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -515,14 +515,23 @@ add_host_to_hostfile(const char *filename, const char *host, const struct sshkey *key, int store_hash) { FILE *f; - int success; + int success, addnl = 0; if (key == NULL) return 1; /* XXX ? */ hostfile_create_user_ssh_dir(filename, 0); - f = fopen(filename, "a"); + f = fopen(filename, "a+"); if (!f) return 0; + /* Make sure we have a terminating newline. */ + if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n') + addnl = 1; + if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) { + error("Failed to add terminating newline to %s: %s", + filename, strerror(errno)); + fclose(f); + return 0; + } success = write_host_entry(f, host, NULL, key, store_hash); fclose(f); return success; diff --git a/gsi_openssh/source/includes.h b/gsi_openssh/source/includes.h index 6d17ef6da9..0eb3d11191 100644 --- a/gsi_openssh/source/includes.h +++ b/gsi_openssh/source/includes.h @@ -165,6 +165,10 @@ #ifdef WITH_OPENSSL #include /* For OPENSSL_VERSION_NUMBER */ +# if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#define HAVE_DH_GET0_PQG +#define HAVE_DH_GET0_KEY +# endif #endif #include "defines.h" diff --git a/gsi_openssh/source/install-sh b/gsi_openssh/source/install-sh index 377bb8687f..ec298b5374 100755 --- a/gsi_openssh/source/install-sh +++ b/gsi_openssh/source/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-11-20.07; # UTC +scriptversion=2020-11-14.01; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC # This script is compatible with the BSD install script, but was written # from scratch. +tab=' ' nl=' ' -IFS=" "" $nl" +IFS=" $tab$nl" -# set DOITPROG to echo to test this script +# Set DOITPROG to "echo" to test this script. -# Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi +doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. @@ -68,22 +64,16 @@ mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - posix_mkdir= # Desired mode of installed file. mode=0755 +# Create dirs (including intermediate dirs) using mode 755. +# This is like GNU 'install' as of coreutils 8.32 (2020). +mkdir_umask=22 + +backupsuffix= chgrpcmd= chmodcmd=$chmodprog chowncmd= @@ -97,7 +87,7 @@ dir_arg= dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE @@ -114,18 +104,28 @@ Options: --version display version info and exit. -c (ignored) - -C install only if different (preserve the last data modification time) + -C install only if different (preserve data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. + -p pass -p to $cpprog. -s $stripprog installed files. + -S SUFFIX attempt to back up existing files, with suffix SUFFIX. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + +By default, rm is invoked with -f; when overridden with RMPROG, +it's up to you to specify -f if you want it. + +If -S is not specified, no backups are attempted. + +Email bug reports to bug-automake@gnu.org. +Automake home page: https://www.gnu.org/software/automake/ " while test $# -ne 0; do @@ -137,46 +137,62 @@ while test $# -ne 0; do -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -o) chowncmd="$chownprog $2" - shift;; + shift;; + + -p) cpprog="$cpprog -p";; -s) stripcmd=$stripprog;; - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; + -S) backupsuffix="$2" + shift;; - -T) no_target_directory=true;; + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; - --) shift - break;; + --) shift + break;; - -*) echo "$0: invalid option: $1" >&2 - exit 1;; + -*) echo "$0: invalid option: $1" >&2 + exit 1;; *) break;; esac shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -207,6 +223,15 @@ if test $# -eq 0; then exit 0 fi +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 @@ -223,16 +248,16 @@ if test -z "$dir_arg"; then *[0-7]) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw='% 200' + u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw=,u+rw + u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac @@ -250,6 +275,10 @@ do dstdir=$dst test -d "$dstdir" dstdir_status=$? + # Don't chown directories that already exist. + if test $dstdir_status = 0; then + chowncmd="" + fi else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command @@ -266,178 +295,148 @@ do fi dst=$dst_arg - # If destination is a directory, append the input filename; won't work - # if double slashes aren't ignored. + # If destination is a directory, append the input filename. if test -d "$dst"; then - if test -n "$no_target_directory"; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 fi dstdir=$dst - dst=$dstdir/`basename "$src"` + dstbase=`basename "$src"` + case $dst in + */) dst=$dst$dstbase;; + *) dst=$dst/$dstbase;; + esac dstdir_status=0 else - # Prefer dirname, but fall back on a substitute if dirname fails. - dstdir=` - (dirname "$dst") 2>/dev/null || - expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$dst" : 'X\(//\)[^/]' \| \ - X"$dst" : 'X\(//\)$' \| \ - X"$dst" : 'X\(/\)' \| . 2>/dev/null || - echo X"$dst" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q' - ` - + dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi fi + case $dstdir in + */) dstdirslash=$dstdir;; + *) dstdirslash=$dstdir/;; + esac + obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + # The $RANDOM variable is not portable (e.g., dash). Use it + # here however when possible just to lower collision chance. + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + + trap ' + ret=$? + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null + exit $ret + ' 0 + + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p'. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" else - mkdir_mode= + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; + trap '' 0;; esac if $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else - # The umask is ridiculous, or mkdir does not conform to POSIX, + # mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; esac - eval "$initialize_posix_glob" - oIFS=$IFS IFS=/ - $posix_glob set -f + set -f set fnord $dstdir shift - $posix_glob set +f + set +f IFS=$oIFS prefixes= for d do - test X"$d" = X && continue - - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ done if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true fi fi fi @@ -450,14 +449,25 @@ do else # Make a couple of temp file names in the proper directory. - dsttmp=$dstdir/_inst.$$_ - rmtmp=$dstdir/_rm.$$_ + dsttmp=${dstdirslash}_inst.$$_ + rmtmp=${dstdirslash}_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. - (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + (umask $cp_umask && + { test -z "$stripcmd" || { + # Create $dsttmp read-write so that cp doesn't create it read-only, + # which would cause strip to fail. + if test -z "$doit"; then + : >"$dsttmp" # No need to fork-exec 'touch'. + else + $doit touch "$dsttmp" + fi + } + } && + $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # @@ -472,20 +482,24 @@ do # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - - eval "$initialize_posix_glob" && - $posix_glob set -f && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && - $posix_glob set +f && - + set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else + # If $backupsuffix is set, and the file being installed + # already exists, attempt a backup. Don't worry if it fails, + # e.g., if mv doesn't support -f. + if test -n "$backupsuffix" && test -f "$dst"; then + $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null + fi + # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || @@ -493,24 +507,24 @@ do # to itself, or perhaps because mv is so ancient that it does not # support -f. { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 @@ -519,9 +533,9 @@ do done # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/gsi_openssh/source/int32_minmax.inc b/gsi_openssh/source/int32_minmax.inc deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/gsi_openssh/source/kex.c b/gsi_openssh/source/kex.c index f2422d032f..62057fca44 100644 --- a/gsi_openssh/source/kex.c +++ b/gsi_openssh/source/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.172 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.178 2023/03/12 10:40:39 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -39,6 +39,7 @@ #ifdef WITH_OPENSSL #include +#include #include # ifdef HAVE_EVP_KDF_CTX_NEW_ID # include @@ -61,12 +62,13 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" -#include "xmalloc.h" +#include "myproposal.h" #include "ssherr.h" #include "sshbuf.h" #include "canohost.h" #include "digest.h" +#include "xmalloc.h" #include "audit.h" #ifdef GSSAPI @@ -383,6 +385,61 @@ kex_gss_names_valid(const char *names) return 1; } +/* + * Fill out a proposal array with dynamically allocated values, which may + * be modified as required for compatibility reasons. + * Any of the options may be NULL, in which case the default is used. + * Array contents must be freed by calling kex_proposal_free_entries. + */ +void +kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX], + const char *kexalgos, const char *ciphers, const char *macs, + const char *comp, const char *hkalgs) +{ + const char *defpropserver[PROPOSAL_MAX] = { KEX_SERVER }; + const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT }; + const char **defprop = ssh->kex->server ? defpropserver : defpropclient; + u_int i; + + if (prop == NULL) + fatal_f("proposal missing"); + + for (i = 0; i < PROPOSAL_MAX; i++) { + switch(i) { + case PROPOSAL_KEX_ALGS: + prop[i] = compat_kex_proposal(ssh, + kexalgos ? kexalgos : defprop[i]); + break; + case PROPOSAL_ENC_ALGS_CTOS: + case PROPOSAL_ENC_ALGS_STOC: + prop[i] = xstrdup(ciphers ? ciphers : defprop[i]); + break; + case PROPOSAL_MAC_ALGS_CTOS: + case PROPOSAL_MAC_ALGS_STOC: + prop[i] = xstrdup(macs ? macs : defprop[i]); + break; + case PROPOSAL_COMP_ALGS_CTOS: + case PROPOSAL_COMP_ALGS_STOC: + prop[i] = xstrdup(comp ? comp : defprop[i]); + break; + case PROPOSAL_SERVER_HOST_KEY_ALGS: + prop[i] = xstrdup(hkalgs ? hkalgs : defprop[i]); + break; + default: + prop[i] = xstrdup(defprop[i]); + } + } +} + +void +kex_proposal_free_entries(char *prop[PROPOSAL_MAX]) +{ + u_int i; + + for (i = 0; i < PROPOSAL_MAX; i++) + free(prop[i]); +} + /* put algorithm proposal into buffer */ int kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) @@ -470,7 +527,6 @@ kex_prop_free(char **proposal) free(proposal); } -/* ARGSUSED */ int kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) { @@ -551,6 +607,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) return r; + if (ninfo >= 1024) { + error("SSH2_MSG_EXT_INFO with too many entries, expected " + "<=1024, received %u", ninfo); + return SSH_ERR_INVALID_FORMAT; + } for (i = 0; i < ninfo; i++) { if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) return r; @@ -651,7 +712,6 @@ kex_send_kexinit(struct ssh *ssh) return 0; } -/* ARGSUSED */ int kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) { @@ -1454,7 +1514,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, const char *version_addendum) { int remote_major, remote_minor, mismatch, oerrno = 0; - size_t len, i, n; + size_t len, n; int r, expect_nl; u_char c; struct sshbuf *our_version = ssh->kex->server ? @@ -1510,7 +1570,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, } sshbuf_reset(peer_version); expect_nl = 0; - for (i = 0; ; i++) { + for (;;) { if (timeout_ms > 0) { r = waitrfd(ssh_packet_get_connection_in(ssh), &timeout_ms); @@ -1584,7 +1644,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, } peer_version_string = sshbuf_dup_string(peer_version); if (peer_version_string == NULL) - error_f("sshbuf_dup_string failed"); + fatal_f("sshbuf_dup_string failed"); /* XXX must be same size for sscanf */ if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) { error_f("calloc failed"); @@ -1651,10 +1711,6 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, r = SSH_ERR_CONN_CLOSED; /* XXX */ goto out; } - if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - logit("Remote version \"%.100s\" uses unsafe RSA signature " - "scheme; disabling use of RSA keys", remote_version); - } /* success */ r = 0; out: @@ -1666,3 +1722,49 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, return r; } +#ifdef WITH_OPENSSL +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +/* + * Creates an EVP_PKEY from the given parameters and keys. + * The private key can be omitted. + */ +int +kex_create_evp_dh(EVP_PKEY **pkey, const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, const BIGNUM *pub, const BIGNUM *priv) +{ + OSSL_PARAM_BLD *param_bld = NULL; + EVP_PKEY_CTX *ctx = NULL; + int r = 0; + + /* create EVP_PKEY-DH key */ + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL) { + error_f("EVP_PKEY_CTX or PARAM_BLD init failed"); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1 || + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1 || + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1 || + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, pub) != 1) { + error_f("Failed pushing params to OSSL_PARAM_BLD"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (priv != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) { + error_f("Failed pushing private key to OSSL_PARAM_BLD"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) + r = SSH_ERR_LIBCRYPTO_ERROR; +out: + OSSL_PARAM_BLD_free(param_bld); + EVP_PKEY_CTX_free(ctx); + return r; +} +# endif +#endif /* WITH_OPENSSL */ diff --git a/gsi_openssh/source/kex.h b/gsi_openssh/source/kex.h index eed3fe04b2..41869f7c0e 100644 --- a/gsi_openssh/source/kex.h +++ b/gsi_openssh/source/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.117 2022/01/06 21:55:23 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.118 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -33,6 +33,11 @@ # include # include # include +# include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +# include +# include +# endif # ifdef OPENSSL_HAS_ECC # include # else /* OPENSSL_HAS_ECC */ @@ -199,6 +204,9 @@ char *kex_gss_alg_list(char); char *kex_names_cat(const char *, const char *); int kex_assemble_names(char **, const char *, const char *); int kex_gss_names_valid(const char *); +void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX], + const char *, const char *, const char *, const char *, const char *); +void kex_proposal_free_entries(char *prop[PROPOSAL_MAX]); int kex_exchange_identification(struct ssh *, int, const char *); @@ -283,6 +291,10 @@ int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE], const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int kex_create_evp_dh(EVP_PKEY **, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *); +# endif #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(const char *, const u_char *, int); diff --git a/gsi_openssh/source/kexdh.c b/gsi_openssh/source/kexdh.c index 0faab21b09..7cace66ba6 100644 --- a/gsi_openssh/source/kexdh.c +++ b/gsi_openssh/source/kexdh.c @@ -35,6 +35,12 @@ #include "openbsd-compat/openssl-compat.h" #include +#include +#include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif #include "sshkey.h" #include "kex.h" @@ -79,6 +85,88 @@ kex_dh_keygen(struct kex *kex) return (dh_gen_key(kex->dh, kex->we_need * 8)); } +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out) +{ + BIGNUM *shared_secret = NULL; + const BIGNUM *pub, *priv, *p, *q, *g; + EVP_PKEY *pkey = NULL, *dh_pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + u_char *kbuf = NULL; + size_t klen = 0; + int kout, r = 0; + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_pub= "); + BN_print_fp(stderr, dh_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_pub)); + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "\n"); +#endif + + if (!dh_pub_is_valid(kex->dh, dh_pub)) { + r = SSH_ERR_MESSAGE_INCOMPLETE; + goto out; + } + + DH_get0_key(kex->dh, &pub, &priv); + DH_get0_pqg(kex->dh, &p, &q, &g); + /* import key */ + r = kex_create_evp_dh(&pkey, p, q, g, pub, priv); + if (r != 0) { + error_f("Could not create EVP_PKEY for dh"); + ERR_print_errors_fp(stderr); + goto out; + } + /* import peer key + * the parameters should be the same as with pkey + */ + r = kex_create_evp_dh(&dh_pkey, p, q, g, dh_pub, NULL); + if (r != 0) { + error_f("Could not import peer key for dh"); + ERR_print_errors_fp(stderr); + goto out; + } + + if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) { + error_f("Could not init EVP_PKEY_CTX for dh"); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EVP_PKEY_derive_init(ctx) != 1 || + EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 || + EVP_PKEY_derive(ctx, NULL, &klen) != 1) { + error_f("Could not get key size"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1 || + BN_bin2bn(kbuf, klen, shared_secret) == NULL) { + error_f("Could not derive key"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, klen); +#endif + r = sshbuf_put_bignum2(out, shared_secret); + out: + freezero(kbuf, klen); + BN_clear_free(shared_secret); + EVP_PKEY_free(pkey); + EVP_PKEY_free(dh_pkey); + EVP_PKEY_CTX_free(ctx); + return r; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ int kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out) { @@ -120,6 +208,7 @@ kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out) BN_clear_free(shared_secret); return r; } +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ int kex_dh_keypair(struct kex *kex) diff --git a/gsi_openssh/source/kexecdh.c b/gsi_openssh/source/kexecdh.c index efb2e55a6d..0dda868823 100644 --- a/gsi_openssh/source/kexecdh.c +++ b/gsi_openssh/source/kexecdh.c @@ -35,17 +35,101 @@ #include #include +#include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif +#include #include "sshkey.h" #include "kex.h" #include "sshbuf.h" #include "digest.h" #include "ssherr.h" +#include "log.h" static int kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key, const EC_GROUP *, struct sshbuf **); +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static EC_KEY * +generate_ec_keys(int ec_nid) +{ + EC_KEY *client_key = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params = NULL; + const char *group_name; + + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL) + goto out; + if ((group_name = OSSL_EC_curve_nid2name(ec_nid)) == NULL || + OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 || + (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) { + error_f("Could not create OSSL_PARAM"); + goto out; + } + if (EVP_PKEY_keygen_init(ctx) != 1 || + EVP_PKEY_CTX_set_params(ctx, params) != 1 || + EVP_PKEY_generate(ctx, &pkey) != 1 || + (client_key = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) { + error_f("Could not generate ec keys"); + goto out; + } +out: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_free(params); + return client_key; +} +# endif + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +kex_ecdh_keypair(struct kex *kex) +{ + EC_KEY *client_key = NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + struct sshbuf *buf = NULL; + int r; + + if ((client_key = generate_ec_keys(kex->ec_nid)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + group = EC_KEY_get0_group(client_key); + public_key = EC_KEY_get0_public_key(client_key); + + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_ec(buf, public_key, group)) != 0 || + (r = sshbuf_get_u32(buf, NULL)) != 0) + goto out; +#ifdef DEBUG_KEXECDH + fputs("client private key:\n", stderr); + sshkey_dump_ec_key(client_key); +#endif + kex->ec_client_key = client_key; + kex->ec_group = group; + client_key = NULL; /* owned by the kex */ + kex->client_pub = buf; + buf = NULL; + out: + EC_KEY_free(client_key); + sshbuf_free(buf); + return r; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ int kex_ecdh_keypair(struct kex *kex) { @@ -87,7 +171,52 @@ kex_ecdh_keypair(struct kex *kex) sshbuf_free(buf); return r; } +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob, + struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +{ + const EC_GROUP *group; + const EC_POINT *pub_key; + EC_KEY *server_key = NULL; + struct sshbuf *server_blob = NULL; + int r; + + *server_blobp = NULL; + *shared_secretp = NULL; + + if ((server_key = generate_ec_keys(kex->ec_nid)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + group = EC_KEY_get0_group(server_key); + +#ifdef DEBUG_KEXECDH + fputs("server private key:\n", stderr); + sshkey_dump_ec_key(server_key); +#endif + pub_key = EC_KEY_get0_public_key(server_key); + if ((server_blob = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_ec(server_blob, pub_key, group)) != 0 || + (r = sshbuf_get_u32(server_blob, NULL)) != 0) + goto out; + if ((r = kex_ecdh_dec_key_group(kex, client_blob, server_key, group, + shared_secretp)) != 0) + goto out; + *server_blobp = server_blob; + server_blob = NULL; + out: + EC_KEY_free(server_key); + sshbuf_free(server_blob); + return r; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ int kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) @@ -133,7 +262,119 @@ kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob, sshbuf_free(server_blob); return r; } +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int +kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob, + EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp) +{ + struct sshbuf *buf = NULL; + BIGNUM *shared_secret = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL, *dh_pkey = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params = NULL; + u_char *kbuf = NULL, *pub = NULL; + size_t klen = 0, publen; + const char *group_name; + int r; + + /* import EC_KEY to EVP_PKEY */ + if ((r = ssh_create_evp_ec(key, kex->ec_nid, &pkey)) != 0) { + error_f("Could not create EVP_PKEY"); + goto out; + } + + *shared_secretp = NULL; + + if ((buf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0) + goto out; + + /* the public key is in the buffer in octet string UNCOMPRESSED + * format. See sshbuf_put_ec */ + if ((r = sshbuf_get_string(buf, &pub, &publen)) != 0) + goto out; + sshbuf_reset(buf); + if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((group_name = OSSL_EC_curve_nid2name(kex->ec_nid)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, pub, publen) != 1 || + OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0) != 1 || + (params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) { + error_f("Failed to set params for dh_pkey"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (EVP_PKEY_fromdata_init(ctx) != 1 || + EVP_PKEY_fromdata(ctx, &dh_pkey, + EVP_PKEY_PUBLIC_KEY, params) != 1 || + EVP_PKEY_public_check(ctx) != 1) { + error_f("Peer public key import failed"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXECDH + fputs("public key:\n", stderr); + EVP_PKEY_print_public_fp(stderr, dh_pkey, 0, NULL); +#endif + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL || + EVP_PKEY_derive_init(ctx) != 1 || + EVP_PKEY_derive_set_peer(ctx, dh_pkey) != 1 || + EVP_PKEY_derive(ctx, NULL, &klen) != 1) { + error_f("Failed to get derive information"); + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((kbuf = malloc(klen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", kbuf, klen); +#endif + if ((shared_secret = BN_new()) == NULL || + (BN_bin2bn(kbuf, klen, shared_secret) == NULL)) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0) + goto out; + *shared_secretp = buf; + buf = NULL; + out: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + EVP_PKEY_free(dh_pkey); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_free(params); + BN_clear_free(shared_secret); + freezero(kbuf, klen); + freezero(pub, publen); + sshbuf_free(buf); + return r; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ static int kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob, EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp) @@ -195,6 +436,7 @@ kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob, sshbuf_free(buf); return r; } +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ int kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob, diff --git a/gsi_openssh/source/kexgen.c b/gsi_openssh/source/kexgen.c index c0a5c09d6a..f01f456a5a 100644 --- a/gsi_openssh/source/kexgen.c +++ b/gsi_openssh/source/kexgen.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "fips_mode_replacement.h" diff --git a/gsi_openssh/source/kexgexc.c b/gsi_openssh/source/kexgexc.c index 39cd15c0d7..597c45a718 100644 --- a/gsi_openssh/source/kexgexc.c +++ b/gsi_openssh/source/kexgexc.c @@ -28,6 +28,7 @@ #ifdef WITH_OPENSSL +#include #include #include diff --git a/gsi_openssh/source/kexgexs.c b/gsi_openssh/source/kexgexs.c index 72b444f690..676de77ad1 100644 --- a/gsi_openssh/source/kexgexs.c +++ b/gsi_openssh/source/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.44 2021/12/19 22:08:06 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.45 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -46,7 +46,6 @@ #include "packet.h" #include "dh.h" #include "ssh2.h" -#include "compat.h" #ifdef GSSAPI #include "ssh-gss.h" #endif diff --git a/gsi_openssh/source/kexgssc.c b/gsi_openssh/source/kexgssc.c index 0f7137a63c..43983e84b9 100644 --- a/gsi_openssh/source/kexgssc.c +++ b/gsi_openssh/source/kexgssc.c @@ -608,4 +608,5 @@ kexgssgex_client(struct ssh *ssh) sshbuf_free(server_host_key_blob); return r; } + #endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ diff --git a/gsi_openssh/source/krl.c b/gsi_openssh/source/krl.c index e49b614dc4..8d6dec2c4f 100644 --- a/gsi_openssh/source/krl.c +++ b/gsi_openssh/source/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.53 2021/06/04 06:19:07 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.55 2023/03/14 07:28:47 dtucker Exp $ */ #include "includes.h" @@ -191,6 +191,7 @@ ssh_krl_free(struct ssh_krl *krl) TAILQ_REMOVE(&krl->revoked_certs, rc, entry); revoked_certs_free(rc); } + free(krl); } void @@ -1392,7 +1393,7 @@ krl_dump(struct ssh_krl *krl, FILE *f) error("sshkey_fingerprint failed"); continue; } - fprintf(f, "hash: SHA256:%s # %s\n", fp, sshkey_ssh_name(key)); + fprintf(f, "hash: %s # %s\n", fp, sshkey_ssh_name(key)); free(fp); free(key); } diff --git a/gsi_openssh/source/misc.c b/gsi_openssh/source/misc.c index 929e64fa50..5368bf60f2 100644 --- a/gsi_openssh/source/misc.c +++ b/gsi_openssh/source/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.175 2022/03/20 08:51:21 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -95,7 +95,7 @@ rtrim(char *s) if ((i = strlen(s)) == 0) return; for (i--; i > 0; i--) { - if (isspace((int)s[i])) + if (isspace((unsigned char)s[i])) s[i] = '\0'; } } @@ -278,7 +278,7 @@ set_sock_tos(int fd, int tos) debug3_f("set socket %d IP_TOS 0x%02x", fd, tos); if (setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) { - error("setsockopt socket %d IP_TOS %d: %s:", + error("setsockopt socket %d IP_TOS %d: %s", fd, tos, strerror(errno)); } # endif /* IP_TOS */ @@ -288,7 +288,7 @@ set_sock_tos(int fd, int tos) debug3_f("set socket %d IPV6_TCLASS 0x%02x", fd, tos); if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) { - error("setsockopt socket %d IPV6_TCLASS %d: %.100s:", + error("setsockopt socket %d IPV6_TCLASS %d: %s", fd, tos, strerror(errno)); } # endif /* IPV6_TCLASS */ @@ -2441,15 +2441,26 @@ parse_absolute_time(const char *s, uint64_t *tp) struct tm tm; time_t tt; char buf[32], *fmt; + const char *cp; + size_t l; + int is_utc = 0; *tp = 0; + l = strlen(s); + if (l > 1 && strcasecmp(s + l - 1, "Z") == 0) { + is_utc = 1; + l--; + } else if (l > 3 && strcasecmp(s + l - 3, "UTC") == 0) { + is_utc = 1; + l -= 3; + } /* * POSIX strptime says "The application shall ensure that there * is white-space or other non-alphanumeric characters between * any two conversion specifications" so arrange things this way. */ - switch (strlen(s)) { + switch (l) { case 8: /* YYYYMMDD */ fmt = "%Y-%m-%d"; snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); @@ -2469,18 +2480,20 @@ parse_absolute_time(const char *s, uint64_t *tp) } memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - return SSH_ERR_INVALID_FORMAT; - if ((tt = mktime(&tm)) < 0) + if ((cp = strptime(buf, fmt, &tm)) == NULL || *cp != '\0') return SSH_ERR_INVALID_FORMAT; + if (is_utc) { + if ((tt = timegm(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } else { + if ((tt = mktime(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + } /* success */ *tp = (uint64_t)tt; return 0; } -/* On OpenBSD time_t is int64_t which is long long. */ -/* #define SSH_TIME_T_MAX LLONG_MAX */ - void format_absolute_time(uint64_t t, char *buf, size_t len) { @@ -2844,3 +2857,109 @@ lookup_env_in_list(const char *env, char * const *envs, size_t nenvs) } return NULL; } + +const char * +lookup_setenv_in_list(const char *env, char * const *envs, size_t nenvs) +{ + char *name, *cp; + const char *ret; + + name = xstrdup(env); + if ((cp = strchr(name, '=')) == NULL) { + free(name); + return NULL; /* not env=val */ + } + *cp = '\0'; + ret = lookup_env_in_list(name, envs, nenvs); + free(name); + return ret; +} + +/* + * Helpers for managing poll(2)/ppoll(2) timeouts + * Will remember the earliest deadline and return it for use in poll/ppoll. + */ + +/* Initialise a poll/ppoll timeout with an indefinite deadline */ +void +ptimeout_init(struct timespec *pt) +{ + /* + * Deliberately invalid for ppoll(2). + * Will be converted to NULL in ptimeout_get_tspec() later. + */ + pt->tv_sec = -1; + pt->tv_nsec = 0; +} + +/* Specify a poll/ppoll deadline of at most 'sec' seconds */ +void +ptimeout_deadline_sec(struct timespec *pt, long sec) +{ + if (pt->tv_sec == -1 || pt->tv_sec >= sec) { + pt->tv_sec = sec; + pt->tv_nsec = 0; + } +} + +/* Specify a poll/ppoll deadline of at most 'p' (timespec) */ +static void +ptimeout_deadline_tsp(struct timespec *pt, struct timespec *p) +{ + if (pt->tv_sec == -1 || timespeccmp(pt, p, >=)) + *pt = *p; +} + +/* Specify a poll/ppoll deadline of at most 'ms' milliseconds */ +void +ptimeout_deadline_ms(struct timespec *pt, long ms) +{ + struct timespec p; + + p.tv_sec = ms / 1000; + p.tv_nsec = (ms % 1000) * 1000000; + ptimeout_deadline_tsp(pt, &p); +} + +/* Specify a poll/ppoll deadline at wall clock monotime 'when' */ +void +ptimeout_deadline_monotime(struct timespec *pt, time_t when) +{ + struct timespec now, t; + + t.tv_sec = when; + t.tv_nsec = 0; + monotime_ts(&now); + + if (timespeccmp(&now, &t, >=)) + ptimeout_deadline_sec(pt, 0); + else { + timespecsub(&t, &now, &t); + ptimeout_deadline_tsp(pt, &t); + } +} + +/* Get a poll(2) timeout value in milliseconds */ +int +ptimeout_get_ms(struct timespec *pt) +{ + if (pt->tv_sec == -1) + return -1; + if (pt->tv_sec >= (INT_MAX - (pt->tv_nsec / 1000000)) / 1000) + return INT_MAX; + return (pt->tv_sec * 1000) + (pt->tv_nsec / 1000000); +} + +/* Get a ppoll(2) timeout value as a timespec pointer */ +struct timespec * +ptimeout_get_tsp(struct timespec *pt) +{ + return pt->tv_sec == -1 ? NULL : pt; +} + +/* Returns non-zero if a timeout has been set (i.e. is not indefinite) */ +int +ptimeout_isset(struct timespec *pt) +{ + return pt->tv_sec != -1; +} diff --git a/gsi_openssh/source/misc.h b/gsi_openssh/source/misc.h index 6b9df2ddca..96f5748b92 100644 --- a/gsi_openssh/source/misc.h +++ b/gsi_openssh/source/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.99 2021/11/13 21:14:13 deraadt Exp $ */ +/* $OpenBSD: misc.h,v 1.102 2023/03/03 02:37:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -180,6 +180,8 @@ void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value); const char *lookup_env_in_list(const char *env, char * const *envs, size_t nenvs); +const char *lookup_setenv_in_list(const char *env, + char * const *envs, size_t nenvs); int argv_split(const char *, int *, char ***, int); char *argv_assemble(int, char **argv); @@ -207,6 +209,15 @@ void opt_array_append2(const char *file, const int line, const char *directive, char ***array, int **iarray, u_int *lp, const char *s, int i); +struct timespec; +void ptimeout_init(struct timespec *pt); +void ptimeout_deadline_sec(struct timespec *pt, long sec); +void ptimeout_deadline_ms(struct timespec *pt, long ms); +void ptimeout_deadline_monotime(struct timespec *pt, time_t when); +int ptimeout_get_ms(struct timespec *pt); +struct timespec *ptimeout_get_tsp(struct timespec *pt); +int ptimeout_isset(struct timespec *pt); + /* readpass.c */ #define RP_ECHO 0x0001 @@ -230,4 +241,7 @@ void notify_complete(struct notifier_ctx *, const char *, ...) typedef void (*sshsig_t)(int); sshsig_t ssh_signal(int, sshsig_t); +/* On OpenBSD time_t is int64_t which is long long. */ +/* #define SSH_TIME_T_MAX LLONG_MAX */ + #endif /* _MISC_H */ diff --git a/gsi_openssh/source/moduli b/gsi_openssh/source/moduli index 1362f20e1b..099fc4263d 100644 --- a/gsi_openssh/source/moduli +++ b/gsi_openssh/source/moduli @@ -1,383 +1,425 @@ -# $OpenBSD: moduli,v 1.31 2021/09/28 11:10:05 dtucker Exp $ +# $OpenBSD: moduli,v 1.33 2022/11/07 02:21:21 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20210524220022 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F806ABBEB -20210524220025 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F807D248B -20210524220034 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F80D9BC9F -20210524220041 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F812A0A37 -20210524220046 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F8155AB97 -20210524220054 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F81B2848B -20210524220056 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F81C13007 -20210524220118 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F82930D03 -20210524220122 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F82BE877B -20210524220127 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F82EBBF97 -20210524220132 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F8320C043 -20210524220137 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F83476BCB -20210524220154 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F83FA204B -20210524220159 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F842A67EB -20210524220217 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F84E7FEDB -20210524220251 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F86503997 -20210524220256 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F867E7587 -20210524220301 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F86A47F7B -20210524220302 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F86A754D3 -20210524220304 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F86BFB23F -20210524220310 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F86F871FB -20210524220313 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87125B7F -20210524220316 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87290AD7 -20210524220323 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F876DECFB -20210524220330 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87B31B33 -20210524220332 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87BD0977 -20210524220333 2 6 100 2047 5 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87C5168F -20210524220335 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87D5CCB3 -20210524220337 2 6 100 2047 2 C117F4B631CA032FD2F00AC0D9A5473D8E56DA246FC44FD594BF5657D399E453728341CC920EE9127729637683D268CA3B62F5CB61C7D4F08D3F202D67DBBBD88498043861190549649D82E7793A1874FE0E8ED0B460E3442DD4DFC2301A1B6D8FA36C7CAD084B2FFEF2205E3CE46B030E4618C7B50656BF9FB60592B1FA32E91E0D536A12E601317F0562F547FF44DF33377ABAB2A2991EC99887712BFD9C78BBAA8759B09577706493F50A416F472D6F7B9532959A8899FACEB55B012E8FE8131AA45E1851FFAA3572E489FF4AAE89ECB583C98CC29ADBB1E9677AE2517D6BC1BC13C5A18A232FAD4CDC6E580FEC730D070D49E88A23C528A4985F87DBEA23 -20210524220355 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A44F8E93 -20210524220404 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A4A0C6AF -20210524220412 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A4EF1E03 -20210524220414 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A4F93C23 -20210524220420 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A535963B -20210524220424 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A5566833 -20210524220425 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A5599617 -20210524220426 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A55EC4A7 -20210524220436 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A5BD5EB7 -20210524220445 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A619258B -20210524220451 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A650122B -20210524220501 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A6B04DA7 -20210524220513 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A725B467 -20210524220528 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A7C40A4B -20210524220537 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A825DA4F -20210524220559 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A906849F -20210524220603 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A92B2543 -20210524220606 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A946A62B -20210524220611 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A96E9F73 -20210524220612 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A9741957 -20210524220613 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A977BF53 -20210524220614 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A9808FE3 -20210524220616 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A994D8CB -20210524220618 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A99CAF0B -20210524220624 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A9D53ABF -20210524220627 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01A9F1F75B -20210524220644 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AAB771E7 -20210524220645 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AAB8D6C3 -20210524220650 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AAE8CD27 -20210524220652 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AAFAE557 -20210524220656 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AB231D03 -20210524220658 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AB2F512F -20210524220700 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AB3ED6AF -20210524220706 2 6 100 2047 5 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01AB7A3DDF -20210524220712 2 6 100 2047 2 CDA33E2E7179C731632DFF6272815DAAC78E971B46095FA70FD7153B8FEC3061C37064D6D6961EA44D04D20222E7071AF123319EE4B70C6C6C7F5EC5BF6F4556A9636794FE249A109E9292CAE57FE40829089D99A5731AC08639F090500DAA9ECD8D56C83368EA05DEB9A1C37C82C0E84396128BF47B2222A7312DC06F7220DB671F16302E8C9ACEB9034E4955EC08E27C9E708FF81884B81CFB3DD2D662D0A60A5DAA91EBD69F564B8B2A565637663A4D444BA4BBEE7F029BB44AE1EA2182F39A1E2ABFDE297432932295FCF1DB704EFCD3A30A9EF881D6090480232D8893B9F7608037E1B5A2A09DD9E590C63ED28A82EFF89135E05E010710FC01ABB48B1B -20210524221547 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505902F721263 -20210524221723 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059030ED9F9B -20210524221800 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903179F84F -20210524221940 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB850590331E399B -20210524222007 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB850590338E4BEB -20210524222013 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB850590339E72DB -20210524222057 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903458ADC7 -20210524222125 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059034C60DC3 -20210524222149 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903527AD67 -20210524222206 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB850590356715BF -20210524222226 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059035B2AF7F -20210524222240 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059035E27D63 -20210524222530 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059038AD337F -20210524222550 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059038FF50F7 -20210524222711 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903A587DBB -20210524222722 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903A7E2593 -20210524222813 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903B518C67 -20210524222821 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903B6BA4B3 -20210524222927 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903C7ADF53 -20210524222944 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903CB9378F -20210524223124 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903E4E0F63 -20210524223132 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505903E680D03 -20210524223318 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505904017708B -20210524223328 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059040391D6B -20210524223340 2 6 100 3071 5 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB8505904064990F -20210524223418 2 6 100 3071 2 C1064E3791D96D66CA94320FDDA0DD731891FE4D4E4BCB5C8C2A22E33BE0C071BDD6B55DF0A474F1123F6AA3CDBB043EE9972052E3422BAAF9CBB6C1E77E2817F0266F0018351110EE2017EDE4312F0E0ABECA6585F15630FE2228BC03E4DEC84F31650177D712CDE77D6D6D2B0B391F64CD792A6C14BF9A16011EE673183465882595613087535464AC29A1138E1FB2B1024693A368700447307B43435E1BC718CD239396943F22BBF861EA0098069CAB7976B13C60A9CDD4BEDE6DF3659D61188E161D2D5A02CADDCCB547319E02211D00445BE47F5484F673239D7796CB1E1D3FF1558DA0ACD3AB17C6B3D8C3F00DFBBBF69F3B600E98DDC1FB0C0F79FC2E2F88C891F7BACAD4023331B623DF6835B2A7E881E59F0B7CE676208717E3AA51FBEDD7E9EE62527F253762C7B6A3D987DF800D2FB66DFE4F9588BEAA938DD9FAA5916186746FBC25A357F57D0E03442EEA6D067F19ABB96865474A250C73F66FE0FC5B5847CAB8F2CE25765A52A27223BD725C7ECFCF55EAAB85059040FCE473 -20210524223453 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB455657B -20210524223634 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB5FCC833 -20210524223659 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB65DD6F3 -20210524223732 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB6E02573 -20210524223739 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB6F4ED87 -20210524223745 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB7068FBB -20210524223826 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB7A2859B -20210524223848 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB7EE3B1B -20210524223936 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB8AE2333 -20210524224015 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB93EC75B -20210524224018 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EB944D10F -20210524224136 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBA7C4FC7 -20210524224213 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBB023E7F -20210524224228 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBB36560F -20210524224236 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBB4F6853 -20210524224323 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBC0F75BB -20210524224346 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBC62CB7B -20210524224413 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBCC9AD0B -20210524224441 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBD2F9967 -20210524224508 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBD92D627 -20210524224722 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBF92432B -20210524224733 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EBFB7A837 -20210524224832 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC09EA30F -20210524224841 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC0B86AD3 -20210524224843 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC0B88DBF -20210524225050 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC2C17DEB -20210524225054 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC2C967DB -20210524225112 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC30CDA43 -20210524225123 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC3311D0F -20210524225247 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC4813D2B -20210524225254 2 6 100 3071 2 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC4923E73 -20210524225346 2 6 100 3071 5 C6D582E2863DD842704EDE65181452A2A54FD6112537B792F2AF066D30656086948D10BD502D46881AA1766656F36A4BDDCCAF0893BA661A1E7952ED0CC9FD481640C27E1513322DA51E6CF68B2659BFED70ACA5F3D45188E2DCE57C05479C7564EB1573D3A039E815105E5BED13E0810D70E388766005C2DE1ADA9855EB53BF83EFABFCB67D8BDC4156C639A547EBDCB3EB980DCD81A44255F1EFCEAE2367482CD7AC7C7B68CA9536B6548F5323C1F46C9ADB084274D82387B7005D7D964CF53F4FCD2EF3337466DEB47BF46DA8501BCDAC4579FE0512B1D6C2AFDF933E9C6B89B25CCD5066B103D59FF1CB96DD4E427520CC06DEE74325885FD48E20E6DA45009CFD337511AF8081C2BC4341306DB2F2BFEB6912F7176D07161162D1BF8B603B0500EDAE3985D29BE88F3F94E98F91A73BA3CCAD9F35EBF6F95F179DA44AD4255AE983FBF8A8BD9458ED7D3AC7E410735FF90ECB32029C5A7D562A33C295F6262E6E91AA15444B971D565A6F90CD898E700B4EE15FE1ADABD3EA6EC562D397 -20210524230435 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375A8B66EEB -20210524230743 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375AA1B04D7 -20210524231138 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375ABDA60AB -20210524231337 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375ACBB313B -20210524231610 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375ADDB3D53 -20210524231810 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375AEB7413F -20210524231830 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375AED5921B -20210524231850 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375AEF2A0D7 -20210524232438 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B19B5B17 -20210524232556 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B23127DB -20210524233441 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B624C5D3 -20210524233915 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B81FBBEF -20210524234022 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B89ABD27 -20210524234251 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B9AA7603 -20210524234341 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375B9FF196B -20210524234859 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375BC541C47 -20210524234945 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375BCA418EB -20210524235116 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375BD49C877 -20210524235639 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375BFB1B0BB -20210524235928 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C0F703EB -20210525000202 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C21C5393 -20210525000215 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C22B072B -20210525000220 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C22DB943 -20210525000241 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C24E57CF -20210525000519 2 6 100 4095 5 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C37CDA8F -20210525000617 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C3E42EBB -20210525000910 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C52F623B -20210525000950 2 6 100 4095 2 DF313B012B87BCB41D4138171AA4A3ACBBCE90E58F3142966241384A0C0FFB78A3AAF92DFD19BAEF944D6323266A2BF7DAD5B917587B37D446A09EC84E519C10C981F1F59D7BF098A174589ACE1272D2BEDBC6703AE8F728E2EEC81F0C8F5E3E77991C632A664FAB45A584FD7A34133DB362EC04B2EFC6EC3F6C609C3ECEFB6223BA4CF06792D3A623F8FA4E1C78603B22B8AF856C8435AA6B25EEEB5C90F24572236182A79EE6A31331B4A78F1EFDE526AE53EA6C30F93DC2AEB3790E8AA728CE26D13080F84CC81ABB03E8E8E653368825D488461676BACF9BAAEDDA84A2E0E3524F407DD717A1DEC0D46C8FCF63F6F8952BCF1B19C03425F5AAB759ECD3C1E943756694A0F32CB0F765FB5EE410AFA6BAA30B0C96F4E65C76741BD067048DFF657B4C7C43336F200951448F3348AD241D9EBA14EE8CD8C023EF049835B6F6A6A4BA8B45CFF29C5252521494750C51972D2D448E357EA1B5A7230DCEFE9F2404E1D1C857E2DBFA18ABEA6369D958870D5657E3C6465748E2E10F851F9301B26F0A4AEF77F134C52A9391F7C92783FD7A2E378B5CE9F6D0ADA2B1EADC9BC9959E30E3821B2473DC1E2F3529DAE96B9E09BB0BC7806F41D7F39CEC690DB9F3DCCDFD92FA5DBF29FA26E5F55D87ED627E7788120A76ADDF2F2F28323F0950E1D9EAAC4270A6D66269978BB7382055BE7C36CE63446899C7ADF725F375C573F39B -20210525001816 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FBF7D2A3 -20210525001921 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FC6DAC53 -20210525001926 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FC6F3373 -20210525002309 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FE12C677 -20210525002320 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FE1E59AB -20210525002338 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FE3AB02F -20210525002359 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FE5BF4C3 -20210525002601 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB091FF3C869B -20210525002851 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09200739083 -20210525003041 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920140797B -20210525003049 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092014502F3 -20210525003141 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09201A2B9FF -20210525003223 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09201EA8A9B -20210525003231 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09201F326F3 -20210525003352 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092028EFD83 -20210525003809 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920482BA13 -20210525003923 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09205072CA3 -20210525004024 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09205780163 -20210525004148 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920617E947 -20210525004457 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092077D9FDB -20210525004558 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09207ED990B -20210525004731 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092089EB6C3 -20210525004805 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09208D77E3B -20210525004822 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09208EF6DA3 -20210525005103 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920A21B82B -20210525005232 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920AC6072B -20210525005335 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920B39092B -20210525005400 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920B611A73 -20210525005804 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920D2EF2A7 -20210525005836 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0920D66062F -20210525010525 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921066C17F -20210525010559 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09210A11893 -20210525010655 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921101CC03 -20210525010715 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092111F033F -20210525011027 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921284AEC3 -20210525011247 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092138697D7 -20210525011345 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09213EAC66B -20210525011758 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09215CA5E7F -20210525011827 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09215F9F6DB -20210525011950 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092168F25FB -20210525012059 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09217019A9B -20210525012441 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB092189F6357 -20210525012731 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB09219DE687B -20210525012806 2 6 100 4095 5 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921A19486F -20210525012959 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921AE8C22B -20210525013036 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921B277E7B -20210525013100 2 6 100 4095 2 D26A87E5A681F2A0E0231EC9449860176D2F9282C1D6E791D912B84987AAEF8BBCDE27FCC3A31FD76A78509ACB3673A0091330E077333D6682329E65ED16DAB1DC98ED93D911BCC3B63FF1271937AE5CE43688C0322530126BCC852EBA388F6B5B9AFF6808DD0B17790AD76F462EA9F0438F1E5A622C921E50A0358335806DD4A574C8117028E6DD07A42F09C3CDE7B5B9CD8914CEE9116E2F952862EFDB94F826D826C8EF15C468E80F916E09F4C411483E2C3CBDBF1CEE282F1144D17F9F681B0B238337941C1C5DEAB7DD52F0EC84A5C8B9FEEF5AA7EEA118FDF857B8BC0190C81A8D2E446E58C5F18DE1CFDD4680E04C89D421E1DEF67BC5A6FBA6B525FB06C263624A5D668A36F2254F9ADC7366544CE3A388B31675E3886801F9DFB571BA159C7D20B6175711387D696741F64FD689DC61F775028924BCCFC0197844340F61BB7EF0370B3FA53CFEEF65B4058B4CA1B25290DEB7E9ED829154430B7008A5E4174FCCAD783F3C8D1CE61014AF4299527B81B9F4D6EA4DEDEE89DD042FBDB6F0ED861CD7073F59AE181C5922BF8B480F7C71E2EC6CB6EA922FBA8C7383AA72001AA4A0AF633CD82D423B880E4AA3B96921BA8CE3EAB0337BAF49F37576905D811D657E3420C8C41C9BC693ACA6C94B34102F54FB370D597A1F9C00ED602927871F79C396D778FA4C968D2CD48788196EFB9511315087B9AEB0921B4B1893 -20210525015106 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081BF2FBF4B -20210525015719 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081C01C9317 -20210525022943 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081C51E7ABF -20210525025621 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081C92AC0FF -20210525030139 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081C9F26EFB -20210525030310 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081CA22ECE3 -20210525033123 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081CE69BC83 -20210525035425 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081D1EA340F -20210525042046 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081D5E1F147 -20210525044151 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081D906177B -20210525045703 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DB34C7EB -20210525050443 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DC53F8C7 -20210525050557 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DC7921BB -20210525051327 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DD90DF33 -20210525051635 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DE04D46F -20210525052745 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081DFAB207B -20210525053701 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081E102FFA3 -20210525060524 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081E525193F -20210525061916 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081E723D123 -20210525062421 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081E7DAEAA3 -20210525062728 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081E8449753 -20210525064313 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081EA8CAE5B -20210525072251 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081F04FCEC3 -20210525082731 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081F9AA3067 -20210525090241 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB3081FEACB11B -20210525093810 2 6 100 6143 2 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB308203BF9E43 -20210525094831 2 6 100 6143 5 CAED937BA3084DFE7B4C1B59AC23C7EA9F28E677B8AFA536E9079DECED93EDAAEFB2C757F9E7AE4E90C4C68C8C937CAA8A0FB92A36FBBD24F777D579E264E8750B365A59AF83C5925262981B301C94CA57CE2A4825438EE089B2E0A5A8D90B51B7DB6044383542685F2D543030403741A6337C0280866A08D15BBFF32D9326073E6F8BAE510E66CF5A5DC6C7D96EFA13984EA383224CD59C7F8A49BA170EBD0BCF896FAD0FD67AB88D4D25CC81D29FFB7062328C9BA3BCD7EB107B74FAC05412D7677C058604F544B2EE8548E9372064C0CEB79BADEF8755F86E8DC894BD043DE697ECE323D624156B731D99C12FD1F42BB2FCADF8CFFEAB8DB59F9CB5843C1A01018DB3E415B4BF00D7F3F20FAAD86938C6B3061BC2A4ED0D18FAD01B1E53D0C8D41D208189D6E341E167B4B975236701B76C72097A34AAC46F4781185A7A63E4FB4A3CDDAB793EE4DFBA3D57481AF41ACD06A45F8D59D33FEBABCD3B98675A9C3F54B0AB42CFCABCA47021C709867AB12F830C4E93AE48AE5EBDD109E3F672AAE6A2EFFEAF07648D3110EE52627D44C8EA35482502C1CDC7B655F4D4A5E7DA1A064E138D00A9CC85DA5E833221AC5FF62F7871B53A8CE279AD441A5795D092F257C9BD2A871D098B3583ED9876342351C063BC2EA9FF111D245FE68A6A087B9E0B7AB0C47F2C6BD98A5CB4DFC57B71A1CF13A83308DA1E3BEB572AFDA9B88F05CCE1DBE359A44E849CAE4AB6196262877B119EDF241326C0F523ACF04DDF90601DC0D4107B935444D5C9E019B340227A386996D071BAA64D62FA049F285F12366ACDD439FCD3D0BAF9C37519177AAC6CF3B6986BAB5F68BDC9FB6E3B82FA157BE36D452FC0EDC4CDB95F9677F97C0F98725F275EAE0FF15C53957D1EFA9CABCE7B68FC186F117C40C5D24BD982A7F21AD6FE4A9CAC6C763FB68DD0B1C725E5DBC4522B86A42B02E3F5E704595977829607FDEB0922C497A9A93F327FA921D8BFBCD9C18272506A1A9F23171787FCBA72E4670C857D089DB5A22AE801EEBD567D48D697EBF25E6183374FC4C47C1747C3F69E650333F6F7ABEB30820532247F -20210525101346 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7A84C1DCF -20210525102328 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7A9C0F78B -20210525102507 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7A9F844D3 -20210525105019 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7ADB803E7 -20210525110206 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7AF734957 -20210525110823 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7B0605EAB -20210525113051 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7B3C762EB -20210525114458 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7B5E9D203 -20210525120436 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7B8DCCD03 -20210525120944 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7B9A11BE3 -20210525122534 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7BBFCC14F -20210525140523 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7CAD4CEEB -20210525141051 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7CB96ECE3 -20210525141705 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7CC76C197 -20210525145447 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7D1FC10C3 -20210525152246 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7D605451B -20210525153139 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7D73E819B -20210525153550 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7D7D225C3 -20210525161421 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7DD5B0F27 -20210525163744 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7E0BFFE7B -20210525165044 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7E29682EB -20210525172301 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7E730C6C3 -20210525172835 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7E7F17D9F -20210525173319 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7E89CD397 -20210525174552 2 6 100 6143 2 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7EA6442E3 -20210525175415 2 6 100 6143 5 E14FDFEE7787F1C28112A16D64FE7C953E3A963B98675E5C078465D774DDD60D0689616D88E223B1D75C4D124BD32324D828137D8AF145AED00162977FA394F7D9657F5E892CDAC98461E41CCF76B3F42471E8DC112FB82F65AD55AE55ADE7F3B85C9EE6E914F2DEE618D55A9FA0F72F6C03664BCDAEDC64ACD9DAE85B0396321F79565522DE272B5D041155C8949BE08B5B09712887BE1E20C31FE5A5A90E0F9610000EF7E1BBA8C7EF3A9F7E3BD2710BCA36C5390673FC55FC47CF63A356472C491229E283A236DB444E75BCD2F43B0FF35B809E6336314945B725912A1C3423141007FFC129C65CCD772966D9E394AECC3252F9C9AD019950C188FE8922A959E19F226B33235BA30D0F3B163F21BE8964C67D0CD118EB7EDBE0DB21762006A115ECCF829452B51E533AC29A836DC6CF40135FCB31B77A287E5CD377A0A80D7F2683A9D9E760F3EA479CFCE9627AFF5BF6AEC257043D71E0CC695D2DF4589C3255DBA1A2F58FA3F673C23FEF80366042BC0DBD7AE2556E3EA38577FC0CA9D56324CB084E6EBE01ADFAD00AB41CF94822FC7680A9007A6BA804A2242E8EDE7D599A46F59886D36E6B7F4AA20D92E682AFC1BB0BD5F5AC0203185B978F438508933EE2A85666467A95051DF1EA0C6366CC28D36030242A4B51820D043190B310D5D51DCE6A6AF333629FAEE5F3A6D88DDC325321A3767CF1C97B6B5FD8E2AC2E95C54F142BD4F5A5F5609E6D4BC09C55FA03F92BA35C006662FC08BEE197777F3E8CC1730F754447D349BF93AA8683D226EBD2FD872CB8383A03058AE9210891886DB9E4DB2300D109B2C32E26C460DA6E362F72214999EFDEED5E7299AA4C6A9DC9A9BB5A8D59374F92C339314BCEDFE44E5F805F37934C94FB6D8C8E2C9045BF0C1CE9A659A40937870F51F36947A89EA941990F743666D6B27C71CDF6366666E3623471945AB3F52F98C6034CE808AF2F10F21541A3B3C1CBF2A204770E10953F63913D1A5695C1A68E48D21F65C210097F931E4DD82A31BEE9EC842D8898A73CB84E236B8A10D3B7D8BE6097E4679CC8BE8C77A1CB824F6231E7EB8F5A57 -20210525183229 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816BFE560FB -20210525190732 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816C2E82C7B -20210525191937 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816C3EC147F -20210525193159 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816C4F60C8B -20210525194246 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816C5D97313 -20210525203443 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816CA459133 -20210525215204 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816D0DE4FDB -20210525233543 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816D9A29577 -20210525234619 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816DA7ADFAB -20210525235329 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816DB0B2673 -20210525235513 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816DB26C1CB -20210526022844 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816E7D6D73B -20210526023323 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816E82F077F -20210526062933 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FB41731B -20210526065151 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FCF0DCD3 -20210526070545 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FDF8DB8F -20210526071052 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FE572613 -20210526071809 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FEDF35F3 -20210526072107 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FF13DABF -20210526072624 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37816FF7318C7 -20210526081148 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F3781702F3953F -20210526081939 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378170385D3EF -20210526100857 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378170BEE7A0B -20210526104252 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378170E7ACB07 -20210526104946 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378170EFA920B -20210526105532 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378170F653A13 -20210526110401 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378171004A14B -20210526110925 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378171065B293 -20210526123113 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F37817168DDC17 -20210526123356 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F3781716B7D3FB -20210526135059 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378171C86775F -20210526162058 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F3781727B688EB -20210526173849 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378172D7A5213 -20210526175432 2 6 100 7679 2 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378172E9D4DF3 -20210526175746 2 6 100 7679 5 E3F4DC1A68758284B2950A16204A7D9CB3972B0E74E2CDF12518B48DA3F349640BFEDA5162CB2EC47E2593EDB3BB51D743F3F4948A4D940B37B724B6D7E5F5BFD44F9D3CFB0F6E2CC1B33AEB7FCA7C2E26EFC55208D15DD12B08925383346148CA7CEEE874499CBE6E5D34AF7EF47742F683398B5418E3FA261013922180C6EEB4250632A2F93CDC281E6E76A488FEB4CE7B4C9783A37201CE4B551B53EEBF291234454CD0A4DC1B78C2D0F1BF72EC5D64EDBE8CB662F373ED861194F02AFBC8B7133ED9BDDFEEBA8E7C19C58505DF691960346B4F9E0FC1076DE872E6CB4323B8AD7FB4B086B26E10A55ECEB23F6FE78A5224A0679E5EA529C1327D38EDCCD340788D6216D1388B33A8E93B41B0B13ECAB9B7D647BBFBA2181E752B9DE7230C13B38E0988CAD88E2B1F8B8B1C938B93BAD62F250289CE33E3BE77C04B8090B806B031C23413EAE7799E6FB6DFB02ACCD308EA8688245527ED4918ACE575748DC01C02A6420C9CEECCAF8CBA73F16282DEEC6697CF82C880E3FFC8FD149411C6AD19AAF3B30BF2EE89977B7536C9607777F6E4F6E83B84BB4D9B359EDA6A5A1167B6D352F4D6CCE10F2C974EB81CB1C75280406B2F891A7E500BD58648A5A88ACDD1A6D7A2D80690BB441E533171930ABA557A52BD2512E3FD9A3E5DE6A378E3FED42D6ED5480093D3B0E068F2A24B54FF43BEE12BDD5A646B4A2C1746C27328792A4B9528FB45F6AF56C6F917978B535D98C2441EE79D825E73BF97A7D49B5DC85B12B0C257DF6AF0907B771C5EA582C9DECDDC3CC1852AE403FDCA636DB4B111747646CF893260651567C4C63B391013CA9047AE7F77BCE46A16FBE54054CA8D74AE248A5C5A22B841D31B89C82C8D9567A03B249A07FC1CEFB03B569AB328B0028DA5F3D4D2E2BBE076D9DAAE0DA86DA2648E7311709D0A8C6083C42F9FE430418C2597BF533D294E15E53D5E045A95222A23F4CA7AC9FF35A0E1CBFB80227D800ADA8F79FE463F1C9FA0D8A4E9F6C42ACAB07B5A7CE6E1BB649264EF1EBBDE073A1892B3EDA5CF60D0921754A5848FE47F32168A094CAB1D242EF095BAAD113824511114B4714DDAAA585E3A653DEF46A70DB8D43E4813E6A03E5779B9A9194925CC967DF08F1EB9CEC35EA96BB3D78C40B0A4B8AA79D101CD8110E37119267CC3F2ADA62E3CA0F444C22CF5A73D46BBFDE56BBD1E4FC397A9D6975E77923B6E3AD4CAB4A4E3C5EEB01DC1B7690BF44197AAD7D1B802BB4F6494095E708F4A7F9642AAD64B0511037DC9A65663C4AA6046575A56226103E282B61286CFE6BD8672A3C297DB544E3CF08013BD2B32130D21E521351E9AA9F378172ED281E7 -20210526194658 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC72DF2567 -20210526205542 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC789BCF5B -20210526211855 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC7A83E6AB -20210526212819 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC7B4A5E7B -20210526214431 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC7CA4162F -20210526221404 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC7F1A2A03 -20210526224339 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC817DD633 -20210526232709 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC850A6253 -20210526233209 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8568303F -20210527003359 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8A7766A3 -20210527004505 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8B60FE03 -20210527005150 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8BE3BDCF -20210527010445 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8CE83F03 -20210527012302 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC8E564BAB -20210527031004 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC96F6A7D3 -20210527042035 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDC9C9071D3 -20210527051239 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCA0A5F80F -20210527054907 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCA382DD3B -20210527055430 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCA3E850B3 -20210527063343 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCA6FD9EFB -20210527071327 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCAA0EBEC7 -20210527071630 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCAA41FB57 -20210527080058 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCADACEDC3 -20210527085945 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCB22EE113 -20210527101619 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCB8016A93 -20210527102548 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCB8B44C67 -20210527105317 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCBAC26CAF -20210527111021 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCBC0189BB -20210527120037 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCBFCB4D7B -20210527120149 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCBFDA08E7 -20210527125327 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCC3B60853 -20210527125755 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCC4035243 -20210527133418 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCC6B03E83 -20210527141546 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCC9BF3B53 -20210527142810 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCAA21133 -20210527143703 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCB42B1A3 -20210527150004 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCCEFC0DF -20210527152242 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCE94F76B -20210527153438 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCF7614B7 -20210527153537 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCCF7F4B23 -20210527155914 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCD13EEF3F -20210527170116 2 6 100 7679 2 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCD5E5A47B -20210527171119 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCD6975A67 -20210527173152 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCD815F687 -20210527180427 2 6 100 7679 5 C32E7FEED6DD76E659C6961141AEC4C2E086F62A1B6FBB851A142301550CCFC2E424C3D4B1B518D97BB7DBA9B7E0E40408EA5CE767F9276D112391D7D777FC14537F787F3ADD0DA7A45B64E1330E8F7A0D23C5AFB283E766F2BD69FD286599C68CFF239900CB849E720800D52B4D7FDFBE94C6B920AFD4FE3BAB7C9F19193F96ADC0EDE471FCFCD27ABFF54EFD8F589FD4FD5DF45FC03F832C4B137F4AEAE448E9FEC83A8E1BE47FA202A243BE467219C94A5B28908635E9794C4A4D471E17297E5584CAC109082787C01B8C32C3B0D89006EABD02F17D8BAA792C71A3CA3563501206E70786FC09605B91365EBC2F31EAA94778BB63895FE13ECEBDD005255672ED2768ACAA24E317FC4D4204AEF9B69C0A7EE845B3C228A878D385BE603145DFA087D480A41AEDFA887F7B058BBBEE7D702D83611132FDDF37D0ED1D1731B905D73CDCEF06F9F2BE2A1D01099A915F545F8FFE9B42B66C5FF5DDF2CFCD38B50D45620A364650F12A6E9E94D398FBA738ED66C764901F475CC0DB8B328343180DC70E77BAFC3D8F5CD168A9D9985BA98DD632FB6691B178DE4C276FD5EADABB891680118D0F1234C21AE7788981A33AEEB5D357C28B87F82E4D7314C2A5C9C756541C9CA0C038CA03EB4A75324BBD8DEB5817EDBE6EC15FEEE0E94DBADB19DB0C53467935672C9E8DA879D83619277D37109F4002884B45A69693E5E5C0919BB3A11C89D0BDE5B944602222405EA03F1CB8B8C171C1BD01489E5690EFBFD69CE50A3C7D57FB83857B18B98FFC999D0CA1CA5BFE196485D03E6CD9DE2964091827CC7FBD6D4708D6E8C27BD38A40CF06F713544A1A862DC650F13148A039BE09E55765E27E70490EA8D5AB67009A5834ED6972FF8D76F57B4EEE311E2F395C12DF65FB0DB8F9DD405F0CFEDF3BF08C391E628A0230B6F0ABBB4D07EC644DBBFBD4F48F9A89756F1004873C3D9F20E3566B6B1A2E1ABB6C7152EFB099723469A3D4408D0C27106E09D483C705E50556A35691C99B108D5629A3BFF434A196868E460046B26F4D1FC9725A3470229BF840C86EE0FE1239AF1992C6F7E960CAD0E0D82839CB67318A084AE5BBD8CE513C4DE6EC95B74F8CABADCD825775C36247B07F2CBDCF45B6C3ABF0C4EFED04733309D6CFEBE37871B9A4180A84A822742CD47496C310BCECB574EBED53C0BFDE574D49F3E180EF575B1BFB8799434305FAB7CB970AF999407F262FDBC13CC1809B1F34A962FE8D1348D52780C4AA173E769E70CAC6D8C2E97BF92F7624B4631952FC07FAF93E43A1A8C869C3423BD9A9387CFB4B5B8B2D8475174CCA1AF38CC64E514F0281D65A9AEE4876EB7CDCDA776E0F -20210527185319 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F513E1A12F -20210527185735 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F51429194B -20210527213255 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F51F664F27 -20210527214610 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F52058B933 -20210528000741 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F52A61610F -20210528003717 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F52C738E73 -20210528014022 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F530CE1FFB -20210528020015 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F5322397AB -20210528050850 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F53F20EBA7 -20210528054438 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F5418B5C4B -20210528084340 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F54D8C79F3 -20210528091530 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F54FA20AAB -20210528094806 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F551BB35BF -20210528123059 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F55C74EE33 -20210528123356 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F55C9BEE33 -20210528131007 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F55EF35FB3 -20210528131122 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F55EFEBC1B -20210528133019 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F560345AEB -20210528174944 2 6 100 8191 5 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F570F3AF57 -20210528180427 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F571DF3C6B -20210528235428 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F587F3BDB3 -20210529021000 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F590536F63 -20210529024531 2 6 100 8191 2 F08476CF6891E7C1CE5A873D1D744FC41D579F53B1F877B0F280D44DF57BEBB3EFDEBC7B8DA48C885005E0F3D8167BE79FAA61DA67EAB112C599882D369A7446FFB888D483317B6A7E0A6AC0CCB6ADD70D511AD81FDCDD71D40C5A40B3627872CE2EDD092B2ED810F6F5F3AE3C02D97856002D646C750910C9B6917615BA8D8D0345514B5F7B37EF910BE98C8E42FF9F9C2FE04F3252C2894D67A033AB22CA3B1BFA9FEB208509654755F3B83121AB827BC481F2E435F68EA144ECCC19670F5C234369F97461A9AFEAE48917B2D767E925D3B94C6380F4A1891EE20A1413C358EC93C8D0D34E90C424BCA367AB4B7C63FDFA0931FB8735ECC5FE22694F8E2784389AC68974BBF1FB5196A5CFA63D30464968927752F1F8F216A07A467EFBCFD4078203DA384AC63A6A304AC56114D2BBDF9212F58BDE3AC556E168ACBF0AB63370D44E90D63E5CEDACA9D94F248B74A783E3852BE5BFF73E27F6FAE6BD0BE5A7A014262CBFB7ADB6A29477D9F2F5FB45E9AD5F16C07B06CA166455C83377C52BF61D06D8CCA11B692F7F05E96264C52295C73D6CD991190A54A2B097BFDBBA8B89A5DFCD1FF9DAFD24542B78FF5F00AF78890EA8297223CCAD28DEE98D829750A17298ABE7F3ED70E7370B1CDE1B4F23C24D69F0F4EA9F821B89BAA2D4577A247118EEF70F780FEF57DB587E1F3EAE54748615BE921CA766FC7EC2961E36EFB41CFC607B989ED0C4254057FD9D39715A35C872ED17407856C80C35F65BD181B181942CB5D62710FE60D0347FEEC2AC3ACE45EA72FCB4256EC07C0383B6CF930CF56CDB9803CEE74A66F83ABEF9C75A0D222BF02C3535B6E3C0DC3124A0E603B9E6A89A3BF636305D2174A2B379C4E36685993C8E8B4E44905D2D352B9EE9101910DCB6931C904D16CB0A079B6669DA3FF8F925A3119EF27F4164DA23405F8F135E454D09BEA876E27449E5884884A24833F3BE93165240285E43A3E4B296CAB04891F574787335DDF17085F77B37AFCD8221AB748FCB28CA2C664931C397E2CD70F8EC8D21C467A16A1F33EB1A5E9C0CA80EC81697A40FE6B01753AC39216301D9763D401DE1460DEC6BC546FDB648C79F9A7B80D6A8CD2AC8E09970D52B1FD4D780A51DBDDC4FDCB53A3D6DB50C6959C78AE8E1912BBD9B259159BEFE965834EB8F17F00A10DE857A49A6E94BA5E930998F283CB035C83174B17596B4C3ECFAC1912AB9799A92E2A01D6A0004753E3D2E5F8748A697D4007DF99C32C3E6C1C3DDDDEF90B9539D716DCF3F95CFC4CA0A9D9AD13E570C55A708986D1304740AAE543C4506D96DB45AC0547854735EFAB7814C8FF5029B256DA0C58E6BC618008117E92228B618103642E8AE533D5859178AB2B39E3B0D044195F531E8304DCA4B883E1B2DFDA12663E9D5FE976935CCC1594C6284A68C4CECAAF842F5927CEA53 -20210529031713 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CA36AA3B7 -20210529041139 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CA75D422B -20210529050432 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CAB1C588B -20210529050545 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CAB28E9FF -20210529063055 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CB131E3CF -20210529074241 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CB6403B37 -20210529084711 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CBAB7BD1B -20210529091139 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CBC6896B3 -20210529091418 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CBC8EBF67 -20210529104434 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CC2D31FCB -20210529114106 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CC6BA9507 -20210529124457 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CCB1266F7 -20210529130632 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CCC8BF0A7 -20210529154413 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CD7337777 -20210529171849 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CDD794B1B -20210529201318 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CE8F228D7 -20210529210612 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CEC4AD6BB -20210529211901 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CED1A6127 -20210529213817 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CEE51861B -20210529215309 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CEF3757F3 -20210529215904 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CEF8E8187 -20210530010351 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CFB5346BB -20210530015721 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CFE9B3287 -20210530020811 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2CFF416103 -20210530062143 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2D0EB89917 -20210530071701 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2D1208E667 -20210530095307 2 6 100 8191 2 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2D1B675F3B -20210530111421 2 6 100 8191 5 D8A2E2F024645B5A3FB339A2EF06A3E46CD2AA808530C320F121CE1EEBEE128D6DB4C49492881B35E5AA8C43CAA07E7F69A5C4ECD0EE62A29FC191B9C0DD6955E23E831A0573135B9931D03A5BBCA961410CA287D08D53C0E8CFEC19534C4FECBAD0F2BE625802AF1B504F59A4A88DAA5F52F221E0E9E0DB1396F07EAF2CA88B79D8CF35EF154A69569C545CA1D04A07ADE3628243039985880B79972FB9F5070951D40C9D21C1729348152724531B270C9DEBB5B2C730C72F4EA3932DB44BD3C746E082856A4109A37BA979164881D5B8007807FF1A7E0C48F99DBBE1709585203E579AE201D295E720CDD45B3A8652A7CE878765E699727641410F840871B4362DC51A3D4D15980876649089CE845B5733497FB8E7B2568EF8627EC1BEE0434A3A72094132A0BA0CA102A440952285823FB09684A1C52468193F6E8A6CC9D935C13FCC661DED5CB84B5D5DF721447531787F78AB31AA1D6342460A8B896518640B7DCF3825B52D46469351EF17E586B661D5C0E792C0AA0B0309B8A4BECB3B267BB459C7452387FF6028EEC1C6DFAE3EE9452EB7A7CFB9CDD361B45FF29E6648BD94712BEF29A1C86C492231F710BC66BF8CF83F8765EF6DBA6857C733789DD71245F17C6FA03DD07FCFFBC450029776FDB4F4B411D4B4A98E090CB79B4CF990398FE1C147CE959C8C11D5DE9A4271EA4CA3D8A50A6F7081A2B0F95AA4AD80081511C357D9F15B7547F0A725EED4EE7FDDAE32A3D00512984928679C51375777E968FE3363DCC495300762C7C6D32F4088DB4D4D4449610D05E87CECADA742827EF2B4EF1D064CEB0EEBB01264306F3E24D6260483829576F88B8346764429722BFD0FE3845F541837ACFFEDA101E0E082F618630B741BE1A9E44C677A947FEC31F08EB338798617A09C38EF3FF31A677E62DCDBA2C56D37B1F16AD2B06F41D3E5CDE9A9B7179B6EC46DF99D857521DF29E8012A1AFE6F2F0658171F56EEA20E531C3B2E02864B130BB0BA476F23024DCCA6411CE1BBD1D5C9F5346DB36334117AAF7A1B4ABE86470CABDF862010F5AE3129CA17F36BA89EE3DB83641804EC2455ED75686342E9F339068A77258BBC292E05AF5C233F5B74CA83080CC5DAE01E977E2F7D1ADC36803398B81DAC22DE391F512912148392371C658C416C96C8C3035928EDBB418CF249C9C02793AE6661AB04B4C6C944F55B23CB5621511DACD8EC5C1ECD463620CAC79C38B6CC95FA8993482EA255246D30DA6EA67C677889F56CDF4466F5D968069E152B0BE30B64E1B18607035D7D15503D364B73BAB5582CDF290FE30D2EB7A4F6F797D80702CC448E1153A3A9D882445C73BA490388588F31FA6C14BA7DBFAD39E1CE6B0E2FAD69015F81FF6DAAC56420A478CF717DD952A0DC51B1E38113CF5EF2AC2EC08B6F6CB427A06AD990213C09DB2D2044A90F +20220714110357 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A429A9923 +20220714110358 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A42A9BFB7 +20220714110417 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4349E923 +20220714110421 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A436AA537 +20220714110429 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A43ADB17B +20220714110437 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A43F26D23 +20220714110452 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4478434B +20220714110507 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A44FF2077 +20220714110531 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A45D0597B +20220714110534 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A45E81313 +20220714110541 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A462B1987 +20220714110550 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A467A15E7 +20220714110557 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A46BD40AF +20220714110605 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A470351EB +20220714110630 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A47EA97DB +20220714110630 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A47EAA76B +20220714110648 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4891615B +20220714110652 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A48B5137F +20220714110654 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A48C1EC7B +20220714110707 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4935FBBB +20220714110707 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4938A2F3 +20220714110715 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A49847CD3 +20220714110722 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A49C04CDF +20220714110726 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A49E68FA3 +20220714110728 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A49FF3563 +20220714110733 2 6 100 2047 2 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4A266083 +20220714110736 2 6 100 2047 5 E98F2A209BA9F4C8C1FFB02490E599A99FBE28F6A053E240A4BD5FEDE80B23FEA8A1476E9EF6605A4B4B41CC74CB945C7E168A91DB112424480A85CBF5853234B9B1F60F030D38F678BA80AE1461F716C463D7396151EB5F037CC88690FEEF8D16A1B67F56C11874DB5AA3D541BEFF390077C79C86434EDBC2B46821D2AE5D2FA4FFF1B086B07669B09498EA11B0FE26C773F79ACA044E085E0BA43BBE1EBE954AA1EC7A465A3232699E54958B1760AB7A04D9627EC1810970706C96B58BF84999EBED8846D8B384CB945BF782141B1BE2B7C0E04D531A2334DB41BBFD1BEA428C5FD22F50BABDBDFCC5B848F64CBA8D039636311F8D844DFFFBD77A4A4718EF +20220714110741 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63A97ACE7 +20220714110743 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63AA92DEB +20220714110749 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63ADC6787 +20220714110814 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63BC349AB +20220714110816 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63BD5A5D3 +20220714110819 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63BF25123 +20220714110823 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63C158EEF +20220714110828 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63C438BD3 +20220714110845 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63CD80AD7 +20220714110857 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D3CF5C3 +20220714110900 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D598D1B +20220714110905 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D85CF73 +20220714110905 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D88E27B +20220714110906 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D93B057 +20220714110907 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63D997D57 +20220714110947 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F07D89B +20220714110948 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F12EC37 +20220714110950 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F1E46CB +20220714110952 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F36E2EF +20220714110953 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F3EFE3B +20220714110954 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F45AF83 +20220714110957 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F6684DB +20220714110957 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F674AE7 +20220714111000 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE63F798EBB +20220714111037 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE640C91997 +20220714111042 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE640F6CD07 +20220714111048 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE641309F8B +20220714111052 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE64153581F +20220714111054 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE6415DF757 +20220714111055 2 6 100 2047 5 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE6416B572F +20220714111059 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE6418D88DB +20220714111109 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE641E2FC7B +20220714111127 2 6 100 2047 2 E459BD05870898B0392DDF50E0E0FBCA35E6D6FC6CC9174AE997BE7CBB6902931A8686BEF0D0BC2C82308F0DBF995B77A5952BE4EB437C277A3CBD94356E4AEF676686E76B33FC5586BC6C68859F45F9E71B87AF29583F0808D2F73FD54B15E5D10DDDDB3CF0680C42F17EAD0BD5CAC0B94ED891D1A4775AD74F3E7D7E36B12EF546F6EB27610D5EFBE3F89EC644901CD8D8293CDF9B99731D8FBD2FE920674E74117FCB9CD20B3FD23D2ADD966F5090265131571699A84F3894B14730E0F99E1A49067CB3BE74A34C0E94A6992E02BE30940BDAB6C6E992AF81F6615674B232F4B152F97D9523B1C2ED6EA6DF7C4C69EB66FF9976325AB0A7D50DE6428AF363 +20220714111939 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A40451D63 +20220714111946 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A405CC61B +20220714111948 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4064ADCB +20220714111958 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4087EDCB +20220714112015 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A40C3D9C7 +20220714112026 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A40EBD6CF +20220714112102 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A416BB97B +20220714112247 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A42DDD67B +20220714112248 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A42DFEABF +20220714112340 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A439694EB +20220714112353 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A43C65423 +20220714112428 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4444AE0B +20220714112507 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A44D48CFF +20220714112511 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A44DEBF3B +20220714112549 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A456724A7 +20220714112651 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A464873DF +20220714112736 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A46EA45CB +20220714112754 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A47292543 +20220714112800 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4741F39B +20220714112844 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A47E12BFF +20220714112924 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A486E93AF +20220714112931 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4887FCAB +20220714112951 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A48CAB4D7 +20220714113009 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4908F30F +20220714113024 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4942A64F +20220714113032 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A495DA0A3 +20220714113137 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4A48C463 +20220714113138 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4A4AD4C3 +20220714113152 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4A7E9E6B +20220714113302 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4B7771A7 +20220714113325 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4BCC7A67 +20220714113406 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4C5B14CB +20220714113419 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4C8D693B +20220714113438 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4CD38C17 +20220714113459 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4D1FD413 +20220714113606 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4E11131B +20220714113620 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4E407DDB +20220714113639 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4E816DEF +20220714113802 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A4FA7B0BB +20220714113835 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A501BFD27 +20220714113901 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A5077B90F +20220714113910 2 6 100 3071 2 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A5096B1BB +20220714113911 2 6 100 3071 5 C60003BD3BEA8A30306CD503D00EFB4ED2BF6A45DEA568495ABAF8D2D53A1E0BA1D2C2D3648219C03F47CD52B677D72316114A3882A8A3EB62C4F002DB326C27811A36E332D121EE420DDDF830741F14AA96AC0D2AEB5A80BF31CD18D4E3C02A22BD1986A906EEC3D635669FF26DD25A73FD7650666B101D6C42B0A58D96331E0666C990B56E4F0A5649C76FC7BA599A6DBE245F3A2F16AA4A9216B3AFAA93FE40BBB1149A657C934EC408C063B7130027EF7624C721931FECB563EF32C68E9C275A6A9F8BBF5428CBAED0987CD0EB4BF1BF7AC6F33C37FD88C7A026ABD735F0CD7395A4A22DB22B26C78823FB3BDC98150A82573259E64F407A2B3C017D2E9933E64EF5DDABDD3E748D507D21FF4F7B3450F2640E51DF3993B067DB952F8CD179BE389000934363E209ACF6235D1E9D07D3B0E865C4F9EA6EEB91D2B46B8032B2A3890E4DCA5905E269BD5BF2810548243F13FB13691E5346533538503C9CAA0E56DBE759C182BD04663461B435B8D7A20D69DE33D98AFAA302B86A509ABFAF +20220714114137 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243E7AF7A33 +20220714114223 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243E853FBF7 +20220714114400 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243E99CF2CB +20220714114432 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EA1047DB +20220714114439 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EA262BF3 +20220714114453 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EA58ABD7 +20220714114510 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EA98697F +20220714114514 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EAA6423B +20220714114554 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EB37D447 +20220714114630 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EBBBB32F +20220714114922 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EE2FD6FB +20220714114946 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EE87B393 +20220714114947 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EE89E703 +20220714115027 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EF1D4457 +20220714115124 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243EFF0E74F +20220714115140 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F02F1483 +20220714115239 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F1048C9B +20220714115329 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F1B76437 +20220714115359 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F2205357 +20220714115442 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F2BCF797 +20220714115448 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F2D1B3DB +20220714115516 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F33828DB +20220714115531 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F36A7D87 +20220714115553 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F3B6A657 +20220714115559 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F3CB724F +20220714115604 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F3DB43EF +20220714115627 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F42F1353 +20220714115641 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F45D4ADB +20220714115649 2 6 100 3071 5 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F478CA07 +20220714115654 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F48960F3 +20220714115824 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F5C8FB7B +20220714115834 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F5EAA1CB +20220714120147 2 6 100 3071 2 DA55F6EE023BA05F89B992D6CCEAAD8F6F787812100336939D4C7BD3E08406588C1D2D9C8F4F13A4CEE2F74AAD1ED582272D56866BCBA0449DD6E701CC63FF2DD3B90551DAFE6F228ACF5E3F2B5FE0630B2E5C66D16AE17321A30A0701E511036AAB085C8D3672721EB89A6A6C5CD1406742343617A0B2B09DAD465A2798DEF580B49E25073F0CA98217F242BDB49FD43FB32D31B1983B271A92C13B2A5BD1F39FAF6EC9DE65B5181AB4F6AE3D7D052046ABED2928B5C0B98148EFFB3C2EFD06A61144DDBABE0C4B0E9EDAF0037652A9C5C658F0DAF177DDDFC589A906F46E4F1EBC4A915AE00BB9ACB01B1B62F605209929A8A4274AA498A884DC2E26A1BE9A4FBAD44CF68AA5F92ED35EC66455A01F2273DE2369AB2F07702171AE4D4A551AABAC9C53063C9F1697653877CDE27893DEDF391154D6E5866C919E0C154E5B2B6E00CBA6216FF5FE7EEBE52690BBE6A4CD0693BEDFCB6B217BBA802C6926CEA2021005568848D957894473D76D41254E97267C25836CC2DA3D515243F890B7EB +20220714121337 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D629C7D4793 +20220714121340 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D629C8256DF +20220714121625 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D629DA597BF +20220714122153 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D629FE36413 +20220714122227 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A01CEFF3 +20220714122714 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A20F9823 +20220714122853 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A2BD77FB +20220714123034 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A36B3637 +20220714123040 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A3746D03 +20220714123232 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A437C667 +20220714123319 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A487CC0B +20220714123750 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A65E695F +20220714123800 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A66E6103 +20220714124312 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A8859627 +20220714124408 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A8E56B5B +20220714124440 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A91A43B7 +20220714124606 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A9B26B87 +20220714124627 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A9D62D47 +20220714124631 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62A9DC09BF +20220714125015 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62AB5FE7E3 +20220714125134 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62ABE6A13F +20220714125205 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62AC1B5F1F +20220714125308 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62AC85569F +20220714125411 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62ACF096CF +20220714130454 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B1384403 +20220714130821 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B295BE03 +20220714131228 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B434EA3F +20220714131424 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B4F3596B +20220714131529 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B560201F +20220714131556 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B58D1C3B +20220714131810 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B673859F +20220714131928 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B6F7B87B +20220714132227 2 6 100 4095 5 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B83525E7 +20220714132255 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B863A7EB +20220714132258 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62B869E2B3 +20220714132926 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62BB0FCCF3 +20220714133046 2 6 100 4095 2 ED38FC9DDCD01CDF39C887875AA0A7EFF8682144089FC338C06E2C138653B5E7A082B537BA5C80A93B7192D153313DE56606C8E2A0CAE8370284BE3ADD97F04BD4EBDFD21A999E13461B544C49742DE120C46D046F6E9C55922E68FF3C8A115E51E70071377B60F8127EB9228A332BD38AF8EF1DA8EFA7012496070426203F3BEECBB286E33C053DC070CD919074DBA97E19C081C6CD8B74DBDF6674F64CD7A7B5F0B7E40B0FD607AF531D55FACAB38C9F550C1D60D89601E6BA1D6BA66F5E18D4C8D4D634C464EC748A260C285D84158CC3DFA9BC03973F32077F7D92C104314173584B96C43F22AFEFA135F3A4C5A0D959B963C8227A337DAC30D8B96F7580D67763621C9F51FAA9E2641D81565810770727EF4C25F8210CCF60B2480070556E874E59D910B9B1822B13420C2843BED4FA4F5CBD7822D651C07CB8657AD1B3629EB337CBA9F1FA50E819E9DEC1DB564FFBC1DEF0561079F96D8ABD0740BE2C997F4EEEF7E8244ECAA6E2BA85E832329220C26A7F088165F583343C190B245CEE6AE40E01D2AFAAFDD509302EBD989AE641131152538C749718FD8D1642B9802DACF3945C0A445D2ECDCF921F8E360495A564C0EE64D74224CF93119AFF5BEA0B61ABBF1DB67A6820A4BF9AD622207ECE7DB9ECE03B4FB6D69D06BBCBEACFCF62D85763DAA5B8C22385D5F4E22352C6EF6495485D00FD019FDF6D62BB96BAAB +20220714133233 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C71821637 +20220714133651 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C733193F3 +20220714133712 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C73526D3B +20220714134252 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C75A257CB +20220714134434 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C764BC487 +20220714134946 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C785EAE2B +20220714135018 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C78963137 +20220714135147 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C792D0D87 +20220714135358 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7A0DE73B +20220714135921 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7C4451E3 +20220714140317 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7DE6BDEB +20220714140350 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7E21885B +20220714140711 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7F85C48F +20220714140736 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7FAFD0B3 +20220714140813 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C7FEDFEA7 +20220714141031 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C80E164A7 +20220714141111 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C812A1B2F +20220714141544 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8303F01B +20220714141716 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C839F487B +20220714141912 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C846C71CF +20220714142105 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C853302EF +20220714142236 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C85CD2F13 +20220714142326 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8625DC73 +20220714142751 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C87E4924B +20220714142911 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C88684F73 +20220714143324 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8A2318DB +20220714143325 2 6 100 4095 5 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8A23F507 +20220714143405 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8A690A43 +20220714144651 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C8F8FC3A3 +20220714144923 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C90A21B53 +20220714144936 2 6 100 4095 2 C26EA920269D893CF64405388D11C71D52FBD982A1A9308A076F5B755328380B3D920C48C770CFBD278FCEAC8F9425A0A90DF855870D484BAD937C546B0A77676A0C55A150CE32CD4F6EB2F42A1A176199B683E383035F00F93D13B136E94EF38000FA07B393E7FCF3D3780FE4D8B222C94C389ACBBCFDDA3B5EBA8ABA2E8864E9A5A82097DACE58E7B051CAFFE23DB7F1B5A1AC27E5245A40CCE4F85C9F5FF162A994F68E4D6287CA45160ED1FD545ACC957893BC1D39C6FFD755CD8995EEA46A70E462391D5C23D346074415499E835F3F4EFF95A76CB60F1A7B447799105A542C0870A74BEF1C575A112A1CBE2383C32D44CE8D813EE45511ECF7FE252E0882C81300BA1055E44EE6E0EF5A8FBAFF5DB2A3E62EC9BCA93DAB6134D2F3B2EE20C979D17D5272E6BD1F47B4997C02B2A0766B79B1710DE7F5933C4DCBE6C35A376D914B04E07809B94ECD8CE029A54F1AFCBA92EBF0C19AB692F5CD0DE32F78EAB4AD53DBA881F7D737A6899345A8CE7C20E697B6D8E1E3A9886A9EFBCD95FE408E340D298EDD0276AF776FBB4EBD9FDA18322E09BF101506AA8C471EE71CBCF1DCD969524C052B6066D7AE54614DD4AFFAC6EAB393D0CA1CB22FE487DAB99BBA1835490AC275AD9C2C7A7138AC9DF236AD48951C13C0DE1EC58A2120DD24144DCA31564C74A5CEEF143D9BA7F2F6D01670FC6F6DBC07A08D25EE7C90B7330B +20220714150424 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269CB3AC32B +20220714150807 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269CBBB9D93 +20220714153843 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269CFDFF54F +20220714155314 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269D1D2942B +20220714160052 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269D2DACC3B +20220714163103 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269D6EA99C3 +20220714171421 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269DCBECCBF +20220714171847 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269DD5B7993 +20220714173040 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269DEFCEA7F +20220714174048 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E060A22F +20220714175752 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E2B3A90F +20220714180116 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E328818B +20220714181520 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E513DE83 +20220714182218 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E604A3CF +20220714182735 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269E6BBA01B +20220714191804 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269ED919FB7 +20220714191958 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269EDD630C3 +20220714193455 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269EFDB6C53 +20220714193500 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269EFDE36FB +20220714194107 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F0AC9F63 +20220714195248 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F23F6BF3 +20220714195808 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F300673F +20220714200658 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F4322A4F +20220714201511 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F553D0EF +20220714204211 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269F8F97DF3 +20220714210501 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269FC032A43 +20220714210527 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB98269FC1045CF +20220714214423 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A014F6733 +20220714214717 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A01B72D0B +20220714215814 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A0332253F +20220714222646 2 6 100 6143 5 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A07072DC7 +20220714222943 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A076F0173 +20220714222954 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A07745AAB +20220714223227 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A07CC7BB3 +20220714224745 2 6 100 6143 2 FFB27E2CC8B774D736BFE9ECC0EB33B1BC6D4DEA1E8B360AD96E83A7213A91CCC112624B99480D8B7E7C3B6A70A96B7F267C4FE080158429ECB77525C930D5C61BFC7858FF4D571FE7C533CC24A8B1188EF52DD31B0910207C6B5166A9A097F1D12932EBE47B9B876F2FE0F9344AD4B4BA45B0BBB58908E9D6F8DA689D318AA7C1E198CA2AD22722C00C03A393C8BFC2C037C33429CEDF0660F5716CBC1A15530ED5A3C368B96973A43F1AB70E8BA75ABBB35C85B15E58B56E5C8196B6E9D3C65A236786B55733B64FD6D4F46672EFB796962A3E07AB74C597961E99B573BD8F6046F89C317CA6D9F4922A222CC0EA11E9823F742937FB0EC1A8B7FC8A588193B2AF4C2DECA3EE9724FD8818A0792445FF5E0B7ADDD3EF2282BF471F5322FE0950D91B9B7688B7D134741B60BA427DAF6F09A57C027BE9D5FF6AF15A6DBB183E86E4C682FCD711472039537425BBC2C07D91503187E5F7B9CE7C576AC0CC799791971C23F82C2519635F9B4E1BEE7941DD602EE778E5A99EF77FF9FCFEDC0CC6F90E1F8E2C09D596237C37EC368A78BE8CA54A7406A5BF0708885967909CE810651BC792BD84B1805E3964F31002B647A88FAFF57E94F56E75E5C866E43E7360928B8E7D8E89CE43F5D84E21A3075E9974ED065C825268994DA5E0ABBAFDC1A6636AEB8856C6703CA917C7DF7B607F7DEECD894E6DC133E1904C73499706EC71D2780726A3019F3975835EB22CD82451522CD11A38B28BD742B2A278B886BFFBAF1354D248DE81CE41E8DC7CDD31264D5374CD6D1E53FB07798A5122E18710B2648ABF174A3C8F31222BEFCA76C3F6D7240483119BE84BDB5B72D6CC812A21E2C3A3AF1C263DD5794A716028943E3491EDD9976C4AD900BA4E5BBE2A531BA3B8AF6BF5B952876DB85A70B5C6EBBDDF82E4FD4E518277CDAA86824F82DADE5F73FC60E81C3035A92CC374274DDD8400C144AD28B2B410E186D2A799A1BBAD5B88B1117BE0721D8FD55BF0235620209AACE1B8B2992DBE94F8238AC7E31C758202C548152AF1E4FF39B070B650A52E25793E6E344E027A94CC0CB9826A09DF82A3 +20220715000506 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DB9F7FAC33 +20220715000641 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DB9FB84627 +20220715001211 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBA0756D33 +20220715005345 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBA6234223 +20220715011011 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBA85B2A97 +20220715011444 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBA8F9C90B +20220715011554 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBA9233533 +20220715013220 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBAB54738B +20220715015353 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBAE41CA83 +20220715023846 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB4450E27 +20220715024203 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB4B76CCB +20220715024757 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB58180EF +20220715024833 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB5965263 +20220715025025 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB5D2C667 +20220715025333 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB63FE40F +20220715025633 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB6A8BD4B +20220715030337 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB79F8147 +20220715031630 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBB9537AB3 +20220715034438 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBBD1C7CE7 +20220715035610 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBBEAD09D7 +20220715040817 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC04657DF +20220715041331 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC0FC243B +20220715041430 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC11DB2DF +20220715042040 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC1ED4A53 +20220715042920 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC31D6CE7 +20220715043335 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC3B0A75B +20220715051034 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC8A470E7 +20220715051434 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBC92E3067 +20220715052452 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBCA8D11CB +20220715052700 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBCAD7588B +20220715053146 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBCB7CEC27 +20220715061333 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBD12F317B +20220715063310 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBD3D846E7 +20220715071637 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBD9B91D57 +20220715074108 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBDCFB3DEB +20220715074918 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBDE19622F +20220715080656 2 6 100 6143 5 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBE07CF9D7 +20220715083930 2 6 100 6143 2 E258E7BF12F3DDA792F3E7480A3563579067E7CB60FB18E010DAC18E1AD5671C1E0B1CED8BCF199C52405B70A169CCDAE2B112117B67D54C6F892B1822DC08FACB88D9C1E424709E41932AB799392DA34E0D560B03C459B2208DDB99ECA51883F8BADB33EF313D908ADB72802512653760C2AE00320555606FC09B797CFF13219A102668C5DCF4248DEEB9B7C779A2AE009842942DAE4032491A233698B8BEC159904F8AC25D1E90454A45F786C433C843224D755DE28AC1CAD4E9736C6D4180BA705B607842915F257BBC730C733882911A8A51738DF20BA48EF64240646041BA8C6F3FDEDE140EC3AA3EBD710F5E12A3F5C50C2784FA32CB6E24CDFC621602E67C80DEB8347146AF1983C201E2B4A868B2DD61D079D41AD874F63E22B42101130C646F0217A74192C47B8A732F69DDE9C05ED4E2B7E3CCA501D687F1FAED478D3910BF3689DB3865574926D16FD3DED6561FDD8BA46FDE6121312E798A0CA83993CEEFECC033CB73442A2C954E8BD1C752BAAD8D074F6F6829E515446A8BA834CF7D08B3170721C1388BD55BC802011B9863B91C9B4DB305D881A503B918428569418BC0B2ECC7FC3F9F34B8F66C5EA842B4AB441AFD29FFE658AFE94BE0E9FD2E9743778DC58CBD1DD8DC7220A9D04944B032C6FC0DFA46BEE2D47AA5DC569F0945F72E7751EC0DD7F218CED8AEF74AA9A8864147C3A89B5C6217888C86C51C83FB77FB91B2F7C6BC0D2624192F33FA8891D897593FD164F4822077B028627CB568412A4A2E9931C24BAF6F01A5A7A85EC446A0E67002F55367249F74087A7015D2580009DA08CA0789265B4EE073185A0892AEB1BEEDD00265AD397F87AB4ED831E3702A562627584AA7A195CF453F70D56CF201F73D6AC01E934A32432464337A6599C97F7B61F04E198AC75AA77BD9FAD027B1C82FBB1E78DC641859D3CA7C7EF28F1A612AE1F41B9B360C3A96367D0F3B4BBB9E0F5EDFDFDCD2731510DFB728BD4688B62988D79CE39513524935E2A43E68EB7210093111D92C3683A7FAD835D2B2C86A8C173AA67CCFD59934234D5EB190F8AB93E9C1E0DBE4E93003 +20220715092424 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5F92A52BAF +20220715100057 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5F9547AC47 +20220715100859 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5F95DC0013 +20220715102100 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5F96B85E23 +20220715132304 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FA3BD9C93 +20220715133936 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FA4ECF027 +20220715140222 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FA68BEE73 +20220715161822 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FB045A9D3 +20220715162253 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FB09339CB +20220715175344 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FB7156F2B +20220715182025 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FB90A53D7 +20220715190627 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FBC5E2767 +20220715191213 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FBCCA724F +20220715193806 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FBEA4C29B +20220715204457 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FC370204F +20220715212313 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FC63E9CA7 +20220715225401 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FCCC8EC9F +20220715230508 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FCD93025B +20220716003950 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FD4674843 +20220716005647 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FD59BD53B +20220716005928 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FD5CCEB93 +20220716010051 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FD5E69E93 +20220716020432 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FDA8D1BCB +20220716023453 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FDCC2AC1B +20220716034034 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FE18492D7 +20220716040249 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FE31D1047 +20220716044634 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FE64EDBE3 +20220716051650 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FE87F8BEB +20220716052859 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FE963564B +20220716055849 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FEB816243 +20220716063757 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FEE5510C7 +20220716071444 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF0F7F9DB +20220716071604 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF10F3AFB +20220716073329 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF251281F +20220716074224 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF2F3BB2B +20220716074605 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF338BF7B +20220716075807 2 6 100 7679 5 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF4157C77 +20220716082904 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF657E773 +20220716083710 2 6 100 7679 2 D29885507D691EF92591A09643ED996F7CBCB7BC2C100AB3FEF5257A5931CC62D6E976C8702F99622C00702F7A97A8DF2C58E6CE1B087955544A6F08E64CC55AE62AB2F2ACA5CCAAC3FB093CC1D0CD964316B4E10C149B72EF468C7D57DC47980B0B4682B79EA3DB224C5E13BA7B8B0CD8C26BD8E884F0A96B77ED42A749A4556C14B417241BFD807B6B985F8474D53AB3002E46E860DA6AF2FC4387C33540FE64DBA835028710E1A8EB05307283DFA15CB67282334BFFF511D4B6284C18620B0F64A87E026EE576D0C201314CB24FE513DDA9AC0747065B315BAEB2D7AC801CE819708A224840C3C2C23F34DAEF1BED28091CB489EBC99E7B89A285ADC47D3DE4DDB71A5EE4184A642FF8E3E1E67536F7534C67D2A196319B597D7A7A4B2B7D852613818A51FF6CE7D1DF0161AD5F06FFD764F0026354A1CB946F03E37C14F7DD98A9F59A7493F2869AAE39AF064F81DEBF3C94A082CCDA26F5C03367BDA1D1975B5E08CD7E91F02D3537EABB4D98B36D7DAD24C7CB36C850148CD911BA89585653F5B582A23C459A78515E3FC5851B08F8EC2E68736BD7488DC5C73FE40A61DC7F4581C95E20E70E7ECB010365B89CD233A8175A4CE862770D5126AB0E606CD8030490E3B1B05EB3F094B8246259D9A9A84434D02A173F37A9FB883844BFBEE307790649463C4EDE0F1F68D9B61C50004E5F38913D160D5AD214A2C1D85E985A288316951FE89FB77890C1BC16B2DE9920803C9BD746373B0D1F42F829083BC4725EA573509AB8F9DAF3BC3309B4B4A29A8A37023A53B7B73B5DD172809329DC7A966953C30A6A0824EEE510657CEC1F93A9C3CD21D58E8B04B4C877AB6D13D575D206D90ED601E9BB8244944A941CFD382806CF5774E6A61502A63AEB74769B80D65D155FC1F5AD9177C81326DC157750D3B8BB75CF52CD21382BE99983F5AD520351166A4B83A7F2BD8D2EFB143492246F2BAF9247839FDCB947E1EB162E2FB8CD4248DEFCD728929684C6F0DF72F25837EC2A7E23064B9FC38590988B79A5FC925B6E7564167CEE374D24FEB1CF59AD5FF37A65BCBAAE9961DFC805E49EDB3DF6001C2EBBC868E9B4A46AB2BF6D9F060D85E965DB7C5D9E5F4DE5677C1A127A26FFE12C57FCA2ED7A950C89B1CAD3C4E5E279C6D197DAC5300051BDF4A05C2FC76E57F3A7362F145C651AFC9AEBB962A3D7D1FAD0DBFAC833B968DE988A4FC799CE55479D89E5F64A2DBE6102926E49661A000A0B0BD49DE7826EEFC0638DE10DB3E68591FFEDA521BE4A6C5447406B293866292CFAB1CE3E68AED693F1D3EB9EE521962ECA88D7D2629FD9DA3E324C131AFB78B5C41831FF5FF6EF1FA3 +20220716120340 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9C6CA376F +20220716142712 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D11411D7 +20220716145403 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D307585F +20220716150439 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D3C1E427 +20220716152458 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D530FD67 +20220716154334 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D680C84B +20220716161140 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D885D85B +20220716162236 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9D954CF4F +20220716171055 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9DCC6C8EF +20220716174339 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9DF237BE3 +20220716174802 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9DF73C52B +20220716175227 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9DFC26653 +20220716181229 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9E131151F +20220716182155 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9E1D9F2CB +20220716194638 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9E7EE6D9F +20220716195641 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9E8A6F4EF +20220716204017 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9EBD085BF +20220716212803 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9EF3B06BB +20220716213736 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9EFE990EB +20220716213807 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9EFF487B3 +20220716213938 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9F0105893 +20220716221754 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9F2D67283 +20220716223623 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9F4287F5F +20220716225952 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9F5D27563 +20220716233959 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5F9F8B474DF +20220717013433 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA00EBDEF3 +20220717053018 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA11D62647 +20220717084749 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA200FD4E7 +20220717092719 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA22EFF85F +20220717101211 2 6 100 7679 5 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA26140AA7 +20220717123906 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA3081C463 +20220717124254 2 6 100 7679 2 EA4C603AE36BD71059D57FCCBE1B8044C230D76993BB57E1277B27A6C4A4B08347D6279C073FCF3AAD938D631C2E6E154467895D8B122C872ED09D0C78541A55F8830207EFC2CA1556E6D9E0E78B0312C663061F6B0692FBB22CA020B4CC24E01DA76F8DC12D2BB87459FC747E3ECE875C8AD2879CD41BD91192BDEB4F30701EB53DD437163646BB8CEDCF66068617495CA9D1611A5C9E4D531A3B575745036E3A3D933984464EB3D86C30ABB3219805BA78FDA311A8F734BCCC83463CDC569AFFB0ECED647616BB7BC3C9865E79E2C4E711F2EB4A2DA078AFF66C15BEAEE0B581037715C505BFB0FE9A9FA47121981F8528DFD137FA66D33083E6F4B74BF2C4AAF0754D0E704803F0F16DF0A9FE41E0C237FFB72BCF0E458F009A77A3E096FD6BDB4799B70C9CE864A108B66D34B56DC9F390CAEBFFC15DAD572F8E57D7CAC68ECE12652303221AF1CC9AD239473CA7E14A1B7B9A6EBF827813340F6D1C97032A7A1FEF147A202A274B0C17F9DCA25214180FA619E3201C174D4B0DDA30D4A1F3EF179126EF859526C539E075EB6E91E2E30AC104FBC69D940D5A70225BBDE026CBBF357DC7543BF3F83A7525AB8F96FDEC0464CD4EB3B106984BD1C4F27BF166079C66790F1CA1AFB56A3B780F6927143E9F85687A2A99F77C46806D8E1C190147CF42E2D1D9A70F964A5CC63D813511685F6BEE77E20CD38D58334EFE7EC2F068A26426001A83758DC82E9B0300CC2FAA0999616147B6B2BF93CBE227D8586CF54FCED628C1AD540844FB6E57CC378881FC90FC3989536CA13F097EAD6F0B45356C6A9DA87873793E68AA272D5253CA239515318649B54DEB926AF82E3D9DE7DBBA0962ED73A8233577E7073A303EDFFFA7E94D596CCECA2BC8BA08A5DBE249F45232C3675FBD21A32E9B489C7804E2C406C7B4B071976E8064A91C5E53A5316CBA74A5398A625B8BAAAFA34A225E54AC174ACEEA6135EFDB59FF42774E3E30B1C8D4CDC20F8803AF0743A8CD0343C8A6065D94C0EB262BD8CB2556D1C9639E52087DDF83698A6040619246D3DAD1CCC8F5373E06FA90AFAC990E64E91EF4C0315AF1F1114B61FC7E8198BA27E7519D81842534D19E4EDF1F356D150F389F1F3D4942A68F08A404E551A4387D1D81ACFC1BD8721B228371DF7FFD9153C3E3EE705E950C2BE384CEB19E47F04C7631F67D7AFF302BD1901648855D8E585605823A95AE079C3C278DF3C5FBB5F40D35473544A37DFA2F3A1EA09908340706E655AAB5DC8C54637738A77DAF6777221463D125A2D9DDE153A0BC99A92A4FFEECCB766F012AC74909A66DD6828F23C6B3C45A2AEEE593DECA2A6FA5FA30C8F0E3 +20220717143701 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912221EF5FC3 +20220717153012 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122251C88EB +20220717154944 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91222646A2EB +20220717155622 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912226A76CDB +20220717183729 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122303F69EB +20220717205515 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122387E1CD3 +20220717211522 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912239B0E0C3 +20220717215431 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91223C0BF2F3 +20220717230904 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122407F3053 +20220718023518 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91224CC83943 +20220718024030 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91224D17A47F +20220718025313 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91224DDA8E53 +20220718030104 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91224E4FCCC3 +20220718035055 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122514E0C5B +20220718042416 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91225341AD73 +20220718044525 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91225482241B +20220718061152 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91225999F347 +20220718061417 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912259BDFF6B +20220718064948 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91225BD2B193 +20220718080208 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122602EE1DB +20220718090911 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912264269067 +20220718102418 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912268ABA127 +20220718112555 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91226C611AC7 +20220718120905 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91226EEF51AB +20220718123459 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91227079AAF3 +20220718132216 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122734DC097 +20220718151026 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912279BA57CF +20220718151038 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A912279BC79AB +20220718153329 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91227B1AC9E3 +20220718153657 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91227B5347F3 +20220718164629 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91227F6F51E7 +20220718183946 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122863E85E3 +20220718195516 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91228ACE2663 +20220718212930 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A9122906E4B83 +20220719004619 2 6 100 8191 2 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91229C28A03B +20220719005356 2 6 100 8191 5 F2F7A2BAF50A41FBCCDE554E561409993B1C6E4133229CAC67C79DE5FEC1F9FBEBECCCE838368FBFA93F774AD02E99F65F8B3F56B3047638FE35167D048A951E3A317CED92846B94A639A0B3D5F098B35BDA8C139A8EB185EC3F843A6778FAB4EEC4DD1B20F071BC9E5075F7AEF1531CC8FB12E64D48A478BBC398D69E12066975EC2A96BCC6D155FB0BDA03C4D4E817DCCF320E8F34447A94C64E28B8F84D07C08BDDA1215CC370EF5EB970A75ED4F8ADB47F36B134A3430DAA59FEF55CD4B9786F693B09BC9C3E6F1F745BABBC6F5892BC4E416BDA02BD59DD7C763179B2897CBCAF284E0A2DE08E4E32BB1F66169D83FA0206C7962184A15527C7CA8EF04AF87921933A2B9C614145AFEC715C833924B8C863E7E20A07AA21A72C450BBC446B9B51407D90261CDE342C5D585A0482DB8FFC95B72992ED5D8085B8A3A8335A1423F7715AB83DB4D88BB599B272B8F80BE3C03B0A3C4F7C2F2486984FE13CA8E4510EA33B45BD782D415AEE1C22885D10BB5D16521E8907054ADE2FA85D8284B89849B05696AC17AD99279CB7675E8261EDFD7CF38B0E714E4C126D13363422B9D1097C590DD4DE80A1CF7872B2D8F6951877EEB91DC4C24F47C9949676565244DB3B923EE368EE43720DC186E96B0B6E0908D967CC5D5C055659978668FCCE03F8D1F087A9EF12446BA87FF4345D757F477C1A838B5EF0A9F45C712A8147A71EA88FBDA3B9A7D1BB5A477A4C224F5F067271E13CBCA9AFBC444FA340B55987BA1D2263107F495BAD2001B296C5E9F700A7C9C3C966E507428A8F9D0A55E240F4E30F3E4E6159E464311FFA3DFC418DD8B5F28640E6CA09D8A76207F978038A3E8A14C66A3237F0E099E16965B72573CE9B895622FF7606EE54E51D0D0F470280EDC42C6F6E0E298ACC1F7DCDFE3B1299BE5774C8584C11EDB9A89A7FF3E899CD4A74816EFB2223D520CEEBD82D09F4CE741BBC0E0B0C597C14AE6C29255C8C8A5E89353FC1A7BDBD5E329D4D850DAF65851D23931426FEBBE80217562727A9088697C7EED3153BD9475FB85A4A443A71680C7032ADDD3A03F4B6CEB8FDD75DA0CA9332C6E5CE2AFAE921F98B37FE8A64EBB1AF3F29D1D1DE8F2328F3C8B2D6BB8ABF00DE82CCDAA0156061616163E1AF9B65AB54D07A0D927DA73C9304C214AE7AF00BC57B759DFDD12CC6947423BBFCF51949E19F6C1CD6FB208FF43C8CCC89D132B0EB4A6C66C1F3EBDDAAA553BB328AB0F89C9D0B28A1DBE5D8302A1333120D3BEEF97F0AD01439C4491EE560D05EB79E62D14328BE63C3D8D3B97973FEF44A23F1DCC674A32EC85E2A6837F2782623D09ED658324912498A4AB925BA55CE6AC89FA1C73ADAFC12AB808A25A49F1301EE991316CEE05D92290908DC9C5709CF9912570EB56DE350DB4604C401380B2F1FFC2869409B2C5A91229C9C1FCF +20220719014859 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF869C312A97 +20220719020529 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF869D2642A7 +20220719034913 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86A3588B53 +20220719044402 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86A69DB913 +20220719045215 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86A717D82B +20220719064925 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86AE08C58B +20220719074822 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86B18928B3 +20220719094802 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86B8C09B6B +20220719101343 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86BA4587CB +20220719105007 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86BC6960B7 +20220719115822 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86C07CBCB3 +20220719124950 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86C387963B +20220719151704 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86CC63DE8F +20220719153327 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86CD62A8BF +20220719161053 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86CF9B2757 +20220719173122 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86D470273B +20220719182307 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86D77C4343 +20220719193427 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86DBAD7B57 +20220719202131 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86DE7D76A7 +20220719211624 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86E1C9623F +20220719211743 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86E1DE6F77 +20220719222342 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86E5D38CDF +20220720003008 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86ED5B9A6F +20220720003329 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86ED8EE32F +20220720034214 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86F8B88CAB +20220720041812 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86FADD0EF3 +20220720042023 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86FAFF7543 +20220720044537 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86FC7D0CB7 +20220720045239 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF86FCE7D05B +20220720055829 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF8700DC7CB3 +20220720061526 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF8701E01D2F +20220720071915 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF8705ABB603 +20220720080553 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF870876A9CF +20220720093358 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF870DC82DC7 +20220720094947 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF870EBB9097 +20220720110223 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF871329D297 +20220720112240 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF871467194B +20220720121337 2 6 100 8191 5 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF87176DFD6F +20220720124230 2 6 100 8191 2 C5A088686E2057FDD426A4329908C72093AFD4A412B73B7C03574CCFAA7EBA44BF6CF5AD03B49A0AEF8A18CCAF15B0D7B12DEE66078C6A3CCE94DCA05193912A668B6E247962F8CC51046DC6DAF5AE92C169A8F00D116524762DAA1E9FF3F3270F2831FA8C94010DAD76A0032523EB9A610EBBA3BF3EFE82471449768C5B844277FC90486CBC00B6C0EA93DE6067DF863B5F1E5D5BD9781DEB1C5A111AEF62BD8016C4210CB6CA14C45559266711960B7F7FEF20E96391F59D019973FB9EFEE8C198D70EC2080C69EBCCEFA9CE2D93081A47E916F667AFFE28642A8E36133D03A3058D9E65DC0C13959DDC40CFF31B53768D41369CF05EDA59CAA0643949A1ED78B8D2F748A93F3DCE01A22AB1F23EC4E63F7A97D7863907A401633B92A073F62B56FD341B9E2B1497FB139FC2FEBD1F5EEE3A001D9DE86C6F8EBA8DDC0C0504A7A46409D036BB9534BC293BB4D9E77A9A2D0296528266EB6BD8071695F854C4E35912B78E10B2D9574D9F238E7649F998CCA0F2639068B0895E71F79E84BF631367A9221DA5F0C12191EA1CC93CA0D863269E7D25F65D29BC9D70F30B287849533A99D5DA2B8D1337DFA905E46A8673F45028192B297D52CF62C5137E4F7D824EB166CB37FBC393EF1FCC235DCC5D7A224B3A2CF975ADAEA330413E7B6DE83EF6181CBA7AF33575369AD7FBFAD0A6B7211BC3BD8EC3648AB6421D2A9142E95AA6827ACA734A605B88585BF5B30EEC75823DCA57EF524421EFC354CA2EE5D9123B1883FBDC41A0DB3558536B410089013F051EE93C3ADD61500F1A3A37CB403F5378AC3AC40D0022617442EDDCA56B012C17A0A50F33B3C6A2F8BE955F22800C4DA6D65ADB413E87ADE5351FD20BE2BF281ABF8CC8BB78A6723D2B9CDE699BCCD47FB7EBEC2F2EA46B6060EAC9101A4448D2CC4D0C6EA9A1A78CE6528C39CF879B75EDB0F0F84602A1EC66250F1BEA8BB250BE675BF6EFDBEDEB1B97699A8F248B68506BBD4F968CAB83FC8C3AEED661AD3682A6B38ADCF7FE0C7A257C4BD376A56207EA4E0F89DA41460BAA707C74A6670C5953ECCAF324A79DA05116A0493B16BDE9D12DE376ED0DA9A7B9780BD3096633EF40D52D03C5ECCB24630046AF5270657416BD7B2F45EEA86C3019E91A946132621E6E96BCA9C42609390EEBA2D1CD06C47DB2A2FDEFF2788505AD177A07AE04A6549909FBA711F714B1F76054668E119FA19B4830819C5108EB186F95AD1ECA0D91AA79337EBABA0AA0F84487227E6951F537BA293556D43E16DD77DE63FD9702EA9E6FDAA775B4C96A16D8DD35852A9079ACB398792F6E89D56595B3E9340BA56525F270E2E976FB376E77F02CD8231988125030610AE2FCFA69A8FAD3D98122D0E8CEF28E5AA696EE497C0B8C8299B77480095577B78251DB69997A17F148EEC4E89A323BF747EF871929A88B diff --git a/gsi_openssh/source/moduli.5 b/gsi_openssh/source/moduli.5 index ef0de08506..5086a6d42a 100644 --- a/gsi_openssh/source/moduli.5 +++ b/gsi_openssh/source/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ +.\" $OpenBSD: moduli.5,v 1.19 2022/04/16 04:30:10 dtucker Exp $ .\" .\" Copyright (c) 2008 Damien Miller .\" @@ -13,7 +13,7 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: September 26 2012 $ +.Dd $Mdocdate: April 16 2022 $ .Dt MODULI 5 .Os .Sh NAME @@ -32,12 +32,12 @@ using a two-step process. An initial .Em candidate generation pass, using -.Ic ssh-keygen -G , +.Ic ssh-keygen -M generate , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T , +.Ic ssh-keygen -M screen , provides a high degree of assurance that the numbers are prime and are safe for use in Diffie-Hellman operations by .Xr sshd 8 . @@ -123,5 +123,4 @@ that best meets the size requirement. .%D March 2006 .%R RFC 4419 .%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol -.%D 2006 .Re diff --git a/gsi_openssh/source/moduli.c b/gsi_openssh/source/moduli.c index 98a6385110..481ca2aa8f 100644 --- a/gsi_openssh/source/moduli.c +++ b/gsi_openssh/source/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.37 2019/11/15 06:00:20 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.39 2023/03/02 06:41:56 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -184,20 +184,20 @@ qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries, ** Sieve p's and q's with small factors */ static void -sieve_large(u_int32_t s) +sieve_large(u_int32_t s32) { - u_int32_t r, u; + u_int64_t r, u, s = s32; - debug3("sieve_large %u", s); + debug3("sieve_large %u", s32); largetries++; /* r = largebase mod s */ - r = BN_mod_word(largebase, s); + r = BN_mod_word(largebase, s32); if (r == 0) u = 0; /* s divides into largebase exactly */ else u = s - r; /* largebase+u is first entry divisible by s */ - if (u < largebits * 2) { + if (u < largebits * 2ULL) { /* * The sieve omits p's and q's divisible by 2, so ensure that * largebase+u is odd. Then, step through the sieve in @@ -218,7 +218,7 @@ sieve_large(u_int32_t s) else u = s - r; /* p+u is first entry divisible by s */ - if (u < largebits * 4) { + if (u < largebits * 4ULL) { /* * The sieve omits p's divisible by 4, so ensure that * largebase+u is not. Then, step through the sieve in @@ -452,7 +452,7 @@ write_checkpoint(char *cpfile, u_int32_t lineno) { FILE *fp; char tmp[PATH_MAX]; - int r; + int r, writeok, closeok; r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); if (r < 0 || r >= PATH_MAX) { @@ -469,14 +469,16 @@ write_checkpoint(char *cpfile, u_int32_t lineno) close(r); return; } - if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 - && rename(tmp, cpfile) == 0) + writeok = (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0); + closeok = (fclose(fp) == 0); + if (writeok && closeok && rename(tmp, cpfile) == 0) { debug3("wrote checkpoint line %lu to '%s'", (unsigned long)lineno, cpfile); - else + } else { logit("failed to write to checkpoint file '%s': %s", cpfile, strerror(errno)); - /* coverity[leaked_storage : FALSE] */ + (void)unlink(tmp); + } } static unsigned long diff --git a/gsi_openssh/source/monitor.c b/gsi_openssh/source/monitor.c index 94fb8b2284..45d14da8d3 100644 --- a/gsi_openssh/source/monitor.c +++ b/gsi_openssh/source/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.232 2022/02/25 02:09:27 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.235 2023/02/17 04:22:50 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -672,11 +672,12 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) struct sshkey *key; struct sshbuf *sigbuf = NULL; u_char *p = NULL, *signature = NULL; - char *alg = NULL; + char *alg = NULL, *effective_alg; size_t datlen, siglen, alglen; int r, is_proof = 0; u_int keyid, compat; const char proof_req[] = "hostkeys-prove-00@openssh.com"; + const char safe_rsa[] = "rsa-sha2-256"; debug3_f("entering"); @@ -731,18 +732,30 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) } if ((key = get_hostkey_by_index(keyid)) != NULL) { - if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, + if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0 + && (sshkey_type_plain(key->type) == KEY_RSA)) { + effective_alg = safe_rsa; + } else { + effective_alg = alg; + } + if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, effective_alg, options.sk_provider, NULL, compat)) != 0) fatal_fr(r, "sign"); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && auth_sock > 0) { + if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0 + && (sshkey_type_plain(key->type) == KEY_RSA)) { + effective_alg = safe_rsa; + } else { + effective_alg = alg; + } if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, - p, datlen, alg, compat)) != 0) + p, datlen, effective_alg, compat)) != 0) fatal_fr(r, "agent sign"); } else fatal_f("no hostkey from index %d", keyid); - debug3_f("%s %s signature len=%zu", alg, + debug3_f("%s (effective: %s) %s signature len=%zu", alg, effective_alg, is_proof ? "hostkey proof" : "KEX", siglen); sshbuf_reset(m); @@ -1186,6 +1199,10 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m) sshpam_authok = NULL; if ((r = sshbuf_get_u32(m, &num)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (num > PAM_MAX_NUM_MSG) { + fatal_f("Too many PAM messages, got %u, expected <= %u", + num, (unsigned)PAM_MAX_NUM_MSG); + } if (num > 0) { resp = xcalloc(num, sizeof(char *)); for (i = 0; i < num; ++i) { @@ -1250,11 +1267,6 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) fatal_fr(r, "parse"); if (key != NULL && authctxt->valid) { - /* These should not make it past the privsep child */ - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) - fatal_f("passed a SSH_BUG_RSASIGMD5 key"); - switch (type) { case MM_USERKEY: auth_method = "publickey"; diff --git a/gsi_openssh/source/monitor_wrap.c b/gsi_openssh/source/monitor_wrap.c index 2950338d15..7a2c458a52 100644 --- a/gsi_openssh/source/monitor_wrap.c +++ b/gsi_openssh/source/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.123 2021/04/15 16:24:31 markus Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.126 2023/01/06 02:47:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -339,6 +339,7 @@ mm_getpwnamallow(struct ssh *ssh, const char *username) for (i = 0; i < options.num_log_verbose; i++) log_verbose_add(options.log_verbose[i]); process_permitopen(ssh, &options); + process_channel_timeouts(ssh, &options); free(newopts); sshbuf_free(m); diff --git a/gsi_openssh/source/monitor_wrap.h b/gsi_openssh/source/monitor_wrap.h index aea2f3db1d..3041fbeda5 100644 --- a/gsi_openssh/source/monitor_wrap.h +++ b/gsi_openssh/source/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.47 2021/04/15 16:24:31 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.49 2022/06/15 16:08:25 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -57,7 +57,7 @@ char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, int, struct sshauthopt **); -int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, +int mm_user_key_allowed(struct ssh *ssh, struct passwd *, struct sshkey *, int, struct sshauthopt **); int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *, const char *, struct sshkey *); diff --git a/gsi_openssh/source/mux.c b/gsi_openssh/source/mux.c index 176f035c86..b3ffde9fe1 100644 --- a/gsi_openssh/source/mux.c +++ b/gsi_openssh/source/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.92 2022/01/11 01:26:47 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -186,9 +186,8 @@ static const struct { }; /* Cleanup callback fired on closure of mux client _session_ channel */ -/* ARGSUSED */ static void -mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused) +mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) { Channel *cc, *c = channel_by_id(ssh, cid); @@ -208,9 +207,8 @@ mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused) } /* Cleanup callback fired on closure of mux client _control_ channel */ -/* ARGSUSED */ static void -mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused) +mux_master_control_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) { Channel *sc, *c = channel_by_id(ssh, cid); @@ -240,9 +238,10 @@ mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused) /* Check mux client environment variables before passing them to mux master. */ static int -env_permitted(char *env) +env_permitted(const char *env) { - int i, ret; + u_int i; + int ret; char name[1024], *cp; if ((cp = strchr(env, '=')) == NULL || cp == env) @@ -1865,9 +1864,9 @@ mux_client_request_session(int fd) struct sshbuf *m; char *e; const char *term = NULL; - u_int echar, rid, sid, esid, exitval, type, exitval_seen; + u_int i, echar, rid, sid, esid, exitval, type, exitval_seen; extern char **environ; - int r, i, rawmode; + int r, rawmode; debug3_f("entering"); diff --git a/gsi_openssh/source/openbsd-compat/Makefile.in b/gsi_openssh/source/openbsd-compat/Makefile.in index 10d1575d98..78e6fa5b12 100644 --- a/gsi_openssh/source/openbsd-compat/Makefile.in +++ b/gsi_openssh/source/openbsd-compat/Makefile.in @@ -17,10 +17,11 @@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@ -OPENBSD=base64.o \ +OPENBSD=arc4random.o \ + arc4random_uniform.o \ + base64.o \ basename.o \ bcrypt_pbkdf.o \ - bcrypt_pbkdf.o \ bindresvport.o \ blowfish.o \ daemon.o \ @@ -65,12 +66,12 @@ OPENBSD=base64.o \ timingsafe_bcmp.o \ vis.o -COMPAT= arc4random.o \ - bsd-asprintf.o \ +COMPAT= bsd-asprintf.o \ bsd-closefrom.o \ bsd-cygwin_util.o \ bsd-err.o \ bsd-flock.o \ + bsd-getentropy.o \ bsd-getline.o \ bsd-getpagesize.o \ bsd-getpeereid.o \ @@ -84,6 +85,7 @@ COMPAT= arc4random.o \ bsd-signal.o \ bsd-snprintf.o \ bsd-statvfs.o \ + bsd-timegm.o \ bsd-waitpid.o \ fake-rfc2553.o \ getrrsetbyname-ldns.o \ diff --git a/gsi_openssh/source/openbsd-compat/arc4random.c b/gsi_openssh/source/openbsd-compat/arc4random.c index ce5f054f1e..ffd33734db 100644 --- a/gsi_openssh/source/openbsd-compat/arc4random.c +++ b/gsi_openssh/source/openbsd-compat/arc4random.c @@ -1,11 +1,10 @@ -/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ - -/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres * Copyright (c) 2008, Damien Miller * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -24,53 +23,72 @@ * ChaCha based random number generator for OpenBSD. */ +/* OPENBSD ORIGINAL: lib/libc/crypt/arc4random.c */ + #include "includes.h" #include #include +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif #include #include #include - -#ifdef HAVE_SYS_RANDOM_H -# include -#endif +#include +#include #ifndef HAVE_ARC4RANDOM -#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) - -#ifdef WITH_OPENSSL -#include -#include +/* + * Always use the getentropy implementation from bsd-getentropy.c, which + * will call a native getentropy if available then fall back as required. + * We use a different name so that OpenSSL cannot call the wrong getentropy. + */ +int _ssh_compat_getentropy(void *, size_t); +#ifdef getentropy +# undef getentropy #endif +#define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) #include "log.h" #define KEYSTREAM_ONLY #include "chacha_private.h" -#ifdef __GNUC__ +#define minimum(a, b) ((a) < (b) ? (a) : (b)) + +#if defined(__GNUC__) || defined(_MSC_VER) #define inline __inline -#else /* !__GNUC__ */ +#else /* __GNUC__ || _MSC_VER */ #define inline -#endif /* !__GNUC__ */ - -/* OpenSSH isn't multithreaded */ -#define _ARC4_LOCK() -#define _ARC4_UNLOCK() +#endif /* !__GNUC__ && !_MSC_VER */ #define KEYSZ 32 #define IVSZ 8 #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) -static int rs_initialized; -static pid_t rs_stir_pid; -static chacha_ctx rs; /* chacha context for random keystream */ -static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -static size_t rs_have; /* valid bytes at end of rs_buf */ -static size_t rs_count; /* bytes till reseed */ + +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + +/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ +static struct _rs { + size_t rs_have; /* valid bytes at end of rs_buf */ + size_t rs_count; /* bytes till reseed */ +} *rs; + +/* Maybe be preserved in fork children, if _rs_allocate() decides. */ +static struct _rsx { + chacha_ctx rs_chacha; /* chacha context for random keystream */ + u_char rs_buf[RSBUFSZ]; /* keystream blocks */ +} *rsx; + +static inline int _rs_allocate(struct _rs **, struct _rsx **); +static inline void _rs_forkdetect(void); +#include "arc4random.h" static inline void _rs_rekey(u_char *dat, size_t datlen); @@ -79,180 +97,128 @@ _rs_init(u_char *buf, size_t n) { if (n < KEYSZ + IVSZ) return; - chacha_keysetup(&rs, buf, KEYSZ * 8); - chacha_ivsetup(&rs, buf + KEYSZ); -} -#ifndef WITH_OPENSSL -# ifndef SSH_RANDOM_DEV -# define SSH_RANDOM_DEV "/dev/urandom" -# endif /* SSH_RANDOM_DEV */ -static void -getrnd(u_char *s, size_t len) -{ - int fd, save_errno; - ssize_t r; - size_t o = 0; - -#ifdef HAVE_GETRANDOM - if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) - return; -#endif /* HAVE_GETRANDOM */ - - if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { - save_errno = errno; - /* Try egd/prngd before giving up. */ - if (seed_from_prngd(s, len) == 0) - return; - fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, - strerror(save_errno)); + if (rs == NULL) { + if (_rs_allocate(&rs, &rsx) == -1) + _exit(1); } - while (o < len) { - r = read(fd, s + o, len - o); - if (r < 0) { - if (errno == EAGAIN || errno == EINTR || - errno == EWOULDBLOCK) - continue; - fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); - } - o += r; - } - close(fd); + + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); + chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } -#endif /* WITH_OPENSSL */ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; -#ifdef WITH_OPENSSL - if (RAND_bytes(rnd, sizeof(rnd)) <= 0) - fatal("Couldn't obtain random bytes (error 0x%lx)", - (unsigned long)ERR_get_error()); -#else - getrnd(rnd, sizeof(rnd)); -#endif + if (getentropy(rnd, sizeof rnd) == -1) + _getentropy_fail(); - if (!rs_initialized) { - rs_initialized = 1; + if (!rs) _rs_init(rnd, sizeof(rnd)); - } else + else _rs_rekey(rnd, sizeof(rnd)); - explicit_bzero(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ /* invalidate rs_buf */ - rs_have = 0; - memset(rs_buf, 0, RSBUFSZ); + rs->rs_have = 0; + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void _rs_stir_if_needed(size_t len) { - pid_t pid = getpid(); - - if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { - rs_stir_pid = pid; + _rs_forkdetect(); + if (!rs || rs->rs_count <= len) _rs_stir(); - } else - rs_count -= len; + if (rs->rs_count <= len) + rs->rs_count = 0; + else + rs->rs_count -= len; } static inline void _rs_rekey(u_char *dat, size_t datlen) { #ifndef KEYSTREAM_ONLY - memset(rs_buf, 0,RSBUFSZ); + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); #endif /* fill rs_buf with the keystream */ - chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); + chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, + rsx->rs_buf, sizeof(rsx->rs_buf)); /* mix in optional user provided data */ if (dat) { size_t i, m; - m = MINIMUM(datlen, KEYSZ + IVSZ); + m = minimum(datlen, KEYSZ + IVSZ); for (i = 0; i < m; i++) - rs_buf[i] ^= dat[i]; + rsx->rs_buf[i] ^= dat[i]; } /* immediately reinit for backtracking resistance */ - _rs_init(rs_buf, KEYSZ + IVSZ); - memset(rs_buf, 0, KEYSZ + IVSZ); - rs_have = RSBUFSZ - KEYSZ - IVSZ; + _rs_init(rsx->rs_buf, KEYSZ + IVSZ); + memset(rsx->rs_buf, 0, KEYSZ + IVSZ); + rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; } static inline void _rs_random_buf(void *_buf, size_t n) { u_char *buf = (u_char *)_buf; + u_char *keystream; size_t m; _rs_stir_if_needed(n); while (n > 0) { - if (rs_have > 0) { - m = MINIMUM(n, rs_have); - memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); - memset(rs_buf + RSBUFSZ - rs_have, 0, m); + if (rs->rs_have > 0) { + m = minimum(n, rs->rs_have); + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) + - rs->rs_have; + memcpy(buf, keystream, m); + memset(keystream, 0, m); buf += m; n -= m; - rs_have -= m; + rs->rs_have -= m; } - if (rs_have == 0) + if (rs->rs_have == 0) _rs_rekey(NULL, 0); } } static inline void -_rs_random_u32(u_int32_t *val) +_rs_random_u32(uint32_t *val) { + u_char *keystream; + _rs_stir_if_needed(sizeof(*val)); - if (rs_have < sizeof(*val)) + if (rs->rs_have < sizeof(*val)) _rs_rekey(NULL, 0); - memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); - memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); - rs_have -= sizeof(*val); - return; + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have; + memcpy(val, keystream, sizeof(*val)); + memset(keystream, 0, sizeof(*val)); + rs->rs_have -= sizeof(*val); } -void -arc4random_stir(void) -{ - _ARC4_LOCK(); - _rs_stir(); - _ARC4_UNLOCK(); -} - -void -arc4random_addrandom(u_char *dat, int datlen) -{ - int m; - - _ARC4_LOCK(); - if (!rs_initialized) - _rs_stir(); - while (datlen > 0) { - m = MINIMUM(datlen, KEYSZ + IVSZ); - _rs_rekey(dat, m); - dat += m; - datlen -= m; - } - _ARC4_UNLOCK(); -} - -u_int32_t +uint32_t arc4random(void) { - u_int32_t val; + uint32_t val; _ARC4_LOCK(); _rs_random_u32(&val); _ARC4_UNLOCK(); return val; } +DEF_WEAK(arc4random); /* - * If we are providing arc4random, then we can provide a more efficient + * If we are providing arc4random, then we can provide a more efficient * arc4random_buf(). */ # ifndef HAVE_ARC4RANDOM_BUF @@ -263,6 +229,7 @@ arc4random_buf(void *buf, size_t n) _rs_random_buf(buf, n); _ARC4_UNLOCK(); } +DEF_WEAK(arc4random_buf); # endif /* !HAVE_ARC4RANDOM_BUF */ #endif /* !HAVE_ARC4RANDOM */ @@ -285,62 +252,3 @@ arc4random_buf(void *_buf, size_t n) } #endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ -#ifndef HAVE_ARC4RANDOM_UNIFORM -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -u_int32_t -arc4random_uniform(u_int32_t upper_bound) -{ - u_int32_t r, min; - - if (upper_bound < 2) - return 0; - - /* 2**32 % x == (2**32 - x) % x */ - min = -upper_bound % upper_bound; - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -} -#endif /* !HAVE_ARC4RANDOM_UNIFORM */ - -#if 0 -/*-------- Test code for i386 --------*/ -#include -#include -int -main(int argc, char **argv) -{ - const int iter = 1000000; - int i; - pctrval v; - - v = rdtsc(); - for (i = 0; i < iter; i++) - arc4random(); - v = rdtsc() - v; - v /= iter; - - printf("%qd cycles\n", v); - exit(0); -} -#endif diff --git a/gsi_openssh/source/openbsd-compat/arc4random.h b/gsi_openssh/source/openbsd-compat/arc4random.h new file mode 100644 index 0000000000..5af3a4492a --- /dev/null +++ b/gsi_openssh/source/openbsd-compat/arc4random.h @@ -0,0 +1,89 @@ +/* $OpenBSD: arc4random_linux.h,v 1.12 2019/07/11 10:37:28 inoguchi Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. From LibreSSL with some adaptations. + */ + +#include + +#include + +/* OpenSSH isn't multithreaded */ +#define _ARC4_LOCK() +#define _ARC4_UNLOCK() +#define _ARC4_ATFORK(f) + +static inline void +_getentropy_fail(void) +{ + fatal("getentropy failed"); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ +#if defined(MAP_ANON) && defined(MAP_PRIVATE) + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } +#else + if ((*rsp = calloc(1, sizeof(**rsp))) == NULL) + return (-1); + if ((*rsxp = calloc(1, sizeof(**rsxp))) == NULL) { + free(*rsp); + *rsp = NULL; + return (-1); + } +#endif + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/gsi_openssh/source/openbsd-compat/arc4random_uniform.c b/gsi_openssh/source/openbsd-compat/arc4random_uniform.c new file mode 100644 index 0000000000..591f92d150 --- /dev/null +++ b/gsi_openssh/source/openbsd-compat/arc4random_uniform.c @@ -0,0 +1,64 @@ +/* $OpenBSD: arc4random_uniform.c,v 1.3 2019/01/20 02:59:07 bcook Exp $ */ + +/* + * Copyright (c) 2008, Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random_uniform.c */ + +#include "includes.h" + +#ifdef HAVE_STDINT_H +# include +#endif +#include + +#ifndef HAVE_ARC4RANDOM_UNIFORM +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +uint32_t +arc4random_uniform(uint32_t upper_bound) +{ + uint32_t r, min; + + if (upper_bound < 2) + return 0; + + /* 2**32 % x == (2**32 - x) % x */ + min = -upper_bound % upper_bound; + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} +#endif /* !HAVE_ARC4RANDOM_UNIFORM */ diff --git a/gsi_openssh/source/openbsd-compat/bsd-asprintf.c b/gsi_openssh/source/openbsd-compat/bsd-asprintf.c index 1092772717..511c817bb9 100644 --- a/gsi_openssh/source/openbsd-compat/bsd-asprintf.c +++ b/gsi_openssh/source/openbsd-compat/bsd-asprintf.c @@ -32,6 +32,7 @@ #include #include +#include #include #define INIT_SZ 128 diff --git a/gsi_openssh/source/openbsd-compat/bsd-getentropy.c b/gsi_openssh/source/openbsd-compat/bsd-getentropy.c new file mode 100644 index 0000000000..0231e066c5 --- /dev/null +++ b/gsi_openssh/source/openbsd-compat/bsd-getentropy.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifndef SSH_RANDOM_DEV +# define SSH_RANDOM_DEV "/dev/urandom" +#endif /* SSH_RANDOM_DEV */ + +#include +#ifdef HAVE_SYS_RANDOM_H +# include +#endif + +#include +#include +#include +#include +#ifdef WITH_OPENSSL +#include +#include +#endif + +#include "log.h" + +int +_ssh_compat_getentropy(void *s, size_t len) +{ +#ifdef WITH_OPENSSL + if (RAND_bytes(s, len) <= 0) + fatal("Couldn't obtain random bytes (error 0x%lx)", + (unsigned long)ERR_get_error()); +#else + int fd, save_errno; + ssize_t r; + size_t o = 0; + +#ifdef HAVE_GETENTROPY + if ((r = getentropy(s, len)) == 0) + return 0; +#endif /* HAVE_GETENTROPY */ +#ifdef HAVE_GETRANDOM + if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) + return 0; +#endif /* HAVE_GETRANDOM */ + + if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { + save_errno = errno; + /* Try egd/prngd before giving up. */ + if (seed_from_prngd(s, len) == 0) + return 0; + fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, + strerror(save_errno)); + } + while (o < len) { + r = read(fd, (u_char *)s + o, len - o); + if (r < 0) { + if (errno == EAGAIN || errno == EINTR || + errno == EWOULDBLOCK) + continue; + fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); + } + o += r; + } + close(fd); +#endif /* WITH_OPENSSL */ + return 0; +} diff --git a/gsi_openssh/source/openbsd-compat/bsd-misc.c b/gsi_openssh/source/openbsd-compat/bsd-misc.c index 3b00ef6d24..226a5915bd 100644 --- a/gsi_openssh/source/openbsd-compat/bsd-misc.c +++ b/gsi_openssh/source/openbsd-compat/bsd-misc.c @@ -446,3 +446,15 @@ localtime_r(const time_t *timep, struct tm *result) return result; } #endif + +#ifdef ASAN_OPTIONS +const char *__asan_default_options(void) { + return ASAN_OPTIONS; +} +#endif + +#ifdef MSAN_OPTIONS +const char *__msan_default_options(void) { + return MSAN_OPTIONS; +} +#endif diff --git a/gsi_openssh/source/openbsd-compat/bsd-poll.c b/gsi_openssh/source/openbsd-compat/bsd-poll.c index 9a9794f586..967f947b21 100644 --- a/gsi_openssh/source/openbsd-compat/bsd-poll.c +++ b/gsi_openssh/source/openbsd-compat/bsd-poll.c @@ -47,9 +47,8 @@ ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *tmoutp, const sigset_t *sigmask) { nfds_t i; - int saved_errno, ret, fd, maxfd = 0; - fd_set *readfds = NULL, *writefds = NULL, *exceptfds = NULL; - size_t nmemb; + int ret, fd, maxfd = 0; + fd_set readfds, writefds, exceptfds; for (i = 0; i < nfds; i++) { fd = fds[i].fd; @@ -60,30 +59,23 @@ ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *tmoutp, maxfd = MAX(maxfd, fd); } - nmemb = howmany(maxfd + 1 , NFDBITS); - if ((readfds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (writefds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (exceptfds = calloc(nmemb, sizeof(fd_mask))) == NULL) { - saved_errno = ENOMEM; - ret = -1; - goto out; - } - /* populate event bit vectors for the events we're interested in */ + FD_ZERO(&readfds); + FD_ZERO(&writefds); + FD_ZERO(&exceptfds); for (i = 0; i < nfds; i++) { fd = fds[i].fd; if (fd == -1) continue; if (fds[i].events & POLLIN) - FD_SET(fd, readfds); + FD_SET(fd, &readfds); if (fds[i].events & POLLOUT) - FD_SET(fd, writefds); + FD_SET(fd, &writefds); if (fds[i].events & POLLPRI) - FD_SET(fd, exceptfds); + FD_SET(fd, &exceptfds); } - ret = pselect(maxfd + 1, readfds, writefds, exceptfds, tmoutp, sigmask); - saved_errno = errno; + ret = pselect(maxfd + 1, &readfds, &writefds, &exceptfds, tmoutp, sigmask); /* scan through select results and set poll() flags */ for (i = 0; i < nfds; i++) { @@ -91,20 +83,14 @@ ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *tmoutp, fds[i].revents = 0; if (fd == -1) continue; - if ((fds[i].events & POLLIN) && FD_ISSET(fd, readfds)) + if ((fds[i].events & POLLIN) && FD_ISSET(fd, &readfds)) fds[i].revents |= POLLIN; - if ((fds[i].events & POLLOUT) && FD_ISSET(fd, writefds)) + if ((fds[i].events & POLLOUT) && FD_ISSET(fd, &writefds)) fds[i].revents |= POLLOUT; - if ((fds[i].events & POLLPRI) && FD_ISSET(fd, exceptfds)) + if ((fds[i].events & POLLPRI) && FD_ISSET(fd, &exceptfds)) fds[i].revents |= POLLPRI; } -out: - free(readfds); - free(writefds); - free(exceptfds); - if (ret == -1) - errno = saved_errno; return ret; } #endif /* !HAVE_PPOLL || BROKEN_POLL */ diff --git a/gsi_openssh/source/openbsd-compat/bsd-poll.h b/gsi_openssh/source/openbsd-compat/bsd-poll.h index 586647ee1a..ae865a6e26 100644 --- a/gsi_openssh/source/openbsd-compat/bsd-poll.h +++ b/gsi_openssh/source/openbsd-compat/bsd-poll.h @@ -44,12 +44,25 @@ typedef struct pollfd { short revents; } pollfd_t; -#define POLLIN 0x0001 -#define POLLPRI 0x0002 -#define POLLOUT 0x0004 -#define POLLERR 0x0008 -#define POLLHUP 0x0010 -#define POLLNVAL 0x0020 +#ifndef POLLIN +# define POLLIN 0x0001 +#endif +#ifndef POLLPRI +# define POLLPRI 0x0002 +#endif +#ifndef POLLOUT +# define POLLOUT 0x0004 +#endif +#ifndef POLLERR +# define POLLERR 0x0008 +#endif +#ifndef POLLHUP +# define POLLHUP 0x0010 +#endif +#ifndef POLLNVAL +# define POLLNVAL 0x0020 +#endif + #if 0 /* the following are currently not implemented */ #define POLLRDNORM 0x0040 diff --git a/gsi_openssh/source/openbsd-compat/bsd-snprintf.c b/gsi_openssh/source/openbsd-compat/bsd-snprintf.c index b9eaee14f3..bc505b8387 100644 --- a/gsi_openssh/source/openbsd-compat/bsd-snprintf.c +++ b/gsi_openssh/source/openbsd-compat/bsd-snprintf.c @@ -35,9 +35,9 @@ * original. Also, there is now a builtin-test, just compile with: * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm * and run snprintf for results. - * + * * Thomas Roessler 01/27/98 for mutt 0.89i - * The PGP code was using unsigned hexadecimal formats. + * The PGP code was using unsigned hexadecimal formats. * Unfortunately, unsigned formats simply didn't work. * * Michael Elkins 03/05/98 for mutt 0.90.8 @@ -55,20 +55,20 @@ * * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 * actually print args for %g and %e - * + * * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 * Since includes.h isn't included here, VA_COPY has to be defined here. I don't * see any include file that is guaranteed to be here, so I'm defining it * locally. Fixes AIX and Solaris builds. - * + * * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 * put the ifdef for HAVE_VA_COPY in one place rather than in lots of * functions - * + * * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 * Fix usage of va_list passed as an arg. Use __va_copy before using it * when it exists. - * + * * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 * Fix incorrect zpadlen handling in fmtfp. * Thanks to Ollie Oldham for spotting it. @@ -167,7 +167,7 @@ (pos)++; \ } while (0) -static int dopr(char *buffer, size_t maxlen, const char *format, +static int dopr(char *buffer, size_t maxlen, const char *format, va_list args_in); static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); @@ -192,19 +192,19 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) va_list args; VA_COPY(args, args_in); - + state = DP_S_DEFAULT; currlen = flags = cflags = min = 0; max = -1; ch = *format++; - + while (state != DP_S_DONE) { - if (ch == '\0') + if (ch == '\0') state = DP_S_DONE; switch(state) { case DP_S_DEFAULT: - if (ch == '%') + if (ch == '%') state = DP_S_FLAGS; else DOPR_OUTCH(buffer, currlen, maxlen, ch); @@ -253,7 +253,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) if (ch == '.') { state = DP_S_MAX; ch = *format++; - } else { + } else { state = DP_S_MOD; } break; @@ -306,7 +306,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) switch (ch) { case 'd': case 'i': - if (cflags == DP_C_SHORT) + if (cflags == DP_C_SHORT) value = va_arg (args, int); else if (cflags == DP_C_LONG) value = va_arg (args, long int); @@ -489,12 +489,12 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) } } if (maxlen != 0) { - if (currlen < maxlen - 1) + if (currlen < maxlen - 1) buffer[currlen] = '\0'; - else if (maxlen > 0) + else if (maxlen > 0) buffer[maxlen - 1] = '\0'; } - + return currlen < INT_MAX ? (int)currlen : -1; } @@ -514,11 +514,11 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; - if (padlen < 0) + if (padlen < 0) padlen = 0; - if (flags & DP_F_MINUS) + if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justify */ - + while ((padlen > 0) && (cnt < max)) { DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --padlen; @@ -550,12 +550,12 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, int spadlen = 0; /* amount to space pad */ int zpadlen = 0; /* amount to zero pad */ int caps = 0; - + if (max < 0) max = 0; - + uvalue = value; - + if(!(flags & DP_F_UNSIGNED)) { if( value < 0 ) { signvalue = '-'; @@ -567,7 +567,7 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, signvalue = ' '; } } - + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ do { @@ -587,7 +587,7 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, zpadlen = MAX(zpadlen, spadlen); spadlen = 0; } - if (flags & DP_F_MINUS) + if (flags & DP_F_MINUS) spadlen = -spadlen; /* Left Justifty */ #ifdef DEBUG_SNPRINTF @@ -602,7 +602,7 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, } /* Sign */ - if (signvalue) + if (signvalue) DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); /* Zeros */ @@ -618,7 +618,7 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, --place; DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]); } - + /* Left Justified spaces */ while (spadlen < 0) { DOPR_OUTCH(buffer, *currlen, maxlen, ' '); @@ -633,19 +633,19 @@ static LDOUBLE abs_val(LDOUBLE value) if (value < 0) result = -value; - + return result; } static LDOUBLE POW10(int val) { LDOUBLE result = 1; - + while (val) { result *= 10; val--; } - + return result; } @@ -656,7 +656,7 @@ static LLONG ROUND(LDOUBLE value) intpart = (LLONG)value; value = value - intpart; if (value >= 0.5) intpart++; - + return intpart; } @@ -692,7 +692,7 @@ static double my_modf(double x0, double *iptr) ret = my_modf(x0-l*f, &i2); (*iptr) = l*f + i2; return ret; - } + } (*iptr) = l; return x - (*iptr); @@ -710,14 +710,14 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, int iplace = 0; int fplace = 0; int padlen = 0; /* amount to pad */ - int zpadlen = 0; + int zpadlen = 0; int caps = 0; int idx; double intpart; double fracpart; double temp; - - /* + + /* * AIX manpage says the default is 0, but Solaris says the default * is 6, and sprintf on AIX defaults to 6 */ @@ -745,8 +745,8 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ #endif - /* - * Sorry, we only support 16 digits past the decimal because of our + /* + * Sorry, we only support 16 digits past the decimal because of our * conversion method */ if (max > 16) @@ -760,7 +760,7 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, my_modf(temp, &intpart); fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); - + if (fracpart >= POW10(max)) { intpart++; fracpart -= POW10(max); @@ -794,16 +794,16 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (fplace == 311) fplace--; } fconvert[fplace] = 0; - + /* -1 for decimal point, another -1 if we are printing a sign */ - padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); + padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); zpadlen = max - fplace; if (zpadlen < 0) zpadlen = 0; - if (padlen < 0) + if (padlen < 0) padlen = 0; - if (flags & DP_F_MINUS) + if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justifty */ - + if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); @@ -819,9 +819,9 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --padlen; } - if (signvalue) + if (signvalue) DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); - + while (iplace > 0) { --iplace; DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]); @@ -837,7 +837,7 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, */ if (max > 0) { DOPR_OUTCH(buffer, *currlen, maxlen, '.'); - + while (zpadlen > 0) { DOPR_OUTCH(buffer, *currlen, maxlen, '0'); --zpadlen; diff --git a/gsi_openssh/source/openbsd-compat/bsd-timegm.c b/gsi_openssh/source/openbsd-compat/bsd-timegm.c new file mode 100644 index 0000000000..246724bd62 --- /dev/null +++ b/gsi_openssh/source/openbsd-compat/bsd-timegm.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + adapted for Samba4 by Andrew Tridgell +*/ + +#include "includes.h" + +#include + +#ifndef HAVE_TIMEGM + +static int is_leap(unsigned y) +{ + y += 1900; + return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); +} + +time_t timegm(struct tm *tm) +{ + static const unsigned ndays[2][12] ={ + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; + time_t res = 0; + unsigned i; + + if (tm->tm_mon > 12 || + tm->tm_mon < 0 || + tm->tm_mday > 31 || + tm->tm_min > 60 || + tm->tm_sec > 60 || + tm->tm_hour > 24) { + /* invalid tm structure */ + return 0; + } + + for (i = 70; i < tm->tm_year; ++i) + res += is_leap(i) ? 366 : 365; + + for (i = 0; i < tm->tm_mon; ++i) + res += ndays[is_leap(tm->tm_year)][i]; + res += tm->tm_mday - 1; + res *= 24; + res += tm->tm_hour; + res *= 60; + res += tm->tm_min; + res *= 60; + res += tm->tm_sec; + return res; +} +#endif /* HAVE_TIMEGM */ diff --git a/gsi_openssh/source/openbsd-compat/getcwd.c b/gsi_openssh/source/openbsd-compat/getcwd.c index 2d56bae19d..a904291a29 100644 --- a/gsi_openssh/source/openbsd-compat/getcwd.c +++ b/gsi_openssh/source/openbsd-compat/getcwd.c @@ -70,9 +70,12 @@ getcwd(char *pt, size_t size) */ if (pt) { ptsize = 0; - if (!size) { + if (size == 0) { errno = EINVAL; return (NULL); + } else if (size == 1) { + errno = ERANGE; + return (NULL); } ept = pt + size; } else { diff --git a/gsi_openssh/source/openbsd-compat/getopt.h b/gsi_openssh/source/openbsd-compat/getopt.h index 8eb12447ed..65c8bc7fb6 100644 --- a/gsi_openssh/source/openbsd-compat/getopt.h +++ b/gsi_openssh/source/openbsd-compat/getopt.h @@ -40,6 +40,7 @@ #define required_argument 1 #define optional_argument 2 +#if 0 struct option { /* name of long option */ const char *name; @@ -58,6 +59,8 @@ int getopt_long(int, char * const *, const char *, const struct option *, int *); int getopt_long_only(int, char * const *, const char *, const struct option *, int *); +#endif + #ifndef _GETOPT_DEFINED_ #define _GETOPT_DEFINED_ int getopt(int, char * const *, const char *); diff --git a/gsi_openssh/source/openbsd-compat/getopt_long.c b/gsi_openssh/source/openbsd-compat/getopt_long.c index 1a5001f7d9..c2863a789f 100644 --- a/gsi_openssh/source/openbsd-compat/getopt_long.c +++ b/gsi_openssh/source/openbsd-compat/getopt_long.c @@ -72,6 +72,20 @@ #include "log.h" +struct option { + /* name of long option */ + const char *name; + /* + * one of no_argument, required_argument, and optional_argument: + * whether option takes an argument + */ + int has_arg; + /* if not NULL, set *flag to val when option found */ + int *flag; + /* if flag not NULL, value to set *flag to; else return value */ + int val; +}; + int opterr = 1; /* if error message should be printed */ int optind = 1; /* index into parent argv vector */ int optopt = '?'; /* character checked for validity */ diff --git a/gsi_openssh/source/openbsd-compat/getrrsetbyname.c b/gsi_openssh/source/openbsd-compat/getrrsetbyname.c index cc1f8ae519..8f59398406 100644 --- a/gsi_openssh/source/openbsd-compat/getrrsetbyname.c +++ b/gsi_openssh/source/openbsd-compat/getrrsetbyname.c @@ -116,8 +116,14 @@ struct __res_state _res; #if !defined(HAVE__GETSHORT) || !defined(HAVE__GETLONG) || \ !defined(HAVE_DECL__GETSHORT) || HAVE_DECL__GETSHORT == 0 || \ !defined(HAVE_DECL__GETLONG) || HAVE_DECL__GETLONG == 0 -#define _getshort(x) (_ssh_compat_getshort(x)) -#define _getlong(x) (_ssh_compat_getlong(x)) +# ifdef _getshort +# undef _getshort +# endif +# ifdef _getlong +# undef _getlong +# endif +# define _getshort(x) (_ssh_compat_getshort(x)) +# define _getlong(x) (_ssh_compat_getlong(x)) /* * Routines to insert/extract short/long's. */ @@ -138,7 +144,7 @@ _getlong(const u_char *msgp) GETLONG(u, msgp); return (u); } -#endif +#endif /* missing _getshort/_getlong */ /* ************** */ @@ -384,6 +390,9 @@ parse_dns_response(const u_char *answer, int size) struct dns_response *resp; const u_char *cp; + if (size < HFIXEDSZ) + return (NULL); + /* allocate memory for the response */ resp = calloc(1, sizeof(*resp)); if (resp == NULL) @@ -450,14 +459,22 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) int i, length; char name[MAXDNAME]; - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { +#define NEED(need) \ + do { \ + if (*cp + need > answer + size) \ + goto fail; \ + } while (0) - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_query)); - if (curr == NULL) { + for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { + if (*cp >= answer + size) { + fail: free_dns_query(head); return (NULL); } + /* allocate and initialize struct */ + curr = calloc(1, sizeof(struct dns_query)); + if (curr == NULL) + goto fail; if (head == NULL) head = curr; if (prev != NULL) @@ -475,16 +492,20 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) free_dns_query(head); return (NULL); } + NEED(length); *cp += length; /* type */ + NEED(INT16SZ); curr->type = _getshort(*cp); *cp += INT16SZ; /* class */ + NEED(INT16SZ); curr->class = _getshort(*cp); *cp += INT16SZ; } +#undef NEED return (head); } @@ -497,14 +518,23 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int i, length; char name[MAXDNAME]; - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { +#define NEED(need) \ + do { \ + if (*cp + need > answer + size) \ + goto fail; \ + } while (0) - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_rr)); - if (curr == NULL) { + for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { + if (*cp >= answer + size) { + fail: free_dns_rr(head); return (NULL); } + + /* allocate and initialize struct */ + curr = calloc(1, sizeof(struct dns_rr)); + if (curr == NULL) + goto fail; if (head == NULL) head = curr; if (prev != NULL) @@ -522,25 +552,31 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, free_dns_rr(head); return (NULL); } + NEED(length); *cp += length; /* type */ + NEED(INT16SZ); curr->type = _getshort(*cp); *cp += INT16SZ; /* class */ + NEED(INT16SZ); curr->class = _getshort(*cp); *cp += INT16SZ; /* ttl */ + NEED(INT32SZ); curr->ttl = _getlong(*cp); *cp += INT32SZ; /* rdata size */ + NEED(INT16SZ); curr->size = _getshort(*cp); *cp += INT16SZ; /* rdata itself */ + NEED(curr->size); curr->rdata = malloc(curr->size); if (curr->rdata == NULL) { free_dns_rr(head); @@ -549,6 +585,7 @@ parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, memcpy(curr->rdata, *cp, curr->size); *cp += curr->size; } +#undef NEED return (head); } diff --git a/gsi_openssh/source/openbsd-compat/libressl-api-compat.c b/gsi_openssh/source/openbsd-compat/libressl-api-compat.c index 801a2e8dd3..498180dc89 100644 --- a/gsi_openssh/source/openbsd-compat/libressl-api-compat.c +++ b/gsi_openssh/source/openbsd-compat/libressl-api-compat.c @@ -10,21 +10,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -39,10 +39,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -54,7 +54,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -75,7 +75,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in diff --git a/gsi_openssh/source/openbsd-compat/mktemp.c b/gsi_openssh/source/openbsd-compat/mktemp.c index ac922c1ecb..cca956a51f 100644 --- a/gsi_openssh/source/openbsd-compat/mktemp.c +++ b/gsi_openssh/source/openbsd-compat/mktemp.c @@ -34,6 +34,29 @@ #include #include +#ifdef mkstemp +#undef mkstemp +#endif +int mkstemp(char *); + +/* + * From glibc man page: 'In glibc versions 2.06 and earlier, the file is + * created with permissions 0666, that is, read and write for all users.' + * Provide a wrapper to make sure the mask is reasonable (POSIX requires + * mode 0600, so mask off any other bits). + */ +int +_ssh_mkstemp(char *template) +{ + mode_t mask; + int ret; + + mask = umask(0177); + ret = mkstemp(template); + (void)umask(mask); + return ret; +} + #if !defined(HAVE_MKDTEMP) #define MKTEMP_NAME 0 diff --git a/gsi_openssh/source/openbsd-compat/openbsd-compat.h b/gsi_openssh/source/openbsd-compat/openbsd-compat.h index 4316ab84bf..78faea9629 100644 --- a/gsi_openssh/source/openbsd-compat/openbsd-compat.h +++ b/gsi_openssh/source/openbsd-compat/openbsd-compat.h @@ -141,6 +141,9 @@ int mkstemp(char *path); char *mkdtemp(char *path); #endif +#define mkstemp(x) _ssh_mkstemp(x) +int _ssh_mkstemp(char *); + #ifndef HAVE_DAEMON int daemon(int nochdir, int noclose); #endif @@ -214,21 +217,20 @@ int writev(int, struct iovec *, int); int getpeereid(int , uid_t *, gid_t *); #endif -#ifdef HAVE_ARC4RANDOM -# ifndef HAVE_ARC4RANDOM_STIR -# define arc4random_stir() -# endif -#else -unsigned int arc4random(void); -void arc4random_stir(void); +#ifndef HAVE_ARC4RANDOM +uint32_t arc4random(void); #endif /* !HAVE_ARC4RANDOM */ #ifndef HAVE_ARC4RANDOM_BUF void arc4random_buf(void *, size_t); #endif +#ifndef HAVE_ARC4RANDOM_STIR +# define arc4random_stir() +#endif + #ifndef HAVE_ARC4RANDOM_UNIFORM -u_int32_t arc4random_uniform(u_int32_t); +uint32_t arc4random_uniform(uint32_t); #endif #ifndef HAVE_ASPRINTF @@ -339,6 +341,11 @@ void freezero(void *, size_t); struct tm *localtime_r(const time_t *, struct tm *); #endif +#ifndef HAVE_TIMEGM +#include +time_t timegm(struct tm *); +#endif + char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); diff --git a/gsi_openssh/source/openbsd-compat/openssl-compat.c b/gsi_openssh/source/openbsd-compat/openssl-compat.c index a37ca61bf2..6c65003f2b 100644 --- a/gsi_openssh/source/openbsd-compat/openssl-compat.c +++ b/gsi_openssh/source/openbsd-compat/openssl-compat.c @@ -33,10 +33,10 @@ /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. + * Versions >=3 require only major versions to match. + * For versions <3, we accept compatible fix versions (so we allow 1.0.1 + * to work with 1.0.0). Going backwards is only allowed within a patch series. + * See https://www.openssl.org/policies/releasestrat.html */ int @@ -48,15 +48,17 @@ ssh_compatible_openssl(long headerver, long libver) if (headerver == libver) return 1; - /* for versions < 1.0.0, major,minor,fix,status must match */ - if (headerver < 0x1000000f) { - mask = 0xfffff00fL; /* major,minor,fix,status */ + /* + * For versions >= 3.0, only the major and status must match. + */ + if (headerver >= 0x3000000f) { + mask = 0xf000000fL; /* major,status */ return (headerver & mask) == (libver & mask); } /* - * For versions >= 1.0.0, major,minor,status must match and library - * fix version must be equal to or newer than the header. + * For versions >= 1.0.0, but <3, major,minor,status must match and + * library fix version must be equal to or newer than the header. */ mask = 0xfff0000fL; /* major,minor,status */ hfix = (headerver & 0x000ff000) >> 12; diff --git a/gsi_openssh/source/openbsd-compat/openssl-compat.h b/gsi_openssh/source/openbsd-compat/openssl-compat.h index 8ca50b5ace..61a69dd56e 100644 --- a/gsi_openssh/source/openbsd-compat/openssl-compat.h +++ b/gsi_openssh/source/openbsd-compat/openssl-compat.h @@ -68,31 +68,6 @@ void ssh_libcrypto_init(void); # endif #endif -#ifndef OPENSSL_HAVE_EVPCTR -# define EVP_aes_128_ctr evp_aes_128_ctr -# define EVP_aes_192_ctr evp_aes_128_ctr -# define EVP_aes_256_ctr evp_aes_128_ctr -const EVP_CIPHER *evp_aes_128_ctr(void); -void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); -#endif - -/* Avoid some #ifdef. Code that uses these is unreachable without GCM */ -#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) -# define EVP_CTRL_GCM_SET_IV_FIXED -1 -# define EVP_CTRL_GCM_IV_GEN -1 -# define EVP_CTRL_GCM_SET_TAG -1 -# define EVP_CTRL_GCM_GET_TAG -1 -#endif - -/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ -#ifndef HAVE_EVP_CIPHER_CTX_CTRL -# ifdef OPENSSL_HAVE_EVPGCM -# error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ -# else -# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) -# endif -#endif - /* LibreSSL/OpenSSL 1.1x API compat */ #ifndef HAVE_DSA_GET0_PQG void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, diff --git a/gsi_openssh/source/openbsd-compat/regress/Makefile.in b/gsi_openssh/source/openbsd-compat/regress/Makefile.in index dd8cdc4b7e..6fabca849e 100644 --- a/gsi_openssh/source/openbsd-compat/regress/Makefile.in +++ b/gsi_openssh/source/openbsd-compat/regress/Makefile.in @@ -10,7 +10,8 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@ EXEEXT=@EXEEXT@ LIBCOMPAT=../libopenbsd-compat.a -LIBS=@LIBS@ +LIBSSH=../../libssh.a +LIBS=@LIBS@ @CHANNELLIBS@ LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ @@ -18,8 +19,8 @@ TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ all: t-exec ${OTHERTESTS} -%$(EXEEXT): %.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) +.c: $(LIBCOMPAT) $(LIBSSH) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBSSH) $(LIBS) t-exec: $(TESTPROGS) @echo running compat regress tests diff --git a/gsi_openssh/source/openbsd-compat/regress/opensslvertest.c b/gsi_openssh/source/openbsd-compat/regress/opensslvertest.c index 43825b24c3..d500666096 100644 --- a/gsi_openssh/source/openbsd-compat/regress/opensslvertest.c +++ b/gsi_openssh/source/openbsd-compat/regress/opensslvertest.c @@ -56,6 +56,7 @@ fail(long hver, long lver, int result) int main(void) { +#ifdef WITH_OPENSSL unsigned int i; int res; long hver, lver; @@ -67,5 +68,6 @@ main(void) if (ssh_compatible_openssl(hver, lver) != res) fail(hver, lver, res); } +#endif exit(0); } diff --git a/gsi_openssh/source/packet.c b/gsi_openssh/source/packet.c index c472c4e26a..77cde7d561 100644 --- a/gsi_openssh/source/packet.c +++ b/gsi_openssh/source/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.307 2022/01/22 00:49:34 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.309 2023/03/03 10:23:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1036,7 +1036,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) return 1; /* - * Always rekey when MAX_PACKETS sent in either direction + * Always rekey when MAX_PACKETS sent in either direction * As per RFC4344 section 3.1 we do this after 2^31 packets. */ if (state->p_send.packets > MAX_PACKETS || @@ -1374,7 +1374,7 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain; + int len, r, ms_remain = 0; struct pollfd pfd; char buf[SSH_IOBUFSZ]; struct timeval start; diff --git a/gsi_openssh/source/platform-tracing.c b/gsi_openssh/source/platform-tracing.c index c2810f2d0b..650c7e59fa 100644 --- a/gsi_openssh/source/platform-tracing.c +++ b/gsi_openssh/source/platform-tracing.c @@ -32,6 +32,7 @@ #include #include #include +#include #include "log.h" @@ -42,7 +43,16 @@ platform_disable_tracing(int strict) /* On FreeBSD, we should make this process untraceable */ int disable_trace = PROC_TRACE_CTL_DISABLE; - if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict) + /* + * On FreeBSD, we should make this process untraceable. + * pid=0 means "this process" but some older kernels do not + * understand that so retry with our own pid before failing. + */ + if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) == 0) + return; + if (procctl(P_PID, getpid(), PROC_TRACE_CTL, &disable_trace) == 0) + return; + if (strict) fatal("unable to make the process untraceable: %s", strerror(errno)); #endif diff --git a/gsi_openssh/source/progressmeter.c b/gsi_openssh/source/progressmeter.c index c9290dc50a..e24356ba7e 100644 --- a/gsi_openssh/source/progressmeter.c +++ b/gsi_openssh/source/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.52 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -30,8 +30,11 @@ #include #include +#include +#include #include #include +#include #include #include #include @@ -51,10 +54,6 @@ /* determines whether we can output to the terminal */ static int can_output(void); -/* formats and inserts the specified size into the given buffer */ -static void format_size(char *, int, off_t); -static void format_rate(char *, int, off_t); - /* window resizing */ static void sig_winch(int); static void setscreensize(void); @@ -86,10 +85,14 @@ can_output(void) return (getpgrp() == tcgetpgrp(STDOUT_FILENO)); } -static void -format_rate(char *buf, int size, off_t bytes) +/* size needed to format integer type v, using (nbits(v) * log2(10) / 10) */ +#define STRING_SIZE(v) (((sizeof(v) * 8 * 4) / 10) + 1) + +static const char * +format_rate(off_t bytes) { int i; + static char buf[STRING_SIZE(bytes) * 2 + 16]; bytes *= 100; for (i = 0; bytes >= 100*1000 && unit[i] != 'T'; i++) @@ -98,37 +101,40 @@ format_rate(char *buf, int size, off_t bytes) i++; bytes = (bytes + 512) / 1024; } - snprintf(buf, size, "%3lld.%1lld%c%s", + snprintf(buf, sizeof(buf), "%3lld.%1lld%c%s", (long long) (bytes + 5) / 100, (long long) (bytes + 5) / 10 % 10, unit[i], i ? "B" : " "); + return buf; } -static void -format_size(char *buf, int size, off_t bytes) +static const char * +format_size(off_t bytes) { int i; + static char buf[STRING_SIZE(bytes) + 16]; for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++) bytes = (bytes + 512) / 1024; - snprintf(buf, size, "%4lld%c%s", + snprintf(buf, sizeof(buf), "%4lld%c%s", (long long) bytes, unit[i], i ? "B" : " "); + return buf; } void refresh_progress_meter(int force_update) { - char buf[MAX_WINSIZE + 1]; + char *buf = NULL, *obuf = NULL; off_t transferred; double elapsed, now; int percent; off_t bytes_left; int cur_speed; int hours, minutes, seconds; - int file_len; + int file_len, cols; off_t delta_pos; if ((!force_update && !alarm_fired && !win_resized) || !can_output()) @@ -171,41 +177,36 @@ refresh_progress_meter(int force_update) } else bytes_per_second = cur_speed; + last_update = now; + last_pos = cur_pos; + + /* Don't bother if we can't even display the completion percentage */ + if (win_size < 4) + return; + /* filename */ - buf[0] = '\0'; - file_len = win_size - 45; + file_len = cols = win_size - 45; if (file_len > 0) { - buf[0] = '\r'; - snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", - file_len, file); + asmprintf(&buf, INT_MAX, &cols, "%-*s", file_len, file); + /* If we used fewer columns than expected then pad */ + if (cols < file_len) + xextendf(&buf, NULL, "%*s", file_len - cols, ""); } - /* percent of transfer done */ if (end_pos == 0 || cur_pos == end_pos) percent = 100; else percent = ((float)cur_pos / end_pos) * 100; - snprintf(buf + strlen(buf), win_size - strlen(buf), - " %3d%% ", percent); - - /* amount transferred */ - format_size(buf + strlen(buf), win_size - strlen(buf), - cur_pos); - strlcat(buf, " ", win_size); - /* bandwidth usage */ - format_rate(buf + strlen(buf), win_size - strlen(buf), - (off_t)bytes_per_second); - strlcat(buf, "/s ", win_size); + /* percent / amount transferred / bandwidth usage */ + xextendf(&buf, NULL, " %3d%% %s %s/s ", percent, format_size(cur_pos), + format_rate((off_t)bytes_per_second)); /* instantaneous rate */ if (bytes_left > 0) - format_rate(buf + strlen(buf), win_size - strlen(buf), - delta_pos); + xextendf(&buf, NULL, "%s/s ", format_rate(delta_pos)); else - format_rate(buf + strlen(buf), win_size - strlen(buf), - max_delta_pos); - strlcat(buf, "/s ", win_size); + xextendf(&buf, NULL, "%s/s ", format_rate(max_delta_pos)); /* ETA */ if (!transferred) @@ -214,9 +215,9 @@ refresh_progress_meter(int force_update) stalled = 0; if (stalled >= STALL_TIME) - strlcat(buf, "- stalled -", win_size); + xextendf(&buf, NULL, "- stalled -"); else if (bytes_per_second == 0 && bytes_left) - strlcat(buf, " --:-- ETA", win_size); + xextendf(&buf, NULL, " --:-- ETA"); else { if (bytes_left > 0) seconds = bytes_left / bytes_per_second; @@ -228,25 +229,29 @@ refresh_progress_meter(int force_update) minutes = seconds / 60; seconds -= minutes * 60; - if (hours != 0) - snprintf(buf + strlen(buf), win_size - strlen(buf), - "%d:%02d:%02d", hours, minutes, seconds); - else - snprintf(buf + strlen(buf), win_size - strlen(buf), - " %02d:%02d", minutes, seconds); + if (hours != 0) { + xextendf(&buf, NULL, "%d:%02d:%02d", + hours, minutes, seconds); + } else + xextendf(&buf, NULL, " %02d:%02d", minutes, seconds); if (bytes_left > 0) - strlcat(buf, " ETA", win_size); + xextendf(&buf, NULL, " ETA"); else - strlcat(buf, " ", win_size); + xextendf(&buf, NULL, " "); } - atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); - last_update = now; - last_pos = cur_pos; + /* Finally, truncate string at window width */ + cols = win_size - 1; + asmprintf(&obuf, INT_MAX, &cols, " %s", buf); + if (obuf != NULL) { + *obuf = '\r'; /* must insert as asmprintf() would escape it */ + atomicio(vwrite, STDOUT_FILENO, obuf, strlen(obuf)); + } + free(buf); + free(obuf); } -/*ARGSUSED*/ static void sig_alarm(int ignore) { @@ -289,7 +294,6 @@ stop_progress_meter(void) atomicio(vwrite, STDOUT_FILENO, "\n", 1); } -/*ARGSUSED*/ static void sig_winch(int sig) { diff --git a/gsi_openssh/source/readconf.c b/gsi_openssh/source/readconf.c index 8aedf3f542..9df99551c7 100644 --- a/gsi_openssh/source/readconf.c +++ b/gsi_openssh/source/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.366 2022/02/08 08:59:12 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.375 2023/03/10 02:24:56 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,7 @@ #include #include #include +#include #ifdef USE_SYSTEM_GLOB # include #else @@ -54,7 +55,6 @@ #include "xmalloc.h" #include "ssh.h" #include "ssherr.h" -#include "compat.h" #include "cipher.h" #include "pathnames.h" #include "log.h" @@ -183,6 +183,7 @@ typedef enum { oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, + oEnableEscapeCommandline, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -346,6 +347,7 @@ static struct { { "knownhostscommand", oKnownHostsCommand }, { "requiredrsasize", oRequiredRSASize }, { "rsaminsize", oRequiredRSASize }, /* alias */ + { "enableescapecommandline", oEnableEscapeCommandline }, { "tcprcvbufpoll", oTcpRcvBufPoll }, { "tcprcvbuf", oTcpRcvBuf }, @@ -645,7 +647,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, } arg = criteria = NULL; this_result = 1; - if ((negate = attrib[0] == '!')) + if ((negate = (attrib[0] == '!'))) attrib++; /* Criterion "all" has no argument and must appear alone */ if (strcasecmp(attrib, "all") == 0) { @@ -784,20 +786,16 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, static void rm_env(Options *options, const char *arg, const char *filename, int linenum) { - int i, j, onum_send_env = options->num_send_env; - char *cp; + u_int i, j, onum_send_env = options->num_send_env; /* Remove an environment variable */ for (i = 0; i < options->num_send_env; ) { - cp = xstrdup(options->send_env[i]); - if (!match_pattern(cp, arg + 1)) { - free(cp); + if (!match_pattern(options->send_env[i], arg + 1)) { i++; continue; } debug3("%s line %d: removing environment %s", - filename, linenum, cp); - free(cp); + filename, linenum, options->send_env[i]); free(options->send_env[i]); options->send_env[i] = NULL; for (j = i; j < options->num_send_env - 1; j++) { @@ -1676,37 +1674,37 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, case oPermitRemoteOpen: uintptr = &options->num_permitted_remote_opens; cppptr = &options->permitted_remote_opens; - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') - fatal("%s line %d: missing %s specification", - filename, linenum, lookup_opcode_name(opcode)); uvalue = *uintptr; /* modified later */ - if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && uvalue == 0) { - *uintptr = 1; - *cppptr = xcalloc(1, sizeof(**cppptr)); - (*cppptr)[0] = xstrdup(arg); - } - break; - } + i = 0; while ((arg = argv_next(&ac, &av)) != NULL) { arg2 = xstrdup(arg); - p = hpdelim(&arg); - if (p == NULL) { - fatal("%s line %d: missing host in %s", - filename, linenum, - lookup_opcode_name(opcode)); - } - p = cleanhostname(p); - /* - * don't want to use permitopen_port to avoid - * dependency on channels.[ch] here. - */ - if (arg == NULL || - (strcmp(arg, "*") != 0 && a2port(arg) <= 0)) { - fatal("%s line %d: bad port number in %s", - filename, linenum, - lookup_opcode_name(opcode)); + /* Allow any/none only in first position */ + if (strcasecmp(arg, "none") == 0 || + strcasecmp(arg, "any") == 0) { + if (i > 0 || ac > 0) { + error("%s line %d: keyword %s \"%s\" " + "argument must appear alone.", + filename, linenum, keyword, arg); + goto out; + } + } else { + p = hpdelim(&arg); + if (p == NULL) { + fatal("%s line %d: missing host in %s", + filename, linenum, + lookup_opcode_name(opcode)); + } + p = cleanhostname(p); + /* + * don't want to use permitopen_port to avoid + * dependency on channels.[ch] here. + */ + if (arg == NULL || (strcmp(arg, "*") != 0 && + a2port(arg) <= 0)) { + fatal("%s line %d: bad port number " + "in %s", filename, linenum, + lookup_opcode_name(opcode)); + } } if (*activep && uvalue == 0) { opt_array_append(filename, linenum, @@ -1714,7 +1712,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, cppptr, uintptr, arg2); } free(arg2); + i++; } + if (i == 0) + fatal("%s line %d: missing %s specification", + filename, linenum, lookup_opcode_name(opcode)); break; case oClearAllForwardings: @@ -1844,20 +1846,10 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, /* Removing an env var */ rm_env(options, arg, filename, linenum); continue; - } else { - /* Adding an env var */ - if (options->num_send_env >= INT_MAX) { - error("%s line %d: too many send env.", - filename, linenum); - goto out; - } - options->send_env = xrecallocarray( - options->send_env, options->num_send_env, - options->num_send_env + 1, - sizeof(*options->send_env)); - options->send_env[options->num_send_env++] = - xstrdup(arg); } + opt_array_append(filename, linenum, + lookup_opcode_name(opcode), + &options->send_env, &options->num_send_env, arg); } break; @@ -1871,16 +1863,15 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, } if (!*activep || value != 0) continue; - /* Adding a setenv var */ - if (options->num_setenv >= INT_MAX) { - error("%s line %d: too many SetEnv.", - filename, linenum); - goto out; + if (lookup_setenv_in_list(arg, options->setenv, + options->num_setenv) != NULL) { + debug2("%s line %d: ignoring duplicate env " + "name \"%.64s\"", filename, linenum, arg); + continue; } - options->setenv = xrecallocarray( - options->setenv, options->num_setenv, - options->num_setenv + 1, sizeof(*options->setenv)); - options->setenv[options->num_setenv++] = xstrdup(arg); + opt_array_append(filename, linenum, + lookup_opcode_name(opcode), + &options->setenv, &options->num_setenv, arg); } break; @@ -2247,15 +2238,13 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, value2 = 0; /* unlimited lifespan by default */ if (value == 3 && arg2 != NULL) { /* allow "AddKeysToAgent confirm 5m" */ - if ((value2 = convtime(arg2)) == -1 || - value2 > INT_MAX) { + if ((value2 = convtime(arg2)) == -1) { error("%s line %d: invalid time value.", filename, linenum); goto out; } } else if (value == -1 && arg2 == NULL) { - if ((value2 = convtime(arg)) == -1 || - value2 > INT_MAX) { + if ((value2 = convtime(arg)) == -1) { error("%s line %d: unsupported option", filename, linenum); goto out; @@ -2299,6 +2288,10 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, *charptr = xstrdup(arg); break; + case oEnableEscapeCommandline: + intptr = &options->enable_escape_commandline; + goto parse_flag; + case oRequiredRSASize: intptr = &options->required_rsa_size; goto parse_int; @@ -2439,6 +2432,7 @@ void initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); + options->host_arg = NULL; options->forward_agent = -1; options->forward_agent_sock_path = NULL; options->forward_x11 = -1; @@ -2565,6 +2559,7 @@ initialize_options(Options * options) options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; options->required_rsa_size = -1; + options->enable_escape_commandline = -1; } /* @@ -2810,6 +2805,8 @@ fill_default_options(Options * options) #endif if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->enable_escape_commandline == -1) + options->enable_escape_commandline = 0; /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -2955,9 +2952,9 @@ free_options(Options *o) } free(o->remote_forwards); free(o->stdio_forward_host); - FREE_ARRAY(int, o->num_send_env, o->send_env); + FREE_ARRAY(u_int, o->num_send_env, o->send_env); free(o->send_env); - FREE_ARRAY(int, o->num_setenv, o->setenv); + FREE_ARRAY(u_int, o->num_setenv, o->setenv); free(o->setenv); free(o->control_path); free(o->local_command); @@ -3453,6 +3450,7 @@ dump_client_config(Options *o, const char *host) free(all_key); /* Most interesting options first: user, host, port */ + dump_cfg_string(oHost, o->host_arg); dump_cfg_string(oUser, o->user); dump_cfg_string(oHostname, host); dump_cfg_int(oPort, o->port); @@ -3503,6 +3501,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); + dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); diff --git a/gsi_openssh/source/readconf.h b/gsi_openssh/source/readconf.h index 759c7f5fe5..139f87af83 100644 --- a/gsi_openssh/source/readconf.h +++ b/gsi_openssh/source/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.146 2021/12/19 22:14:47 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.150 2023/01/13 02:58:20 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ struct allowed_cname { }; typedef struct { + char *host_arg; /* Host arg as specified on command line. */ int forward_agent; /* Forward authentication agent. */ char *forward_agent_sock_path; /* Optional path of the agent. */ int forward_x11; /* Forward X11 display. */ @@ -141,10 +142,10 @@ typedef struct { int server_alive_interval; int server_alive_count_max; - int num_send_env; - char **send_env; - int num_setenv; - char **setenv; + u_int num_send_env; + char **send_env; + u_int num_setenv; + char **setenv; char *control_path; int control_master; @@ -194,6 +195,7 @@ typedef struct { char *known_hosts_command; int required_rsa_size; /* minimum size of RSA keys */ + int enable_escape_commandline; /* ~C commandline */ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; diff --git a/gsi_openssh/source/readpass.c b/gsi_openssh/source/readpass.c index 39af25c887..b52f3d6b1e 100644 --- a/gsi_openssh/source/readpass.c +++ b/gsi_openssh/source/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.69 2021/07/23 05:56:47 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.70 2022/05/27 04:27:49 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -286,7 +286,8 @@ notify_start(int force_askpass, const char *fmt, ...) } out_ctx: if ((ret = calloc(1, sizeof(*ret))) == NULL) { - kill(pid, SIGTERM); + if (pid != -1) + kill(pid, SIGTERM); fatal_f("calloc failed"); } ret->pid = pid; diff --git a/gsi_openssh/source/regress/agent-getpeereid.sh b/gsi_openssh/source/regress/agent-getpeereid.sh index b84471a785..f6532f0e9a 100644 --- a/gsi_openssh/source/regress/agent-getpeereid.sh +++ b/gsi_openssh/source/regress/agent-getpeereid.sh @@ -1,3 +1,4 @@ +# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $ # $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ # Placed in the Public Domain. @@ -6,6 +7,8 @@ tid="disallow agent attach from other uid" UNPRIV=nobody ASOCK=${OBJ}/agent SSH_AUTH_SOCK=/nonexistent +>$OBJ/ssh-agent.log +>$OBJ/ssh-add.log if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then : @@ -25,14 +28,14 @@ case "x$SUDO" in esac trace "start agent" -eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1 r=$? if [ $r -ne 0 ]; then fail "could not start ssh-agent: exit code $r" else chmod 644 ${SSH_AUTH_SOCK} - ${SSHADD} -l > /dev/null 2>&1 + ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 r=$? if [ $r -ne 1 ]; then fail "ssh-add failed with $r != 1" @@ -42,15 +45,16 @@ else ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null else # sudo - < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null + < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 fi r=$? if [ $r -lt 2 ]; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" + cat $OBJ/ssh-add.log fi trace "kill agent" - ${SSHAGENT} -k > /dev/null + ${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1 fi rm -f ${OBJ}/agent diff --git a/gsi_openssh/source/regress/agent-ptrace.sh b/gsi_openssh/source/regress/agent-ptrace.sh index 9cd68d7ec8..df55b34a5b 100644 --- a/gsi_openssh/source/regress/agent-ptrace.sh +++ b/gsi_openssh/source/regress/agent-ptrace.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-ptrace.sh,v 1.3 2015/09/11 04:55:01 djm Exp $ +# $OpenBSD: agent-ptrace.sh,v 1.5 2022/04/22 05:08:43 anton Exp $ # Placed in the Public Domain. tid="disallow agent ptrace attach" @@ -38,6 +38,7 @@ else $SUDO chown 0 ${SSHAGENT} $SUDO chgrp 0 ${SSHAGENT} $SUDO chmod 2755 ${SSHAGENT} + trap "$SUDO chown ${USER} ${SSHAGENT}; $SUDO chmod 755 ${SSHAGENT}" 0 fi trace "start agent" diff --git a/gsi_openssh/source/regress/agent-restrict.sh b/gsi_openssh/source/regress/agent-restrict.sh index a30aed7bf3..62cea85225 100644 --- a/gsi_openssh/source/regress/agent-restrict.sh +++ b/gsi_openssh/source/regress/agent-restrict.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-restrict.sh,v 1.5 2022/01/13 04:53:16 dtucker Exp $ +# $OpenBSD: agent-restrict.sh,v 1.6 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="agent restrictions" @@ -39,14 +39,14 @@ Host host_$h Hostname host_$h HostkeyAlias host_$h IdentityFile $OBJ/user_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF # Variant with no specified keys. cat << _EOF >> $OBJ/ssh_proxy_noid Host host_$h Hostname host_$h HostkeyAlias host_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF done cat $OBJ/ssh_proxy.bak >> $OBJ/ssh_proxy diff --git a/gsi_openssh/source/regress/agent.sh b/gsi_openssh/source/regress/agent.sh index f187b67572..5f1060608e 100644 --- a/gsi_openssh/source/regress/agent.sh +++ b/gsi_openssh/source/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $ +# $OpenBSD: agent.sh,v 1.21 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -9,7 +9,7 @@ if [ $? -ne 2 ]; then fi trace "start agent, args ${EXTRA_AGENT_ARGS} -s" -eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` >`ssh_logfile ssh-agent` r=$? if [ $r -ne 0 ]; then fatal "could not start ssh-agent: exit code $r" diff --git a/gsi_openssh/source/regress/cert-userkey.sh b/gsi_openssh/source/regress/cert-userkey.sh index 4ea29b7cdb..39bb432bd1 100644 --- a/gsi_openssh/source/regress/cert-userkey.sh +++ b/gsi_openssh/source/regress/cert-userkey.sh @@ -7,7 +7,8 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` +#ssh-dss keys are incompatible with DEFAULT crypto policy +PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss' | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` EXTRA_TYPES="" rsa="" diff --git a/gsi_openssh/source/regress/channel-timeout.sh b/gsi_openssh/source/regress/channel-timeout.sh new file mode 100644 index 0000000000..1c42e832ae --- /dev/null +++ b/gsi_openssh/source/regress/channel-timeout.sh @@ -0,0 +1,91 @@ +# $OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $ +# Placed in the Public Domain. + +tid="channel timeout" + +# XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive + +rm -f $OBJ/sshd_proxy.orig +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + +verbose "no timeout" +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if [ $r -ne 23 ]; then + fail "ssh failed" +fi + +verbose "command timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" +fi + +verbose "command wildcard timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" +fi + +verbose "command irrelevant timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if [ $r -ne 23 ]; then + fail "ssh failed" +fi + +# Set up a "slow sftp server" that sleeps before executing the real one. +cat > $OBJ/slow-sftp-server.sh << _EOF +#!/bin/sh + +sleep 5 +$SFTPSERVER +_EOF +chmod a+x $OBJ/slow-sftp-server.sh + +verbose "sftp no timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if [ $r -ne 0 ]; then + fail "sftp failed" +fi +cmp $DATA $COPY || fail "corrupted copy" + +verbose "sftp timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "ChannelTimeout session:subsystem:sftp=1" ; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if [ $r -eq 0 ]; then + fail "sftp succeeded unexpectedly" +fi +test -f $COPY && cmp $DATA $COPY && fail "intact copy" + +verbose "sftp irrelevant timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "ChannelTimeout session:subsystem:command=1" ; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if [ $r -ne 0 ]; then + fail "sftp failed" +fi +cmp $DATA $COPY || fail "corrupted copy" + diff --git a/gsi_openssh/source/regress/connection-timeout.sh b/gsi_openssh/source/regress/connection-timeout.sh new file mode 100644 index 0000000000..c77abb38d8 --- /dev/null +++ b/gsi_openssh/source/regress/connection-timeout.sh @@ -0,0 +1,87 @@ +# $OpenBSD: connection-timeout.sh,v 1.2 2023/01/17 10:15:10 djm Exp $ +# Placed in the Public Domain. + +tid="unused connection timeout" +if config_defined DISABLE_FD_PASSING ; then + skip "not supported on this platform" +fi + +CTL=$OBJ/ctl-sock +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + +check_ssh() { + test -S $CTL || return 1 + if ! ${REAL_SSH} -qF$OBJ/ssh_proxy -O check \ + -oControlPath=$CTL somehost >/dev/null 2>&1 ; then + return 1 + fi + return 0 +} + +start_ssh() { + trace "start ssh" + ${SSH} -nNfF $OBJ/ssh_proxy "$@" -oExitOnForwardFailure=yes \ + -oControlMaster=yes -oControlPath=$CTL somehost + r=$? + test $r -eq 0 || fatal "failed to start ssh $r" + check_ssh || fatal "ssh process unresponsive" +} + +stop_ssh() { + test -S $CTL || return + check_ssh || fatal "ssh process is unresponsive: cannot close" + if ! ${REAL_SSH} -qF$OBJ/ssh_proxy -O exit \ + -oControlPath=$CTL >/dev/null somehost >/dev/null ; then + fatal "ssh process did not respond to close" + fi + n=0 + while [ "$n" -lt 20 ] ; do + test -S $CTL || break + sleep 1 + n=`expr $n + 1` + done + if test -S $CTL ; then + fatal "ssh process did not exit" + fi +} + +trap "stop_ssh" EXIT + +verbose "no timeout" +start_ssh +sleep 5 +check_ssh || fatal "ssh unexpectedly missing" +stop_ssh + +(cat $OBJ/sshd_proxy.orig ; echo "UnusedConnectionTimeout 2") > $OBJ/sshd_proxy + +verbose "timeout" +start_ssh +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh + +verbose "session inhibits timeout" +rm -f $OBJ/copy.1 +start_ssh +${REAL_SSH} -qoControlPath=$CTL -oControlMaster=no -Fnone somehost \ + "sleep 8; touch $OBJ/copy.1" & +check_ssh || fail "ssh unexpectedly missing" +wait +test -f $OBJ/copy.1 || fail "missing result file" + +verbose "timeout after session" +# Session should still be running from previous +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh + +LPORT=`expr $PORT + 1` +RPORT=`expr $LPORT + 1` +DPORT=`expr $RPORT + 1` +RDPORT=`expr $DPORT + 1` +verbose "timeout with listeners" +start_ssh -L$LPORT:127.0.0.1:$PORT -R$RPORT:127.0.0.1:$PORT -D$DPORT -R$RDPORT +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh diff --git a/gsi_openssh/source/regress/dhgex.sh b/gsi_openssh/source/regress/dhgex.sh index 6dd4cfe3f9..30064f30a9 100644 --- a/gsi_openssh/source/regress/dhgex.sh +++ b/gsi_openssh/source/regress/dhgex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dhgex.sh,v 1.7 2020/12/21 22:48:41 dtucker Exp $ +# $OpenBSD: dhgex.sh,v 1.8 2023/03/02 08:14:52 dtucker Exp $ # Placed in the Public Domain. tid="dhgex" @@ -31,8 +31,8 @@ ssh_test_dhgex() # check what we request grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null if [ $? != 0 ]; then - got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` - fail "$tid unexpected GEX sizes, expected $groupsz, got $got" + got="`egrep 'SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent' ${LOG}`" + fail "$tid unexpected GEX sizes, expected $groupsz, got '$got'" fi # check what we got. gotbits="`awk 'BEGIN{FS="/"}/bits set:/{print $2}' ${LOG} | diff --git a/gsi_openssh/source/regress/dynamic-forward.sh b/gsi_openssh/source/regress/dynamic-forward.sh index 84f8ee1928..5a4aa6d8e9 100644 --- a/gsi_openssh/source/regress/dynamic-forward.sh +++ b/gsi_openssh/source/regress/dynamic-forward.sh @@ -1,61 +1,110 @@ -# $OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" -FWDPORT=`expr $PORT + 1` - -if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then - proxycmd="nc -x 127.0.0.1:$FWDPORT -X" -elif have_prog connect; then - proxycmd="connect -S 127.0.0.1:$FWDPORT -" -else - echo "skipped (no suitable ProxyCommand found)" - exit 0 +# This is a reasonable proxy for IPv6 support. +if ! config_defined HAVE_STRUCT_IN6_ADDR ; then + SKIP_IPV6=yes fi -trace "will use ProxyCommand $proxycmd" -start_sshd +FWDPORT=`expr $PORT + 1` +make_tmpdir +CTL=${SSH_REGRESS_TMP}/ctl-sock +cp $OBJ/ssh_config $OBJ/ssh_config.orig +proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X" +trace "will use ProxyCommand $proxycmd" -for d in D R; do +start_ssh() { + direction="$1" + arg="$2" n=0 error="1" - trace "start dynamic forwarding, fork to background" + trace "start dynamic -$direction forwarding, fork to background" + (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config + ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \ + -$direction $FWDPORT -oExitOnForwardFailure=yes \ + -oControlMaster=yes -oControlPath=$CTL somehost + r=$? + test $r -eq 0 || fatal "failed to start dynamic forwarding $r" + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \ + -oControlPath=$CTL somehost >/dev/null 2>&1 ; then + fatal "forwarding ssh process unresponsive" + fi +} - while [ "$error" -ne 0 -a "$n" -lt 3 ]; do +stop_ssh() { + test -S $CTL || return + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \ + -oControlPath=$CTL >/dev/null somehost >/dev/null ; then + fatal "forwarding ssh process did not respond to close" + fi + n=0 + while [ "$n" -lt 20 ] ; do + test -S $CTL || break + sleep 1 n=`expr $n + 1` - ${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \ - -oExitOnForwardFailure=yes somehost exec sh -c \ - \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' - error=$? - if [ "$error" -ne 0 ]; then - trace "forward failed attempt $n err $error" - sleep $n - fi done - if [ "$error" -ne 0 ]; then - fatal "failed to start dynamic forwarding" + if test -S $CTL ; then + fatal "forwarding ssh process did not exit" fi +} +check_socks() { + direction=$1 + expect_success=$2 for s in 4 5; do for h in 127.0.0.1 localhost; do - trace "testing ssh socks version $s host $h (-$d)" - ${SSH} -F $OBJ/ssh_config \ - -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ + trace "testing ssh socks version $s host $h (-$direction)" + ${REAL_SSH} -q -F $OBJ/ssh_config \ + -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ somehost cat ${DATA} > ${COPY} - test -f ${COPY} || fail "failed copy ${DATA}" - cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" + r=$? + if [ "x$expect_success" = "xY" ] ; then + if [ $r -ne 0 ] ; then + fail "ssh failed with exit status $r" + fi + test -f ${COPY} || fail "failed copy ${DATA}" + cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" + elif [ $r -eq 0 ] ; then + fail "ssh unexpectedly succeeded" + fi done done +} - if [ -f $OBJ/remote_pid ]; then - remote=`cat $OBJ/remote_pid` - trace "terminate remote shell, pid $remote" - if [ $remote -gt 1 ]; then - kill -HUP $remote - fi - else - fail "no pid file: $OBJ/remote_pid" - fi +start_sshd +trap "stop_ssh" EXIT + +for d in D R; do + verbose "test -$d forwarding" + start_ssh $d + check_socks $d Y + stop_ssh + test "x$d" = "xR" || continue + + # Test PermitRemoteOpen + verbose "PermitRemoteOpen=any" + start_ssh $d PermitRemoteOpen=any + check_socks $d Y + stop_ssh + + verbose "PermitRemoteOpen=none" + start_ssh $d PermitRemoteOpen=none + check_socks $d N + stop_ssh + + verbose "PermitRemoteOpen=explicit" + permit="127.0.0.1:$PORT [::1]:$PORT localhost:$PORT" + test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d Y + stop_ssh + verbose "PermitRemoteOpen=disallowed" + permit="127.0.0.1:1 [::1]:1 localhost:1" + test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d N + stop_ssh done diff --git a/gsi_openssh/source/regress/envpass.sh b/gsi_openssh/source/regress/envpass.sh index af7eafe3d1..cb104686bb 100644 --- a/gsi_openssh/source/regress/envpass.sh +++ b/gsi_openssh/source/regress/envpass.sh @@ -1,4 +1,4 @@ -# $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ +# $OpenBSD: envpass.sh,v 1.5 2022/06/03 04:31:54 djm Exp $ # Placed in the Public Domain. tid="environment passing" @@ -11,6 +11,7 @@ Host test-sendenv-confparse-bug SendEnv * EOF cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak trace "pass env, don't accept" verbose "test $tid: pass env, don't accept" @@ -23,6 +24,18 @@ if [ $r -ne 0 ]; then fail "environment found" fi +trace "setenv, don't accept" +verbose "test $tid: setenv, don't accept" +${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass -oSetEnv="_TEST_ENV=blah" \ + otherhost \ + sh << 'EOF' + test -z "$_TEST_ENV" +EOF +r=$? +if [ $r -ne 0 ]; then + fail "environment found" +fi + trace "don't pass env, accept" verbose "test $tid: don't pass env, accept" _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ @@ -57,4 +70,56 @@ if [ $r -ne 0 ]; then fail "environment not found" fi +trace "setenv, accept" +verbose "test $tid: setenv, accept" +${SSH} -F $OBJ/ssh_proxy_envpass \ + -oSetEnv="_XXX_TEST_A=1 _XXX_TEST_B=2" otherhost \ + sh << 'EOF' + test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" +EOF +r=$? +if [ $r -ne 0 ]; then + fail "environment not found" +fi +trace "setenv, first match wins" +verbose "test $tid: setenv, first match wins" +${SSH} -F $OBJ/ssh_proxy_envpass \ + -oSetEnv="_XXX_TEST_A=1 _XXX_TEST_A=11 _XXX_TEST_B=2" otherhost \ + sh << 'EOF' + test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" +EOF +r=$? +if [ $r -ne 0 ]; then + fail "environment not found" +fi + +trace "server setenv wins" +verbose "test $tid: server setenv wins" +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "SetEnv _XXX_TEST_A=23" >> $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy_envpass \ + -oSetEnv="_XXX_TEST_A=1 _XXX_TEST_B=2" otherhost \ + sh << 'EOF' + test X"$_XXX_TEST_A" = X"23" -a X"$_XXX_TEST_B" = X"2" +EOF +r=$? +if [ $r -ne 0 ]; then + fail "environment not found" +fi + +trace "server setenv first match wins" +verbose "test $tid: server setenv wins" +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "SetEnv _XXX_TEST_A=23 _XXX_TEST_A=42" >> $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy_envpass \ + -oSetEnv="_XXX_TEST_A=1 _XXX_TEST_B=2" otherhost \ + sh << 'EOF' + test X"$_XXX_TEST_A" = X"23" -a X"$_XXX_TEST_B" = X"2" +EOF +r=$? +if [ $r -ne 0 ]; then + fail "environment not found" +fi + + rm -f $OBJ/ssh_proxy_envpass diff --git a/gsi_openssh/source/regress/forward-control.sh b/gsi_openssh/source/regress/forward-control.sh index 02f7667a66..63bbdebe5c 100644 --- a/gsi_openssh/source/regress/forward-control.sh +++ b/gsi_openssh/source/regress/forward-control.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forward-control.sh,v 1.8 2021/05/07 09:23:40 dtucker Exp $ +# $OpenBSD: forward-control.sh,v 1.11 2022/04/21 01:36:46 dtucker Exp $ # Placed in the Public Domain. tid="sshd control of local and remote forwarding" @@ -6,19 +6,7 @@ tid="sshd control of local and remote forwarding" LFWD_PORT=3320 RFWD_PORT=3321 CTL=$OBJ/ctl-sock -READY=$OBJ/ready - -wait_for_file_to_appear() { - _path=$1 - _n=0 - while test ! -f $_path ; do - test $_n -eq 1 && trace "waiting for $_path to appear" - _n=`expr $_n + 1` - test $_n -ge 20 && return 1 - sleep 1 - done - return 0 -} +WAIT_SECONDS=20 wait_for_process_to_exit() { _pid=$1 @@ -26,29 +14,35 @@ wait_for_process_to_exit() { while kill -0 $_pid 2>/dev/null ; do test $_n -eq 1 && trace "waiting for $_pid to exit" _n=`expr $_n + 1` - test $_n -ge 20 && return 1 + test $_n -ge $WAIT_SECONDS && return 1 sleep 1 done return 0 } +mux_cmd() { + ${SSH} -F $OBJ/ssh_proxy -S $CTL -O $1 host 2>&1 +} + +controlmaster_pid() { + mux_cmd check | cut -f2 -d= | cut -f1 -d')' +} + # usage: check_lfwd Y|N message check_lfwd() { _expected=$1 _message=$2 - rm -f $READY ${SSH} -F $OBJ/ssh_proxy \ -L$LFWD_PORT:127.0.0.1:$PORT \ -o ExitOnForwardFailure=yes \ - -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ - >/dev/null 2>&1 & - _sshpid=$! - wait_for_file_to_appear $READY || \ - fatal "check_lfwd ssh fail: $_message" + -MS $CTL -o ControlPersist=yes \ + -f host true + mux_cmd check >/dev/null || fatal "check_lfwd ssh fail: $_message" ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \ -oConnectionAttempts=10 host true >/dev/null 2>&1 _result=$? - kill $_sshpid `cat $READY` 2>/dev/null + _sshpid=`controlmaster_pid` + mux_cmd exit >/dev/null wait_for_process_to_exit $_sshpid if test "x$_expected" = "xY" -a $_result -ne 0 ; then fail "check_lfwd failed (expecting success): $_message" @@ -65,20 +59,19 @@ check_lfwd() { check_rfwd() { _expected=$1 _message=$2 - rm -f $READY ${SSH} -F $OBJ/ssh_proxy \ -R127.0.0.1:$RFWD_PORT:127.0.0.1:$PORT \ -o ExitOnForwardFailure=yes \ - -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ - >/dev/null 2>&1 & - _sshpid=$! - wait_for_file_to_appear $READY + -MS $CTL -o ControlPersist=yes \ + -f host true + mux_cmd check >/dev/null _result=$? - if test $_result -eq 0 ; then + _sshpid=`controlmaster_pid` + if test $_result -eq 0; then ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \ -oConnectionAttempts=10 host true >/dev/null 2>&1 _result=$? - kill $_sshpid `cat $READY` 2>/dev/null + mux_cmd exit >/dev/null wait_for_process_to_exit $_sshpid fi if test "x$_expected" = "xY" -a $_result -ne 0 ; then diff --git a/gsi_openssh/source/regress/hostbased.sh b/gsi_openssh/source/regress/hostbased.sh index 04a1c1a2da..eb9cf2727d 100644 --- a/gsi_openssh/source/regress/hostbased.sh +++ b/gsi_openssh/source/regress/hostbased.sh @@ -1,4 +1,4 @@ -# $OpenBSD: hostbased.sh,v 1.3 2022/01/08 07:55:26 dtucker Exp $ +# $OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $ # Placed in the Public Domain. # This test requires external setup and thus is skipped unless @@ -8,7 +8,7 @@ # - ssh-keysign must be installed and setuid. # - "EnableSSHKeysign yes" must be in the system ssh_config. # - the system's own real FQDN the system-wide shosts.equiv. -# - the system's real public key fingerprints must me in global ssh_known_hosts. +# - the system's real public key fingerprints must be in global ssh_known_hosts. # tid="hostbased" diff --git a/gsi_openssh/source/regress/hostkey-agent.sh b/gsi_openssh/source/regress/hostkey-agent.sh index 2b2a6cffed..5b4b00fa76 100644 --- a/gsi_openssh/source/regress/hostkey-agent.sh +++ b/gsi_openssh/source/regress/hostkey-agent.sh @@ -20,6 +20,15 @@ ${SSHKEYGEN} -qt ed25519 -f $OBJ/agent-ca -N '' || fatal "ssh-keygen CA" PUBKEY_ACCEPTED_ALGOS=`$SSH -G "example.com" | \ grep -i "PubkeyAcceptedAlgorithms" | cut -d ' ' -f2- | tr "," "|"` SSH_ACCEPTED_KEYTYPES=`echo "$SSH_KEYTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` +echo $PUBKEY_ACCEPTED_ALGOS | grep "rsa" +r=$? +if [ $r == 0 ]; then +echo $SSH_ACCEPTED_KEYTYPES | grep "rsa" +r=$? +if [ $r -ne 0 ]; then +SSH_ACCEPTED_KEYTYPES="$SSH_ACCEPTED_KEYTYPES ssh-rsa" +fi +fi trace "load hostkeys" for k in $SSH_ACCEPTED_KEYTYPES ; do @@ -38,10 +47,14 @@ unset SSH_AUTH_SOCK for k in $SSH_ACCEPTED_KEYTYPES ; do verbose "key type $k" + hka=$k + if [ $k = "ssh-rsa" ]; then + hka="rsa-sha2-512" + fi cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy - echo "HostKeyAlgorithms $k" >> $OBJ/sshd_proxy + echo "HostKeyAlgorithms $hka" >> $OBJ/sshd_proxy echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy - opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" + opts="-oHostKeyAlgorithms=$hka -F $OBJ/ssh_proxy" ( printf 'localhost-with-alias,127.0.0.1,::1 ' ; cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` @@ -54,15 +67,16 @@ for k in $SSH_ACCEPTED_KEYTYPES ; do done SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'` +SSH_ACCEPTED_CERTTYPES=`echo "$SSH_CERTTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` # Prepare sshd_proxy for certificates. cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy HOSTKEYALGS="" -for k in $SSH_CERTTYPES ; do +for k in $SSH_ACCEPTED_CERTTYPES ; do test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS}," HOSTKEYALGS="${HOSTKEYALGS}${k}" done -for k in $SSH_KEYTYPES ; do +for k in $SSH_ACCEPTED_KEYTYPES ; do echo "Hostkey $OBJ/agent-key.${k}.pub" >> $OBJ/sshd_proxy echo "HostCertificate $OBJ/agent-key.${k}-cert.pub" >> $OBJ/sshd_proxy test -f $OBJ/agent-key.${k}.pub || fatal "no $k key" @@ -74,7 +88,7 @@ echo "HostKeyAlgorithms $HOSTKEYALGS" >> $OBJ/sshd_proxy ( printf '@cert-authority localhost-with-alias ' ; cat $OBJ/agent-ca.pub) > $OBJ/known_hosts -for k in $SSH_CERTTYPES ; do +for k in $SSH_ACCEPTED_CERTTYPES ; do verbose "cert type $k" opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` diff --git a/gsi_openssh/source/regress/integrity.sh b/gsi_openssh/source/regress/integrity.sh index b83434a927..6e35d0325b 100644 --- a/gsi_openssh/source/regress/integrity.sh +++ b/gsi_openssh/source/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.24 2020/01/21 08:06:27 djm Exp $ +# $OpenBSD: integrity.sh,v 1.25 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -18,7 +18,7 @@ macs="$macs `${SSH} -Q cipher-auth`" # >> $OBJ/ssh_proxy # sshd-command for proxy (see test-exec.sh) -cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" +cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" for m in $macs; do # the none mac is now valid but tests against it will succeed when we expect it to diff --git a/gsi_openssh/source/regress/keygen-sshfp.sh b/gsi_openssh/source/regress/keygen-sshfp.sh index 2abf9adeca..0f5eb85554 100644 --- a/gsi_openssh/source/regress/keygen-sshfp.sh +++ b/gsi_openssh/source/regress/keygen-sshfp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keygen-sshfp.sh,v 1.2 2021/07/19 02:29:28 dtucker Exp $ +# $OpenBSD: keygen-sshfp.sh,v 1.3 2023/02/10 05:06:03 djm Exp $ # Placed in the Public Domain. tid="keygen-sshfp" @@ -16,6 +16,25 @@ if [ "$fp" != \ fail "keygen fingerprint sha256" fi +# Expect two lines of output without an explicit algorithm +fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | wc -l` +if [ $(($fp + 0)) -ne 2 ] ; then + fail "incorrect number of SSHFP records $fp (expected 2)" +fi + +# Test explicit algorithm selection +exp="test IN SSHFP 4 1 8a8647a7567e202ce317e62606c799c53d4c121f" +fp=`${SSHKEYGEN} -Ohashalg=sha1 -r test -f ${SRC}/ed25519_openssh.pub` +if [ "x$exp" != "x$fp" ] ; then + fail "incorrect SHA1 SSHFP output" +fi + +exp="test IN SSHFP 4 2 54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" +fp=`${SSHKEYGEN} -Ohashalg=sha256 -r test -f ${SRC}/ed25519_openssh.pub` +if [ "x$exp" != "x$fp" ] ; then + fail "incorrect SHA256 SSHFP output" +fi + if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'` if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then @@ -27,3 +46,4 @@ if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then fail "keygen fingerprint sha256" fi fi + diff --git a/gsi_openssh/source/regress/knownhosts.sh b/gsi_openssh/source/regress/knownhosts.sh index dfc768ac97..7a9da5b146 100644 --- a/gsi_openssh/source/regress/knownhosts.sh +++ b/gsi_openssh/source/regress/knownhosts.sh @@ -1,4 +1,4 @@ -# $OpenBSD: knownhosts.sh,v 1.1 2021/10/01 05:20:20 dtucker Exp $ +# $OpenBSD: knownhosts.sh,v 1.2 2023/02/09 09:55:33 dtucker Exp $ # Placed in the Public Domain. tid="known hosts" @@ -15,3 +15,21 @@ ${SSH} -ohashknownhosts=yes -o stricthostkeychecking=no $opts somehost true \ trace "test hashed known hosts" ${SSH} $opts somehost true || fail "reconnect with hashed known hosts" + +trace "no newline at end of known_hosts" +printf "something" >$OBJ/known_hosts +${SSH} $opts -ostricthostkeychecking=no somehost true \ + || fail "hostkey update, missing newline, no strict" +${SSH} $opts -ostricthostkeychecking=yes somehost true \ + || fail "reconnect after adding with missing newline" + +trace "newline at end of known_hosts" +printf "something\n" >$OBJ/known_hosts +${SSH} $opts -ostricthostkeychecking=no somehost true \ + || fail "hostkey update, newline, no strict" +${SSH} $opts -ostricthostkeychecking=yes somehost true \ + || fail "reconnect after adding without missing newline" +lines=`wc -l <$OBJ/known_hosts` +if [ $lines -ne 2 ]; then + fail "expected 2 lines in known_hosts, found $lines" +fi diff --git a/gsi_openssh/source/regress/krl.sh b/gsi_openssh/source/regress/krl.sh index c381225ed7..d560d61e8c 100644 --- a/gsi_openssh/source/regress/krl.sh +++ b/gsi_openssh/source/regress/krl.sh @@ -1,4 +1,4 @@ -# $OpenBSD: krl.sh,v 1.11 2019/12/16 02:39:05 djm Exp $ +# $OpenBSD: krl.sh,v 1.12 2023/01/16 04:11:29 djm Exp $ # Placed in the Public Domain. tid="key revocation lists" @@ -175,8 +175,8 @@ test_rev() { KEYID_RESULT=$7 CERTS_RESULT=$8 CA_RESULT=$9 - SERIAL_WRESULT=$10 - KEYID_WRESULT=$11 + SERIAL_WRESULT=${10} + KEYID_WRESULT=${11} verbose "$tid: checking revocations for $TAG" for f in $FILES ; do check_krl $f $OBJ/krl-empty no "$TAG" diff --git a/gsi_openssh/source/regress/misc/fuzz-harness/Makefile b/gsi_openssh/source/regress/misc/fuzz-harness/Makefile index 3938ac853d..0b4238fd39 100644 --- a/gsi_openssh/source/regress/misc/fuzz-harness/Makefile +++ b/gsi_openssh/source/regress/misc/fuzz-harness/Makefile @@ -11,7 +11,7 @@ LIBS=-lssh -lopenbsd-compat -lmd -lcrypto -lfido2 -lcbor $(FUZZ_LIBS) SK_NULL_OBJS=ssh-sk-null.o COMMON_DEPS=../../../libssh.a -TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \ +TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz authkeys_fuzz sshsig_fuzz \ sshsigopt_fuzz privkey_fuzz kex_fuzz agent_fuzz all: $(TARGETS) @@ -28,6 +28,9 @@ sig_fuzz: sig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS) authopt_fuzz: authopt_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS) $(CXX) -o $@ authopt_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS) +authkeys_fuzz: authkeys_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS) + $(CXX) -o $@ authkeys_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o ../../../auth2-pubkeyfile.o $(LDFLAGS) $(LIBS) + sshsig_fuzz: sshsig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS) $(CXX) -o $@ sshsig_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS) diff --git a/gsi_openssh/source/regress/misc/fuzz-harness/authkeys_fuzz.cc b/gsi_openssh/source/regress/misc/fuzz-harness/authkeys_fuzz.cc new file mode 100644 index 0000000000..8b3e54e543 --- /dev/null +++ b/gsi_openssh/source/regress/misc/fuzz-harness/authkeys_fuzz.cc @@ -0,0 +1,81 @@ +#include +#include +#include +#include +#include +#include +#include + +extern "C" { + +#include "hostfile.h" +#include "auth.h" +#include "auth-options.h" +#include "sshkey.h" + +// testdata/id_ed25519.pub and testdata/id_ed25519-cert.pub +const char *pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD"; +const char *certtext = "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMDQjYH6XRzH3j3MW1DdjCoAfvrHfgjnVGF+sLK0pBfqAAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAAAAAA+sAAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQBj0og+s09/HpwdHZbzN0twooKPDWWrxGfnP1Joy6cDnY2BCSQ7zg9vbq11kLF8H/sKOTZWAQrUZ7LlChOu9Ogw= id_ed25519.pub"; + +// stubs +void auth_debug_add(const char *fmt,...) +{ +} + +void +auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) +{ +} + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + char *tmp, *o, *cp = (char *)malloc(size + 1 + strlen(pubkey) + 1); + struct sshauthopt *opts = NULL; + struct passwd *pw = getpwuid(getuid()); + static struct sshkey *key, *cert; + + if (key == NULL) { + if ((key = sshkey_new(KEY_UNSPEC)) == NULL || + (cert = sshkey_new(KEY_UNSPEC)) == NULL) + abort(); + if ((o = tmp = strdup(pubkey)) == NULL || + sshkey_read(key, &tmp) != 0) + abort(); + free(o); + if ((o = tmp = strdup(certtext)) == NULL || + sshkey_read(cert, &tmp) != 0) + abort(); + free(o); + } + if (cp == NULL || pw == NULL || key == NULL || cert == NULL) + abort(); + + // Cleanup whitespace at input EOL. + for (; size > 0 && strchr(" \t\r\n", data[size - 1]) != NULL; size--) ; + + // Append a pubkey that will match. + memcpy(cp, data, size); + cp[size] = ' '; + memcpy(cp + size + 1, pubkey, strlen(pubkey) + 1); + + // Try key. + if ((tmp = strdup(cp)) == NULL) + abort(); + (void) auth_check_authkey_line(pw, key, tmp, "127.0.0.1", "localhost", + "fuzz", &opts); + free(tmp); + sshauthopt_free(opts); + + // Try cert. + if ((tmp = strdup(cp)) == NULL) + abort(); + (void) auth_check_authkey_line(pw, cert, tmp, "127.0.0.1", "localhost", + "fuzz", &opts); + free(tmp); + sshauthopt_free(opts); + + free(cp); + return 0; +} + +} // extern "C" diff --git a/gsi_openssh/source/regress/misc/sk-dummy/sk-dummy.c b/gsi_openssh/source/regress/misc/sk-dummy/sk-dummy.c index 37070e1144..545c4f3611 100644 --- a/gsi_openssh/source/regress/misc/sk-dummy/sk-dummy.c +++ b/gsi_openssh/source/regress/misc/sk-dummy/sk-dummy.c @@ -59,7 +59,7 @@ /* #define SK_DEBUG 1 */ -#if SSH_SK_VERSION_MAJOR != 0x00090000 +#if SSH_SK_VERSION_MAJOR != 0x000a0000 # error SK API has changed, sk-dummy.c needs an update #endif diff --git a/gsi_openssh/source/regress/multiplex.sh b/gsi_openssh/source/regress/multiplex.sh index 4744fa3d97..8282d0d940 100644 --- a/gsi_openssh/source/regress/multiplex.sh +++ b/gsi_openssh/source/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.33 2020/06/24 15:16:23 markus Exp $ +# $OpenBSD: multiplex.sh,v 1.36 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. make_tmpdir @@ -24,6 +24,7 @@ wait_for_mux_master_ready() fatal "mux master never becomes ready" } +maybe_add_scp_path_to_sshd start_sshd start_mux_master() @@ -38,8 +39,8 @@ start_mux_master() start_mux_master -verbose "test $tid: envpass" -trace "env passing over multiplexed connection" +verbose "test $tid: setenv" +trace "setenv over multiplexed connection" _XXX_TEST=blah ${SSH} -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF' test X"$_XXX_TEST" = X"blah" EOF @@ -47,6 +48,16 @@ if [ $? -ne 0 ]; then fail "environment not found" fi +verbose "test $tid: envpass" +trace "env passing over multiplexed connection" +${SSH} -F $OBJ/ssh_config -oSetEnv="_XXX_TEST=foo" -S$CTL otherhost sh << 'EOF' + test X"$_XXX_TEST" = X"foo" +EOF +if [ $? -ne 0 ]; then + fail "environment not found" +fi + + verbose "test $tid: transfer" rm -f ${COPY} trace "ssh transfer over multiplexed connection and check result" @@ -76,7 +87,7 @@ cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" rm -f ${COPY} verbose "test $tid: forward" trace "forward over TCP/IP and check result" -$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} > /dev/null & +$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} >`ssh_logfile nc` & netcat_pid=$! ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1 sleep 1 # XXX remove once race fixed diff --git a/gsi_openssh/source/regress/percent.sh b/gsi_openssh/source/regress/percent.sh index bb81779a01..3dfa8d2dfe 100644 --- a/gsi_openssh/source/regress/percent.sh +++ b/gsi_openssh/source/regress/percent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: percent.sh,v 1.14 2022/02/20 03:47:26 dtucker Exp $ +# $OpenBSD: percent.sh,v 1.16 2023/01/14 09:57:08 dtucker Exp $ # Placed in the Public Domain. tid="percent expansions" @@ -12,6 +12,7 @@ USER=`id -u -n` USERID=`id -u` HOST=`hostname | cut -f1 -d.` HOSTNAME=`hostname` +HASH="" # Localcommand is evaluated after connection because %T is not available # until then. Because of this we use a different method of exercising it, @@ -79,10 +80,12 @@ for i in matchexec localcommand remotecommand controlpath identityagent \ trial $i '%T' NONE fi # Matches implementation in readconf.c:ssh_connection_hash() - HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | - $OPENSSL_BIN sha1 | cut -f2 -d' '` + if [ ! -z "${OPENSSL_BIN}" ]; then + HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | + $OPENSSL_BIN sha1 | cut -f2 -d' '` + trial $i '%C' $HASH + fi trial $i '%%' '%' - trial $i '%C' $HASH trial $i '%i' $USERID trial $i '%h' 127.0.0.1 trial $i '%L' $HOST @@ -96,8 +99,13 @@ for i in matchexec localcommand remotecommand controlpath identityagent \ # containing %d for UserKnownHostsFile if [ "$i" != "userknownhostsfile" ]; then trial $i '%d' $HOME - trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ - "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" + in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' + out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" + if [ ! -z "${HASH}" ]; then + in="$in/%C" + out="$out/$HASH" + fi + trial $i "$in" "$out" fi done diff --git a/gsi_openssh/source/regress/reexec.sh b/gsi_openssh/source/regress/reexec.sh index 8966ba524e..3f88d41f53 100644 --- a/gsi_openssh/source/regress/reexec.sh +++ b/gsi_openssh/source/regress/reexec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.12 2017/08/07 03:52:55 dtucker Exp $ +# $OpenBSD: reexec.sh,v 1.13 2023/01/19 07:53:45 dtucker Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -49,7 +49,7 @@ if [ "$os" != "cygwin" ]; then verbose "test reexec fallback" start_sshd_copy -rm -f $SSHD_COPY +$SUDO rm -f $SSHD_COPY copy_tests diff --git a/gsi_openssh/source/regress/scp-uri.sh b/gsi_openssh/source/regress/scp-uri.sh index 20ac3c89ec..eacbd453af 100644 --- a/gsi_openssh/source/regress/scp-uri.sh +++ b/gsi_openssh/source/regress/scp-uri.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp-uri.sh,v 1.4 2021/08/10 03:35:45 djm Exp $ +# $OpenBSD: scp-uri.sh,v 1.5 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp-uri" @@ -9,6 +9,8 @@ COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 +maybe_add_scp_path_to_sshd + SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp diff --git a/gsi_openssh/source/regress/scp.sh b/gsi_openssh/source/regress/scp.sh index 358a8df66b..76c2b2a6bb 100644 --- a/gsi_openssh/source/regress/scp.sh +++ b/gsi_openssh/source/regress/scp.sh @@ -1,20 +1,23 @@ -# $OpenBSD: scp.sh,v 1.13 2021/08/10 03:35:45 djm Exp $ +# $OpenBSD: scp.sh,v 1.18 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp" #set -x -# Figure out if diff understands "-N" -if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then - DIFFOPT="-rN" -else - DIFFOPT="-r" -fi - COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 +COPY3=${OBJ}/copy.glob[123] +DIR3=${COPY}.dd.glob[456] +DIFFOPT="-rN" + +# Figure out if diff does not understand "-N" +if ! diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then + DIFFOPT="-r" +fi + +maybe_add_scp_path_to_sshd SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp @@ -22,9 +25,9 @@ chmod 755 ${OBJ}/scp-ssh-wrapper.scp export SCP # used in scp-ssh-wrapper.scp scpclean() { - rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} - mkdir ${DIR} ${DIR2} - chmod 755 ${DIR} ${DIR2} + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} ${COPY3} ${DIR3} + mkdir ${DIR} ${DIR2} ${DIR3} + chmod 755 ${DIR} ${DIR2} ${DIR3} } for mode in scp sftp ; do @@ -34,7 +37,7 @@ for mode in scp sftp ; do else scpopts="-s -D ${SFTPSERVER}" fi - verbose "tid: simple copy local file to local file" + verbose "$tag: simple copy local file to local file" scpclean $SCP $scpopts ${DATA} ${COPY} || fail "copy failed" cmp ${DATA} ${COPY} || fail "corrupted copy" @@ -49,6 +52,31 @@ for mode in scp sftp ; do $SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: copy local file to remote file in place" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} somehost:${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + + verbose "$tag: copy remote file to local file in place" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts somehost:${COPY} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + + verbose "$tag: copy local file to remote file clobber" + scpclean + cat ${DATA} ${DATA} > ${COPY} + $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" + ls -l $DATA $COPY + cmp ${DATA} ${COPY} || fail "corrupted copy" + + verbose "$tag: copy remote file to local file clobber" + scpclean + cat ${DATA} ${DATA} > ${COPY} + $SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: simple copy local file to remote dir" scpclean cp ${DATA} ${COPY} @@ -88,6 +116,30 @@ for mode in scp sftp ; do $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: unmatched glob file local->remote" + scpclean + $SCP $scpopts ${DATA} somehost:${COPY3} || fail "copy failed" + cmp ${DATA} ${COPY3} || fail "corrupted copy" + + verbose "$tag: unmatched glob file remote->local" + # NB. no clean + $SCP $scpopts somehost:${COPY3} ${COPY2} || fail "copy failed" + cmp ${DATA} ${COPY2} || fail "corrupted copy" + + verbose "$tag: unmatched glob dir recursive local->remote" + scpclean + rm -rf ${DIR3} + cp ${DATA} ${DIR}/copy + cp ${DATA} ${DIR}/copy.glob[1234] + $SCP $scpopts -r ${DIR} somehost:${DIR3} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR3} || fail "corrupted copy" + + verbose "$tag: unmatched glob dir recursive remote->local" + # NB. no clean + rm -rf ${DIR2} + $SCP $scpopts -r somehost:${DIR3} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: shell metacharacters" scpclean (cd ${DIR} && \ diff --git a/gsi_openssh/source/regress/scp3.sh b/gsi_openssh/source/regress/scp3.sh index f71b156775..383121f451 100644 --- a/gsi_openssh/source/regress/scp3.sh +++ b/gsi_openssh/source/regress/scp3.sh @@ -1,14 +1,16 @@ -# $OpenBSD: scp3.sh,v 1.3 2021/08/10 03:35:45 djm Exp $ +# $OpenBSD: scp3.sh,v 1.4 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp3" -#set -x +set -x COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 +maybe_add_scp_path_to_sshd + SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp diff --git a/gsi_openssh/source/regress/sftp-cmds.sh b/gsi_openssh/source/regress/sftp-cmds.sh index 1289c4089c..85f0e97672 100644 --- a/gsi_openssh/source/regress/sftp-cmds.sh +++ b/gsi_openssh/source/regress/sftp-cmds.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-cmds.sh,v 1.14 2013/06/21 02:26:26 djm Exp $ +# $OpenBSD: sftp-cmds.sh,v 1.15 2022/03/31 03:07:33 djm Exp $ # Placed in the Public Domain. # XXX - TODO: @@ -197,6 +197,11 @@ rm -f ${COPY}.2 echo "ln -s ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "ln -s failed" test -h ${COPY}.2 || fail "missing file after ln -s" +verbose "$tid: cp" +rm -f ${COPY}.2 +echo "cp ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "cp failed" +cmp ${COPY}.1 ${COPY}.2 || fail "created file is not equal after cp" + verbose "$tid: mkdir" echo "mkdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ || fail "mkdir failed" diff --git a/gsi_openssh/source/regress/sshd-log-wrapper.sh b/gsi_openssh/source/regress/sshd-log-wrapper.sh deleted file mode 100644 index 4b3c911379..0000000000 --- a/gsi_openssh/source/regress/sshd-log-wrapper.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -# $OpenBSD: sshd-log-wrapper.sh,v 1.5 2022/01/04 08:38:53 dtucker Exp $ -# Placed in the Public Domain. -# -# simple wrapper for sshd proxy mode to catch stderr output -# sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd [args...] - -log=$1 -shift - -echo "Executing: $@" >>$log -exec "$@" -E$log diff --git a/gsi_openssh/source/regress/test-exec.sh b/gsi_openssh/source/regress/test-exec.sh index 9fb02d1cbc..8666d0d6a4 100644 --- a/gsi_openssh/source/regress/test-exec.sh +++ b/gsi_openssh/source/regress/test-exec.sh @@ -1,9 +1,9 @@ -# $OpenBSD: test-exec.sh,v 1.89 2022/01/06 22:14:25 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.98 2023/03/02 11:10:27 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo -if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then +if [ ! -z "$TEST_SSH_ELAPSED_TIMES" ]; then STARTTIME=`date '+%s'` fi @@ -102,7 +102,8 @@ CONCH=conch # Tools used by multiple tests NC=$OBJ/netcat -OPENSSL_BIN="${OPENSSL_BIN:-openssl}" +# Always use the one configure tells us to, even if that's empty. +#OPENSSL_BIN="${OPENSSL_BIN:-openssl}" if [ "x$TEST_SSH_SSH" != "x" ]; then SSH="${TEST_SSH_SSH}" @@ -239,7 +240,13 @@ fi # Logfiles. # SSH_LOGFILE should be the debug output of ssh(1) only # SSHD_LOGFILE should be the debug output of sshd(8) only -# REGRESS_LOGFILE is the output of the test itself stdout and stderr +# REGRESS_LOGFILE is the log of progress of the regress test itself. +# TEST_SSH_LOGDIR will contain datestamped logs of all binaries run in +# chronological order. +if [ "x$TEST_SSH_LOGDIR" = "x" ]; then + TEST_SSH_LOGDIR=$OBJ/log + mkdir -p $TEST_SSH_LOGDIR +fi if [ "x$TEST_SSH_LOGFILE" = "x" ]; then TEST_SSH_LOGFILE=$OBJ/ssh.log fi @@ -250,21 +257,53 @@ if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then TEST_REGRESS_LOGFILE=$OBJ/regress.log fi +# If set, keep track of successful tests and skip them them if we've +# previously completed that test. +if [ "x$TEST_REGRESS_CACHE_DIR" != "x" ]; then + if [ ! -d "$TEST_REGRESS_CACHE_DIR" ]; then + mkdir -p "$TEST_REGRESS_CACHE_DIR" + fi + TEST="`basename $SCRIPT .sh`" + CACHE="${TEST_REGRESS_CACHE_DIR}/${TEST}.cache" + for i in ${SSH} ${SSHD} ${SSHAGENT} ${SSHADD} ${SSHKEYGEN} ${SCP} \ + ${SFTP} ${SFTPSERVER} ${SSHKEYSCAN}; do + case $i in + /*) bin="$i" ;; + *) bin="`which $i`" ;; + esac + if [ "$bin" -nt "$CACHE" ]; then + rm -f "$CACHE" + fi + done + if [ -f "$CACHE" ]; then + echo ok cached $CACHE + exit 0 + fi +fi + # truncate logfiles ->$TEST_SSH_LOGFILE ->$TEST_SSHD_LOGFILE >$TEST_REGRESS_LOGFILE -# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." -# because sftp and scp don't handle spaces in arguments. scp and sftp like -# to use -q so we remove those to preserve our debug logging. In the rare -# instance where -q is desirable -qq is equivalent and is not removed. +# Create ssh and sshd wrappers with logging. These create a datestamped +# unique file for every invocation so that we can retain all logs from a +# given test no matter how many times it's invoked. It also leaves a +# symlink with the original name for tests (and people) who look for that. + +# For ssh, e can't just specify "SSH=ssh -E..." because sftp and scp don't +# handle spaces in arguments. scp and sftp like to use -q so we remove those +# to preserve our debug logging. In the rare instance where -q is desirable +# -qq is equivalent and is not removed. SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh cat >$SSHLOGWRAP <>${TEST_SSH_LOGFILE} +timestamp="\`$OBJ/timestamp\`" +logfile="${TEST_SSH_LOGDIR}/\${timestamp}.ssh.\$\$.log" +echo "Executing: ${SSH} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSH} \$@" >>\${logfile} for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done -exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@" +rm -f $TEST_SSH_LOGFILE +ln -f -s \${logfile} $TEST_SSH_LOGFILE +exec ${SSH} -E\${logfile} "\$@" EOD chmod a+rx $OBJ/ssh-log-wrapper.sh @@ -272,6 +311,28 @@ REAL_SSH="$SSH" REAL_SSHD="$SSHD" SSH="$SSHLOGWRAP" +SSHDLOGWRAP=$OBJ/sshd-log-wrapper.sh +cat >$SSHDLOGWRAP <>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSHD} \$@" >>\${logfile} +exec ${SSHD} -E\${logfile} "\$@" +EOD +chmod a+rx $OBJ/sshd-log-wrapper.sh + +ssh_logfile () +{ + tool="$1" + timestamp="`$OBJ/timestamp`" + logfile="${TEST_SSH_LOGDIR}/${timestamp}.$tool.$$.log" + echo "Logging $tool to log \${logfile}" >>$TEST_REGRESS_LOGFILE + echo $logfile +} + # Some test data. We make a copy because some tests will overwrite it. # The tests may assume that $DATA exists and is writable and $COPY does # not exist. Tests requiring larger data files can call increase_datafile_size @@ -296,7 +357,7 @@ export SSH_PKCS11_HELPER SSH_SK_HELPER #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP # Portable specific functions -have_prog() +which() { saved_IFS="$IFS" IFS=":" @@ -304,13 +365,21 @@ have_prog() do if [ -x $i/$1 ]; then IFS="$saved_IFS" + echo "$i/$1" return 0 fi done IFS="$saved_IFS" + echo "$i/$1" return 1 } +have_prog() +{ + which "$1" >/dev/null 2>&1 + return $? +} + jot() { awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" } @@ -418,19 +487,37 @@ cleanup () start_debug_log () { - echo "trace: $@" >$TEST_REGRESS_LOGFILE - echo "trace: $@" >$TEST_SSH_LOGFILE - echo "trace: $@" >$TEST_SSHD_LOGFILE + echo "trace: $@" >>$TEST_REGRESS_LOGFILE + if [ -d "$TEST_SSH_LOGDIR" ]; then + rm -f $TEST_SSH_LOGDIR/* + fi } save_debug_log () { + testname=`echo $tid | tr ' ' _` + tarname="$OBJ/failed-$testname-logs.tar" + echo $@ >>$TEST_REGRESS_LOGFILE echo $@ >>$TEST_SSH_LOGFILE echo $@ >>$TEST_SSHD_LOGFILE + echo "Saving debug logs to $tarname" >>$TEST_REGRESS_LOGFILE (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log + + # Save all logfiles in a tarball. + (cd $OBJ && + logfiles="" + for i in $TEST_REGRESS_LOGFILE $TEST_SSH_LOGFILE $TEST_SSHD_LOGFILE \ + $TEST_SSH_LOGDIR; do + if [ -e "`basename $i`" ]; then + logfiles="$logfiles `basename $i`" + else + logfiles="$logfiles $i" + fi + done + tar cf "$tarname" $logfiles) } trace () @@ -477,6 +564,18 @@ skip () exit $RESULT } +maybe_add_scp_path_to_sshd () +{ + # If we're testing a non-installed scp, add its directory to sshd's + # PATH so we can test it. We don't do this for all tests as it + # breaks the SetEnv tests. + case "$SCP" in + /*) PATH_WITH_SCP="`dirname $SCP`:$PATH" + echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_config + echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_proxy ;; + esac +} + RESULT=0 PIDFILE=$OBJ/pidfile @@ -597,8 +696,9 @@ maybe_filter_sk() { fi } -SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk` -SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk` +#ssh-dss keys are incompatible with DEFAULT crypto policy +SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'` +SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk | grep -v 'ssh-dss'` for t in ${SSH_KEYTYPES}; do # generate user key @@ -680,7 +780,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy - echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy PUTTYDIR=${OBJ}/.putty @@ -690,7 +790,7 @@ fi # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy + echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config @@ -699,6 +799,7 @@ ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" start_sshd () { # start sshd + logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log" $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" $SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \ ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE @@ -763,6 +864,9 @@ fi if [ $RESULT -eq 0 ]; then verbose ok $tid + if [ "x$CACHE" != "x" ]; then + touch "$CACHE" + fi else echo failed $tid fi diff --git a/gsi_openssh/source/regress/timestamp.c b/gsi_openssh/source/regress/timestamp.c new file mode 100644 index 0000000000..77dae457b6 --- /dev/null +++ b/gsi_openssh/source/regress/timestamp.c @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2023 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: timestamp.c,v 1.1 2023/03/01 09:29:32 dtucker Exp $ */ + +/* + * Print a microsecond-granularity timestamp to stdout in an ISO8601-ish + * format, which we can then use as the first component of the log file + * so that they'll sort into chronological order. + */ + +#include + +#include +#include +#include + +int +main(void) +{ + struct timeval tv; + struct tm *tm; + char buf[1024]; + + if (gettimeofday(&tv, NULL) != 0) + exit(1); + if ((tm = localtime(&tv.tv_sec)) == NULL) + exit(2); + if (strftime(buf, sizeof buf, "%Y%m%dT%H%M%S", tm) <= 0) + exit(3); + printf("%s.%06d\n", buf, (int)tv.tv_usec); + exit(0); +} diff --git a/gsi_openssh/source/regress/unittests/kex/test_kex.c b/gsi_openssh/source/regress/unittests/kex/test_kex.c index c26761ee7c..6eafa0edce 100644 --- a/gsi_openssh/source/regress/unittests/kex/test_kex.c +++ b/gsi_openssh/source/regress/unittests/kex/test_kex.c @@ -96,7 +96,8 @@ do_kex_with_key(char *kex, int keytype, int bits) memcpy(kex_params.proposal, myproposal, sizeof(myproposal)); if (kex != NULL) kex_params.proposal[PROPOSAL_KEX_ALGS] = kex; - keyname = strdup(sshkey_ssh_name(private)); + keyname = (strcmp(sshkey_ssh_name(private), "ssh-rsa")) ? + strdup(sshkey_ssh_name(private)) : strdup("rsa-sha2-256"); ASSERT_PTR_NE(keyname, NULL); kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); @@ -179,7 +180,7 @@ do_kex(char *kex) { #ifdef WITH_OPENSSL do_kex_with_key(kex, KEY_RSA, 2048); - do_kex_with_key(kex, KEY_DSA, 1024); + /* do_kex_with_key(kex, KEY_DSA, 1024); */ #ifdef OPENSSL_HAS_ECC do_kex_with_key(kex, KEY_ECDSA, 256); #endif /* OPENSSL_HAS_ECC */ diff --git a/gsi_openssh/source/regress/unittests/kex/test_proposal.c b/gsi_openssh/source/regress/unittests/kex/test_proposal.c new file mode 100644 index 0000000000..fa4192bb66 --- /dev/null +++ b/gsi_openssh/source/regress/unittests/kex/test_proposal.c @@ -0,0 +1,124 @@ +/* $OpenBSD: test_proposal.c,v 1.2 2023/03/06 12:15:47 dtucker Exp $ */ +/* + * Regress test KEX + * + * Placed in the public domain + */ + +#include "includes.h" + +#include +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include + +#include "../test_helper/test_helper.h" + +#include "cipher.h" +#include "compat.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "kex.h" +#include "myproposal.h" +#include "packet.h" +#include "xmalloc.h" + +void kex_proposal_tests(void); +void kex_proposal_populate_tests(void); + +#define CURVE25519 "curve25519-sha256@libssh.org" +#define DHGEX1 "diffie-hellman-group-exchange-sha1" +#define DHGEX256 "diffie-hellman-group-exchange-sha256" +#define KEXALGOS CURVE25519","DHGEX256","DHGEX1 +void +kex_proposal_tests(void) +{ + size_t i; + struct ssh ssh; + char *result, *out, *in; + struct { + char *in; /* TODO: make this const */ + char *out; + int compat; + } tests[] = { + { KEXALGOS, KEXALGOS, 0}, + { KEXALGOS, DHGEX256","DHGEX1, SSH_BUG_CURVE25519PAD }, + { KEXALGOS, CURVE25519, SSH_OLD_DHGEX }, + { "a,"KEXALGOS, "a", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, + /* TODO: enable once compat_kex_proposal doesn't fatal() */ + /* { KEXALGOS, "", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, */ + }; + + TEST_START("compat_kex_proposal"); + for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { + ssh.compat = tests[i].compat; + /* match entire string */ + result = compat_kex_proposal(&ssh, tests[i].in); + ASSERT_STRING_EQ(result, tests[i].out); + free(result); + /* match at end */ + in = kex_names_cat("a", tests[i].in); + out = kex_names_cat("a", tests[i].out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match at start */ + in = kex_names_cat(tests[i].in, "a"); + out = kex_names_cat(tests[i].out, "a"); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match in middle */ + xasprintf(&in, "a,%s,b", tests[i].in); + if (*(tests[i].out) == '\0') + out = xstrdup("a,b"); + else + xasprintf(&out, "a,%s,b", tests[i].out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + } + TEST_DONE(); +} + +void +kex_proposal_populate_tests(void) +{ + char *prop[PROPOSAL_MAX], *kexalgs, *ciphers, *macs, *hkalgs; + const char *comp = compression_alg_list(0); + int i; + struct ssh ssh; + struct kex kex; + + kexalgs = kex_alg_list(','); + ciphers = cipher_alg_list(',', 0); + macs = mac_alg_list(','); + hkalgs = kex_alg_list(','); + + ssh.kex = &kex; + TEST_START("compat_kex_proposal_populate"); + for (i = 0; i <= 1; i++) { + kex.server = i; + for (ssh.compat = 0; ssh.compat < 0x40000000; ) { + kex_proposal_populate_entries(&ssh, prop, NULL, NULL, + NULL, NULL, NULL); + kex_proposal_free_entries(prop); + kex_proposal_populate_entries(&ssh, prop, kexalgs, + ciphers, macs, hkalgs, comp); + kex_proposal_free_entries(prop); + if (ssh.compat == 0) + ssh.compat = 1; + else + ssh.compat <<= 1; + } + } + + free(kexalgs); + free(ciphers); + free(macs); + free(hkalgs); +} diff --git a/gsi_openssh/source/regress/unittests/kex/tests.c b/gsi_openssh/source/regress/unittests/kex/tests.c index e7036ec17f..d3044f0337 100644 --- a/gsi_openssh/source/regress/unittests/kex/tests.c +++ b/gsi_openssh/source/regress/unittests/kex/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.1 2015/01/15 23:41:29 markus Exp $ */ +/* $OpenBSD: tests.c,v 1.3 2023/03/06 12:15:47 dtucker Exp $ */ /* * Placed in the public domain */ @@ -6,9 +6,13 @@ #include "../test_helper/test_helper.h" void kex_tests(void); +void kex_proposal_tests(void); +void kex_proposal_populate_tests(void); void tests(void) { kex_tests(); + kex_proposal_tests(); + kex_proposal_populate_tests(); } diff --git a/gsi_openssh/source/regress/unittests/misc/test_convtime.c b/gsi_openssh/source/regress/unittests/misc/test_convtime.c index ef6fd77ded..4794dbd9da 100644 --- a/gsi_openssh/source/regress/unittests/misc/test_convtime.c +++ b/gsi_openssh/source/regress/unittests/misc/test_convtime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_convtime.c,v 1.2 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_convtime.c,v 1.3 2022/08/11 01:57:50 djm Exp $ */ /* * Regress test for misc time conversion functions. * @@ -20,6 +20,7 @@ #include "log.h" #include "misc.h" +#include "ssherr.h" void test_convtime(void); @@ -27,6 +28,7 @@ void test_convtime(void) { char buf[1024]; + uint64_t t; TEST_START("misc_convtime"); ASSERT_INT_EQ(convtime("0"), 0); @@ -56,4 +58,64 @@ test_convtime(void) ASSERT_INT_EQ(convtime("3550w5d3h14m8s"), -1); #endif TEST_DONE(); + + /* XXX timezones/DST make verification of this tricky */ + /* XXX maybe setenv TZ and tzset() to make it unambiguous? */ + TEST_START("misc_parse_absolute_time"); + ASSERT_INT_EQ(parse_absolute_time("20000101", &t), 0); + ASSERT_INT_EQ(parse_absolute_time("200001011223", &t), 0); + ASSERT_INT_EQ(parse_absolute_time("20000101122345", &t), 0); + + /* forced UTC TZ */ + ASSERT_INT_EQ(parse_absolute_time("20000101Z", &t), 0); + ASSERT_U64_EQ(t, 946684800); + ASSERT_INT_EQ(parse_absolute_time("200001011223Z", &t), 0); + ASSERT_U64_EQ(t, 946729380); + ASSERT_INT_EQ(parse_absolute_time("20000101122345Z", &t), 0); + ASSERT_U64_EQ(t, 946729425); + ASSERT_INT_EQ(parse_absolute_time("20000101UTC", &t), 0); + ASSERT_U64_EQ(t, 946684800); + ASSERT_INT_EQ(parse_absolute_time("200001011223UTC", &t), 0); + ASSERT_U64_EQ(t, 946729380); + ASSERT_INT_EQ(parse_absolute_time("20000101122345UTC", &t), 0); + ASSERT_U64_EQ(t, 946729425); + + /* Bad month */ + ASSERT_INT_EQ(parse_absolute_time("20001301", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000001", &t), + SSH_ERR_INVALID_FORMAT); + /* Incomplete */ + ASSERT_INT_EQ(parse_absolute_time("2", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("2000", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("200001", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("2000010", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("200001010", &t), + SSH_ERR_INVALID_FORMAT); + /* Bad day, hour, minute, second */ + ASSERT_INT_EQ(parse_absolute_time("20000199", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("200001019900", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("200001010099", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000101000099", &t), + SSH_ERR_INVALID_FORMAT); + /* Invalid TZ specifier */ + ASSERT_INT_EQ(parse_absolute_time("20000101ZZ", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000101PDT", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000101U", &t), + SSH_ERR_INVALID_FORMAT); + ASSERT_INT_EQ(parse_absolute_time("20000101UTCUTC", &t), + SSH_ERR_INVALID_FORMAT); + + TEST_DONE(); } diff --git a/gsi_openssh/source/regress/unittests/misc/test_ptimeout.c b/gsi_openssh/source/regress/unittests/misc/test_ptimeout.c new file mode 100644 index 0000000000..284f0a1eed --- /dev/null +++ b/gsi_openssh/source/regress/unittests/misc/test_ptimeout.c @@ -0,0 +1,89 @@ +/* $OpenBSD: test_ptimeout.c,v 1.1 2023/01/06 02:59:50 djm Exp $ */ +/* + * Regress test for misc poll/ppoll timeout helpers. + * + * Placed in the public domain. + */ + +#include "includes.h" + +#include +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#include +#include +#include + +#include "../test_helper/test_helper.h" + +#include "log.h" +#include "misc.h" + +void test_ptimeout(void); + +void +test_ptimeout(void) +{ + struct timespec pt, *ts; + + TEST_START("ptimeout_init"); + ptimeout_init(&pt); + ASSERT_PTR_EQ(ptimeout_get_tsp(&pt), NULL); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), -1); + TEST_DONE(); + + TEST_START("ptimeout_deadline_sec"); + ptimeout_deadline_sec(&pt, 100); + ptimeout_deadline_sec(&pt, 200); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 100 * 1000); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 100); + TEST_DONE(); + + TEST_START("ptimeout_deadline_ms"); + ptimeout_deadline_ms(&pt, 50123); + ptimeout_deadline_ms(&pt, 50500); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 50123); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 123 * 1000000); + ASSERT_LONG_EQ(ts->tv_sec, 50); + TEST_DONE(); + + TEST_START("ptimeout zero"); + ptimeout_init(&pt); + ptimeout_deadline_ms(&pt, 0); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 0); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 0); + TEST_DONE(); + + TEST_START("ptimeout_deadline_monotime"); + ptimeout_init(&pt); + ptimeout_deadline_monotime(&pt, monotime() + 100); + ASSERT_INT_GT(ptimeout_get_ms(&pt), 50000); + ASSERT_INT_LT(ptimeout_get_ms(&pt), 200000); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_GT(ts->tv_sec, 50); + ASSERT_LONG_LT(ts->tv_sec, 200); + TEST_DONE(); + + TEST_START("ptimeout_deadline_monotime past"); + ptimeout_init(&pt); + ptimeout_deadline_monotime(&pt, monotime() + 100); + ptimeout_deadline_monotime(&pt, monotime() - 100); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 0); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 0); + TEST_DONE(); +} diff --git a/gsi_openssh/source/regress/unittests/misc/tests.c b/gsi_openssh/source/regress/unittests/misc/tests.c index d52490e3b3..3269954141 100644 --- a/gsi_openssh/source/regress/unittests/misc/tests.c +++ b/gsi_openssh/source/regress/unittests/misc/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.9 2022/02/04 07:53:44 dtucker Exp $ */ +/* $OpenBSD: tests.c,v 1.10 2023/01/06 02:59:50 djm Exp $ */ /* * Regress test for misc helper functions. * @@ -26,6 +26,7 @@ void test_expand(void); void test_argv(void); void test_strdelim(void); void test_hpdelim(void); +void test_ptimeout(void); void tests(void) @@ -36,4 +37,5 @@ tests(void) test_argv(); test_strdelim(); test_hpdelim(); + test_ptimeout(); } diff --git a/gsi_openssh/source/regress/unittests/sshkey/test_file.c b/gsi_openssh/source/regress/unittests/sshkey/test_file.c index 497ab6dded..854add6f21 100644 --- a/gsi_openssh/source/regress/unittests/sshkey/test_file.c +++ b/gsi_openssh/source/regress/unittests/sshkey/test_file.c @@ -109,6 +109,7 @@ sshkey_file_tests(void) sshkey_free(k2); TEST_DONE(); + /* Skip this test, SHA1 signatures are not supported TEST_START("load RSA cert with SHA1 signature"); ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0); ASSERT_PTR_NE(k2, NULL); @@ -116,7 +117,7 @@ sshkey_file_tests(void) ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa"); sshkey_free(k2); - TEST_DONE(); + TEST_DONE(); */ TEST_START("load RSA cert with SHA512 signature"); ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0); diff --git a/gsi_openssh/source/regress/unittests/sshkey/test_fuzz.c b/gsi_openssh/source/regress/unittests/sshkey/test_fuzz.c index 2fae19dcfe..312aa432ad 100644 --- a/gsi_openssh/source/regress/unittests/sshkey/test_fuzz.c +++ b/gsi_openssh/source/regress/unittests/sshkey/test_fuzz.c @@ -334,13 +334,14 @@ sshkey_fuzz_tests(void) TEST_DONE(); #ifdef WITH_OPENSSL + /* Skip this test, SHA1 signatures are not supported TEST_START("fuzz RSA sig"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); sig_fuzz(k1, "ssh-rsa"); sshkey_free(k1); - TEST_DONE(); + TEST_DONE();*/ TEST_START("fuzz RSA SHA256 sig"); buf = load_file("rsa_1"); @@ -358,6 +359,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); + /* Skip this test, SHA1 signatures are not supported TEST_START("fuzz DSA sig"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -365,6 +367,7 @@ sshkey_fuzz_tests(void) sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); + */ #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA sig"); diff --git a/gsi_openssh/source/regress/unittests/sshkey/test_sshkey.c b/gsi_openssh/source/regress/unittests/sshkey/test_sshkey.c index 982907ce7f..0ea584c0a6 100644 --- a/gsi_openssh/source/regress/unittests/sshkey/test_sshkey.c +++ b/gsi_openssh/source/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.22 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */ /* * Regress test for sshkey.h key management API * @@ -61,6 +61,9 @@ build_cert(struct sshbuf *b, struct sshkey *k, const char *type, u_char *sigblob; size_t siglen; + /* ssh-rsa implies SHA1, forbidden in DEFAULT cp */ + int expected = (sig_alg == NULL || strcmp(sig_alg, "ssh-rsa") == 0) ? SSH_ERR_LIBCRYPTO_ERROR : 0; + ca_buf = sshbuf_new(); ASSERT_PTR_NE(ca_buf, NULL); ASSERT_INT_EQ(sshkey_putb(ca_key, ca_buf), 0); @@ -102,8 +105,9 @@ build_cert(struct sshbuf *b, struct sshkey *k, const char *type, ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, - sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), 0); - ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ + sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), expected); + if (expected == 0) + ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ free(sigblob); sshbuf_free(ca_buf); @@ -120,16 +124,22 @@ signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, { size_t len; u_char *sig; + /* ssh-rsa implies SHA1, forbidden in DEFAULT cp */ + int expected = (sig_alg && strcmp(sig_alg, "ssh-rsa") == 0) ? SSH_ERR_LIBCRYPTO_ERROR : 0; + if (k && (sshkey_type_plain(k->type) == KEY_DSA || sshkey_type_plain(k->type) == KEY_DSA_CERT)) + expected = SSH_ERR_LIBCRYPTO_ERROR; ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, - NULL, NULL, 0), 0); - ASSERT_SIZE_T_GT(len, 8); - ASSERT_PTR_NE(sig, NULL); - ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0); - ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0); - /* Fuzz test is more comprehensive, this is just a smoke test */ - sig[len - 5] ^= 0x10; - ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0); + NULL, NULL, 0), expected); + if (expected == 0) { + ASSERT_SIZE_T_GT(len, 8); + ASSERT_PTR_NE(sig, NULL); + ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0); + ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0); + /* Fuzz test is more comprehensive, this is just a smoke test */ + sig[len - 5] ^= 0x10; + ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0); + } free(sig); } @@ -144,7 +154,7 @@ banana(u_char *s, size_t l) memcpy(s + o, "nanananana", l - o); break; } - memcpy(s + o, banana, sizeof(the_banana)); + memcpy(s + o, the_banana, sizeof(the_banana)); } } @@ -515,7 +525,7 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, NULL), 0); k3 = get_private("rsa_1"); - build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL); + build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, "rsa-sha2-256"); ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); ASSERT_PTR_EQ(k4, NULL); diff --git a/gsi_openssh/source/regress/unittests/sshsig/Makefile b/gsi_openssh/source/regress/unittests/sshsig/Makefile index 65564d1b27..bc3c6c739d 100644 --- a/gsi_openssh/source/regress/unittests/sshsig/Makefile +++ b/gsi_openssh/source/regress/unittests/sshsig/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2021/01/09 12:24:31 dtucker Exp $ +# $OpenBSD: Makefile,v 1.3 2023/01/15 23:35:10 djm Exp $ PROG=test_sshsig SRCS=tests.c @@ -9,7 +9,7 @@ SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c sshsig.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c diff --git a/gsi_openssh/source/regress/unittests/sshsig/tests.c b/gsi_openssh/source/regress/unittests/sshsig/tests.c index fdc3baeb76..2faabbaf7e 100644 --- a/gsi_openssh/source/regress/unittests/sshsig/tests.c +++ b/gsi_openssh/source/regress/unittests/sshsig/tests.c @@ -103,9 +103,11 @@ tests(void) check_sig("rsa.pub", "rsa.sig", msg, namespace); TEST_DONE(); + /* Skip this test, SHA1 signatures are not supported TEST_START("check DSA signature"); check_sig("dsa.pub", "dsa.sig", msg, namespace); TEST_DONE(); + */ #ifdef OPENSSL_HAS_ECC TEST_START("check ECDSA signature"); diff --git a/gsi_openssh/source/regress/yes-head.sh b/gsi_openssh/source/regress/yes-head.sh index 2759eb8ce5..1bde504f0c 100644 --- a/gsi_openssh/source/regress/yes-head.sh +++ b/gsi_openssh/source/regress/yes-head.sh @@ -1,4 +1,4 @@ -# $OpenBSD: yes-head.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: yes-head.sh,v 1.7 2023/01/14 10:05:54 dtucker Exp $ # Placed in the Public Domain. tid="yes pipe head" @@ -6,7 +6,7 @@ tid="yes pipe head" lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` if [ $? -ne 0 ]; then fail "yes|head test failed" - lines = 0; ++ lines=0 fi if [ $lines -ne 2000 ]; then fail "yes|head returns $lines lines instead of 2000" diff --git a/gsi_openssh/source/sandbox-capsicum.c b/gsi_openssh/source/sandbox-capsicum.c index 883be18581..11045251c8 100644 --- a/gsi_openssh/source/sandbox-capsicum.c +++ b/gsi_openssh/source/sandbox-capsicum.c @@ -29,6 +29,9 @@ #include #include #include +#ifdef HAVE_CAPSICUM_HELPERS_H +#include +#endif #include "log.h" #include "monitor.h" @@ -69,6 +72,10 @@ ssh_sandbox_child(struct ssh_sandbox *box) struct rlimit rl_zero; cap_rights_t rights; +#ifdef HAVE_CAPH_CACHE_TZDATA + caph_cache_tzdata(); +#endif + rl_zero.rlim_cur = rl_zero.rlim_max = 0; if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) diff --git a/gsi_openssh/source/sandbox-seccomp-filter.c b/gsi_openssh/source/sandbox-seccomp-filter.c index ebece69623..f700f51363 100644 --- a/gsi_openssh/source/sandbox-seccomp-filter.c +++ b/gsi_openssh/source/sandbox-seccomp-filter.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2012 Will Drewry + * Copyright (c) 2015,2017,2019,2020,2023 Damien Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -25,15 +26,18 @@ */ /* #define SANDBOX_SECCOMP_FILTER_DEBUG 1 */ -/* XXX it should be possible to do logging via the log socket safely */ - +#if 0 +/* + * For older toolchains, it may be necessary to use the kernel + * headers directly. + */ #ifdef SANDBOX_SECCOMP_FILTER_DEBUG -/* Use the kernel headers in case of an older toolchain. */ # include # define __have_siginfo_t 1 # define __have_sigval_t 1 # define __have_sigevent_t 1 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ +#endif #include "includes.h" @@ -45,6 +49,7 @@ #include #include +#include #include #include #include @@ -129,6 +134,71 @@ /* reload syscall number; all rules expect it in accumulator */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ offsetof(struct seccomp_data, nr)) +/* Deny unless syscall argument contains only values in mask */ +#define SC_DENY_UNLESS_ARG_MASK(_nr, _arg_nr, _arg_mask, _errno) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \ + /* load, mask and test syscall argument, low word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~((_arg_mask) & 0xFFFFFFFF)), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 3), \ + /* load, mask and test syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \ + ~(((uint32_t)((uint64_t)(_arg_mask) >> 32)) & 0xFFFFFFFF)), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 1, 0), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)), \ + /* reload syscall number; all rules expect it in accumulator */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, nr)) +#define SC_DENY_UNLESS_MASK(_nr, _arg_nr, _arg_val, _errno) \ +/* Special handling for futex(2) that combines a bitmap and operation number */ +#if defined(__NR_futex) || defined(__NR_futex_time64) +#define SC_FUTEX_MASK (FUTEX_PRIVATE_FLAG|FUTEX_CLOCK_REALTIME) +#define SC_ALLOW_FUTEX_OP(_nr, _op) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \ + /* load syscall argument, low word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[1]) + ARG_LO_OFFSET), \ + /* mask off allowed bitmap values, low word */ \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~(SC_FUTEX_MASK & 0xFFFFFFFF)), \ + /* test operation number, low word */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ((_op) & 0xFFFFFFFF), 0, 4), \ + /* load syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[1]) + ARG_HI_OFFSET), \ + /* mask off allowed bitmap values, high word */ \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \ + ~(((uint32_t)((uint64_t)SC_FUTEX_MASK >> 32)) & 0xFFFFFFFF)), \ + /* test operation number, high word */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + (((uint32_t)((uint64_t)(_op) >> 32)) & 0xFFFFFFFF), 0, 1), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ + /* reload syscall number; all rules expect it in accumulator */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)) + +/* Use this for both __NR_futex and __NR_futex_time64 */ +# define SC_FUTEX(_nr) \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT_BITSET), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE_BITSET), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_REQUEUE), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_CMP_REQUEUE) +#endif /* __NR_futex || __NR_futex_time64 */ + +#if defined(__NR_mmap) || defined(__NR_mmap2) +# ifdef MAP_FIXED_NOREPLACE +# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE +# else +# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED +# endif /* MAP_FIXED_NOREPLACE */ +/* Use this for both __NR_mmap and __NR_mmap2 variants */ +# define SC_MMAP(_nr) \ + SC_DENY_UNLESS_ARG_MASK(_nr, 3, SC_MMAP_FLAGS, EINVAL), \ + SC_ALLOW_ARG_MASK(_nr, 2, PROT_READ|PROT_WRITE|PROT_NONE) +#endif /* __NR_mmap || __NR_mmap2 */ /* Syscall filtering set for preauth. */ static const struct sock_filter preauth_insns[] = { @@ -214,10 +284,10 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW(__NR_flock), #endif #ifdef __NR_futex - SC_ALLOW(__NR_futex), + SC_FUTEX(__NR_futex), #endif #ifdef __NR_futex_time64 - SC_ALLOW(__NR_futex_time64), + SC_FUTEX(__NR_futex_time64), #endif #ifdef __NR_geteuid SC_ALLOW(__NR_geteuid), @@ -268,13 +338,29 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW(__NR_getuid32), #endif #ifdef __NR_madvise - SC_ALLOW(__NR_madvise), + SC_ALLOW_ARG(__NR_madvise, 2, MADV_NORMAL), +# ifdef MADV_FREE + SC_ALLOW_ARG(__NR_madvise, 2, MADV_FREE), +# endif +# ifdef MADV_DONTNEED + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTNEED), +# endif +# ifdef MADV_DONTFORK + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTFORK), +# endif +# ifdef MADV_DONTDUMP + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTDUMP), +# endif +# ifdef MADV_WIPEONFORK + SC_ALLOW_ARG(__NR_madvise, 2, MADV_WIPEONFORK), +# endif + SC_DENY(__NR_madvise, EINVAL), #endif #ifdef __NR_mmap - SC_ALLOW_ARG_MASK(__NR_mmap, 2, PROT_READ|PROT_WRITE|PROT_NONE), + SC_MMAP(__NR_mmap), #endif #ifdef __NR_mmap2 - SC_ALLOW_ARG_MASK(__NR_mmap2, 2, PROT_READ|PROT_WRITE|PROT_NONE), + SC_MMAP(__NR_mmap2), #endif #ifdef __NR_mprotect SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE), @@ -339,6 +425,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_write SC_ALLOW(__NR_write), #endif +#ifdef __NR_writev + SC_ALLOW(__NR_writev), +#endif #ifdef __NR_socketcall SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), SC_DENY(__NR_socketcall, EACCES), @@ -392,7 +481,7 @@ ssh_sandbox_init(struct monitor *monitor) #ifdef SANDBOX_SECCOMP_FILTER_DEBUG extern struct monitor *pmonitor; -void mm_log_handler(LogLevel level, const char *msg, void *ctx); +void mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx); static void ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context) @@ -402,7 +491,7 @@ ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context) snprintf(msg, sizeof(msg), "%s: unexpected system call (arch:0x%x,syscall:%d @ %p)", __func__, info->si_arch, info->si_syscall, info->si_call_addr); - mm_log_handler(SYSLOG_LEVEL_FATAL, msg, pmonitor); + mm_log_handler(SYSLOG_LEVEL_FATAL, 0, msg, pmonitor); _exit(1); } diff --git a/gsi_openssh/source/sc25519.c b/gsi_openssh/source/sc25519.c deleted file mode 100644 index 1568d9a58c..0000000000 --- a/gsi_openssh/source/sc25519.c +++ /dev/null @@ -1,308 +0,0 @@ -/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c - */ - -#include "includes.h" - -#include "sc25519.h" - -/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ - -static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; - -static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, - 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; - -static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ - x >>= 31; /* 0: no; 1: yes */ - return x; -} - -/* Reduce coefficients of r before calling reduce_add_sub */ -static void reduce_add_sub(sc25519 *r) -{ - crypto_uint32 pb = 0; - crypto_uint32 b; - crypto_uint32 mask; - int i; - unsigned char t[32]; - - for(i=0;i<32;i++) - { - pb += m[i]; - b = lt(r->v[i],pb); - t[i] = r->v[i]-pb+(b<<8); - pb = b; - } - mask = b - 1; - for(i=0;i<32;i++) - r->v[i] ^= mask & (r->v[i] ^ t[i]); -} - -/* Reduce coefficients of x before calling barrett_reduce */ -static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64]) -{ - /* See HAC, Alg. 14.42 */ - int i,j; - crypto_uint32 q2[66]; - crypto_uint32 *q3 = q2 + 33; - crypto_uint32 r1[33]; - crypto_uint32 r2[33]; - crypto_uint32 carry; - crypto_uint32 pb = 0; - crypto_uint32 b; - - for (i = 0;i < 66;++i) q2[i] = 0; - for (i = 0;i < 33;++i) r2[i] = 0; - - for(i=0;i<33;i++) - for(j=0;j<33;j++) - if(i+j >= 31) q2[i+j] += mu[i]*x[j+31]; - carry = q2[31] >> 8; - q2[32] += carry; - carry = q2[32] >> 8; - q2[33] += carry; - - for(i=0;i<33;i++)r1[i] = x[i]; - for(i=0;i<32;i++) - for(j=0;j<33;j++) - if(i+j < 33) r2[i+j] += m[i]*q3[j]; - - for(i=0;i<32;i++) - { - carry = r2[i] >> 8; - r2[i+1] += carry; - r2[i] &= 0xff; - } - - for(i=0;i<32;i++) - { - pb += r2[i]; - b = lt(r1[i],pb); - r->v[i] = r1[i]-pb+(b<<8); - pb = b; - } - - /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 - * If so: Handle it here! - */ - - reduce_add_sub(r); - reduce_add_sub(r); -} - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) -{ - int i; - crypto_uint32 t[64]; - for(i=0;i<32;i++) t[i] = x[i]; - for(i=32;i<64;++i) t[i] = 0; - barrett_reduce(r, t); -} - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) -{ - int i; - for(i=0;i<16;i++) r->v[i] = x[i]; -} - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) -{ - int i; - crypto_uint32 t[64]; - for(i=0;i<64;i++) t[i] = x[i]; - barrett_reduce(r, t); -} - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) -{ - int i; - for(i=0;i<16;i++) - r->v[i] = x->v[i]; - for(i=0;i<16;i++) - r->v[16+i] = 0; -} - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) r[i] = x->v[i]; -} - -int sc25519_iszero_vartime(const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) - if(x->v[i] != 0) return 0; - return 1; -} - -int sc25519_isshort_vartime(const sc25519 *x) -{ - int i; - for(i=31;i>15;i--) - if(x->v[i] != 0) return 0; - return 1; -} - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) -{ - int i; - for(i=31;i>=0;i--) - { - if(x->v[i] < y->v[i]) return 1; - if(x->v[i] > y->v[i]) return 0; - } - return 0; -} - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i, carry; - for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; - for(i=0;i<31;i++) - { - carry = r->v[i] >> 8; - r->v[i+1] += carry; - r->v[i] &= 0xff; - } - reduce_add_sub(r); -} - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - crypto_uint32 b = 0; - crypto_uint32 t; - int i; - for(i=0;i<32;i++) - { - t = x->v[i] - y->v[i] - b; - r->v[i] = t & 255; - b = (t >> 8) & 1; - } -} - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i,j,carry; - crypto_uint32 t[64]; - for(i=0;i<64;i++)t[i] = 0; - - for(i=0;i<32;i++) - for(j=0;j<32;j++) - t[i+j] += x->v[i] * y->v[j]; - - /* Reduce coefficients */ - for(i=0;i<63;i++) - { - carry = t[i] >> 8; - t[i+1] += carry; - t[i] &= 0xff; - } - - barrett_reduce(r, t); -} - -void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y) -{ - sc25519 t; - sc25519_from_shortsc(&t, y); - sc25519_mul(r, x, &t); -} - -void sc25519_window3(signed char r[85], const sc25519 *s) -{ - char carry; - int i; - for(i=0;i<10;i++) - { - r[8*i+0] = s->v[3*i+0] & 7; - r[8*i+1] = (s->v[3*i+0] >> 3) & 7; - r[8*i+2] = (s->v[3*i+0] >> 6) & 7; - r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; - r[8*i+3] = (s->v[3*i+1] >> 1) & 7; - r[8*i+4] = (s->v[3*i+1] >> 4) & 7; - r[8*i+5] = (s->v[3*i+1] >> 7) & 7; - r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; - r[8*i+6] = (s->v[3*i+2] >> 2) & 7; - r[8*i+7] = (s->v[3*i+2] >> 5) & 7; - } - r[8*i+0] = s->v[3*i+0] & 7; - r[8*i+1] = (s->v[3*i+0] >> 3) & 7; - r[8*i+2] = (s->v[3*i+0] >> 6) & 7; - r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; - r[8*i+3] = (s->v[3*i+1] >> 1) & 7; - r[8*i+4] = (s->v[3*i+1] >> 4) & 7; - - /* Making it signed */ - carry = 0; - for(i=0;i<84;i++) - { - r[i] += carry; - r[i+1] += r[i] >> 3; - r[i] &= 7; - carry = r[i] >> 2; - r[i] -= carry<<3; - } - r[84] += carry; -} - -void sc25519_window5(signed char r[51], const sc25519 *s) -{ - char carry; - int i; - for(i=0;i<6;i++) - { - r[8*i+0] = s->v[5*i+0] & 31; - r[8*i+1] = (s->v[5*i+0] >> 5) & 31; - r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; - r[8*i+2] = (s->v[5*i+1] >> 2) & 31; - r[8*i+3] = (s->v[5*i+1] >> 7) & 31; - r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; - r[8*i+4] = (s->v[5*i+2] >> 4) & 31; - r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; - r[8*i+5] = (s->v[5*i+3] >> 1) & 31; - r[8*i+6] = (s->v[5*i+3] >> 6) & 31; - r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; - r[8*i+7] = (s->v[5*i+4] >> 3) & 31; - } - r[8*i+0] = s->v[5*i+0] & 31; - r[8*i+1] = (s->v[5*i+0] >> 5) & 31; - r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; - r[8*i+2] = (s->v[5*i+1] >> 2) & 31; - - /* Making it signed */ - carry = 0; - for(i=0;i<50;i++) - { - r[i] += carry; - r[i+1] += r[i] >> 5; - r[i] &= 31; - carry = r[i] >> 4; - r[i] -= carry<<5; - } - r[50] += carry; -} - -void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) -{ - int i; - for(i=0;i<31;i++) - { - r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); - r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); - r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); - r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); - } - r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); - r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); - r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); -} diff --git a/gsi_openssh/source/sc25519.h b/gsi_openssh/source/sc25519.h deleted file mode 100644 index a2c15d5ff9..0000000000 --- a/gsi_openssh/source/sc25519.h +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h - */ - -#ifndef SC25519_H -#define SC25519_H - -#include "crypto_api.h" - -#define sc25519 crypto_sign_ed25519_ref_sc25519 -#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 -#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes -#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes -#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes -#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc -#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes -#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime -#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime -#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime -#define sc25519_add crypto_sign_ed25519_ref_sc25519_add -#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored -#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul -#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc -#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 -#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 -#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 - -typedef struct -{ - crypto_uint32 v[32]; -} -sc25519; - -typedef struct -{ - crypto_uint32 v[16]; -} -shortsc25519; - -void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); - -void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); - -void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); - -int sc25519_iszero_vartime(const sc25519 *x); - -int sc25519_isshort_vartime(const sc25519 *x); - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); - -/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 - * with r[i] in {-4,...,3} - */ -void sc25519_window3(signed char r[85], const sc25519 *s); - -/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 - * with r[i] in {-16,...,15} - */ -void sc25519_window5(signed char r[51], const sc25519 *s); - -void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); - -#endif diff --git a/gsi_openssh/source/scp.1 b/gsi_openssh/source/scp.1 index 71dd302381..cb502c2e26 100644 --- a/gsi_openssh/source/scp.1 +++ b/gsi_openssh/source/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.108 2022/02/23 21:21:16 djm Exp $ +.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ .\" -.Dd $Mdocdate: February 23 2022 $ +.Dd $Mdocdate: December 16 2022 $ .Dt SCP 1 .Os .Sh NAME @@ -28,15 +28,17 @@ .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl S Ar program +.Op Fl X Ar sftp_option .Ar source ... target .Sh DESCRIPTION .Nm copies files between hosts on a network. .Pp -It uses +.Nm +uses the SFTP protocol over a .Xr ssh 1 -for data transfer, and uses the same authentication and provides the -same security as a login session. +connection for data transfer, and uses the same authentication and provides +the same security as a login session. .Pp .Nm will ask for passwords or passphrases if they are needed for @@ -110,9 +112,7 @@ Selects the cipher to use for encrypting the data transfer. This option is directly passed to .Xr ssh 1 . .It Fl D Ar sftp_server_path -When using the SFTP protocol support via -.Fl M , -connect directly to a local SFTP server program rather than a +Connect directly to a local SFTP server program rather than a remote one via .Xr ssh 1 . This option may be useful in debugging the client and server. @@ -212,6 +212,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAcceptedAlgorithms .It PubkeyAuthentication .It RekeyLimit +.It RequiredRSASize .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax @@ -277,6 +278,19 @@ and to print debugging messages about their progress. This is helpful in debugging connection, authentication, and configuration problems. +.It Fl X Ar sftp_option +Specify an option that controls aspects of SFTP protocol behaviour. +The valid options are: +.Bl -tag -width Ds +.It Cm nrequests Ns = Ns Ar value +Controls how many concurrent SFTP read or write requests may be in progress +at any point in time during a download or upload. +By default 64 requests may be active concurrently. +.It Cm buffer Ns = Ns Ar value +Controls the maximum buffer size for a single SFTP read/write operation used +during download or upload. +By default a 32KB buffer is used. +.El .El .Pp Usage of SCP protocol can be blocked by creating a world-readable @@ -302,9 +316,9 @@ is based on the rcp program in .Bx source code from the Regents of the University of California. .Pp -Since OpenSSH 8.8, +Since OpenSSH 9.0, .Nm -has use the SFTP protocol for transfers by default. +has used the SFTP protocol for transfers by default. .Sh AUTHORS .An Timo Rinne Aq Mt tri@iki.fi .An Tatu Ylonen Aq Mt ylo@cs.hut.fi diff --git a/gsi_openssh/source/scp.c b/gsi_openssh/source/scp.c index 76aae3b54b..35f73f6885 100644 --- a/gsi_openssh/source/scp.c +++ b/gsi_openssh/source/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.247 2022/03/20 08:52:17 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.253 2023/03/03 03:12:24 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -106,6 +106,9 @@ #include #endif #include +#ifdef HAVE_UTIL_H +# include +#endif #include #include #include @@ -176,6 +179,10 @@ char *ssh_program = _PATH_SSH_PROGRAM; pid_t do_cmd_pid = -1; pid_t do_cmd_pid2 = -1; +/* SFTP copy parameters */ +size_t sftp_copy_buflen; +size_t sftp_nrequests; + /* Needed for sftp */ volatile sig_atomic_t interrupted = 0; @@ -272,7 +279,11 @@ int do_cmd(char *program, char *host, char *remuser, int port, int subsystem, char *cmd, int *fdin, int *fdout, pid_t *pid) { - int pin[2], pout[2], reserved[2]; +#ifdef USE_PIPES + int pin[2], pout[2]; +#else + int sv[2]; +#endif if (verbose_mode) fmprintf(stderr, @@ -283,22 +294,14 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem, if (port == -1) port = sshport; - /* - * Reserve two descriptors so that the real pipes won't get - * descriptors 0 and 1 because that will screw up dup2 below. - */ - if (pipe(reserved) == -1) +#ifdef USE_PIPES + if (pipe(pin) == -1 || pipe(pout) == -1) fatal("pipe: %s", strerror(errno)); - +#else /* Create a socket pair for communicating with ssh. */ - if (pipe(pin) == -1) - fatal("pipe: %s", strerror(errno)); - if (pipe(pout) == -1) - fatal("pipe: %s", strerror(errno)); - - /* Free the reserved descriptors. */ - close(reserved[0]); - close(reserved[1]); + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) + fatal("socketpair: %s", strerror(errno)); +#endif ssh_signal(SIGTSTP, suspchild); ssh_signal(SIGTTIN, suspchild); @@ -306,15 +309,30 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem, /* Fork a child to execute the command on the remote host using ssh. */ *pid = fork(); - if (*pid == 0) { + switch (*pid) { + case -1: + fatal("fork: %s", strerror(errno)); + case 0: /* Child. */ +#ifdef USE_PIPES + if (dup2(pin[0], STDIN_FILENO) == -1 || + dup2(pout[1], STDOUT_FILENO) == -1) { + error("dup2: %s", strerror(errno)); + _exit(1); + } + close(pin[0]); close(pin[1]); close(pout[0]); - dup2(pin[0], 0); - dup2(pout[1], 1); - close(pin[0]); close(pout[1]); - +#else + if (dup2(sv[0], STDIN_FILENO) == -1 || + dup2(sv[0], STDOUT_FILENO) == -1) { + error("dup2: %s", strerror(errno)); + _exit(1); + } + close(sv[0]); + close(sv[1]); +#endif replacearg(&args, 0, "%s", program); if (port != -1) { addargs(&args, "-p"); @@ -332,19 +350,24 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem, execvp(program, args.list); perror(program); - exit(1); - } else if (*pid == -1) { - fatal("fork: %s", strerror(errno)); + _exit(1); + default: + /* Parent. Close the other side, and return the local side. */ +#ifdef USE_PIPES + close(pin[0]); + close(pout[1]); + *fdout = pin[1]; + *fdin = pout[0]; +#else + close(sv[0]); + *fdin = sv[1]; + *fdout = sv[1]; +#endif + ssh_signal(SIGTERM, killchild); + ssh_signal(SIGINT, killchild); + ssh_signal(SIGHUP, killchild); + return 0; } - /* Parent. Close the other side, and return the local side. */ - close(pin[0]); - *fdout = pin[1]; - close(pout[1]); - *fdin = pout[0]; - ssh_signal(SIGTERM, killchild); - ssh_signal(SIGINT, killchild); - ssh_signal(SIGHUP, killchild); - return 0; } /* @@ -371,8 +394,10 @@ do_cmd2(char *host, char *remuser, int port, char *cmd, /* Fork a child to execute the command on the remote host using ssh. */ pid = fork(); if (pid == 0) { - dup2(fdin, 0); - dup2(fdout, 1); + if (dup2(fdin, 0) == -1) + perror("dup2"); + if (dup2(fdout, 1) == -1) + perror("dup2"); replacearg(&args, 0, "%s", ssh_program); if (port != -1) { @@ -444,19 +469,18 @@ void throughlocal_sftp(struct sftp_conn *, struct sftp_conn *, int main(int argc, char **argv) { - int ch, fflag, tflag, status, n; + int ch, fflag, tflag, status, r, n; char **newargv, *argv0; const char *errstr; extern char *optarg; extern int optind; enum scp_mode_e mode = MODE_SFTP; char *sftp_direct = NULL; + long long llv; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - seed_rng(); - msetlocale(); /* Copy argv, because we modify it */ @@ -482,7 +506,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:X:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -563,6 +587,31 @@ main(int argc, char **argv) addargs(&remote_remote_args, "-q"); showprogress = 0; break; + case 'X': + /* Please keep in sync with sftp.c -X */ + if (strncmp(optarg, "buffer=", 7) == 0) { + r = scan_scaled(optarg + 7, &llv); + if (r == 0 && (llv <= 0 || llv > 256 * 1024)) { + r = -1; + errno = EINVAL; + } + if (r == -1) { + fatal("Invalid buffer size \"%s\": %s", + optarg + 7, strerror(errno)); + } + sftp_copy_buflen = (size_t)llv; + } else if (strncmp(optarg, "nrequests=", 10) == 0) { + llv = strtonum(optarg + 10, 1, 256 * 1024, + &errstr); + if (errstr != NULL) { + fatal("Invalid number of requests " + "\"%s\": %s", optarg + 10, errstr); + } + sftp_nrequests = (size_t)llv; + } else { + fatal("Invalid -X option"); + } + break; /* Server options. */ case 'd': @@ -982,7 +1031,8 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct, reminp, remoutp, pidp) < 0) return NULL; } - return do_init(*reminp, *remoutp, 32768, 64, limit_kbps); + return do_init(*reminp, *remoutp, + sftp_copy_buflen, sftp_nrequests, limit_kbps); } void @@ -1520,7 +1570,8 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) } debug3_f("copying remote %s to local %s", abs_src, dst); - if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { + if ((r = remote_glob(conn, abs_src, GLOB_NOCHECK|GLOB_MARK, + NULL, &g)) != 0) { if (r == GLOB_NOSPACE) error("%s: too many glob matches", src); else @@ -1529,6 +1580,20 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) goto out; } + /* Did we actually get any matches back from the glob? */ + if (g.gl_matchc == 0 && g.gl_pathc == 1 && g.gl_pathv[0] != 0) { + /* + * If nothing matched but a path returned, then it's probably + * a GLOB_NOCHECK result. Check whether the unglobbed path + * exists so we can give a nice error message early. + */ + if (do_stat(conn, g.gl_pathv[0], 1) == NULL) { + error("%s: %s", src, strerror(ENOENT)); + err = -1; + goto out; + } + } + if ((r = stat(dst, &st)) != 0) debug2_f("stat local \"%s\": %s", dst, strerror(errno)); dst_is_dir = r == 0 && S_ISDIR(st.st_mode); @@ -1746,7 +1811,8 @@ sink(int argc, char **argv, const char *src) } if (npatterns > 0) { for (n = 0; n < npatterns; n++) { - if (fnmatch(patterns[n], cp, 0) == 0) + if (strcmp(patterns[n], cp) == 0 || + fnmatch(patterns[n], cp, 0) == 0) break; } if (n >= npatterns) @@ -1941,7 +2007,8 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, } debug3_f("copying remote %s to remote %s", abs_src, target); - if ((r = remote_glob(from, abs_src, GLOB_MARK, NULL, &g)) != 0) { + if ((r = remote_glob(from, abs_src, GLOB_NOCHECK|GLOB_MARK, + NULL, &g)) != 0) { if (r == GLOB_NOSPACE) error("%s: too many glob matches", src); else @@ -1950,6 +2017,20 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, goto out; } + /* Did we actually get any matches back from the glob? */ + if (g.gl_matchc == 0 && g.gl_pathc == 1 && g.gl_pathv[0] != 0) { + /* + * If nothing matched but a path returned, then it's probably + * a GLOB_NOCHECK result. Check whether the unglobbed path + * exists so we can give a nice error message early. + */ + if (do_stat(from, g.gl_pathv[0], 1) == NULL) { + error("%s: %s", src, strerror(ENOENT)); + err = -1; + goto out; + } + } + for (i = 0; g.gl_pathv[i] && !interrupted; i++) { tmp = xstrdup(g.gl_pathv[i]); if ((filename = basename(tmp)) == NULL) { @@ -2032,8 +2113,8 @@ usage(void) { (void) fprintf(stderr, "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" - " [-i identity_file] [-J destination] [-l limit]\n" - " [-o ssh_option] [-P port] [-S program] source ... target\n"); + " [-i identity_file] [-J destination] [-l limit] [-o ssh_option]\n" + " [-P port] [-S program] [-X sftp_option] source ... target\n"); exit(1); } diff --git a/gsi_openssh/source/servconf.c b/gsi_openssh/source/servconf.c index bcdf54793b..32557e1ea6 100644 --- a/gsi_openssh/source/servconf.c +++ b/gsi_openssh/source/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.392 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -38,6 +38,7 @@ #include #include #include +#include #ifdef HAVE_UTIL_H #include #endif @@ -54,7 +55,6 @@ #include "sshbuf.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "pathnames.h" #include "cipher.h" #include "sshkey.h" @@ -215,6 +215,9 @@ initialize_server_options(ServerOptions *options) options->disable_forwarding = -1; options->expose_userauth_info = -1; options->required_rsa_size = -1; + options->channel_timeouts = NULL; + options->num_channel_timeouts = 0; + options->unused_connection_timeout = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ @@ -539,6 +542,8 @@ fill_default_server_options(ServerOptions *options) options->sk_provider = xstrdup("internal"); if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->unused_connection_timeout == -1) + options->unused_connection_timeout = 0; assemble_algorithms(options); @@ -553,6 +558,16 @@ fill_default_server_options(ServerOptions *options) v = NULL; \ } \ } while(0) +#define CLEAR_ON_NONE_ARRAY(v, nv, none) \ + do { \ + if (options->nv == 1 && \ + strcasecmp(options->v[0], none) == 0) { \ + free(options->v[0]); \ + free(options->v); \ + options->v = NULL; \ + options->nv = 0; \ + } \ + } while (0) CLEAR_ON_NONE(options->pid_file); CLEAR_ON_NONE(options->xauth_location); CLEAR_ON_NONE(options->banner); @@ -564,19 +579,16 @@ fill_default_server_options(ServerOptions *options) CLEAR_ON_NONE(options->chroot_directory); CLEAR_ON_NONE(options->routing_domain); CLEAR_ON_NONE(options->host_key_agent); + for (i = 0; i < options->num_host_key_files; i++) CLEAR_ON_NONE(options->host_key_files[i]); for (i = 0; i < options->num_host_cert_files; i++) CLEAR_ON_NONE(options->host_cert_files[i]); -#undef CLEAR_ON_NONE - /* Similar handling for AuthenticationMethods=any */ - if (options->num_auth_methods == 1 && - strcmp(options->auth_methods[0], "any") == 0) { - free(options->auth_methods[0]); - options->auth_methods[0] = NULL; - options->num_auth_methods = 0; - } + CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none"); + CLEAR_ON_NONE_ARRAY(auth_methods, num_auth_methods, "any"); +#undef CLEAR_ON_NONE +#undef CLEAR_ON_NONE_ARRAY } /* Keyword tokens. */ @@ -622,7 +634,7 @@ typedef enum { sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, - sRequiredRSASize, + sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -821,6 +833,8 @@ static struct { { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, { "rsaminsize", sRequiredRSASize, SSHCFG_ALL }, /* alias */ + { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, + { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1085,6 +1099,58 @@ process_permitopen(struct ssh *ssh, ServerOptions *options) options->num_permitted_listens); } +/* Parse a ChannelTimeout clause "pattern=interval" */ +static int +parse_timeout(const char *s, char **typep, u_int *secsp) +{ + char *cp, *sdup; + int secs; + + if (typep != NULL) + *typep = NULL; + if (secsp != NULL) + *secsp = 0; + if (s == NULL) + return -1; + sdup = xstrdup(s); + + if ((cp = strchr(sdup, '=')) == NULL || cp == sdup) { + free(sdup); + return -1; + } + *cp++ = '\0'; + if ((secs = convtime(cp)) < 0) { + free(sdup); + return -1; + } + /* success */ + if (typep != NULL) + *typep = xstrdup(sdup); + if (secsp != NULL) + *secsp = (u_int)secs; + free(sdup); + return 0; +} + +void +process_channel_timeouts(struct ssh *ssh, ServerOptions *options) +{ + u_int i, secs; + char *type; + + debug3_f("setting %u timeouts", options->num_channel_timeouts); + channel_clear_timeouts(ssh); + for (i = 0; i < options->num_channel_timeouts; i++) { + if (parse_timeout(options->channel_timeouts[i], + &type, &secs) != 0) { + fatal_f("internal error: bad timeout %s", + options->channel_timeouts[i]); + } + channel_add_timeout(ssh, type, secs); + free(type); + } +} + struct connection_info * get_connection_info(struct ssh *ssh, int populate, int use_dns) { @@ -2129,6 +2195,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, filename, linenum, keyword); else options->max_startups = options->max_startups_begin; + if (options->max_startups <= 0 || + options->max_startups_begin <= 0) + fatal("%s line %d: Invalid %s spec.", + filename, linenum, keyword); break; case sPerSourceNetBlockSize: @@ -2250,6 +2320,12 @@ process_server_config_line_depth(ServerOptions *options, char *line, filename, linenum); if (!*activep || uvalue != 0) continue; + if (lookup_setenv_in_list(arg, options->setenv, + options->num_setenv) != NULL) { + debug2("%s line %d: ignoring duplicate env " + "name \"%.64s\"", filename, linenum, arg); + continue; + } opt_array_append(filename, linenum, keyword, &options->setenv, &options->num_setenv, arg); } @@ -2661,6 +2737,41 @@ process_server_config_line_depth(ServerOptions *options, char *line, intptr = &options->required_rsa_size; goto parse_int; + case sChannelTimeout: + uvalue = options->num_channel_timeouts; + i = 0; + while ((arg = argv_next(&ac, &av)) != NULL) { + /* Allow "none" only in first position */ + if (strcasecmp(arg, "none") == 0) { + if (i > 0 || ac > 0) { + error("%s line %d: keyword %s \"none\" " + "argument must appear alone.", + filename, linenum, keyword); + goto out; + } + } else if (parse_timeout(arg, NULL, NULL) != 0) { + fatal("%s line %d: invalid channel timeout %s", + filename, linenum, arg); + } + if (!*activep || uvalue != 0) + continue; + opt_array_append(filename, linenum, keyword, + &options->channel_timeouts, + &options->num_channel_timeouts, arg); + } + break; + + case sUnusedConnectionTimeout: + intptr = &options->unused_connection_timeout; + /* peek at first arg for "none" so we can reuse parse_time */ + if (av[0] != NULL && strcasecmp(av[0], "none") == 0) { + (void)argv_next(&ac, &av); /* consume arg */ + if (*activep) + *intptr = 0; + break; + } + goto parse_time; + case sDeprecated: case sIgnore: case sUnsupported: @@ -2711,7 +2822,7 @@ load_server_config(const char *filename, struct sshbuf *conf) char *line = NULL, *cp; size_t linesize = 0; FILE *f; - int r, lineno = 0; + int r; debug2_f("filename %s", filename); if ((f = fopen(filename, "r")) == NULL) { @@ -2724,7 +2835,6 @@ load_server_config(const char *filename, struct sshbuf *conf) (r = sshbuf_allocate(conf, st.st_size)) != 0) fatal_fr(r, "allocate"); while (getline(&line, &linesize, f) != -1) { - lineno++; /* * Strip whitespace * NB - preserve newlines, they are needed to reproduce @@ -2838,6 +2948,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(rekey_interval); M_CP_INTOPT(log_level); M_CP_INTOPT(required_rsa_size); + M_CP_INTOPT(unused_connection_timeout); /* * The bind_mask is a mode_t that may be unsigned, so we can't use @@ -2990,6 +3101,10 @@ fmt_intarg(ServerOpCodes code, int val) static void dump_cfg_int(ServerOpCodes code, int val) { + if (code == sUnusedConnectionTimeout && val == 0) { + printf("%s none\n", lookup_opcode_name(code)); + return; + } printf("%s %d\n", lookup_opcode_name(code), val); } @@ -3026,13 +3141,23 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) { u_int i; - if (count <= 0 && code != sAuthenticationMethods) - return; + switch (code) { + case sAuthenticationMethods: + case sChannelTimeout: + break; + default: + if (count <= 0) + return; + break; + } + printf("%s", lookup_opcode_name(code)); for (i = 0; i < count; i++) printf(" %s", vals[i]); if (code == sAuthenticationMethods && count == 0) printf(" any"); + else if (code == sChannelTimeout && count == 0) + printf(" none"); printf("\n"); } @@ -3105,6 +3230,7 @@ dump_config(ServerOptions *o) dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); dump_cfg_int(sRequiredRSASize, o->required_rsa_size); dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); + dump_cfg_int(sUnusedConnectionTimeout, o->unused_connection_timeout); /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); @@ -3209,6 +3335,8 @@ dump_config(ServerOptions *o) o->num_auth_methods, o->auth_methods); dump_cfg_strarray_oneline(sLogVerbose, o->num_log_verbose, o->log_verbose); + dump_cfg_strarray_oneline(sChannelTimeout, + o->num_channel_timeouts, o->channel_timeouts); /* other arguments */ for (i = 0; i < o->num_subsystems; i++) diff --git a/gsi_openssh/source/servconf.h b/gsi_openssh/source/servconf.h index 28d664ab4b..b1b710f6f5 100644 --- a/gsi_openssh/source/servconf.h +++ b/gsi_openssh/source/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.159 2023/01/17 09:44:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -250,6 +250,11 @@ typedef struct { u_int64_t timing_secret; char *sk_provider; int required_rsa_size; /* minimum size of RSA keys */ + + char **channel_timeouts; /* inactivity timeout by channel type */ + u_int num_channel_timeouts; + + int unused_connection_timeout; } ServerOptions; /* Information about the incoming connection as used by Match */ @@ -307,6 +312,7 @@ TAILQ_HEAD(include_list, include_item); M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ + M_CP_STRARRAYOPT(channel_timeouts, num_channel_timeouts); \ M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \ } while (0) @@ -316,6 +322,7 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, int *, struct connection_info *, struct include_list *includes); void process_permitopen(struct ssh *ssh, ServerOptions *options); +void process_channel_timeouts(struct ssh *ssh, ServerOptions *); void load_server_config(const char *, struct sshbuf *); void parse_server_config(ServerOptions *, const char *, struct sshbuf *, struct include_list *includes, struct connection_info *, int); diff --git a/gsi_openssh/source/serverloop.c b/gsi_openssh/source/serverloop.c index d1e5520714..859ba2c1ab 100644 --- a/gsi_openssh/source/serverloop.c +++ b/gsi_openssh/source/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.231 2022/01/22 00:49:34 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.236 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,7 +69,6 @@ #include "canohost.h" #include "sshpty.h" #include "channels.h" -#include "compat.h" #include "ssh2.h" #include "sshkey.h" #include "cipher.h" @@ -81,6 +80,7 @@ #include "auth-options.h" #include "serverloop.h" #include "ssherr.h" +#include "compat.h" extern ServerOptions options; @@ -113,14 +113,12 @@ bind_permitted(int port, uid_t uid) return 1; } -/*ARGSUSED*/ static void sigchld_handler(int sig) { child_terminated = 1; } -/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -168,28 +166,41 @@ client_alive_check(struct ssh *ssh) static void wait_until_can_do_something(struct ssh *ssh, int connection_in, int connection_out, struct pollfd **pfdp, - u_int *npfd_allocp, u_int *npfd_activep, u_int64_t max_time_ms, - sigset_t *sigsetp, int *conn_in_readyp, int *conn_out_readyp) + u_int *npfd_allocp, u_int *npfd_activep, sigset_t *sigsetp, + int *conn_in_readyp, int *conn_out_readyp) { - struct timespec ts, *tsp; + struct timespec timeout; + char remote_id[512]; int ret; - time_t minwait_secs = 0; int client_alive_scheduled = 0; u_int p; - /* time we last heard from the client OR sent a keepalive */ - static time_t last_client_time; + time_t now; + static time_t last_client_time, unused_connection_expiry; *conn_in_readyp = *conn_out_readyp = 0; /* Prepare channel poll. First two pollfd entries are reserved */ - channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, - 2, &minwait_secs); + ptimeout_init(&timeout); + channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout); + now = monotime(); if (*npfd_activep < 2) fatal_f("bad npfd %u", *npfd_activep); /* shouldn't happen */ + if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) { + ptimeout_deadline_sec(&timeout, + ssh_packet_get_rekey_timeout(ssh)); + } - /* XXX need proper deadline system for rekey/client alive */ - if (minwait_secs != 0) - max_time_ms = MINIMUM(max_time_ms, (u_int)minwait_secs * 1000); + /* + * If no channels are open and UnusedConnectionTimeout is set, then + * start the clock to terminate the connection. + */ + if (options.unused_connection_timeout != 0) { + if (channel_still_open(ssh) || unused_connection_expiry == 0) { + unused_connection_expiry = now + + options.unused_connection_timeout; + } + ptimeout_deadline_monotime(&timeout, unused_connection_expiry); + } /* * if using client_alive, set the max timeout accordingly, @@ -200,15 +211,12 @@ wait_until_can_do_something(struct ssh *ssh, * analysis more difficult, but we're not doing it yet. */ if (options.client_alive_interval) { - uint64_t keepalive_ms = - (uint64_t)options.client_alive_interval * 1000; - - if (max_time_ms == 0 || max_time_ms > keepalive_ms) { - max_time_ms = keepalive_ms; - client_alive_scheduled = 1; - } + /* Time we last heard from the client OR sent a keepalive */ if (last_client_time == 0) - last_client_time = monotime(); + last_client_time = now; + ptimeout_deadline_sec(&timeout, options.client_alive_interval); + /* XXX ? deadline_monotime(last_client_time + alive_interval) */ + client_alive_scheduled = 1; } #if 0 @@ -226,19 +234,10 @@ wait_until_can_do_something(struct ssh *ssh, * from it, then read as much as is available and exit. */ if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh)) - if (max_time_ms == 0 || client_alive_scheduled) - max_time_ms = 100; - - if (max_time_ms == 0) - tsp = NULL; - else { - ts.tv_sec = max_time_ms / 1000; - ts.tv_nsec = 1000000 * (max_time_ms % 1000); - tsp = &ts; - } + ptimeout_deadline_ms(&timeout, 100); /* Wait for something to happen, or the timeout to expire. */ - ret = ppoll(*pfdp, *npfd_activep, tsp, sigsetp); + ret = ppoll(*pfdp, *npfd_activep, ptimeout_get_tsp(&timeout), sigsetp); if (ret == -1) { for (p = 0; p < *npfd_activep; p++) @@ -251,19 +250,26 @@ wait_until_can_do_something(struct ssh *ssh, *conn_in_readyp = (*pfdp)[0].revents != 0; *conn_out_readyp = (*pfdp)[1].revents != 0; + now = monotime(); /* need to reset after ppoll() */ + /* ClientAliveInterval probing */ if (client_alive_scheduled) { - time_t now = monotime(); - - /* - * If the ppoll timed out, or returned for some other reason - * but we haven't heard from the client in time, send keepalive. - */ - if (ret == 0 || (last_client_time != 0 && last_client_time + - options.client_alive_interval <= now)) { + if (ret == 0 && + now > last_client_time + options.client_alive_interval) { + /* ppoll timed out and we're due to probe */ client_alive_check(ssh); last_client_time = now; - } else if (*conn_in_readyp) + } else if (ret != 0 && *conn_in_readyp) { + /* Data from peer; reset probe timer. */ last_client_time = now; + } + } + + /* UnusedConnectionTimeout handling */ + if (unused_connection_expiry != 0 && + now > unused_connection_expiry && !channel_still_open(ssh)) { + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + logit("terminating inactive connection from %s", remote_id); + cleanup_exit(255); } } @@ -338,7 +344,6 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) u_int npfd_alloc = 0, npfd_active = 0; int r, conn_in_ready, conn_out_ready; u_int connection_in, connection_out; - u_int64_t rekey_timeout_ms = 0; sigset_t bsigset, osigset; debug("Entering interactive session for SSH2."); @@ -365,13 +370,6 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) if (!ssh_packet_is_rekeying(ssh) && ssh_packet_not_very_much_data_to_write(ssh)) channel_output_poll(ssh); - if (options.rekey_interval > 0 && - !ssh_packet_is_rekeying(ssh)) { - rekey_timeout_ms = ssh_packet_get_rekey_timeout(ssh) * - 1000; - } else { - rekey_timeout_ms = 0; - } /* * Block SIGCHLD while we check for dead children, then pass @@ -382,7 +380,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) error_f("bsigset sigprocmask: %s", strerror(errno)); collect_children(ssh); wait_until_can_do_something(ssh, connection_in, connection_out, - &pfd, &npfd_alloc, &npfd_active, rekey_timeout_ms, &osigset, + &pfd, &npfd_alloc, &npfd_active, &osigset, &conn_in_ready, &conn_out_ready); if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) error_f("osigset sigprocmask: %s", strerror(errno)); @@ -394,8 +392,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) cleanup_exit(255); } - if (!ssh_packet_is_rekeying(ssh)) - channel_after_poll(ssh, pfd, npfd_active); + channel_after_poll(ssh, pfd, npfd_active); if (conn_in_ready && process_input(ssh, connection_in) < 0) break; @@ -744,6 +741,10 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED) sigalg = "rsa-sha2-256"; } + if (ssh->compat & SSH_RH_RSASIGSHA && sigalg == NULL) { + sigalg = "rsa-sha2-512"; + debug3_f("SHA1 signature is not supported, falling back to %s", sigalg); + } debug3_f("sign %s key (index %d) using sigalg %s", sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg); if ((r = sshbuf_put_cstring(sigbuf, diff --git a/gsi_openssh/source/session.c b/gsi_openssh/source/session.c index cb7030c059..2b82bff3a8 100644 --- a/gsi_openssh/source/session.c +++ b/gsi_openssh/source/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.330 2022/02/08 08:59:12 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.335 2023/03/07 06:09:14 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -72,7 +72,6 @@ #include "ssherr.h" #include "match.h" #include "uidswap.h" -#include "compat.h" #include "channels.h" #include "sshkey.h" #include "cipher.h" @@ -228,7 +227,7 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) /* Allocate a channel for the authentication agent socket. */ /* this shouldn't matter if its hpn or not - cjr */ - nc = channel_new(ssh, "auth socket", + nc = channel_new(ssh, "auth-listener", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "auth socket", 1); @@ -1223,7 +1222,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) /* Environment specified by admin */ for (i = 0; i < options.num_setenv; i++) { cp = xstrdup(options.setenv[i]); - /* coverity[overwrite_var : FALSE] */ if ((value = strchr(cp, '=')) == NULL) { /* shouldn't happen; vars are checked in servconf.c */ fatal("Invalid config SetEnv: %s", options.setenv[i]); @@ -2067,7 +2065,7 @@ session_subsystem_req(struct ssh *ssh, Session *s) { struct stat st; int r, success = 0; - char *prog, *cmd; + char *prog, *cmd, *type; u_int i; if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || @@ -2090,6 +2088,10 @@ session_subsystem_req(struct ssh *ssh, Session *s) s->is_subsystem = SUBSYSTEM_EXT; debug("subsystem: exec() %s", cmd); } + xasprintf(&type, "session:subsystem:%s", + options.subsystem_name[i]); + channel_set_xtype(ssh, s->chanid, type); + free(type); success = do_exec(ssh, s, cmd) == 0; break; } @@ -2145,6 +2147,9 @@ session_shell_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + + channel_set_xtype(ssh, s->chanid, "session:shell"); + return do_exec(ssh, s, NULL) == 0; } @@ -2159,6 +2164,8 @@ session_exec_req(struct ssh *ssh, Session *s) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + channel_set_xtype(ssh, s->chanid, "session:command"); + success = do_exec(ssh, s, command) == 0; free(command); return success; @@ -2448,7 +2455,7 @@ session_close_x11(struct ssh *ssh, int id) } static void -session_close_single_x11(struct ssh *ssh, int id, void *arg) +session_close_single_x11(struct ssh *ssh, int id, int force, void *arg) { Session *s; u_int i; @@ -2612,7 +2619,7 @@ session_close_by_pid(struct ssh *ssh, pid_t pid, int status) * the session 'child' itself dies */ void -session_close_by_channel(struct ssh *ssh, int id, void *arg) +session_close_by_channel(struct ssh *ssh, int id, int force, void *arg) { Session *s = session_by_channel(id); u_int i; @@ -2625,12 +2632,14 @@ session_close_by_channel(struct ssh *ssh, int id, void *arg) if (s->pid != 0) { debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd); /* - * delay detach of session, but release pty, since - * the fd's to the child are already closed + * delay detach of session (unless this is a forced close), + * but release pty, since the fd's to the child are already + * closed */ if (s->ttyfd != -1) session_pty_cleanup(s); - return; + if (!force) + return; } /* detach by removing callback */ channel_cancel_cleanup(ssh, s->chanid); diff --git a/gsi_openssh/source/session.h b/gsi_openssh/source/session.h index bcd4b1d431..a41c6efcdc 100644 --- a/gsi_openssh/source/session.h +++ b/gsi_openssh/source/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.36 2018/10/02 12:40:07 djm Exp $ */ +/* $OpenBSD: session.h,v 1.37 2023/01/06 02:39:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -76,7 +76,7 @@ int session_open(Authctxt *, int); void session_unused(int); int session_input_channel_req(struct ssh *, Channel *, const char *); void session_close_by_pid(struct ssh *ssh, pid_t, int); -void session_close_by_channel(struct ssh *, int, void *); +void session_close_by_channel(struct ssh *, int, int, void *); void session_destroy_all(struct ssh *, void (*)(struct ssh*, Session *)); void session_pty_cleanup2(Session *); void session_end_command2(struct ssh *ssh, Session *); diff --git a/gsi_openssh/source/sftp-client.c b/gsi_openssh/source/sftp-client.c index 7e9c1bca45..49651a1d01 100644 --- a/gsi_openssh/source/sftp-client.c +++ b/gsi_openssh/source/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.162 2022/03/31 03:07:03 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.169 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -68,10 +68,10 @@ extern volatile sig_atomic_t interrupted; extern int showprogress; -/* Default size of buffer for up/download */ +/* Default size of buffer for up/download (fix sftp.1 scp.1 if changed) */ #define DEFAULT_COPY_BUFLEN 32768 -/* Default number of concurrent outstanding requests */ +/* Default number of concurrent xfer requests (fix sftp.1 scp.1 if changed) */ #define DEFAULT_NUM_REQUESTS 256 /* Minimum amount of data to read at a time */ @@ -95,15 +95,16 @@ struct sftp_conn { u_int num_requests; u_int version; u_int msg_id; -#define SFTP_EXT_POSIX_RENAME 0x00000001 -#define SFTP_EXT_STATVFS 0x00000002 -#define SFTP_EXT_FSTATVFS 0x00000004 -#define SFTP_EXT_HARDLINK 0x00000008 -#define SFTP_EXT_FSYNC 0x00000010 -#define SFTP_EXT_LSETSTAT 0x00000020 -#define SFTP_EXT_LIMITS 0x00000040 -#define SFTP_EXT_PATH_EXPAND 0x00000080 -#define SFTP_EXT_COPY_DATA 0x00000100 +#define SFTP_EXT_POSIX_RENAME 0x00000001 +#define SFTP_EXT_STATVFS 0x00000002 +#define SFTP_EXT_FSTATVFS 0x00000004 +#define SFTP_EXT_HARDLINK 0x00000008 +#define SFTP_EXT_FSYNC 0x00000010 +#define SFTP_EXT_LSETSTAT 0x00000020 +#define SFTP_EXT_LIMITS 0x00000040 +#define SFTP_EXT_PATH_EXPAND 0x00000080 +#define SFTP_EXT_COPY_DATA 0x00000100 +#define SFTP_EXT_GETUSERSGROUPS_BY_ID 0x00000200 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -148,7 +149,6 @@ request_find(struct requests *requests, u_int id) return req; } -/* ARGSUSED */ static int sftpio(void *_bwlimit, size_t amount) { @@ -539,6 +539,11 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp((char *)value, "1") == 0) { ret->exts |= SFTP_EXT_COPY_DATA; known = 1; + } else if (strcmp(name, + "users-groups-by-id@openssh.com") == 0 && + strcmp((char *)value, "1") == 0) { + ret->exts |= SFTP_EXT_GETUSERSGROUPS_BY_ID; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -560,17 +565,26 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, /* If the caller did not specify, find a good value */ if (transfer_buflen == 0) { - ret->download_buflen = limits.read_length; - ret->upload_buflen = limits.write_length; - debug("Using server download size %u", ret->download_buflen); - debug("Using server upload size %u", ret->upload_buflen); + ret->download_buflen = MINIMUM(limits.read_length, + SFTP_MAX_MSG_LENGTH - 1024); + ret->upload_buflen = MINIMUM(limits.write_length, + SFTP_MAX_MSG_LENGTH - 1024); + ret->download_buflen = MAXIMUM(ret->download_buflen, 64); + ret->upload_buflen = MAXIMUM(ret->upload_buflen, 64); + debug3("server upload/download buffer sizes " + "%llu / %llu; using %u / %u", + (unsigned long long)limits.write_length, + (unsigned long long)limits.read_length, + ret->upload_buflen, ret->download_buflen); } /* Use the server limit to scale down our value only */ if (num_requests == 0 && limits.open_handles) { ret->num_requests = MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles); - debug("Server handle limit %llu; using %u", + if (ret->num_requests == 0) + ret->num_requests = 1; + debug3("server handle limit %llu; using %u", (unsigned long long)limits.open_handles, ret->num_requests); } @@ -2326,7 +2340,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int preserve_flag, int print_flag, int resume, int fsync_flag, - int follow_link_flag, int create_dir, int inplace_flag) + int follow_link_flag, int inplace_flag, int create_dir) { char *dst_canon; int ret; @@ -2784,6 +2798,120 @@ crossload_dir(struct sftp_conn *from, struct sftp_conn *to, return ret; } +int +can_get_users_groups_by_id(struct sftp_conn *conn) +{ + return (conn->exts & SFTP_EXT_GETUSERSGROUPS_BY_ID) != 0; +} + +int +do_get_users_groups_by_id(struct sftp_conn *conn, + const u_int *uids, u_int nuids, + const u_int *gids, u_int ngids, + char ***usernamesp, char ***groupnamesp) +{ + struct sshbuf *msg, *uidbuf, *gidbuf; + u_int i, expected_id, id; + char *name, **usernames = NULL, **groupnames = NULL; + u_char type; + int r; + + *usernamesp = *groupnamesp = NULL; + if (!can_get_users_groups_by_id(conn)) + return SSH_ERR_FEATURE_UNSUPPORTED; + + if ((msg = sshbuf_new()) == NULL || + (uidbuf = sshbuf_new()) == NULL || + (gidbuf = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + expected_id = id = conn->msg_id++; + debug2("Sending SSH2_FXP_EXTENDED(users-groups-by-id@openssh.com)"); + for (i = 0; i < nuids; i++) { + if ((r = sshbuf_put_u32(uidbuf, uids[i])) != 0) + fatal_fr(r, "compose uids"); + } + for (i = 0; i < ngids; i++) { + if ((r = sshbuf_put_u32(gidbuf, gids[i])) != 0) + fatal_fr(r, "compose gids"); + } + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, + "users-groups-by-id@openssh.com")) != 0 || + (r = sshbuf_put_stringb(msg, uidbuf)) != 0 || + (r = sshbuf_put_stringb(msg, gidbuf)) != 0) + fatal_fr(r, "compose"); + send_msg(conn, msg); + get_msg(conn, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal_fr(r, "parse"); + if (id != expected_id) + fatal("ID mismatch (%u != %u)", id, expected_id); + if (type == SSH2_FXP_STATUS) { + u_int status; + char *errmsg; + + if ((r = sshbuf_get_u32(msg, &status)) != 0 || + (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0) + fatal_fr(r, "parse status"); + error("users-groups-by-id %s", + *errmsg == '\0' ? fx2txt(status) : errmsg); + free(errmsg); + sshbuf_free(msg); + sshbuf_free(uidbuf); + sshbuf_free(gidbuf); + return -1; + } else if (type != SSH2_FXP_EXTENDED_REPLY) + fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u", + SSH2_FXP_EXTENDED_REPLY, type); + + /* reuse */ + sshbuf_free(uidbuf); + sshbuf_free(gidbuf); + uidbuf = gidbuf = NULL; + if ((r = sshbuf_froms(msg, &uidbuf)) != 0 || + (r = sshbuf_froms(msg, &gidbuf)) != 0) + fatal_fr(r, "parse response"); + if (nuids > 0) { + usernames = xcalloc(nuids, sizeof(*usernames)); + for (i = 0; i < nuids; i++) { + if ((r = sshbuf_get_cstring(uidbuf, &name, NULL)) != 0) + fatal_fr(r, "parse user name"); + /* Handle unresolved names */ + if (*name == '\0') { + free(name); + name = NULL; + } + usernames[i] = name; + } + } + if (ngids > 0) { + groupnames = xcalloc(ngids, sizeof(*groupnames)); + for (i = 0; i < ngids; i++) { + if ((r = sshbuf_get_cstring(gidbuf, &name, NULL)) != 0) + fatal_fr(r, "parse user name"); + /* Handle unresolved names */ + if (*name == '\0') { + free(name); + name = NULL; + } + groupnames[i] = name; + } + } + if (sshbuf_len(uidbuf) != 0) + fatal_f("unexpected extra username data"); + if (sshbuf_len(gidbuf) != 0) + fatal_f("unexpected extra groupname data"); + sshbuf_free(uidbuf); + sshbuf_free(gidbuf); + sshbuf_free(msg); + /* success */ + *usernamesp = usernames; + *groupnamesp = groupnames; + return 0; +} + char * path_append(const char *p1, const char *p2) { diff --git a/gsi_openssh/source/sftp-client.h b/gsi_openssh/source/sftp-client.h index 1239673b31..554854d820 100644 --- a/gsi_openssh/source/sftp-client.h +++ b/gsi_openssh/source/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.36 2022/03/31 03:07:03 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.38 2022/09/19 10:43:12 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -183,6 +183,15 @@ int crossload_dir(struct sftp_conn *from, struct sftp_conn *to, Attrib *dirattrib, int preserve_flag, int print_flag, int follow_link_flag); +/* + * User/group ID to name translation. + */ +int can_get_users_groups_by_id(struct sftp_conn *conn); +int do_get_users_groups_by_id(struct sftp_conn *conn, + const u_int *uids, u_int nuids, + const u_int *gids, u_int ngids, + char ***usernamesp, char ***groupnamesp); + /* Concatenate paths, taking care of slashes. Caller must free result. */ char *path_append(const char *, const char *); diff --git a/gsi_openssh/source/sftp-common.c b/gsi_openssh/source/sftp-common.c index 3ad57673d4..50f1bbafb4 100644 --- a/gsi_openssh/source/sftp-common.c +++ b/gsi_openssh/source/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.32 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.33 2022/09/19 10:41:58 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -212,21 +212,25 @@ fx2txt(int status) * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh */ char * -ls_file(const char *name, const struct stat *st, int remote, int si_units) +ls_file(const char *name, const struct stat *st, int remote, int si_units, + const char *user, const char *group) { int ulen, glen, sz = 0; struct tm *ltime = localtime(&st->st_mtime); - const char *user, *group; char buf[1024], lc[8], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; char sbuf[FMT_SCALED_STRSIZE]; time_t now; strmode(st->st_mode, mode); if (remote) { - snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); - user = ubuf; - snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); - group = gbuf; + if (user == NULL) { + snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); + user = ubuf; + } + if (group == NULL) { + snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); + group = gbuf; + } strlcpy(lc, "?", sizeof(lc)); } else { user = user_from_uid(st->st_uid, 0); diff --git a/gsi_openssh/source/sftp-common.h b/gsi_openssh/source/sftp-common.h index 2e778a9ca0..421a78f788 100644 --- a/gsi_openssh/source/sftp-common.h +++ b/gsi_openssh/source/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.12 2015/01/14 13:54:13 djm Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.13 2022/09/19 10:41:58 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -47,6 +47,7 @@ void stat_to_attrib(const struct stat *, Attrib *); void attrib_to_stat(const Attrib *, struct stat *); int decode_attrib(struct sshbuf *, Attrib *); int encode_attrib(struct sshbuf *, const Attrib *); -char *ls_file(const char *, const struct stat *, int, int); +char *ls_file(const char *, const struct stat *, int, int, + const char *, const char *); const char *fx2txt(int); diff --git a/gsi_openssh/source/sftp-glob.c b/gsi_openssh/source/sftp-glob.c index 764e99552d..afeb15f9ec 100644 --- a/gsi_openssh/source/sftp-glob.c +++ b/gsi_openssh/source/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.30 2022/02/25 09:46:24 dtucker Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.31 2022/10/24 21:51:55 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -137,6 +137,11 @@ int remote_glob(struct sftp_conn *conn, const char *pattern, int flags, int (*errfunc)(const char *, int), glob_t *pglob) { + int r; + size_t l; + char *s; + struct stat sb; + pglob->gl_opendir = fudge_opendir; pglob->gl_readdir = (struct dirent *(*)(void *))fudge_readdir; pglob->gl_closedir = (void (*)(void *))fudge_closedir; @@ -146,5 +151,30 @@ remote_glob(struct sftp_conn *conn, const char *pattern, int flags, memset(&cur, 0, sizeof(cur)); cur.conn = conn; - return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)); + if ((r = glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)) != 0) + return r; + /* + * When both GLOB_NOCHECK and GLOB_MARK are active, a single gl_pathv + * entry has been returned and that entry has not already been marked, + * then check whether it needs a '/' appended as a directory mark. + * + * This ensures that a NOCHECK result is annotated as a directory. + * The glob(3) spec doesn't promise to mark NOCHECK entries, but doing + * it simplifies our callers (sftp/scp) considerably. + * + * XXX doesn't try to handle gl_offs. + */ + if ((flags & (GLOB_NOCHECK|GLOB_MARK)) == (GLOB_NOCHECK|GLOB_MARK) && + pglob->gl_matchc == 0 && pglob->gl_offs == 0 && + pglob->gl_pathc == 1 && (s = pglob->gl_pathv[0]) != NULL && + (l = strlen(s)) > 0 && s[l-1] != '/') { + if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) { + /* NOCHECK on a directory; annotate */ + if ((s = realloc(s, l + 2)) != NULL) { + memcpy(s + l, "/", 2); + pglob->gl_pathv[0] = s; + } + } + } + return 0; } diff --git a/gsi_openssh/source/sftp-server-main.c b/gsi_openssh/source/sftp-server-main.c index ff852f18db..bbb79f2780 100644 --- a/gsi_openssh/source/sftp-server-main.c +++ b/gsi_openssh/source/sftp-server-main.c @@ -42,8 +42,6 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - seed_rng(); - if ((user_pw = getpwuid(getuid())) == NULL) { fprintf(stderr, "No user found for uid %lu\n", (u_long)getuid()); diff --git a/gsi_openssh/source/sftp-server.c b/gsi_openssh/source/sftp-server.c index aa2bf62266..cf206b1583 100644 --- a/gsi_openssh/source/sftp-server.c +++ b/gsi_openssh/source/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.140 2022/03/31 03:05:49 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.146 2023/03/07 05:37:26 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include #endif #include +#include #include #include #include @@ -125,6 +126,8 @@ static void process_extended_lsetstat(u_int32_t id); static void process_extended_limits(u_int32_t id); static void process_extended_expand(u_int32_t id); static void process_extended_copy_data(u_int32_t id); +static void process_extended_home_directory(u_int32_t id); +static void process_extended_get_users_groups_by_id(u_int32_t id); static void process_extended(u_int32_t id); struct sftp_handler { @@ -171,6 +174,10 @@ static const struct sftp_handler extended_handlers[] = { { "expand-path", "expand-path@openssh.com", 0, process_extended_expand, 0 }, { "copy-data", "copy-data", 0, process_extended_copy_data, 1 }, + { "home-directory", "home-directory", 0, + process_extended_home_directory, 0 }, + { "users-groups-by-id", "users-groups-by-id@openssh.com", 0, + process_extended_get_users_groups_by_id, 0 }, { NULL, NULL, 0, NULL, 0 } }; @@ -728,6 +735,8 @@ process_init(void) compose_extension(msg, "limits@openssh.com", "1"); compose_extension(msg, "expand-path@openssh.com", "1"); compose_extension(msg, "copy-data", "1"); + compose_extension(msg, "home-directory", "1"); + compose_extension(msg, "users-groups-by-id@openssh.com", "1"); send_msg(msg); sshbuf_free(msg); @@ -821,7 +830,7 @@ process_read(u_int32_t id) } if (len > buflen) { debug3_f("allocate %zu => %u", buflen, len); - if ((buf = realloc(NULL, len)) == NULL) + if ((buf = realloc(buf, len)) == NULL) fatal_f("realloc failed"); buflen = len; } @@ -1163,7 +1172,8 @@ process_readdir(u_int32_t id) continue; stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name); - stats[count].long_name = ls_file(dp->d_name, &st, 0, 0); + stats[count].long_name = ls_file(dp->d_name, &st, + 0, 0, NULL, NULL); count++; /* send up to 100 entries in one message */ /* XXX check packet size instead */ @@ -1695,6 +1705,86 @@ process_extended_copy_data(u_int32_t id) send_status(id, status); } +static void +process_extended_home_directory(u_int32_t id) +{ + char *username; + struct passwd *user_pw; + int r; + Stat s; + + if ((r = sshbuf_get_cstring(iqueue, &username, NULL)) != 0) + fatal_fr(r, "parse"); + + debug3("request %u: home-directory \"%s\"", id, username); + if ((user_pw = getpwnam(username)) == NULL) { + send_status(id, SSH2_FX_FAILURE); + goto out; + } + + verbose("home-directory \"%s\"", pw->pw_dir); + attrib_clear(&s.attrib); + s.name = s.long_name = pw->pw_dir; + send_names(id, 1, &s); + out: + free(username); +} + +static void +process_extended_get_users_groups_by_id(u_int32_t id) +{ + struct passwd *user_pw; + struct group *gr; + struct sshbuf *uids, *gids, *usernames, *groupnames, *msg; + int r; + u_int n, nusers = 0, ngroups = 0; + const char *name; + + if ((usernames = sshbuf_new()) == NULL || + (groupnames = sshbuf_new()) == NULL || + (msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + if ((r = sshbuf_froms(iqueue, &uids)) != 0 || + (r = sshbuf_froms(iqueue, &gids)) != 0) + fatal_fr(r, "parse"); + debug_f("uids len = %zu, gids len = %zu", + sshbuf_len(uids), sshbuf_len(gids)); + while (sshbuf_len(uids) != 0) { + if ((r = sshbuf_get_u32(uids, &n)) != 0) + fatal_fr(r, "parse inner uid"); + user_pw = getpwuid((uid_t)n); + name = user_pw == NULL ? "" : user_pw->pw_name; + debug3_f("uid %u => \"%s\"", n, name); + if ((r = sshbuf_put_cstring(usernames, name)) != 0) + fatal_fr(r, "assemble uid reply"); + nusers++; + } + while (sshbuf_len(gids) != 0) { + if ((r = sshbuf_get_u32(gids, &n)) != 0) + fatal_fr(r, "parse inner gid"); + gr = getgrgid((gid_t)n); + name = gr == NULL ? "" : gr->gr_name; + debug3_f("gid %u => \"%s\"", n, name); + if ((r = sshbuf_put_cstring(groupnames, name)) != 0) + fatal_fr(r, "assemble gid reply"); + nusers++; + } + verbose("users-groups-by-id: %u users, %u groups", nusers, ngroups); + + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_stringb(msg, usernames)) != 0 || + (r = sshbuf_put_stringb(msg, groupnames)) != 0) + fatal_fr(r, "compose"); + send_msg(msg); + + sshbuf_free(uids); + sshbuf_free(gids); + sshbuf_free(usernames); + sshbuf_free(groupnames); + sshbuf_free(msg); +} + static void process_extended(u_int32_t id) { diff --git a/gsi_openssh/source/sftp-usergroup.c b/gsi_openssh/source/sftp-usergroup.c new file mode 100644 index 0000000000..083930a4a3 --- /dev/null +++ b/gsi_openssh/source/sftp-usergroup.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2022 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* sftp client user/group lookup and caching */ + +#include "includes.h" + +#include +#include + +#include +#include +#include + +#include "log.h" +#include "xmalloc.h" + +#include "sftp-common.h" +#include "sftp-client.h" +#include "sftp-usergroup.h" + +/* Tree of id, name */ +struct idname { + u_int id; + char *name; + RB_ENTRY(idname) entry; + /* XXX implement bounded cache as TAILQ */ +}; +static int +idname_cmp(struct idname *a, struct idname *b) +{ + if (a->id == b->id) + return 0; + return a->id > b->id ? 1 : -1; +} +RB_HEAD(idname_tree, idname); +RB_GENERATE_STATIC(idname_tree, idname, entry, idname_cmp) + +static struct idname_tree user_idname = RB_INITIALIZER(&user_idname); +static struct idname_tree group_idname = RB_INITIALIZER(&group_idname); + +static void +idname_free(struct idname *idname) +{ + if (idname == NULL) + return; + free(idname->name); + free(idname); +} + +static void +idname_enter(struct idname_tree *tree, u_int id, const char *name) +{ + struct idname *idname; + + if ((idname = xcalloc(1, sizeof(*idname))) == NULL) + fatal_f("alloc"); + idname->id = id; + idname->name = xstrdup(name); + if (RB_INSERT(idname_tree, tree, idname) != NULL) + idname_free(idname); +} + +static const char * +idname_lookup(struct idname_tree *tree, u_int id) +{ + struct idname idname, *found; + + memset(&idname, 0, sizeof(idname)); + idname.id = id; + if ((found = RB_FIND(idname_tree, tree, &idname)) != NULL) + return found->name; + return NULL; +} + +static void +freenames(char **names, u_int nnames) +{ + u_int i; + + if (names == NULL) + return; + for (i = 0; i < nnames; i++) + free(names[i]); + free(names); +} + +static void +lookup_and_record(struct sftp_conn *conn, + u_int *uids, u_int nuids, u_int *gids, u_int ngids) +{ + int r; + u_int i; + char **usernames = NULL, **groupnames = NULL; + + if ((r = do_get_users_groups_by_id(conn, uids, nuids, gids, ngids, + &usernames, &groupnames)) != 0) { + debug_fr(r, "do_get_users_groups_by_id"); + return; + } + for (i = 0; i < nuids; i++) { + if (usernames[i] == NULL) { + debug3_f("uid %u not resolved", uids[i]); + continue; + } + debug3_f("record uid %u => \"%s\"", uids[i], usernames[i]); + idname_enter(&user_idname, uids[i], usernames[i]); + } + for (i = 0; i < ngids; i++) { + if (groupnames[i] == NULL) { + debug3_f("gid %u not resolved", gids[i]); + continue; + } + debug3_f("record gid %u => \"%s\"", gids[i], groupnames[i]); + idname_enter(&group_idname, gids[i], groupnames[i]); + } + freenames(usernames, nuids); + freenames(groupnames, ngids); +} + +static int +has_id(u_int id, u_int *ids, u_int nids) +{ + u_int i; + + if (nids == 0) + return 0; + + /* XXX O(N^2) */ + for (i = 0; i < nids; i++) { + if (ids[i] == id) + break; + } + return i < nids; +} + +static void +collect_ids_from_glob(glob_t *g, int user, u_int **idsp, u_int *nidsp) +{ + u_int id, i, n = 0, *ids = NULL; + + for (i = 0; g->gl_pathv[i] != NULL; i++) { + if (user) { + if (ruser_name(g->gl_statv[i]->st_uid) != NULL) + continue; /* Already seen */ + id = (u_int)g->gl_statv[i]->st_uid; + } else { + if (rgroup_name(g->gl_statv[i]->st_gid) != NULL) + continue; /* Already seen */ + id = (u_int)g->gl_statv[i]->st_gid; + } + if (has_id(id, ids, n)) + continue; + ids = xrecallocarray(ids, n, n + 1, sizeof(*ids)); + ids[n++] = id; + } + *idsp = ids; + *nidsp = n; +} + +void +get_remote_user_groups_from_glob(struct sftp_conn *conn, glob_t *g) +{ + u_int *uids = NULL, nuids = 0, *gids = NULL, ngids = 0; + + if (!can_get_users_groups_by_id(conn)) + return; + + collect_ids_from_glob(g, 1, &uids, &nuids); + collect_ids_from_glob(g, 0, &gids, &ngids); + lookup_and_record(conn, uids, nuids, gids, ngids); + free(uids); + free(gids); +} + +static void +collect_ids_from_dirents(SFTP_DIRENT **d, int user, u_int **idsp, u_int *nidsp) +{ + u_int id, i, n = 0, *ids = NULL; + + for (i = 0; d[i] != NULL; i++) { + if (user) { + if (ruser_name((uid_t)(d[i]->a.uid)) != NULL) + continue; /* Already seen */ + id = d[i]->a.uid; + } else { + if (rgroup_name((gid_t)(d[i]->a.gid)) != NULL) + continue; /* Already seen */ + id = d[i]->a.gid; + } + if (has_id(id, ids, n)) + continue; + ids = xrecallocarray(ids, n, n + 1, sizeof(*ids)); + ids[n++] = id; + } + *idsp = ids; + *nidsp = n; +} + +void +get_remote_user_groups_from_dirents(struct sftp_conn *conn, SFTP_DIRENT **d) +{ + u_int *uids = NULL, nuids = 0, *gids = NULL, ngids = 0; + + if (!can_get_users_groups_by_id(conn)) + return; + + collect_ids_from_dirents(d, 1, &uids, &nuids); + collect_ids_from_dirents(d, 0, &gids, &ngids); + lookup_and_record(conn, uids, nuids, gids, ngids); + free(uids); + free(gids); +} + +const char * +ruser_name(uid_t uid) +{ + return idname_lookup(&user_idname, (u_int)uid); +} + +const char * +rgroup_name(uid_t gid) +{ + return idname_lookup(&group_idname, (u_int)gid); +} + diff --git a/gsi_openssh/source/sftp-usergroup.h b/gsi_openssh/source/sftp-usergroup.h new file mode 100644 index 0000000000..2711faf3a8 --- /dev/null +++ b/gsi_openssh/source/sftp-usergroup.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2022 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* sftp client user/group lookup and caching */ + +/* Lookup uids/gids and populate cache */ +void get_remote_user_groups_from_glob(struct sftp_conn *conn, glob_t *g); +void get_remote_user_groups_from_dirents(struct sftp_conn *conn, SFTP_DIRENT **d); + +/* Return user/group name from cache or NULL if not found */ +const char *ruser_name(uid_t uid); +const char *rgroup_name(uid_t gid); diff --git a/gsi_openssh/source/sftp.1 b/gsi_openssh/source/sftp.1 index 40957486e8..7848eeb95e 100644 --- a/gsi_openssh/source/sftp.1 +++ b/gsi_openssh/source/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.140 2022/03/31 17:27:27 naddy Exp $ +.\" $OpenBSD: sftp.1,v 1.143 2022/12/16 03:40:03 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: December 16 2022 $ .Dt SFTP 1 .Os .Sh NAME @@ -34,7 +34,7 @@ .Op Fl B Ar buffer_size .Op Fl b Ar batchfile .Op Fl c Ar cipher -.Op Fl D Ar sftp_server_path +.Op Fl D Ar sftp_server_command .Op Fl F Ar ssh_config .Op Fl i Ar identity_file .Op Fl J Ar destination @@ -44,6 +44,7 @@ .Op Fl R Ar num_requests .Op Fl S Ar program .Op Fl s Ar subsystem | sftp_server +.Op Fl X Ar sftp_option .Ar destination .Sh DESCRIPTION .Nm @@ -167,10 +168,12 @@ flag). Selects the cipher to use for encrypting the data transfers. This option is directly passed to .Xr ssh 1 . -.It Fl D Ar sftp_server_path +.It Fl D Ar sftp_server_command Connect directly to a local sftp server (rather than via .Xr ssh 1 ) . +A command and arguments may be specified, for example +.Qq /path/sftp-server -el debug3 . This option may be useful in debugging the client and server. .It Fl F Ar ssh_config Specifies an alternative @@ -271,6 +274,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAcceptedAlgorithms .It PubkeyAuthentication .It RekeyLimit +.It RequiredRSASize .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax @@ -318,6 +322,19 @@ does not have an sftp subsystem configured. .It Fl v Raise logging level. This option is also passed to ssh. +.It Fl X Ar sftp_option +Specify an option that controls aspects of SFTP protocol behaviour. +The valid options are: +.Bl -tag -width Ds +.It Cm nrequests Ns = Ns Ar value +Controls how many concurrent SFTP read or write requests may be in progress +at any point in time during a download or upload. +By default 64 requests may be active concurrently. +.It Cm buffer Ns = Ns Ar value +Controls the maximum buffer size for a single SFTP read/write operation used +during download or upload. +By default a 32KB buffer is used. +.El .El .Sh INTERACTIVE COMMANDS Once in interactive mode, diff --git a/gsi_openssh/source/sftp.c b/gsi_openssh/source/sftp.c index 07dcbfa8d2..84d2a1c6b0 100644 --- a/gsi_openssh/source/sftp.c +++ b/gsi_openssh/source/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.214 2022/03/31 03:07:03 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.229 2023/03/12 09:41:18 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -68,6 +68,7 @@ typedef void EditLine; #include "sshbuf.h" #include "sftp-common.h" #include "sftp-client.h" +#include "sftp-usergroup.h" /* File to read commands from */ FILE* infile; @@ -166,7 +167,8 @@ enum sftp_command { struct CMD { const char *c; const int n; - const int t; + const int t; /* Completion type for the first argument */ + const int t2; /* completion type for the optional second argument */ }; /* Type of completion */ @@ -175,47 +177,46 @@ struct CMD { #define LOCAL 2 static const struct CMD cmds[] = { - { "bye", I_QUIT, NOARGS }, - { "cd", I_CHDIR, REMOTE }, - { "chdir", I_CHDIR, REMOTE }, - { "chgrp", I_CHGRP, REMOTE }, - { "chmod", I_CHMOD, REMOTE }, - { "chown", I_CHOWN, REMOTE }, - { "copy", I_COPY, REMOTE }, - { "cp", I_COPY, REMOTE }, - { "df", I_DF, REMOTE }, - { "dir", I_LS, REMOTE }, - { "exit", I_QUIT, NOARGS }, - { "get", I_GET, REMOTE }, - { "help", I_HELP, NOARGS }, - { "lcd", I_LCHDIR, LOCAL }, - { "lchdir", I_LCHDIR, LOCAL }, - { "lls", I_LLS, LOCAL }, - { "lmkdir", I_LMKDIR, LOCAL }, - { "ln", I_LINK, REMOTE }, - { "lpwd", I_LPWD, LOCAL }, - { "ls", I_LS, REMOTE }, - { "lumask", I_LUMASK, NOARGS }, - { "mkdir", I_MKDIR, REMOTE }, - { "mget", I_GET, REMOTE }, - { "mput", I_PUT, LOCAL }, - { "progress", I_PROGRESS, NOARGS }, - { "put", I_PUT, LOCAL }, - { "pwd", I_PWD, REMOTE }, - { "quit", I_QUIT, NOARGS }, - { "reget", I_REGET, REMOTE }, - { "rename", I_RENAME, REMOTE }, - { "reput", I_REPUT, LOCAL }, - { "rm", I_RM, REMOTE }, - { "rmdir", I_RMDIR, REMOTE }, - { "symlink", I_SYMLINK, REMOTE }, - { "version", I_VERSION, NOARGS }, - { "!", I_SHELL, NOARGS }, - { "?", I_HELP, NOARGS }, - { NULL, -1, -1 } + { "bye", I_QUIT, NOARGS, NOARGS }, + { "cd", I_CHDIR, REMOTE, NOARGS }, + { "chdir", I_CHDIR, REMOTE, NOARGS }, + { "chgrp", I_CHGRP, REMOTE, NOARGS }, + { "chmod", I_CHMOD, REMOTE, NOARGS }, + { "chown", I_CHOWN, REMOTE, NOARGS }, + { "copy", I_COPY, REMOTE, LOCAL }, + { "cp", I_COPY, REMOTE, LOCAL }, + { "df", I_DF, REMOTE, NOARGS }, + { "dir", I_LS, REMOTE, NOARGS }, + { "exit", I_QUIT, NOARGS, NOARGS }, + { "get", I_GET, REMOTE, LOCAL }, + { "help", I_HELP, NOARGS, NOARGS }, + { "lcd", I_LCHDIR, LOCAL, NOARGS }, + { "lchdir", I_LCHDIR, LOCAL, NOARGS }, + { "lls", I_LLS, LOCAL, NOARGS }, + { "lmkdir", I_LMKDIR, LOCAL, NOARGS }, + { "ln", I_LINK, REMOTE, REMOTE }, + { "lpwd", I_LPWD, LOCAL, NOARGS }, + { "ls", I_LS, REMOTE, NOARGS }, + { "lumask", I_LUMASK, NOARGS, NOARGS }, + { "mkdir", I_MKDIR, REMOTE, NOARGS }, + { "mget", I_GET, REMOTE, LOCAL }, + { "mput", I_PUT, LOCAL, REMOTE }, + { "progress", I_PROGRESS, NOARGS, NOARGS }, + { "put", I_PUT, LOCAL, REMOTE }, + { "pwd", I_PWD, REMOTE, NOARGS }, + { "quit", I_QUIT, NOARGS, NOARGS }, + { "reget", I_REGET, REMOTE, LOCAL }, + { "rename", I_RENAME, REMOTE, REMOTE }, + { "reput", I_REPUT, LOCAL, REMOTE }, + { "rm", I_RM, REMOTE, NOARGS }, + { "rmdir", I_RMDIR, REMOTE, NOARGS }, + { "symlink", I_SYMLINK, REMOTE, REMOTE }, + { "version", I_VERSION, NOARGS, NOARGS }, + { "!", I_SHELL, NOARGS, NOARGS }, + { "?", I_HELP, NOARGS, NOARGS }, + { NULL, -1, -1, -1 } }; -/* ARGSUSED */ static void killchild(int signo) { @@ -230,7 +231,6 @@ killchild(int signo) _exit(1); } -/* ARGSUSED */ static void suspchild(int signo) { @@ -242,7 +242,6 @@ suspchild(int signo) kill(getpid(), SIGSTOP); } -/* ARGSUSED */ static void cmd_interrupt(int signo) { @@ -254,14 +253,12 @@ cmd_interrupt(int signo) errno = olderrno; } -/* ARGSUSED */ static void read_interrupt(int signo) { interrupted = 1; } -/*ARGSUSED*/ static void sigchld_handler(int sig) { @@ -273,7 +270,8 @@ sigchld_handler(int sig) while ((pid = waitpid(sshpid, NULL, WNOHANG)) == -1 && errno == EINTR) continue; if (pid == sshpid) { - (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); + if (!quiet) + (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); sshpid = -1; } @@ -601,18 +599,45 @@ parse_no_flags(const char *cmd, char **argv, int argc) return optind; } +static char * +escape_glob(const char *s) +{ + size_t i, o, len; + char *ret; + + len = strlen(s); + ret = xcalloc(2, len + 1); + for (i = o = 0; i < len; i++) { + if (strchr("[]?*\\", s[i]) != NULL) + ret[o++] = '\\'; + ret[o++] = s[i]; + } + ret[o++] = '\0'; + return ret; +} + +static char * +make_absolute_pwd_glob(const char *p, const char *pwd) +{ + char *ret, *escpwd; + + escpwd = escape_glob(pwd); + if (p == NULL) + return escpwd; + ret = make_absolute(xstrdup(p), escpwd); + free(escpwd); + return ret; +} + static int process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd, int pflag, int rflag, int resume, int fflag) { - char *abs_src = NULL; - char *abs_dst = NULL; + char *filename, *abs_src = NULL, *abs_dst = NULL, *tmp = NULL; glob_t g; - char *filename, *tmp=NULL; int i, r, err = 0; - abs_src = xstrdup(src); - abs_src = make_absolute(abs_src, pwd); + abs_src = make_absolute_pwd_glob(src, pwd); memset(&g, 0, sizeof(g)); debug3("Looking up %s", abs_src); @@ -843,6 +868,7 @@ do_ls_dir(struct sftp_conn *conn, const char *path, qsort(d, n, sizeof(*d), sdirent_comp); } + get_remote_user_groups_from_dirents(conn, d); for (n = 0; d[n] != NULL && !interrupted; n++) { char *tmp, *fname; @@ -854,14 +880,17 @@ do_ls_dir(struct sftp_conn *conn, const char *path, free(tmp); if (lflag & LS_LONG_VIEW) { - if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { + if ((lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) != 0 || + can_get_users_groups_by_id(conn)) { char *lname; struct stat sb; memset(&sb, 0, sizeof(sb)); attrib_to_stat(&d[n]->a, &sb); lname = ls_file(fname, &sb, 1, - (lflag & LS_SI_UNITS)); + (lflag & LS_SI_UNITS), + ruser_name(sb.st_uid), + rgroup_name(sb.st_gid)); mprintf("%s\n", lname); free(lname); } else @@ -978,7 +1007,7 @@ do_globbed_ls(struct sftp_conn *conn, const char *path, */ for (nentries = 0; g.gl_pathv[nentries] != NULL; nentries++) ; /* count entries */ - indices = calloc(nentries, sizeof(*indices)); + indices = xcalloc(nentries, sizeof(*indices)); for (i = 0; i < nentries; i++) indices[i] = i; @@ -989,6 +1018,7 @@ do_globbed_ls(struct sftp_conn *conn, const char *path, sort_glob = NULL; } + get_remote_user_groups_from_glob(conn, &g); for (j = 0; j < nentries && !interrupted; j++) { i = indices[j]; fname = path_strip(g.gl_pathv[i], strip_path); @@ -999,7 +1029,9 @@ do_globbed_ls(struct sftp_conn *conn, const char *path, continue; } lname = ls_file(fname, g.gl_statv[i], 1, - (lflag & LS_SI_UNITS)); + (lflag & LS_SI_UNITS), + ruser_name(g.gl_statv[i]->st_uid), + rgroup_name(g.gl_statv[i]->st_gid)); mprintf("%s\n", lname); free(lname); } else { @@ -1566,7 +1598,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2); break; case I_RM: - path1 = make_absolute(path1, *pwd); + path1 = make_absolute_pwd_glob(path1, *pwd); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i] && !interrupted; i++) { if (!quiet) @@ -1627,7 +1659,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, if (!path_absolute(path1)) tmp = *pwd; - path1 = make_absolute(path1, *pwd); + path1 = make_absolute_pwd_glob(path1, *pwd); err = do_globbed_ls(conn, path1, tmp, lflag); break; case I_DF: @@ -1667,7 +1699,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, printf("Local umask: %03lo\n", n_arg); break; case I_CHMOD: - path1 = make_absolute(path1, *pwd); + path1 = make_absolute_pwd_glob(path1, *pwd); attrib_clear(&a); a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; a.perm = n_arg; @@ -1684,7 +1716,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, break; case I_CHOWN: case I_CHGRP: - path1 = make_absolute(path1, *pwd); + path1 = make_absolute_pwd_glob(path1, *pwd); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i] && !interrupted; i++) { if (!(aa = (hflag ? do_lstat : do_stat)(conn, @@ -1919,19 +1951,25 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, } /* - * Determine whether a particular sftp command's arguments (if any) - * represent local or remote files. + * Determine whether a particular sftp command's arguments (if any) represent + * local or remote files. The "cmdarg" argument specifies the actual argument + * and accepts values 1 or 2. */ static int -complete_is_remote(char *cmd) { +complete_is_remote(char *cmd, int cmdarg) { int i; if (cmd == NULL) return -1; for (i = 0; cmds[i].c; i++) { - if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c))) - return cmds[i].t; + if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c))) { + if (cmdarg == 1) + return cmds[i].t; + else if (cmdarg == 2) + return cmds[i].t2; + break; + } } return -1; @@ -1959,7 +1997,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, memset(&g, 0, sizeof(g)); if (remote != LOCAL) { - tmp = make_absolute(tmp, remote_path); + tmp2 = make_absolute_pwd_glob(tmp, remote_path); + free(tmp); + tmp = tmp2; remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); } else glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); @@ -2111,13 +2151,29 @@ complete(EditLine *el, int ch) ret = CC_REDISPLAY; } else if (carg >= 1) { /* Handle file parsing */ - int remote = complete_is_remote(argv[0]); + int remote = 0; + int i = 0, cmdarg = 0; char *filematch = NULL; if (carg > 1 && line[cursor-1] != ' ') filematch = argv[carg - 1]; - if (remote != 0 && + for (i = 1; i < carg; i++) { + /* Skip flags */ + if (argv[i][0] != '-') + cmdarg++; + } + + /* + * If previous argument is complete, then offer completion + * on the next one. + */ + if (line[cursor - 1] == ' ') + cmdarg++; + + remote = complete_is_remote(argv[0], cmdarg); + + if ((remote == REMOTE || remote == LOCAL) && complete_match(el, complete_ctx->conn, *complete_ctx->remote_pathp, filematch, remote, carg == argc, quote, terminated) != 0) @@ -2350,10 +2406,10 @@ usage(void) fprintf(stderr, "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" - " [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n" + " [-D sftp_server_command] [-F ssh_config] [-i identity_file]\n" " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" " [-R num_requests] [-S program] [-s subsystem | sftp_server]\n" - " destination\n", + " [-X sftp_option] destination\n", __progname); exit(1); } @@ -2361,8 +2417,8 @@ usage(void) int main(int argc, char **argv) { - int in, out, ch, err, tmp, port = -1, noisy = 0; - char *host = NULL, *user, *cp, *file2 = NULL; + int r, in, out, ch, err, tmp, port = -1, noisy = 0; + char *host = NULL, *user, *cp, **cpp, *file2 = NULL; int debug_level = 0; char *file1 = NULL, *sftp_server = NULL; char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; @@ -2374,14 +2430,12 @@ main(int argc, char **argv) struct sftp_conn *conn; size_t copy_buffer_len = 0; size_t num_requests = 0; - long long limit_kbps = 0; + long long llv, limit_kbps = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); msetlocale(); - seed_rng(); - __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); args.list = NULL; @@ -2394,7 +2448,7 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { + "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:X:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ case 'A': @@ -2491,6 +2545,31 @@ main(int argc, char **argv) ssh_program = optarg; replacearg(&args, 0, "%s", ssh_program); break; + case 'X': + /* Please keep in sync with ssh.c -X */ + if (strncmp(optarg, "buffer=", 7) == 0) { + r = scan_scaled(optarg + 7, &llv); + if (r == 0 && (llv <= 0 || llv > 256 * 1024)) { + r = -1; + errno = EINVAL; + } + if (r == -1) { + fatal("Invalid buffer size \"%s\": %s", + optarg + 7, strerror(errno)); + } + copy_buffer_len = (size_t)llv; + } else if (strncmp(optarg, "nrequests=", 10) == 0) { + llv = strtonum(optarg + 10, 1, 256 * 1024, + &errstr); + if (errstr != NULL) { + fatal("Invalid number of requests " + "\"%s\": %s", optarg + 10, errstr); + } + num_requests = (size_t)llv; + } else { + fatal("Invalid -X option"); + } + break; case 'h': default: usage(); @@ -2560,10 +2639,12 @@ main(int argc, char **argv) connect_to_server(ssh_program, args.list, &in, &out); } else { - args.list = NULL; - addargs(&args, "sftp-server"); - - connect_to_server(sftp_direct, args.list, &in, &out); + if ((r = argv_split(sftp_direct, &tmp, &cpp, 1)) != 0) + fatal_r(r, "Parse -D arguments"); + if (cpp[0] == 0) + fatal("No sftp server specified via -D"); + connect_to_server(cpp[0], cpp, &in, &out); + argv_free(cpp, tmp); } freeargs(&args); diff --git a/gsi_openssh/source/sk-api.h b/gsi_openssh/source/sk-api.h index 34e110b4e3..08f567a9e2 100644 --- a/gsi_openssh/source/sk-api.h +++ b/gsi_openssh/source/sk-api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-api.h,v 1.14 2021/11/02 22:56:40 djm Exp $ */ +/* $OpenBSD: sk-api.h,v 1.15 2022/07/20 03:29:14 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -26,6 +26,7 @@ /* Flags */ #define SSH_SK_USER_PRESENCE_REQD 0x01 #define SSH_SK_USER_VERIFICATION_REQD 0x04 +#define SSH_SK_FORCE_OPERATION 0x10 #define SSH_SK_RESIDENT_KEY 0x20 /* Algs */ @@ -37,6 +38,7 @@ #define SSH_SK_ERR_UNSUPPORTED -2 #define SSH_SK_ERR_PIN_REQUIRED -3 #define SSH_SK_ERR_DEVICE_NOT_FOUND -4 +#define SSH_SK_ERR_CREDENTIAL_EXISTS -5 struct sk_enroll_response { uint8_t flags; @@ -77,7 +79,7 @@ struct sk_option { uint8_t required; }; -#define SSH_SK_VERSION_MAJOR 0x00090000 /* current API version */ +#define SSH_SK_VERSION_MAJOR 0x000a0000 /* current API version */ #define SSH_SK_VERSION_MAJOR_MASK 0xffff0000 /* Return the version of the middleware API */ diff --git a/gsi_openssh/source/sk-usbhid.c b/gsi_openssh/source/sk-usbhid.c index 9c7be3e912..46e09c26cc 100644 --- a/gsi_openssh/source/sk-usbhid.c +++ b/gsi_openssh/source/sk-usbhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-usbhid.c,v 1.38 2022/02/07 01:25:12 djm Exp $ */ +/* $OpenBSD: sk-usbhid.c,v 1.45 2022/09/14 00:14:37 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl * Copyright (c) 2020 Pedro Martelletto @@ -381,6 +381,14 @@ fido_assert_set_clientdata(fido_assert_t *assert, const u_char *ptr, size_t len) } #endif /* HAVE_FIDO_ASSERT_SET_CLIENTDATA */ +#ifndef HAVE_FIDO_DEV_IS_WINHELLO +static bool +fido_dev_is_winhello(const fido_dev_t *fdev) +{ + return 0; +} +#endif /* HAVE_FIDO_DEV_IS_WINHELLO */ + /* Check if the specified key handle exists on a given sk. */ static int sk_try(const struct sk_usbhid *sk, const char *application, @@ -398,7 +406,7 @@ sk_try(const struct sk_usbhid *sk, const char *application, /* generate an invalid signature on FIDO2 tokens */ if ((r = fido_assert_set_clientdata(assert, message, sizeof(message))) != FIDO_OK) { - skdebug(__func__, "fido_assert_set_clientdata_hash: %s", + skdebug(__func__, "fido_assert_set_clientdata: %s", fido_strerr(r)); goto out; } @@ -556,13 +564,17 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs) static struct sk_usbhid * sk_probe(const char *application, const uint8_t *key_handle, - size_t key_handle_len) + size_t key_handle_len, int probe_resident) { struct sk_usbhid *sk; fido_dev_info_t *devlist; size_t ndevs; int r; +#ifdef HAVE_CYGWIN + if (!probe_resident && (sk = sk_open("windows://hello")) != NULL) + return sk; +#endif /* HAVE_CYGWIN */ if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) { skdebug(__func__, "fido_dev_info_new failed"); return NULL; @@ -764,6 +776,65 @@ check_enroll_options(struct sk_option **options, char **devicep, return 0; } +static int +key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id, + size_t user_id_len, const char *pin) +{ + fido_assert_t *assert = NULL; + uint8_t message[32]; + int r = FIDO_ERR_INTERNAL; + int sk_supports_uv, uv; + size_t i; + + memset(message, '\0', sizeof(message)); + if ((assert = fido_assert_new()) == NULL) { + skdebug(__func__, "fido_assert_new failed"); + goto out; + } + /* generate an invalid signature on FIDO2 tokens */ + if ((r = fido_assert_set_clientdata(assert, message, + sizeof(message))) != FIDO_OK) { + skdebug(__func__, "fido_assert_set_clientdata: %s", + fido_strerr(r)); + goto out; + } + if ((r = fido_assert_set_rp(assert, application)) != FIDO_OK) { + skdebug(__func__, "fido_assert_set_rp: %s", fido_strerr(r)); + goto out; + } + if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) { + skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r)); + goto out; + } + uv = FIDO_OPT_OMIT; + if (pin == NULL && check_sk_options(dev, "uv", &sk_supports_uv) == 0 && + sk_supports_uv != -1) + uv = FIDO_OPT_TRUE; + if ((r = fido_assert_set_uv(assert, uv)) != FIDO_OK) { + skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r)); + goto out; + } + if ((r = fido_dev_get_assert(dev, assert, pin)) != FIDO_OK) { + skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r)); + goto out; + } + r = FIDO_ERR_NO_CREDENTIALS; + skdebug(__func__, "%zu signatures returned", fido_assert_count(assert)); + for (i = 0; i < fido_assert_count(assert); i++) { + if (fido_assert_user_id_len(assert, i) == user_id_len && + memcmp(fido_assert_user_id_ptr(assert, i), user_id, + user_id_len) == 0) { + skdebug(__func__, "credential exists"); + r = FIDO_OK; + goto out; + } + } + out: + fido_assert_free(&assert); + + return r; +} + int sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, const char *application, uint8_t flags, const char *pin, @@ -776,7 +847,6 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, struct sk_enroll_response *response = NULL; size_t len; int credprot; - int internal_uv; int cose_alg; int ret = SSH_SK_ERR_GENERAL; int r; @@ -810,13 +880,26 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, if (device != NULL) sk = sk_open(device); else - sk = sk_probe(NULL, NULL, 0); + sk = sk_probe(NULL, NULL, 0, 0); if (sk == NULL) { ret = SSH_SK_ERR_DEVICE_NOT_FOUND; skdebug(__func__, "failed to find sk"); goto out; } skdebug(__func__, "using device %s", sk->path); + if ((flags & SSH_SK_RESIDENT_KEY) != 0 && + (flags & SSH_SK_FORCE_OPERATION) == 0 && + (r = key_lookup(sk->dev, application, user_id, sizeof(user_id), + pin)) != FIDO_ERR_NO_CREDENTIALS) { + if (r != FIDO_OK) { + ret = fidoerr_to_skerr(r); + skdebug(__func__, "key_lookup failed"); + } else { + ret = SSH_SK_ERR_CREDENTIAL_EXISTS; + skdebug(__func__, "key exists"); + } + goto out; + } if ((cred = fido_cred_new()) == NULL) { skdebug(__func__, "fido_cred_new failed"); goto out; @@ -896,13 +979,6 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, goto out; } response->flags = flags; - if ((flags & SSH_SK_USER_VERIFICATION_REQD)) { - if (check_sk_options(sk->dev, "uv", &internal_uv) == 0 && - internal_uv != -1) { - /* user verification handled by token */ - response->flags &= ~SSH_SK_USER_VERIFICATION_REQD; - } - } if (pack_public_key(alg, cred, response) != 0) { skdebug(__func__, "pack_public_key failed"); goto out; @@ -1099,9 +1175,9 @@ sk_sign(uint32_t alg, const uint8_t *data, size_t datalen, if (device != NULL) sk = sk_open(device); else if (pin != NULL || (flags & SSH_SK_USER_VERIFICATION_REQD)) - sk = sk_probe(NULL, NULL, 0); + sk = sk_probe(NULL, NULL, 0, 0); else - sk = sk_probe(application, key_handle, key_handle_len); + sk = sk_probe(application, key_handle, key_handle_len, 0); if (sk == NULL) { ret = SSH_SK_ERR_DEVICE_NOT_FOUND; skdebug(__func__, "failed to find sk"); @@ -1132,6 +1208,14 @@ sk_sign(uint32_t alg, const uint8_t *data, size_t datalen, skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r)); goto out; } + /* + * WinHello requests the PIN by default. Make "uv" request explicit + * to allow keys with and without -O verify-required to make sense. + */ + if (pin == NULL && fido_dev_is_winhello (sk->dev) && + (r = fido_assert_set_uv(assert, FIDO_OPT_FALSE)) != FIDO_OK) { + skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r)); + } if (pin == NULL && (flags & SSH_SK_USER_VERIFICATION_REQD)) { if (check_sk_options(sk->dev, "uv", &internal_uv) < 0 || internal_uv != 1) { @@ -1365,7 +1449,7 @@ sk_load_resident_keys(const char *pin, struct sk_option **options, if (device != NULL) sk = sk_open(device); else - sk = sk_probe(NULL, NULL, 0); + sk = sk_probe(NULL, NULL, 0, 1); if (sk == NULL) { ret = SSH_SK_ERR_DEVICE_NOT_FOUND; skdebug(__func__, "failed to find sk"); @@ -1393,8 +1477,8 @@ sk_load_resident_keys(const char *pin, struct sk_option **options, freezero(rks[i]->user_id, rks[i]->user_id_len); freezero(rks[i], sizeof(*rks[i])); } - free(rks); free(device); + free(rks); return ret; } diff --git a/gsi_openssh/source/sntrup761.c b/gsi_openssh/source/sntrup761.c index c63e600fb5..57368bd806 100644 --- a/gsi_openssh/source/sntrup761.c +++ b/gsi_openssh/source/sntrup761.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sntrup761.c,v 1.5 2021/01/08 02:33:13 dtucker Exp $ */ +/* $OpenBSD: sntrup761.c,v 1.6 2023/01/11 02:13:52 djm Exp $ */ /* * Public Domain, Authors: @@ -119,7 +119,7 @@ This software is designed to take time independent of x. Time still varies depending on m; user must ensure that m is constant. Time also varies on CPUs where multiplication is variable-time. There could be more CPU issues. -There could also be compiler issues. +There could also be compiler issues. */ static void uint32_divmod_uint14(uint32 *q,uint16 *r,uint32 x,uint16 m) @@ -447,7 +447,7 @@ static Fq Fq_freeze(int32 x) #ifndef LPR static Fq Fq_recip(Fq a1) -{ +{ int i = 1; Fq ai = a1; @@ -456,7 +456,7 @@ static Fq Fq_recip(Fq a1) i += 1; } return ai; -} +} #endif @@ -525,11 +525,11 @@ static void R3_mult(small *h,const small *f,const small *g) /* returns 0 if recip succeeded; else -1 */ static int R3_recip(small *out,const small *in) -{ +{ small f[p+1],g[p+1],v[p+1],r[p+1]; int i,loop,delta; int sign,swap,t; - + for (i = 0;i < p+1;++i) v[i] = 0; for (i = 0;i < p+1;++i) r[i] = 0; r[0] = 1; @@ -537,35 +537,35 @@ static int R3_recip(small *out,const small *in) f[0] = 1; f[p-1] = f[p] = -1; for (i = 0;i < p;++i) g[p-1-i] = in[i]; g[p] = 0; - - delta = 1; + + delta = 1; for (loop = 0;loop < 2*p-1;++loop) { for (i = p;i > 0;--i) v[i] = v[i-1]; v[0] = 0; - + sign = -g[0]*f[0]; swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); delta ^= swap&(delta^-delta); delta += 1; - + for (i = 0;i < p+1;++i) { t = swap&(f[i]^g[i]); f[i] ^= t; g[i] ^= t; t = swap&(v[i]^r[i]); v[i] ^= t; r[i] ^= t; } - + for (i = 0;i < p+1;++i) g[i] = F3_freeze(g[i]+sign*f[i]); for (i = 0;i < p+1;++i) r[i] = F3_freeze(r[i]+sign*v[i]); for (i = 0;i < p;++i) g[i] = g[i+1]; g[p] = 0; } - + sign = f[0]; for (i = 0;i < p;++i) out[i] = sign*v[p-1-i]; - + return int16_nonzero_mask(delta); -} +} #endif @@ -603,14 +603,14 @@ static void Rq_mult_small(Fq *h,const Fq *f,const small *g) static void Rq_mult3(Fq *h,const Fq *f) { int i; - + for (i = 0;i < p;++i) h[i] = Fq_freeze(3*f[i]); } /* out = 1/(3*in) in Rq */ /* returns 0 if recip succeeded; else -1 */ static int Rq_recip3(Fq *out,const small *in) -{ +{ Fq f[p+1],g[p+1],v[p+1],r[p+1]; int i,loop,delta; int swap,t; @@ -739,7 +739,7 @@ static void KeyGen(Fq *h,small *f,small *ginv) { small g[p]; Fq finv[p]; - + for (;;) { Small_random(g); if (R3_recip(ginv,g) == 0) break; @@ -777,7 +777,7 @@ static void Decrypt(small *r,const Fq *c,const small *f,const small *ginv) for (i = 0;i < w;++i) r[i] = ((ev[i]^1)&~mask)^1; for (i = w;i < p;++i) r[i] = ev[i]&~mask; } - + #endif /* ----- NTRU LPRime Core */ @@ -817,7 +817,7 @@ static void Decrypt(int8 *r,const Fq *B,const int8 *T,const small *a) for (i = 0;i < I;++i) r[i] = -int16_negative_mask(Fq_freeze(Right(T[i])-aB[i]+4*w+1)); } - + #endif /* ----- encoding I-bit inputs */ @@ -898,7 +898,7 @@ static void HashShort(small *out,const Inputs r) } #endif - + /* ----- NTRU LPRime Expand */ #ifdef LPR @@ -974,7 +974,7 @@ static void Rq_encode(unsigned char *s,const Fq *r) { uint16 R[p],M[p]; int i; - + for (i = 0;i < p;++i) R[i] = r[i]+q12; for (i = 0;i < p;++i) M[i] = q; Encode(s,R,M,p); @@ -989,7 +989,7 @@ static void Rq_decode(Fq *r,const unsigned char *s) Decode(R,s,M,p); for (i = 0;i < p;++i) r[i] = ((Fq)R[i])-q12; } - + #endif /* ----- encoding rounded polynomials */ diff --git a/gsi_openssh/source/sntrup761.sh b/gsi_openssh/source/sntrup761.sh index 5cd5f92c31..db4e9aed08 100644 --- a/gsi_openssh/source/sntrup761.sh +++ b/gsi_openssh/source/sntrup761.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: sntrup761.sh,v 1.5 2021/01/08 02:33:13 dtucker Exp $ +# $OpenBSD: sntrup761.sh,v 1.7 2023/01/11 02:13:52 djm Exp $ # Placed in the Public Domain. # AUTHOR="supercop-20201130/crypto_kem/sntrup761/ref/implementors" @@ -45,7 +45,7 @@ for i in $FILES; do # - remove all includes, we inline everything required. # - make functions not required elsewhere static. # - rename the functions we do use. - # - remove unneccesary defines and externs. + # - remove unnecessary defines and externs. sed -e "/#include/d" \ -e "s/crypto_kem_/crypto_kem_sntrup761_/g" \ -e "s/^void /static void /g" \ @@ -54,6 +54,7 @@ for i in $FILES; do -e "/^extern /d" \ -e '/CRYPTO_NAMESPACE/d' \ -e "/^#define int32 crypto_int32/d" \ + -e 's/[ ]*$//' \ $i | \ case "$i" in # Use int64_t for intermediate values in int32_MINMAX to prevent signed diff --git a/gsi_openssh/source/ssh-add.c b/gsi_openssh/source/ssh-add.c index 8f1270bbd4..8cba0a7148 100644 --- a/gsi_openssh/source/ssh-add.c +++ b/gsi_openssh/source/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.165 2022/02/04 02:49:17 dtucker Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.167 2023/03/08 00:05:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -126,7 +126,7 @@ delete_one(int agent_fd, const struct sshkey *key, const char *comment, } if (!qflag) { fprintf(stderr, "Identity removed: %s %s (%s)\n", path, - sshkey_type(key), comment); + sshkey_type(key), comment ? comment : "no comment"); } return 0; } @@ -428,7 +428,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, certpath, filename); sshkey_free(cert); goto out; - } + } /* Graft with private bits */ if ((r = sshkey_to_certified(private)) != 0) { @@ -505,6 +505,7 @@ test_key(int agent_fd, const char *filename) { struct sshkey *key = NULL; u_char *sig = NULL; + const char *alg = NULL; size_t slen = 0; int r, ret = -1; char data[1024]; @@ -513,14 +514,16 @@ test_key(int agent_fd, const char *filename) error_r(r, "Couldn't read public key %s", filename); return -1; } + if (sshkey_type_plain(key->type) == KEY_RSA) + alg = "rsa-sha2-256"; arc4random_buf(data, sizeof(data)); if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data), - NULL, 0)) != 0) { + alg, 0)) != 0) { error_r(r, "Agent signature failed for %s", filename); goto done; } if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL)) != 0) { + alg, 0, NULL)) != 0) { error_r(r, "Signature verification failed for %s", filename); goto done; } diff --git a/gsi_openssh/source/ssh-agent.1 b/gsi_openssh/source/ssh-agent.1 index ea43cd156b..97f4cab04d 100644 --- a/gsi_openssh/source/ssh-agent.1 +++ b/gsi_openssh/source/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.73 2022/03/31 17:27:27 naddy Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.75 2022/10/07 06:00:58 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: October 7 2022 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -46,11 +46,13 @@ .Op Fl \&Dd .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash +.Op Fl O Ar option .Op Fl P Ar allowed_providers .Op Fl t Ar life .Nm ssh-agent .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash +.Op Fl O Ar option .Op Fl P Ar allowed_providers .Op Fl t Ar life .Ar command Op Ar arg ... @@ -102,6 +104,45 @@ The default is Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl O Ar option +Specify an option when starting +.Nm . +Currently two options are supported: +.Cm allow-remote-pkcs11 +and +.Cm no-restrict-websafe . +.Pp +The +.Cm allow-remote-pkcs11 +option allows clients of a forwarded +.Nm +to load PKCS#11 or FIDO provider libraries. +By default only local clients may perform this operation. +Note that signalling that a +.Nm +client remote is performed by +.Xr ssh 1 , +and use of other tools to forward access to the agent socket may circumvent +this restriction. +.Pp +The +.Cm no-restrict-websafe , +instructs +.Nm +to permit signatures using FIDO keys that might be web authentication +requests. +By default, +.Nm +refuses signature requests for FIDO keys where the key application string +does not start with +.Dq ssh: +and when the data to be signed does not appear to be a +.Xr ssh 1 +user authentication request or a +.Xr ssh-keygen 1 +signature. +The default behaviour prevents forwarded access to a FIDO key from also +implicitly forwarding the ability to authenticate to websites. .It Fl P Ar allowed_providers Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO authenticator middleware shared libraries that may be used with the diff --git a/gsi_openssh/source/ssh-agent.c b/gsi_openssh/source/ssh-agent.c index 84eed0003e..4cee81de4a 100644 --- a/gsi_openssh/source/ssh-agent.c +++ b/gsi_openssh/source/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.287 2022/01/14 03:43:48 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.297 2023/03/09 21:06:24 jcs Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -80,14 +80,12 @@ #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" -#include "compat.h" #include "log.h" #include "misc.h" #include "digest.h" #include "ssherr.h" #include "match.h" #include "msg.h" -#include "ssherr.h" #include "pathnames.h" #include "ssh-pkcs11.h" #include "sk-api.h" @@ -171,6 +169,12 @@ char socket_dir[PATH_MAX]; /* Pattern-list of allowed PKCS#11/Security key paths */ static char *allowed_providers; +/* + * Allows PKCS11 providers or SK keys that use non-internal providers to + * be added over a remote connection (identified by session-bind@openssh.com). + */ +static int remote_add_provider; + /* locking */ #define LOCK_SIZE 32 #define LOCK_SALT_SIZE 16 @@ -808,21 +812,13 @@ process_sign_request2(SocketEntry *e) goto send; } if (sshkey_is_sk(id->key)) { - if (strncmp(id->key->sk_application, "ssh:", 4) != 0 && + if (restrict_websafe && + strncmp(id->key->sk_application, "ssh:", 4) != 0 && !check_websafe_message_contents(key, data)) { /* error already logged */ goto send; } - if ((id->key->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) { - /* XXX include sig_dest */ - xasprintf(&prompt, "Enter PIN%sfor %s key %s: ", - (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ? - " and confirm user presence " : " ", - sshkey_type(id->key), fp); - pin = read_passphrase(prompt, RP_USE_ASKPASS); - free(prompt); - prompt = NULL; - } else if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { + if (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) { notifier = notify_start(0, "Confirm user presence for key %s %s%s%s", sshkey_type(id->key), fp, @@ -837,10 +833,8 @@ process_sign_request2(SocketEntry *e) debug_fr(r, "sshkey_sign"); if (pin == NULL && !retried && sshkey_is_sk(id->key) && r == SSH_ERR_KEY_WRONG_PASSPHRASE) { - if (notifier) { - notify_complete(notifier, NULL); - notifier = NULL; - } + notify_complete(notifier, NULL); + notifier = NULL; /* XXX include sig_dest */ xasprintf(&prompt, "Enter PIN%sfor %s key %s: ", (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ? @@ -856,6 +850,7 @@ process_sign_request2(SocketEntry *e) /* Success */ ok = 0; send: + debug_f("good signature"); notify_complete(notifier, "User presence confirmed"); if (ok == 0) { @@ -1034,8 +1029,8 @@ parse_dest_constraint(struct sshbuf *m, struct dest_constraint *dc) error_fr(r, "parse"); goto out; } - if ((r = parse_dest_constraint_hop(frombuf, &dc->from) != 0) || - (r = parse_dest_constraint_hop(tobuf, &dc->to) != 0)) + if ((r = parse_dest_constraint_hop(frombuf, &dc->from)) != 0 || + (r = parse_dest_constraint_hop(tobuf, &dc->to)) != 0) goto out; /* already logged */ if (elen != 0) { error_f("unsupported extensions (len %zu)", elen); @@ -1239,6 +1234,12 @@ process_add_identity(SocketEntry *e) if (strcasecmp(sk_provider, "internal") == 0) { debug_f("internal provider"); } else { + if (e->nsession_ids != 0 && !remote_add_provider) { + verbose("failed add of SK provider \"%.100s\": " + "remote addition of providers is disabled", + sk_provider); + goto out; + } if (realpath(sk_provider, canonical_provider) == NULL) { verbose("failed provider \"%.100s\": " "realpath: %s", sk_provider, @@ -1379,7 +1380,7 @@ no_identities(SocketEntry *e) #ifdef ENABLE_PKCS11 static char * -sanitize_pkcs11_provider(const char *provider) +sanitize_pkcs11_provider(SocketEntry *e, const char *provider) { struct pkcs11_uri *uri = NULL; char *sane_uri, *module_path = NULL; /* default path */ @@ -1410,6 +1411,11 @@ sanitize_pkcs11_provider(const char *provider) module_path = strdup(provider); /* simple path */ if (module_path != NULL) { /* do not validate default NULL path in URI */ + if (e->nsession_ids != 0 && !remote_add_provider) { + verbose("failed PKCS#11 add of \"%.100s\": remote addition of " + "providers is disabled", provider); + return NULL; + } if (realpath(module_path, canonical_provider) == NULL) { verbose("failed PKCS#11 provider \"%.100s\": realpath: %s", module_path, strerror(errno)); @@ -1466,7 +1472,7 @@ process_add_smartcard_key(SocketEntry *e) goto send; } - sane_uri = sanitize_pkcs11_provider(provider); + sane_uri = sanitize_pkcs11_provider(e, provider); if (sane_uri == NULL) goto send; @@ -1527,7 +1533,7 @@ process_remove_smartcard_key(SocketEntry *e) } free(pin); - sane_uri = sanitize_pkcs11_provider(provider); + sane_uri = sanitize_pkcs11_provider(e, provider); if (sane_uri == NULL) goto send; @@ -1628,6 +1634,7 @@ process_ext_session_bind(SocketEntry *e) /* success */ r = 0; out: + free(fp); sshkey_free(key); sshbuf_free(sid); sshbuf_free(sig); @@ -2028,7 +2035,6 @@ cleanup_exit(int i) _exit(i); } -/*ARGSUSED*/ static void cleanup_handler(int sig) { @@ -2058,9 +2064,9 @@ usage(void) { fprintf(stderr, "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" - " [-P allowed_providers] [-t life]\n" - " ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n" - " [-t life] command [arg ...]\n" + " [-O option] [-P allowed_providers] [-t life]\n" + " ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n" + " [-P allowed_providers] [-t life] command [arg ...]\n" " ssh-agent [-c | -s] -k\n"); exit(1); } @@ -2119,7 +2125,9 @@ main(int ac, char **av) break; case 'O': if (strcmp(optarg, "no-restrict-websafe") == 0) - restrict_websafe = 0; + restrict_websafe = 0; + else if (strcmp(optarg, "allow-remote-pkcs11") == 0) + remote_add_provider = 1; else fatal("Unknown -O option"); break; diff --git a/gsi_openssh/source/ssh-dss.c b/gsi_openssh/source/ssh-dss.c index 17e06e9b1e..8a4fddbcfb 100644 --- a/gsi_openssh/source/ssh-dss.c +++ b/gsi_openssh/source/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -32,12 +32,15 @@ #include #include #include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif #include #include #include "sshbuf.h" -#include "compat.h" #include "ssherr.h" #include "digest.h" #define SSHKEY_INTERNAL @@ -48,9 +51,220 @@ #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) -int -ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static u_int +ssh_dss_size(const struct sshkey *key) +{ + const BIGNUM *dsa_p; + + if (key->dsa == NULL) + return 0; + DSA_get0_pqg(key->dsa, &dsa_p, NULL, NULL); + return BN_num_bits(dsa_p); +} + +static int +ssh_dss_alloc(struct sshkey *k) +{ + if ((k->dsa = DSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +static void +ssh_dss_cleanup(struct sshkey *k) +{ + DSA_free(k->dsa); + k->dsa = NULL; +} + +static int +ssh_dss_equal(const struct sshkey *a, const struct sshkey *b) +{ + const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; + const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; + + if (a->dsa == NULL || b->dsa == NULL) + return 0; + DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); + DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); + DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); + DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); + if (dsa_p_a == NULL || dsa_p_b == NULL || + dsa_q_a == NULL || dsa_q_b == NULL || + dsa_g_a == NULL || dsa_g_b == NULL || + dsa_pub_key_a == NULL || dsa_pub_key_b == NULL) + return 0; + if (BN_cmp(dsa_p_a, dsa_p_b) != 0) + return 0; + if (BN_cmp(dsa_q_a, dsa_q_b) != 0) + return 0; + if (BN_cmp(dsa_g_a, dsa_g_b) != 0) + return 0; + if (BN_cmp(dsa_pub_key_a, dsa_pub_key_b) != 0) + return 0; + return 1; +} + +static int +ssh_dss_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; + + if (key->dsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); + DSA_get0_key(key->dsa, &dsa_pub_key, NULL); + if (dsa_p == NULL || dsa_q == NULL || + dsa_g == NULL || dsa_pub_key == NULL) + return SSH_ERR_INTERNAL_ERROR; + if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_q)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_g)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0) + return r; + + return 0; +} + +static int +ssh_dss_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *dsa_priv_key; + + DSA_get0_key(key->dsa, NULL, &dsa_priv_key); + if (!sshkey_is_cert(key)) { + if ((r = ssh_dss_serialize_public(key, b, opts)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) + return r; + + return 0; +} + +static int +ssh_dss_generate(struct sshkey *k, int bits) +{ + DSA *private; + + if (bits != 1024) + return SSH_ERR_KEY_LENGTH; + if ((private = DSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL) || !DSA_generate_key(private)) { + DSA_free(private); + return SSH_ERR_LIBCRYPTO_ERROR; + } + k->dsa = private; + return 0; +} + +static int +ssh_dss_copy_public(const struct sshkey *from, struct sshkey *to) +{ + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; + BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; + BIGNUM *dsa_pub_key_dup = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + DSA_get0_pqg(from->dsa, &dsa_p, &dsa_q, &dsa_g); + DSA_get0_key(from->dsa, &dsa_pub_key, NULL); + if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || + (dsa_q_dup = BN_dup(dsa_q)) == NULL || + (dsa_g_dup = BN_dup(dsa_g)) == NULL || + (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!DSA_set0_pqg(to->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ + if (!DSA_set0_key(to->dsa, dsa_pub_key_dup, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_pub_key_dup = NULL; /* transferred */ + /* success */ + r = 0; + out: + BN_clear_free(dsa_p_dup); + BN_clear_free(dsa_q_dup); + BN_clear_free(dsa_g_dup); + BN_clear_free(dsa_pub_key_dup); + return r; +} + +static int +ssh_dss_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; + + if (sshbuf_get_bignum2(b, &dsa_p) != 0 || + sshbuf_get_bignum2(b, &dsa_q) != 0 || + sshbuf_get_bignum2(b, &dsa_g) != 0 || + sshbuf_get_bignum2(b, &dsa_pub_key) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ + if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_pub_key = NULL; /* transferred */ +#ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); +#endif + /* success */ + ret = 0; + out: + BN_clear_free(dsa_p); + BN_clear_free(dsa_q); + BN_clear_free(dsa_g); + BN_clear_free(dsa_pub_key); + return ret; +} + +static int +ssh_dss_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *dsa_priv_key = NULL; + + if (!sshkey_is_cert(key)) { + if ((r = ssh_dss_deserialize_public(ktype, b, key)) != 0) + return r; + } + + if ((r = sshbuf_get_bignum2(b, &dsa_priv_key)) != 0) + return r; + if (!DSA_set0_key(key->dsa, NULL, dsa_priv_key)) { + BN_clear_free(dsa_priv_key); + return SSH_ERR_LIBCRYPTO_ERROR; + } + return 0; +} + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int +ssh_dss_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { EVP_PKEY *pkey = NULL; DSA_SIG *sig = NULL; @@ -72,9 +286,8 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, sshkey_type_plain(key->type) != KEY_DSA) return SSH_ERR_INVALID_ARGUMENT; - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) - return SSH_ERR_ALLOC_FAIL; + if ((ret = ssh_create_evp_dss(key, &pkey)) != 0) + return ret; ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len, data, datalen); EVP_PKEY_free(pkey); @@ -126,14 +339,88 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, sshbuf_free(b); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_dss_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) +{ + DSA_SIG *sig = NULL; + const BIGNUM *sig_r, *sig_s; + u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; + size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + struct sshbuf *b = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; -int + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; + if (dlen == 0) + return SSH_ERR_INTERNAL_ERROR; + + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + DSA_SIG_get0(sig, &sig_r, &sig_s); + rlen = BN_num_bytes(sig_r); + slen = BN_num_bytes(sig_s); + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + explicit_bzero(sigblob, SIGBLOB_LEN); + BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen); + + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || + (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) + goto out; + + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + DSA_SIG_free(sig); + sshbuf_free(b); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { EVP_PKEY *pkey = NULL; - DSA_SIG *sig = NULL; + DSA_SIG *dsig = NULL; BIGNUM *sig_r = NULL, *sig_s = NULL; u_char *sigblob = NULL; size_t len, slen; @@ -144,11 +431,11 @@ ssh_dss_verify(const struct sshkey *key, if (key == NULL || key->dsa == NULL || sshkey_type_plain(key->type) != KEY_DSA || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || sshbuf_get_string(b, &sigblob, &len) != 0) { @@ -170,7 +457,7 @@ ssh_dss_verify(const struct sshkey *key, } /* parse signature */ - if ((sig = DSA_SIG_new()) == NULL || + if ((dsig = DSA_SIG_new()) == NULL || (sig_r = BN_new()) == NULL || (sig_s = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -181,13 +468,13 @@ ssh_dss_verify(const struct sshkey *key, ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - if (!DSA_SIG_set0(sig, sig_r, sig_s)) { + if (!DSA_SIG_set0(dsig, sig_r, sig_s)) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } sig_r = sig_s = NULL; /* transferred */ - if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) { + if ((slen = i2d_DSA_SIG(dsig, NULL)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -196,23 +483,20 @@ ssh_dss_verify(const struct sshkey *key, goto out; } psig = sigb; - if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) { + if ((slen = i2d_DSA_SIG(dsig, &psig)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) { - ret = SSH_ERR_ALLOC_FAIL; + if ((ret = ssh_create_evp_dss(key, &pkey)) != 0) goto out; - } - ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen, + ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, dlen, sigb, slen); EVP_PKEY_free(pkey); out: free(sigb); - DSA_SIG_free(sig); + DSA_SIG_free(dsig); BN_clear_free(sig_r); BN_clear_free(sig_s); sshbuf_free(b); @@ -221,4 +505,196 @@ ssh_dss_verify(const struct sshkey *key, freezero(sigblob, len); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_dss_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) +{ + DSA_SIG *dsig = NULL; + BIGNUM *sig_r = NULL, *sig_s = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; + size_t len, hlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *ktype = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; + if (hlen == 0) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(sig, siglen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-dss", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + + if (len != SIGBLOB_LEN) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* parse signature */ + if ((dsig = DSA_SIG_new()) == NULL || + (sig_r = BN_new()) == NULL || + (sig_s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) || + (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (!DSA_SIG_set0(dsig, sig_r, sig_s)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + sig_r = sig_s = NULL; /* transferred */ + + /* sha1 the data */ + if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, dlen, + digest, sizeof(digest))) != 0) + goto out; + + switch (DSA_do_verify(digest, hlen, dsig, key->dsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + out: + explicit_bzero(digest, sizeof(digest)); + DSA_SIG_free(dsig); + BN_clear_free(sig_r); + BN_clear_free(sig_s); + sshbuf_free(b); + free(ktype); + if (sigblob != NULL) + freezero(sigblob, len); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +ssh_create_evp_dss(const struct sshkey *k, EVP_PKEY **pkey) +{ + OSSL_PARAM_BLD *param_bld = NULL; + EVP_PKEY_CTX *ctx = NULL; + const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; + int ret = 0; + + if (k == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub, &priv); + + if (p != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (q != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (g != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (pub != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (priv != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + +out: + OSSL_PARAM_BLD_free(param_bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +static const struct sshkey_impl_funcs sshkey_dss_funcs = { + /* .size = */ ssh_dss_size, + /* .alloc = */ ssh_dss_alloc, + /* .cleanup = */ ssh_dss_cleanup, + /* .equal = */ ssh_dss_equal, + /* .ssh_serialize_public = */ ssh_dss_serialize_public, + /* .ssh_deserialize_public = */ ssh_dss_deserialize_public, + /* .ssh_serialize_private = */ ssh_dss_serialize_private, + /* .ssh_deserialize_private = */ ssh_dss_deserialize_private, + /* .generate = */ ssh_dss_generate, + /* .copy_public = */ ssh_dss_copy_public, + /* .sign = */ ssh_dss_sign, + /* .verify = */ ssh_dss_verify, +}; + +const struct sshkey_impl sshkey_dss_impl = { + /* .name = */ "ssh-dss", + /* .shortname = */ "DSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_DSA, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_dss_funcs, +}; + +const struct sshkey_impl sshkey_dsa_cert_impl = { + /* .name = */ "ssh-dss-cert-v01@openssh.com", + /* .shortname = */ "DSA-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_DSA_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_dss_funcs, +}; #endif /* WITH_OPENSSL */ diff --git a/gsi_openssh/source/ssh-ecdsa-sk.c b/gsi_openssh/source/ssh-ecdsa-sk.c index c6927ecb27..5dcd3c13d3 100644 --- a/gsi_openssh/source/ssh-ecdsa-sk.c +++ b/gsi_openssh/source/ssh-ecdsa-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa-sk.c,v 1.8 2020/06/22 23:44:27 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa-sk.c,v 1.18 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -61,6 +61,99 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, } #else /* OPENSSL_HAS_ECC */ +/* Reuse some ECDSA internals */ +extern struct sshkey_impl_funcs sshkey_ecdsa_funcs; + +static void +ssh_ecdsa_sk_cleanup(struct sshkey *k) +{ + sshkey_sk_cleanup(k); + sshkey_ecdsa_funcs.cleanup(k); +} + +static int +ssh_ecdsa_sk_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (!sshkey_sk_fields_equal(a, b)) + return 0; + if (!sshkey_ecdsa_funcs.equal(a, b)) + return 0; + return 1; +} + +static int +ssh_ecdsa_sk_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_sk_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = sshkey_ecdsa_funcs.serialize_public(key, + b, opts)) != 0) + return r; + } + if ((r = sshkey_serialize_private_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_sk_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.copy_public(from, to)) != 0) + return r; + if ((r = sshkey_copy_public_sk(from, to)) != 0) + return r; + return 0; +} + +static int +ssh_ecdsa_sk_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int +ssh_ecdsa_sk_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = sshkey_ecdsa_funcs.deserialize_public(ktype, + b, key)) != 0) + return r; + } + if ((r = sshkey_private_deserialize_sk(b, key)) != 0) + return r; + + return 0; +} + /* * Check FIDO/W3C webauthn signatures clientData field against the expected * format and prepare a hash of it for use in signature verification. @@ -137,14 +230,13 @@ webauthn_check_prepare_hash(const u_char *data, size_t datalen, return r; } -/* ARGSUSED */ -int +static int ssh_ecdsa_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, struct sshkey_sig_details **detailsp) { - ECDSA_SIG *sig = NULL; + ECDSA_SIG *esig = NULL; BIGNUM *sig_r = NULL, *sig_s = NULL; u_char sig_flags; u_char msghash[32], apphash[32], sighash[32]; @@ -162,14 +254,14 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, *detailsp = NULL; if (key == NULL || key->ecdsa == NULL || sshkey_type_plain(key->type) != KEY_ECDSA_SK || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; if (key->ecdsa_nid != NID_X9_62_prime256v1) return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((details = calloc(1, sizeof(*details))) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -231,11 +323,11 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, sshbuf_dump(webauthn_wrapper, stderr); } #endif - if ((sig = ECDSA_SIG_new()) == NULL) { + if ((esig = ECDSA_SIG_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { + if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -247,11 +339,11 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, goto out; } if (is_webauthn) { - if ((ret = webauthn_check_prepare_hash(data, datalen, + if ((ret = webauthn_check_prepare_hash(data, dlen, webauthn_origin, webauthn_wrapper, sig_flags, webauthn_exts, msghash, sizeof(msghash))) != 0) goto out; - } else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, + } else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen, msghash, sizeof(msghash))) != 0) goto out; /* Application value is hashed before signature */ @@ -285,7 +377,7 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, #endif /* Verify it */ - switch (ECDSA_do_verify(sighash, sizeof(sighash), sig, key->ecdsa)) { + switch (ECDSA_do_verify(sighash, sizeof(sighash), esig, key->ecdsa)) { case 1: ret = 0; break; @@ -314,11 +406,62 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, sshbuf_free(original_signed); sshbuf_free(sigbuf); sshbuf_free(b); - ECDSA_SIG_free(sig); + ECDSA_SIG_free(esig); BN_clear_free(sig_r); BN_clear_free(sig_s); free(ktype); return ret; } +static const struct sshkey_impl_funcs sshkey_ecdsa_sk_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ecdsa_sk_cleanup, + /* .equal = */ ssh_ecdsa_sk_equal, + /* .ssh_serialize_public = */ ssh_ecdsa_sk_serialize_public, + /* .ssh_deserialize_public = */ ssh_ecdsa_sk_deserialize_public, + /* .ssh_serialize_private = */ ssh_ecdsa_sk_serialize_private, + /* .ssh_deserialize_private = */ ssh_ecdsa_sk_deserialize_private, + /* .generate = */ NULL, + /* .copy_public = */ ssh_ecdsa_sk_copy_public, + /* .sign = */ NULL, + /* .verify = */ ssh_ecdsa_sk_verify, +}; + +const struct sshkey_impl sshkey_ecdsa_sk_impl = { + /* .name = */ "sk-ecdsa-sha2-nistp256@openssh.com", + /* .shortname = */ "ECDSA-SK", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_SK, + /* .nid = */ NID_X9_62_prime256v1, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ecdsa_sk_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_sk_cert_impl = { + /* .name = */ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", + /* .shortname = */ "ECDSA-SK-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_SK_CERT, + /* .nid = */ NID_X9_62_prime256v1, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ecdsa_sk_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_sk_webauthn_impl = { + /* .name = */ "webauthn-sk-ecdsa-sha2-nistp256@openssh.com", + /* .shortname = */ "ECDSA-SK", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_SK, + /* .nid = */ NID_X9_62_prime256v1, + /* .cert = */ 0, + /* .sigonly = */ 1, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ecdsa_sk_funcs, +}; + #endif /* OPENSSL_HAS_ECC */ diff --git a/gsi_openssh/source/ssh-ecdsa.c b/gsi_openssh/source/ssh-ecdsa.c index b036796e85..148bfc861d 100644 --- a/gsi_openssh/source/ssh-ecdsa.c +++ b/gsi_openssh/source/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.16 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.26 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -34,6 +34,10 @@ #include #include #include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif #include @@ -45,13 +49,223 @@ #include "openbsd-compat/openssl-compat.h" -/* ARGSUSED */ -int -ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static u_int +ssh_ecdsa_size(const struct sshkey *key) +{ + switch (key->ecdsa_nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; +#ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return 521; +#endif + default: + return 0; + } +} + +static void +ssh_ecdsa_cleanup(struct sshkey *k) +{ + EC_KEY_free(k->ecdsa); + k->ecdsa = NULL; +} + +static int +ssh_ecdsa_equal(const struct sshkey *a, const struct sshkey *b) +{ + const EC_GROUP *grp_a, *grp_b; + const EC_POINT *pub_a, *pub_b; + + if (a->ecdsa == NULL || b->ecdsa == NULL) + return 0; + if ((grp_a = EC_KEY_get0_group(a->ecdsa)) == NULL || + (grp_b = EC_KEY_get0_group(b->ecdsa)) == NULL) + return 0; + if ((pub_a = EC_KEY_get0_public_key(a->ecdsa)) == NULL || + (pub_b = EC_KEY_get0_public_key(b->ecdsa)) == NULL) + return 0; + if (EC_GROUP_cmp(grp_a, grp_b, NULL) != 0) + return 0; + if (EC_POINT_cmp(grp_a, pub_a, pub_b, NULL) != 0) + return 0; + + return 1; +} + +static int +ssh_ecdsa_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->ecdsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (r = sshbuf_put_eckey(b, key->ecdsa)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = ssh_ecdsa_serialize_public(key, b, opts)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + return r; + return 0; +} + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int +ssh_ecdsa_generate(struct sshkey *k, int bits) +{ + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *res = NULL; + + if ((k->ecdsa_nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_KEY_LENGTH; + + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_CTX_set_group_name(ctx, OBJ_nid2sn(k->ecdsa_nid)) <= 0 + || EVP_PKEY_keygen(ctx, &res) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(res); + return SSH_ERR_LIBCRYPTO_ERROR; + } + /* This function is deprecated in OpenSSL 3.0 but OpenSSH doesn't worry about it*/ + k->ecdsa = EVP_PKEY_get1_EC_KEY(res); + if (k->ecdsa) + EC_KEY_set_asn1_flag(k->ecdsa, OPENSSL_EC_NAMED_CURVE); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(res); + return (k->ecdsa) ? 0 : SSH_ERR_LIBCRYPTO_ERROR; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_ecdsa_generate(struct sshkey *k, int bits) +{ + EC_KEY *private; + + if ((k->ecdsa_nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_KEY_LENGTH; + if ((private = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (EC_KEY_generate_key(private) != 1) { + EC_KEY_free(private); + return SSH_ERR_LIBCRYPTO_ERROR; + } + EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); + k->ecdsa = private; + return 0; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +static int +ssh_ecdsa_copy_public(const struct sshkey *from, struct sshkey *to) +{ + to->ecdsa_nid = from->ecdsa_nid; + if ((to->ecdsa = EC_KEY_new_by_curve_name(from->ecdsa_nid)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (EC_KEY_set_public_key(to->ecdsa, + EC_KEY_get0_public_key(from->ecdsa)) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; /* caller will free k->ecdsa */ + return 0; +} + +static int +ssh_ecdsa_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + char *curve = NULL; + + if ((key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype)) == -1) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_get_cstring(b, &curve, NULL)) != 0) + goto out; + if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + r = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + EC_KEY_free(key->ecdsa); + key->ecdsa = NULL; + if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_eckey(b, key->ecdsa)) != 0) + goto out; + if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)) != 0) { + r = SSH_ERR_KEY_INVALID_EC_VALUE; + goto out; + } + /* success */ + r = 0; +#ifdef DEBUG_PK + sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)); +#endif + out: + free(curve); + if (r != 0) { + EC_KEY_free(key->ecdsa); + key->ecdsa = NULL; + } + return r; +} + +static int +ssh_ecdsa_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *exponent = NULL; + + if (!sshkey_is_cert(key)) { + if ((r = ssh_ecdsa_deserialize_public(ktype, b, key)) != 0) + return r; + } + if ((r = sshbuf_get_bignum2(b, &exponent)) != 0) + goto out; + if (EC_KEY_set_private_key(key->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_private(key->ecdsa)) != 0) + goto out; + /* success */ + r = 0; + out: + BN_clear_free(exponent); + return r; +} + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int +ssh_ecdsa_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t dlen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { EVP_PKEY *pkey = NULL; - ECDSA_SIG *sig = NULL; + ECDSA_SIG *esig = NULL; unsigned char *sigb = NULL; const unsigned char *psig; const BIGNUM *sig_r, *sig_s; @@ -72,18 +286,27 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1) return SSH_ERR_INTERNAL_ERROR; - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) - return SSH_ERR_ALLOC_FAIL; +#ifdef ENABLE_PKCS11 + if (is_ecdsa_pkcs11(key->ecdsa)) { + if ((pkey = EVP_PKEY_new()) == NULL || + EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) + return SSH_ERR_ALLOC_FAIL; + } else { +#endif + if ((ret = ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey)) != 0) + return ret; +#ifdef ENABLE_PKCS11 + } +#endif ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data, - datalen); + dlen); EVP_PKEY_free(pkey); if (ret < 0) { goto out; } psig = sigb; - if ((sig = d2i_ECDSA_SIG(NULL, &psig, len)) == NULL) { + if (d2i_ECDSA_SIG(&esig, &psig, len) == NULL) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -91,7 +314,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, ret = SSH_ERR_ALLOC_FAIL; goto out; } - ECDSA_SIG_get0(sig, &sig_r, &sig_s); + ECDSA_SIG_get0(esig, &sig_r, &sig_s); if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 || (ret = sshbuf_put_bignum2(bb, sig_s)) != 0) goto out; @@ -113,18 +336,86 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, free(sigb); sshbuf_free(b); sshbuf_free(bb); - ECDSA_SIG_free(sig); + ECDSA_SIG_free(esig); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_ecdsa_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t dlen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) +{ + ECDSA_SIG *esig = NULL; + const BIGNUM *sig_r, *sig_s; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t len, hlen; + struct sshbuf *b = NULL, *bb = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; -/* ARGSUSED */ -int + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (hlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, dlen, + digest, sizeof(digest))) != 0) + goto out; + + if ((esig = ECDSA_do_sign(digest, hlen, key->ecdsa)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + ECDSA_SIG_get0(esig, &sig_r, &sig_s); + if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 || + (ret = sshbuf_put_bignum2(bb, sig_s)) != 0) + goto out; + if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || + (ret = sshbuf_put_stringb(b, bb)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + sshbuf_free(b); + sshbuf_free(bb); + ECDSA_SIG_free(esig); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int ssh_ecdsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { EVP_PKEY *pkey = NULL; - ECDSA_SIG *sig = NULL; + ECDSA_SIG *esig = NULL; BIGNUM *sig_r = NULL, *sig_s = NULL; int hash_alg, len; int ret = SSH_ERR_INTERNAL_ERROR; @@ -134,14 +425,14 @@ ssh_ecdsa_verify(const struct sshkey *key, if (key == NULL || key->ecdsa == NULL || sshkey_type_plain(key->type) != KEY_ECDSA || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1) return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || sshbuf_froms(b, &sigbuf) != 0) { @@ -163,18 +454,18 @@ ssh_ecdsa_verify(const struct sshkey *key, ret = SSH_ERR_INVALID_FORMAT; goto out; } - if ((sig = ECDSA_SIG_new()) == NULL) { + if ((esig = ECDSA_SIG_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { + if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } sig_r = sig_s = NULL; /* transferred */ /* Figure out the length */ - if ((len = i2d_ECDSA_SIG(sig, NULL)) == 0) { + if ((len = i2d_ECDSA_SIG(esig, NULL)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -183,7 +474,7 @@ ssh_ecdsa_verify(const struct sshkey *key, goto out; } psig = sigb; - if ((len = i2d_ECDSA_SIG(sig, &psig)) == 0) { + if ((len = i2d_ECDSA_SIG(esig, &psig)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -193,23 +484,275 @@ ssh_ecdsa_verify(const struct sshkey *key, goto out; } - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) { - ret = SSH_ERR_ALLOC_FAIL; + if (ssh_create_evp_ec(key->ecdsa, key->ecdsa_nid, &pkey) != 0) goto out; - } - ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len); + ret = sshkey_verify_signature(pkey, hash_alg, data, dlen, sigb, len); EVP_PKEY_free(pkey); out: free(sigb); sshbuf_free(sigbuf); sshbuf_free(b); - ECDSA_SIG_free(sig); + ECDSA_SIG_free(esig); BN_clear_free(sig_r); BN_clear_free(sig_s); free(ktype); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_ecdsa_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) +{ + ECDSA_SIG *esig = NULL; + BIGNUM *sig_r = NULL, *sig_s = NULL; + int hash_alg; + u_char digest[SSH_DIGEST_MAX_LENGTH]; + size_t hlen; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL, *sigbuf = NULL; + char *ktype = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; + + if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || + (hlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(sig, siglen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_froms(b, &sigbuf) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + + /* parse signature */ + if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 || + sshbuf_get_bignum2(sigbuf, &sig_s) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((esig = ECDSA_SIG_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + sig_r = sig_s = NULL; /* transferred */ + + if (sshbuf_len(sigbuf) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, dlen, + digest, sizeof(digest))) != 0) + goto out; + + switch (ECDSA_do_verify(digest, hlen, esig, key->ecdsa)) { + case 1: + ret = 0; + break; + case 0: + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + default: + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + out: + explicit_bzero(digest, sizeof(digest)); + sshbuf_free(sigbuf); + sshbuf_free(b); + ECDSA_SIG_free(esig); + BN_clear_free(sig_r); + BN_clear_free(sig_s); + free(ktype); + return ret; +} +# endif + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +ssh_create_evp_ec(EC_KEY *k, int ecdsa_nid, EVP_PKEY **pkey) +{ + OSSL_PARAM_BLD *param_bld = NULL; + EVP_PKEY_CTX *ctx = NULL; + BN_CTX *bn_ctx = NULL; + uint8_t *pub_ser = NULL; + const char *group_name; + const EC_POINT *pub = NULL; + const BIGNUM *priv = NULL; + int ret = 0; + + if (k == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL || + (bn_ctx = BN_CTX_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((group_name = OSSL_EC_curve_nid2name(ecdsa_nid)) == NULL || + OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + group_name, + strlen(group_name)) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((pub = EC_KEY_get0_public_key(k)) != NULL) { + const EC_GROUP *group; + size_t len; + + group = EC_KEY_get0_group(k); + len = EC_POINT_point2oct(group, pub, + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); + if ((pub_ser = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + EC_POINT_point2oct(group, + pub, + POINT_CONVERSION_UNCOMPRESSED, + pub_ser, + len, + bn_ctx); + if (OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub_ser, + len) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + } + if ((priv = EC_KEY_get0_private_key(k)) != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + +out: + OSSL_PARAM_BLD_free(param_bld); + EVP_PKEY_CTX_free(ctx); + BN_CTX_free(bn_ctx); + free(pub_ser); + return ret; +} +# endif + +/* NB. not static; used by ECDSA-SK */ +const struct sshkey_impl_funcs sshkey_ecdsa_funcs = { + /* .size = */ ssh_ecdsa_size, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ecdsa_cleanup, + /* .equal = */ ssh_ecdsa_equal, + /* .ssh_serialize_public = */ ssh_ecdsa_serialize_public, + /* .ssh_deserialize_public = */ ssh_ecdsa_deserialize_public, + /* .ssh_serialize_private = */ ssh_ecdsa_serialize_private, + /* .ssh_deserialize_private = */ ssh_ecdsa_deserialize_private, + /* .generate = */ ssh_ecdsa_generate, + /* .copy_public = */ ssh_ecdsa_copy_public, + /* .sign = */ ssh_ecdsa_sign, + /* .verify = */ ssh_ecdsa_verify, +}; + +const struct sshkey_impl sshkey_ecdsa_nistp256_impl = { + /* .name = */ "ecdsa-sha2-nistp256", + /* .shortname = */ "ECDSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA, + /* .nid = */ NID_X9_62_prime256v1, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_nistp256_cert_impl = { + /* .name = */ "ecdsa-sha2-nistp256-cert-v01@openssh.com", + /* .shortname = */ "ECDSA-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_CERT, + /* .nid = */ NID_X9_62_prime256v1, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_nistp384_impl = { + /* .name = */ "ecdsa-sha2-nistp384", + /* .shortname = */ "ECDSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA, + /* .nid = */ NID_secp384r1, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_nistp384_cert_impl = { + /* .name = */ "ecdsa-sha2-nistp384-cert-v01@openssh.com", + /* .shortname = */ "ECDSA-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_CERT, + /* .nid = */ NID_secp384r1, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; + +#ifdef OPENSSL_HAS_NISTP521 +const struct sshkey_impl sshkey_ecdsa_nistp521_impl = { + /* .name = */ "ecdsa-sha2-nistp521", + /* .shortname = */ "ECDSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA, + /* .nid = */ NID_secp521r1, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; + +const struct sshkey_impl sshkey_ecdsa_nistp521_cert_impl = { + /* .name = */ "ecdsa-sha2-nistp521-cert-v01@openssh.com", + /* .shortname = */ "ECDSA-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ECDSA_CERT, + /* .nid = */ NID_secp521r1, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_ecdsa_funcs, +}; +#endif #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ diff --git a/gsi_openssh/source/ssh-ed25519-sk.c b/gsi_openssh/source/ssh-ed25519-sk.c index 4393ca669e..c6bc5e72b1 100644 --- a/gsi_openssh/source/ssh-ed25519-sk.c +++ b/gsi_openssh/source/ssh-ed25519-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519-sk.c,v 1.6 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ssh-ed25519-sk.c,v 1.15 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -35,10 +35,96 @@ #include "ssh.h" #include "digest.h" -int +/* Reuse some ED25519 internals */ +extern struct sshkey_impl_funcs sshkey_ed25519_funcs; + +static void +ssh_ed25519_sk_cleanup(struct sshkey *k) +{ + sshkey_sk_cleanup(k); + sshkey_ed25519_funcs.cleanup(k); +} + +static int +ssh_ed25519_sk_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (!sshkey_sk_fields_equal(a, b)) + return 0; + if (!sshkey_ed25519_funcs.equal(a, b)) + return 0; + return 1; +} + +static int +ssh_ed25519_sk_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ed25519_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_sk_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ed25519_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_private_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_sk_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r; + + if ((r = sshkey_ed25519_funcs.copy_public(from, to)) != 0) + return r; + if ((r = sshkey_copy_public_sk(from, to)) != 0) + return r; + return 0; +} + +static int +ssh_ed25519_sk_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ed25519_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int +ssh_ed25519_sk_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ed25519_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_private_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int ssh_ed25519_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; @@ -63,10 +149,10 @@ ssh_ed25519_sk_verify(const struct sshkey *key, if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519_SK || key->ed25519_pk == NULL || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || sshbuf_get_string_direct(b, &sigblob, &len) != 0 || @@ -97,7 +183,7 @@ ssh_ed25519_sk_verify(const struct sshkey *key, } if (ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application, strlen(key->sk_application), apphash, sizeof(apphash)) != 0 || - ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, + ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen, msghash, sizeof(msghash)) != 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -161,3 +247,42 @@ ssh_ed25519_sk_verify(const struct sshkey *key, free(ktype); return r; } + +static const struct sshkey_impl_funcs sshkey_ed25519_sk_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ed25519_sk_cleanup, + /* .equal = */ ssh_ed25519_sk_equal, + /* .ssh_serialize_public = */ ssh_ed25519_sk_serialize_public, + /* .ssh_deserialize_public = */ ssh_ed25519_sk_deserialize_public, + /* .ssh_serialize_private = */ ssh_ed25519_sk_serialize_private, + /* .ssh_deserialize_private = */ ssh_ed25519_sk_deserialize_private, + /* .generate = */ NULL, + /* .copy_public = */ ssh_ed25519_sk_copy_public, + /* .sign = */ NULL, + /* .verify = */ ssh_ed25519_sk_verify, +}; + +const struct sshkey_impl sshkey_ed25519_sk_impl = { + /* .name = */ "sk-ssh-ed25519@openssh.com", + /* .shortname = */ "ED25519-SK", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519_SK, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_sk_funcs, +}; + +const struct sshkey_impl sshkey_ed25519_sk_cert_impl = { + /* .name = */ "sk-ssh-ed25519-cert-v01@openssh.com", + /* .shortname = */ "ED25519-SK-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519_SK_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_sk_funcs, +}; diff --git a/gsi_openssh/source/ssh-ed25519.c b/gsi_openssh/source/ssh-ed25519.c index cb65661e48..c3e335a354 100644 --- a/gsi_openssh/source/ssh-ed25519.c +++ b/gsi_openssh/source/ssh-ed25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.9 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ssh-ed25519.c,v 1.19 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2013 Markus Friedl * @@ -24,6 +24,7 @@ #include #include +#include #include "fips_mode_replacement.h" @@ -34,9 +35,121 @@ #include "ssherr.h" #include "ssh.h" -int -ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static void +ssh_ed25519_cleanup(struct sshkey *k) +{ + freezero(k->ed25519_pk, ED25519_PK_SZ); + freezero(k->ed25519_sk, ED25519_SK_SZ); + k->ed25519_pk = NULL; + k->ed25519_sk = NULL; +} + +static int +ssh_ed25519_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a->ed25519_pk == NULL || b->ed25519_pk == NULL) + return 0; + if (memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) != 0) + return 0; + return 1; +} + +static int +ssh_ed25519_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->ed25519_pk == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_string(b, key->ed25519_pk, ED25519_PK_SZ)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshbuf_put_string(b, key->ed25519_pk, ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, ED25519_SK_SZ)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_generate(struct sshkey *k, int bits) +{ + if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || + (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) + return SSH_ERR_ALLOC_FAIL; + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + return 0; +} + +static int +ssh_ed25519_copy_public(const struct sshkey *from, struct sshkey *to) +{ + if (from->ed25519_pk == NULL) + return 0; /* XXX SSH_ERR_INTERNAL_ERROR ? */ + if ((to->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(to->ed25519_pk, from->ed25519_pk, ED25519_PK_SZ); + return 0; +} + +static int +ssh_ed25519_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + u_char *pk = NULL; + size_t len = 0; + int r; + + if ((r = sshbuf_get_string(b, &pk, &len)) != 0) + return r; + if (len != ED25519_PK_SZ) { + freezero(pk, len); + return SSH_ERR_INVALID_FORMAT; + } + key->ed25519_pk = pk; + return 0; +} + +static int +ssh_ed25519_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + size_t sklen = 0; + u_char *ed25519_sk = NULL; + + if ((r = ssh_ed25519_deserialize_public(NULL, b, key)) != 0) + goto out; + if ((r = sshbuf_get_string(b, &ed25519_sk, &sklen)) != 0) + goto out; + if (sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->ed25519_sk = ed25519_sk; + ed25519_sk = NULL; /* transferred */ + /* success */ + r = 0; + out: + freezero(ed25519_sk, sklen); + return r; +} + +static int +ssh_ed25519_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { u_char *sig = NULL; size_t slen = 0, len; @@ -89,16 +202,17 @@ ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, r = 0; out: sshbuf_free(b); - if (sig != NULL) + if (sig != NULL) freezero(sig, slen); return r; } -int +static int ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; char *ktype = NULL; @@ -111,15 +225,15 @@ ssh_ed25519_verify(const struct sshkey *key, if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519 || key->ed25519_pk == NULL || - datalen >= INT_MAX - crypto_sign_ed25519_BYTES || - signature == NULL || signaturelen == 0) + dlen >= INT_MAX - crypto_sign_ed25519_BYTES || + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; if (FIPS_mode()) { logit_f("Ed25519 keys are not allowed in FIPS mode"); return SSH_ERR_INVALID_ARGUMENT; } - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) @@ -136,23 +250,23 @@ ssh_ed25519_verify(const struct sshkey *key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if (datalen >= SIZE_MAX - len) { + if (dlen >= SIZE_MAX - len) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } - smlen = len + datalen; + smlen = len + dlen; mlen = smlen; if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(sm, sigblob, len); - memcpy(sm+len, data, datalen); + memcpy(sm+len, data, dlen); if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, key->ed25519_pk)) != 0) { debug2_f("crypto_sign_ed25519_open failed: %d", ret); } - if (ret != 0 || mlen != datalen) { + if (ret != 0 || mlen != dlen) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } @@ -160,11 +274,51 @@ ssh_ed25519_verify(const struct sshkey *key, /* success */ r = 0; out: - if (sm != NULL) + if (sm != NULL) freezero(sm, smlen); - if (m != NULL) + if (m != NULL) freezero(m, smlen); /* NB mlen may be invalid if r != 0 */ sshbuf_free(b); free(ktype); return r; } + +/* NB. not static; used by ED25519-SK */ +const struct sshkey_impl_funcs sshkey_ed25519_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ed25519_cleanup, + /* .equal = */ ssh_ed25519_equal, + /* .ssh_serialize_public = */ ssh_ed25519_serialize_public, + /* .ssh_deserialize_public = */ ssh_ed25519_deserialize_public, + /* .ssh_serialize_private = */ ssh_ed25519_serialize_private, + /* .ssh_deserialize_private = */ ssh_ed25519_deserialize_private, + /* .generate = */ ssh_ed25519_generate, + /* .copy_public = */ ssh_ed25519_copy_public, + /* .sign = */ ssh_ed25519_sign, + /* .verify = */ ssh_ed25519_verify, +}; + +const struct sshkey_impl sshkey_ed25519_impl = { + /* .name = */ "ssh-ed25519", + /* .shortname = */ "ED25519", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_funcs, +}; + +const struct sshkey_impl sshkey_ed25519_cert_impl = { + /* .name = */ "ssh-ed25519-cert-v01@openssh.com", + /* .shortname = */ "ED25519-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_funcs, +}; diff --git a/gsi_openssh/source/ssh-keygen.1 b/gsi_openssh/source/ssh-keygen.1 index 59b7f23a1f..1be0822823 100644 --- a/gsi_openssh/source/ssh-keygen.1 +++ b/gsi_openssh/source/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.220 2022/02/06 00:29:03 jsg Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.228 2023/02/10 06:40:48 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 6 2022 $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -271,9 +271,9 @@ should be placed to be activated. The options are as follows: .Bl -tag -width Ds .It Fl A -For each of the key types (rsa, dsa, ecdsa and ed25519) -for which host keys -do not exist, generate the host keys with the default key file path, +Generate host keys of all default key types (rsa, ecdsa, and +ed25519) if they do not already exist. +The host keys are generated with the default key file path, an empty passphrase, default bits for the key type, and default comment. If .Fl f @@ -396,6 +396,9 @@ Public and private key files will be written to the current directory for each downloaded key. If multiple FIDO authenticators are attached, keys will be downloaded from the first touched authenticator. +See the +.Sx FIDO AUTHENTICATOR +section for more information. .It Fl k Generate a KRL file. In this mode, @@ -487,56 +490,9 @@ listed in the .Sx MODULI GENERATION section may be specified. .Pp -When generating a key that will be hosted on a FIDO authenticator, -this flag may be used to specify key-specific options. -Those supported at present are: -.Bl -tag -width Ds -.It Cm application -Override the default FIDO application/origin string of -.Dq ssh: . -This may be useful when generating host or domain-specific resident keys. -The specified application string must begin with -.Dq ssh: . -.It Cm challenge Ns = Ns Ar path -Specifies a path to a challenge string that will be passed to the -FIDO token during key generation. -The challenge string may be used as part of an out-of-band -protocol for key enrollment -(a random challenge is used by default). -.It Cm device -Explicitly specify a -.Xr fido 4 -device to use, rather than letting the token middleware select one. -.It Cm no-touch-required -Indicate that the generated private key should not require touch -events (user presence) when making signatures. -Note that -.Xr sshd 8 -will refuse such signatures by default, unless overridden via -an authorized_keys option. -.It Cm resident -Indicate that the key should be stored on the FIDO authenticator itself. -Resident keys may be supported on FIDO2 tokens and typically require that -a PIN be set on the token prior to generation. -Resident keys may be loaded off the token using -.Xr ssh-add 1 . -.It Cm user -A username to be associated with a resident key, -overriding the empty default username. -Specifying a username may be useful when generating multiple resident keys -for the same application name. -.It Cm verify-required -Indicate that this private key should require user verification for -each signature. -Not all FIDO tokens support this option. -Currently PIN authentication is the only supported verification method, -but other methods may be supported in the future. -.It Cm write-attestation Ns = Ns Ar path -May be used at key generation time to record the attestation data -returned from FIDO tokens during key generation. -This information is potentially sensitive. -By default, this information is discarded. -.El +When generating FIDO authenticator-backed keys, the options listed in the +.Sx FIDO AUTHENTICATOR +section may be specified. .Pp When performing signature-related options using the .Fl Y @@ -555,8 +511,26 @@ Print the full public key to standard output after signature verification. .It Cm verify-time Ns = Ns Ar timestamp Specifies a time to use when validating signatures instead of the current time. -The time may be specified as a date in YYYYMMDD format or a time -in YYYYMMDDHHMM[SS] format. +The time may be specified as a date or time in the YYYYMMDD[Z] or +in YYYYMMDDHHMM[SS][Z] formats. +Dates and times will be interpreted in the current system time zone unless +suffixed with a Z character, which causes them to be interpreted in the +UTC time zone. +.El +.Pp +When generating SSHFP DNS records from public keys using the +.Fl r +flag, the following options are accepted: +.Bl -tag -width Ds +.It Cm hashalg Ns = Ns Ar algorithm +Selects a hash algorithm to use when printing SSHFP records using the +.Fl D +flag. +Valid algorithms are +.Dq sha1 +and +.Dq sha256 . +The default is to print both. .El .Pp The @@ -627,7 +601,9 @@ and (the default). .It Fl U When used in combination with -.Fl s , +.Fl s +or +.Fl Y Cm sign , this option indicates that a CA key resides in a .Xr ssh-agent 1 . See the @@ -645,31 +621,67 @@ A validity interval may consist of a single time, indicating that the certificate is valid beginning now and expiring at that time, or may consist of two times separated by a colon to indicate an explicit time interval. .Pp -The start time may be specified as the string +The start time may be specified as: +.Bl -bullet -compact +.It +The string .Dq always -to indicate the certificate has no specified start time, -a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, -a relative time (to the current time) consisting of a minus sign followed by -an interval in the format described in the +to indicate the certificate has no specified start time. +.It +A date or time in the system time zone formatted as YYYYMMDD or +YYYYMMDDHHMM[SS]. +.It +A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z. +.It +A relative time before the current system time consisting of a minus sign +followed by an interval in the format described in the TIME FORMATS section of .Xr sshd_config 5 . +.It +A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal +number beginning with +.Dq 0x . +.El .Pp -The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time, -a relative time starting with a plus character or the string +The end time may be specified similarly to the start time: +.Bl -bullet -compact +.It +The string .Dq forever -to indicate that the certificate has no expiry date. +to indicate the certificate has no specified end time. +.It +A date or time in the system time zone formatted as YYYYMMDD or +YYYYMMDDHHMM[SS]. +.It +A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z. +.It +A relative time after the current system time consisting of a plus sign +followed by an interval in the format described in the +TIME FORMATS section of +.Xr sshd_config 5 . +.It +A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal +number beginning with +.Dq 0x . +.El .Pp For example: -.Dq +52w1d -(valid from now to 52 weeks and one day from now), -.Dq -4w:+4w -(valid from four weeks ago to four weeks from now), -.Dq 20100101123000:20110101123000 -(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), -.Dq -1d:20110101 -(valid from yesterday to midnight, January 1st, 2011), -.Dq -1m:forever -(valid from one minute ago and never expiring). +.Bl -tag -width Ds +.It +52w1d +Valid from now to 52 weeks and one day from now. +.It -4w:+4w +Valid from four weeks ago to four weeks from now. +.It 20100101123000:20110101123000 +Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011. +.It 20100101123000Z:20110101123000Z +Similar, but interpreted in the UTC time zone rather than the system time zone. +.It -1d:20110101 +Valid from yesterday to midnight, January 1st, 2011. +.It 0x1:0x2000000000 +Valid from roughly early 1970 to May 2033. +.It -1m:forever +Valid from one minute ago and never expiring. +.El .It Fl v Verbose mode. Causes @@ -1060,6 +1072,76 @@ public key must be trusted by or .Xr ssh 1 . Refer to those manual pages for details. +.Sh FIDO AUTHENTICATOR +.Nm +is able to generate FIDO authenticator-backed keys, after which +they may be used much like any other key type supported by OpenSSH, so +long as the hardware authenticator is attached when the keys are used. +FIDO authenticators generally require the user to explicitly authorise +operations by touching or tapping them. +FIDO keys consist of two parts: a key handle part stored in the +private key file on disk, and a per-device private key that is unique +to each FIDO authenticator and that cannot be exported from the +authenticator hardware. +These are combined by the hardware at authentication time to derive +the real key that is used to sign authentication challenges. +Supported key types are +.Cm ecdsa-sk +and +.Cm ed25519-sk . +.Pp +The options that are valid for FIDO keys are: +.Bl -tag -width Ds +.It Cm application +Override the default FIDO application/origin string of +.Dq ssh: . +This may be useful when generating host or domain-specific resident keys. +The specified application string must begin with +.Dq ssh: . +.It Cm challenge Ns = Ns Ar path +Specifies a path to a challenge string that will be passed to the +FIDO authenticator during key generation. +The challenge string may be used as part of an out-of-band +protocol for key enrollment +(a random challenge is used by default). +.It Cm device +Explicitly specify a +.Xr fido 4 +device to use, rather than letting the authenticator middleware select one. +.It Cm no-touch-required +Indicate that the generated private key should not require touch +events (user presence) when making signatures. +Note that +.Xr sshd 8 +will refuse such signatures by default, unless overridden via +an authorized_keys option. +.It Cm resident +Indicate that the key handle should be stored on the FIDO +authenticator itself. +This makes it easier to use the authenticator on multiple computers. +Resident keys may be supported on FIDO2 authenticators and typically +require that a PIN be set on the authenticator prior to generation. +Resident keys may be loaded off the authenticator using +.Xr ssh-add 1 . +Storing both parts of a key on a FIDO authenticator increases the likelihood +of an attacker being able to use a stolen authenticator device. +.It Cm user +A username to be associated with a resident key, +overriding the empty default username. +Specifying a username may be useful when generating multiple resident keys +for the same application name. +.It Cm verify-required +Indicate that this private key should require user verification for +each signature. +Not all FIDO authenticators support this option. +Currently PIN authentication is the only supported verification method, +but other methods may be supported in the future. +.It Cm write-attestation Ns = Ns Ar path +May be used at key generation time to record the attestation data +returned from FIDO authenticators during key generation. +This information is potentially sensitive. +By default, this information is discarded. +.El .Sh KEY REVOCATION LISTS .Nm is able to manage OpenSSH format Key Revocation Lists (KRLs). @@ -1178,7 +1260,10 @@ signature object and presented on the verification command-line must match the specified list before the key will be considered acceptable. .It Cm valid-after Ns = Ns "timestamp" Indicates that the key is valid for use at or after the specified timestamp, -which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format. +which may be a date or time in the YYYYMMDD[Z] or YYYYMMDDHHMM[SS][Z] formats. +Dates and times will be interpreted in the current system time zone unless +suffixed with a Z character, which causes them to be interpreted in the UTC +time zone. .It Cm valid-before Ns = Ns "timestamp" Indicates that the key is valid for use at or before the specified timestamp. .El diff --git a/gsi_openssh/source/ssh-keygen.c b/gsi_openssh/source/ssh-keygen.c index 84ae8be0d6..78b189fd0a 100644 --- a/gsi_openssh/source/ssh-keygen.c +++ b/gsi_openssh/source/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.466 2023/03/08 00:05:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -20,6 +20,7 @@ #ifdef WITH_OPENSSL #include +#include #include #include "openbsd-compat/openssl-compat.h" #endif @@ -128,6 +129,7 @@ static u_int64_t cert_valid_to = ~0ULL; #define CERTOPT_PTY (1<<3) #define CERTOPT_USER_RC (1<<4) #define CERTOPT_NO_REQUIRE_USER_PRESENCE (1<<5) +#define CERTOPT_REQUIRE_VERIFY (1<<6) #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \ CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC) static u_int32_t certflags_flags = CERTOPT_DEFAULT; @@ -482,6 +484,7 @@ do_convert_private_ssh2(struct sshbuf *b) { struct sshkey *key = NULL; char *type, *cipher; + const char *alg = NULL; u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345"; int r, rlen, ktype; u_int magic, i1, i2, i3, i4; @@ -590,6 +593,7 @@ do_convert_private_ssh2(struct sshbuf *b) if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) fatal_fr(r, "generate RSA parameters"); BN_clear_free(rsa_iqmp); + alg = "rsa-sha2-256"; break; } rlen = sshbuf_len(b); @@ -597,10 +601,13 @@ do_convert_private_ssh2(struct sshbuf *b) error_f("remaining bytes in key blob %d", rlen); /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), - NULL, NULL, NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL) != 0) { + if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data), + alg, NULL, NULL, 0)) != 0) + error_fr(r, "signing with converted key failed"); + else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), + alg, 0, NULL)) != 0) + error_fr(r, "verification with converted key failed"); + if (r != 0) { sshkey_free(key); free(sig); return NULL; @@ -1054,7 +1061,6 @@ do_gen_all_hostkeys(struct passwd *pw) } key_types[] = { #ifdef WITH_OPENSSL { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, - { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, #ifdef OPENSSL_HAS_ECC { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, #endif /* OPENSSL_HAS_ECC */ @@ -1352,7 +1358,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, unlink(tmp); fatal("fdopen: %s", strerror(oerrno)); } - fchmod(fd, sb.st_mode & 0644); + (void)fchmod(fd, sb.st_mode & 0644); inplace = 1; } /* XXX support identity_file == "-" for stdin */ @@ -1494,13 +1500,23 @@ do_change_passphrase(struct passwd *pw) */ static int do_print_resource_record(struct passwd *pw, char *fname, char *hname, - int print_generic) + int print_generic, char * const *opts, size_t nopts) { struct sshkey *public; char *comment = NULL; struct stat st; - int r; + int r, hash = -1; + size_t i; + for (i = 0; i < nopts; i++) { + if (strncasecmp(opts[i], "hashalg=", 8) == 0) { + if ((hash = ssh_digest_alg_by_name(opts[i] + 8)) == -1) + fatal("Unsupported hash algorithm"); + } else { + error("Invalid option \"%s\"", opts[i]); + return SSH_ERR_INVALID_ARGUMENT; + } + } if (fname == NULL) fatal_f("no filename"); if (stat(fname, &st) == -1) { @@ -1510,7 +1526,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, } if ((r = sshkey_load_public(fname, &public, &comment)) != 0) fatal_r(r, "Failed to read v2 public key from \"%s\"", fname); - export_dns_rr(hname, public, stdout, print_generic); + export_dns_rr(hname, public, stdout, print_generic, hash); sshkey_free(public); free(comment); return 1; @@ -1690,6 +1706,8 @@ finalise_cert_exts(void) cert_ext_add("force-command", certflags_command, 1); if (certflags_src_addr != NULL) cert_ext_add("source-address", certflags_src_addr, 1); + if ((certflags_flags & CERTOPT_REQUIRE_VERIFY) != 0) + cert_ext_add("verify-required", NULL, 1); /* extensions */ if ((certflags_flags & CERTOPT_X_FWD) != 0) cert_ext_add("permit-X11-forwarding", NULL, 0); @@ -1929,6 +1947,21 @@ parse_relative_time(const char *s, time_t now) return now + (u_int64_t)(secs * mul); } +static void +parse_hex_u64(const char *s, uint64_t *up) +{ + char *ep; + unsigned long long ull; + + errno = 0; + ull = strtoull(s, &ep, 16); + if (*s == '\0' || *ep != '\0') + fatal("Invalid certificate time: not a number"); + if (errno == ERANGE && ull == ULONG_MAX) + fatal_fr(SSH_ERR_SYSTEM_ERROR, "Invalid certificate time"); + *up = (uint64_t)ull; +} + static void parse_cert_times(char *timespec) { @@ -1951,8 +1984,8 @@ parse_cert_times(char *timespec) /* * from:to, where - * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always" - * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever" + * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "always" + * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 0x... | "forever" */ from = xstrdup(timespec); to = strchr(from, ':'); @@ -1964,6 +1997,8 @@ parse_cert_times(char *timespec) cert_valid_from = parse_relative_time(from, now); else if (strcmp(from, "always") == 0) cert_valid_from = 0; + else if (strncmp(from, "0x", 2) == 0) + parse_hex_u64(from, &cert_valid_from); else if (parse_absolute_time(from, &cert_valid_from) != 0) fatal("Invalid from time \"%s\"", from); @@ -1971,6 +2006,8 @@ parse_cert_times(char *timespec) cert_valid_to = parse_relative_time(to, now); else if (strcmp(to, "forever") == 0) cert_valid_to = ~(u_int64_t)0; + else if (strncmp(to, "0x", 2) == 0) + parse_hex_u64(to, &cert_valid_to); else if (parse_absolute_time(to, &cert_valid_to) != 0) fatal("Invalid to time \"%s\"", to); @@ -2011,6 +2048,10 @@ add_cert_option(char *opt) certflags_flags &= ~CERTOPT_NO_REQUIRE_USER_PRESENCE; else if (strcasecmp(opt, "no-touch-required") == 0) certflags_flags |= CERTOPT_NO_REQUIRE_USER_PRESENCE; + else if (strcasecmp(opt, "no-verify-required") == 0) + certflags_flags &= ~CERTOPT_REQUIRE_VERIFY; + else if (strcasecmp(opt, "verify-required") == 0) + certflags_flags |= CERTOPT_REQUIRE_VERIFY; else if (strncasecmp(opt, "force-command=", 14) == 0) { val = opt + 14; if (*val == '\0') @@ -2069,6 +2110,9 @@ show_options(struct sshbuf *optbuf, int in_critical) fatal_fr(r, "parse critical"); printf(" %s\n", arg); free(arg); + } else if (in_critical && + strcmp(name, "verify-required") == 0) { + printf("\n"); } else if (sshbuf_len(option) > 0) { hex = sshbuf_dtob16(option); printf(" UNKNOWN OPTION: %s (len %zu)\n", @@ -2483,7 +2527,8 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey) char *privpath = xstrdup(keypath); static const char * const suffixes[] = { "-cert.pub", ".pub", NULL }; struct sshkey *ret = NULL, *privkey = NULL; - int r; + int r, waspub = 0; + struct stat st; /* * If passed a public key filename, then try to locate the corresponding @@ -2498,11 +2543,17 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey) privpath[plen - slen] = '\0'; debug_f("%s looks like a public key, using private key " "path %s instead", keypath, privpath); + waspub = 1; } - if ((privkey = load_identity(privpath, NULL)) == NULL) { - error("Couldn't load identity %s", keypath); - goto done; - } + if (waspub && stat(privpath, &st) != 0 && errno == ENOENT) + fatal("No private key found for public key \"%s\"", keypath); + if ((r = sshkey_load_private(privpath, "", &privkey, NULL)) != 0 && + (r != SSH_ERR_KEY_WRONG_PASSPHRASE)) { + debug_fr(r, "load private key \"%s\"", privpath); + fatal("No private key found for \"%s\"", privpath); + } else if (privkey == NULL) + privkey = load_identity(privpath, NULL); + if (!sshkey_equal_public(pubkey, privkey)) { error("Public key %s doesn't match private %s", keypath, privpath); @@ -2668,8 +2719,8 @@ sig_process_opts(char * const *opts, size_t nopts, char **hashalgp, static int -sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv, - char * const *opts, size_t nopts) +sig_sign(const char *keypath, const char *sig_namespace, int require_agent, + int argc, char **argv, char * const *opts, size_t nopts) { int i, fd = -1, r, ret = -1; int agent_fd = -1; @@ -2693,13 +2744,18 @@ sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv, goto done; } - if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { + if (require_agent) + fatal("Couldn't get agent socket"); debug_r(r, "Couldn't get agent socket"); - else { + } else { if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0) signer = agent_signer; - else + else { + if (require_agent) + fatal("Couldn't find key in agent"); debug_r(r, "Couldn't find key in agent"); + } } if (signer == NULL) { @@ -3022,45 +3078,51 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts) generator_wanted, checkpoint, start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); + if (in != stdin) + (void)fclose(in); + free(checkpoint); #else /* WITH_OPENSSL */ fatal("Moduli screening is not supported"); #endif /* WITH_OPENSSL */ - free(checkpoint); - if (in != stdin) - fclose(in); } +/* Read and confirm a passphrase */ static char * -private_key_passphrase(void) +read_check_passphrase(const char *prompt1, const char *prompt2, + const char *retry_prompt) { char *passphrase1, *passphrase2; - /* Ask for a passphrase (twice). */ - if (identity_passphrase) - passphrase1 = xstrdup(identity_passphrase); - else if (identity_new_passphrase) - passphrase1 = xstrdup(identity_new_passphrase); - else { -passphrase_again: - passphrase1 = - read_passphrase("Enter passphrase (empty for no " - "passphrase): ", RP_ALLOW_STDIN); - passphrase2 = read_passphrase("Enter same passphrase again: ", - RP_ALLOW_STDIN); - if (strcmp(passphrase1, passphrase2) != 0) { - /* - * The passphrases do not match. Clear them and - * retry. - */ - freezero(passphrase1, strlen(passphrase1)); + for (;;) { + passphrase1 = read_passphrase(prompt1, RP_ALLOW_STDIN); + passphrase2 = read_passphrase(prompt2, RP_ALLOW_STDIN); + if (strcmp(passphrase1, passphrase2) == 0) { freezero(passphrase2, strlen(passphrase2)); - printf("Passphrases do not match. Try again.\n"); - goto passphrase_again; + return passphrase1; } - /* Clear the other copy of the passphrase. */ + /* The passphrases do not match. Clear them and retry. */ + freezero(passphrase1, strlen(passphrase1)); freezero(passphrase2, strlen(passphrase2)); + fputs(retry_prompt, stdout); + fputc('\n', stdout); + fflush(stdout); } - return passphrase1; + /* NOTREACHED */ + return NULL; +} + +static char * +private_key_passphrase(void) +{ + if (identity_passphrase) + return xstrdup(identity_passphrase); + if (identity_new_passphrase) + return xstrdup(identity_new_passphrase); + + return read_check_passphrase( + "Enter passphrase (empty for no passphrase): ", + "Enter same passphrase again: ", + "Passphrases do not match. Try again."); } static char * @@ -3211,6 +3273,23 @@ save_attestation(struct sshbuf *attest, const char *path) "%s\n", path); } +static int +confirm_sk_overwrite(const char *application, const char *user) +{ + char yesno[3]; + + printf("A resident key scoped to '%s' with user id '%s' already " + "exists.\n", application == NULL ? "ssh:" : application, + user == NULL ? "null" : user); + printf("Overwrite key in token (y/n)? "); + fflush(stdout); + if (fgets(yesno, sizeof(yesno), stdin) == NULL) + return 0; + if (yesno[0] != 'y' && yesno[0] != 'Y') + return 0; + return 1; +} + static void usage(void) { @@ -3266,7 +3345,7 @@ usage(void) int main(int argc, char **argv) { - char comment[1024], *passphrase; + char comment[1024], *passphrase = NULL; char *rr_hostname = NULL, *ep, *fp, *ra; struct sshkey *private, *public; struct passwd *pw; @@ -3503,7 +3582,6 @@ main(int argc, char **argv) else fatal("Unsupported moduli option %s", optarg); break; - case '?': default: usage(); } @@ -3561,7 +3639,7 @@ main(int argc, char **argv) exit(1); } return sig_sign(identity_file, cert_principals, - argc, argv, opts, nopts); + prefer_agent, argc, argv, opts, nopts); } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { /* NB. cert_principals is actually namespace, via -n */ if (cert_principals == NULL || @@ -3685,7 +3763,7 @@ main(int argc, char **argv) if (have_identity) { n = do_print_resource_record(pw, identity_file, - rr_hostname, print_generic); + rr_hostname, print_generic, opts, nopts); if (n == 0) fatal("%s: %s", identity_file, strerror(errno)); exit(0); @@ -3693,19 +3771,19 @@ main(int argc, char **argv) n += do_print_resource_record(pw, _PATH_HOST_RSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ED25519_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_XMSS_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); if (n == 0) fatal("no keys found."); exit(0); @@ -3777,20 +3855,16 @@ main(int argc, char **argv) "FIDO authenticator enrollment", opts[i]); } } - if (!quiet) { - printf("You may need to touch your authenticator " - "to authorize key generation.\n"); - } if ((attest = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); - if ((sk_flags & - (SSH_SK_USER_VERIFICATION_REQD|SSH_SK_RESIDENT_KEY))) { - passphrase = read_passphrase("Enter PIN for " - "authenticator: ", RP_ALLOW_STDIN); - } else { - passphrase = NULL; - } - for (i = 0 ; ; i++) { + r = 0; + for (i = 0 ;;) { + if (!quiet) { + printf("You may need to touch your " + "authenticator%s to authorize key " + "generation.\n", + r == 0 ? "" : " again"); + } fflush(stdout); r = sshsk_enroll(type, sk_provider, sk_device, sk_application == NULL ? "ssh:" : sk_application, @@ -3798,6 +3872,13 @@ main(int argc, char **argv) &private, attest); if (r == 0) break; + if (r == SSH_ERR_KEY_BAD_PERMISSIONS && + (sk_flags & SSH_SK_RESIDENT_KEY) != 0 && + (sk_flags & SSH_SK_FORCE_OPERATION) == 0 && + confirm_sk_overwrite(sk_application, sk_user)) { + sk_flags |= SSH_SK_FORCE_OPERATION; + continue; + } if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal_r(r, "Key enrollment failed"); else if (passphrase != NULL) { @@ -3805,15 +3886,10 @@ main(int argc, char **argv) freezero(passphrase, strlen(passphrase)); passphrase = NULL; } - if (i >= 3) + if (++i >= 3) fatal("Too many incorrect PINs"); passphrase = read_passphrase("Enter PIN for " "authenticator: ", RP_ALLOW_STDIN); - if (!quiet) { - printf("You may need to touch your " - "authenticator (again) to authorize " - "key generation.\n"); - } } if (passphrase != NULL) { freezero(passphrase, strlen(passphrase)); diff --git a/gsi_openssh/source/ssh-keyscan.1 b/gsi_openssh/source/ssh-keyscan.1 index f9df75d42f..aa6d34f63d 100644 --- a/gsi_openssh/source/ssh-keyscan.1 +++ b/gsi_openssh/source/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.45 2019/11/30 07:07:59 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.49 2023/02/10 06:41:53 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: November 30 2019 $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -16,6 +16,7 @@ .Nm ssh-keyscan .Op Fl 46cDHv .Op Fl f Ar file +.Op Fl O Ar option .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type @@ -44,6 +45,11 @@ For scanning, one does not need login access to the machines that are being scanned, nor does the scanning process involve any encryption. .Pp +Hosts to be scanned may be specified by hostname, address or by CIDR +network range (e.g. 192.168.16/28). +If a network range is specified, then all addresses in that range will +be scanned. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 4 @@ -73,9 +79,16 @@ If is supplied instead of a filename, .Nm will read from the standard input. -Input is expected in the format: +Names read from a file must start with an address, hostname or CIDR network +range to be scanned. +Addresses and hostnames may optionally be followed by comma-separated name +or address aliases that will be copied to the output. +For example: .Bd -literal -1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +192.168.11.0/24 +10.20.1.1 +happy.example.org +10.0.0.1,sad.example.org .Ed .It Fl H Hash all hostnames and addresses in the output. @@ -85,6 +98,20 @@ and .Xr sshd 8 , but they do not reveal identifying information should the file's contents be disclosed. +.It Fl O Ar option +Specify a key/value option. +At present, only a single option is supported: +.Bl -tag -width Ds +.It Cm hashalg Ns = Ns Ar algorithm +Selects a hash algorithm to use when printing SSHFP records using the +.Fl D +flag. +Valid algorithms are +.Dq sha1 +and +.Dq sha256 . +The default is to print both. +.El .It Fl p Ar port Connect to .Ar port @@ -103,14 +130,18 @@ The possible values are .Dq dsa , .Dq ecdsa , .Dq ed25519 , +.Dq ecdsa-sk , +.Dq ed25519-sk , or .Dq rsa . Multiple values may be specified by separating them with commas. The default is to fetch .Dq rsa , .Dq ecdsa , +.Dq ed25519 , +.Dq ecdsa-sk , and -.Dq ed25519 +.Dq ed25519-sk keys. .It Fl v Verbose mode: @@ -134,6 +165,10 @@ Print the RSA host key for machine .Pp .Dl $ ssh-keyscan -t rsa hostname .Pp +Search a network range, printing all supported key types: +.Pp +.Dl $ ssh-keyscan 192.168.0.64/25 +.Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file diff --git a/gsi_openssh/source/ssh-keyscan.c b/gsi_openssh/source/ssh-keyscan.c index ddb3584b83..245c73d1c7 100644 --- a/gsi_openssh/source/ssh-keyscan.c +++ b/gsi_openssh/source/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.145 2022/01/21 00:53:40 deraadt Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.151 2023/02/10 06:41:53 jmc Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -40,6 +40,7 @@ #include "sshbuf.h" #include "sshkey.h" #include "cipher.h" +#include "digest.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -52,6 +53,7 @@ #include "ssherr.h" #include "ssh_api.h" #include "dns.h" +#include "addr.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -79,6 +81,8 @@ int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ int found_one = 0; /* Successfully found a key */ +int hashalg = -1; /* Hash for SSHFP records or -1 for all */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -313,7 +317,7 @@ keyprint_one(const char *host, struct sshkey *key) found_one = 1; if (print_sshfp) { - export_dns_rr(host, key, stdout, 0); + export_dns_rr(host, key, stdout, 0, hashalg); return; } @@ -384,7 +388,7 @@ tcpconnect(char *host) } static int -conalloc(char *iname, char *oname, int keytype) +conalloc(const char *iname, const char *oname, int keytype) { char *namebase, *name, *namelist; int s; @@ -490,6 +494,15 @@ congreet(int s) return; } + /* + * Read the server banner as per RFC4253 section 4.2. The "SSH-" + * protocol identification string may be preceeded by an arbitrarily + * large banner which we must read and ignore. Loop while reading + * newline-terminated lines until we have one starting with "SSH-". + * The ID string cannot be longer than 255 characters although the + * preceeding banner lines may (in which case they'll be discarded + * in multiple iterations of the outer loop). + */ for (;;) { memset(buf, '\0', sizeof(buf)); bufsiz = sizeof(buf); @@ -517,6 +530,11 @@ congreet(int s) conrecycle(s); return; } + if (cp >= buf + sizeof(buf)) { + error("%s: greeting exceeds allowable length", c->c_name); + confree(s); + return; + } if (*cp != '\n' && *cp != '\r') { error("%s: bad greeting", c->c_name); confree(s); @@ -615,7 +633,7 @@ conloop(void) } static void -do_host(char *host) +do_one_host(char *host) { char *name = strnnsep(&host, " \t\n"); int j; @@ -631,6 +649,42 @@ do_host(char *host) } } +static void +do_host(char *host) +{ + char daddr[128]; + struct xaddr addr, end_addr; + u_int masklen; + + if (host == NULL) + return; + if (addr_pton_cidr(host, &addr, &masklen) != 0) { + /* Assume argument is a hostname */ + do_one_host(host); + } else { + /* Argument is a CIDR range */ + debug("CIDR range %s", host); + end_addr = addr; + if (addr_host_to_all1s(&end_addr, masklen) != 0) + goto badaddr; + /* + * Note: we deliberately include the all-zero/ones addresses. + */ + for (;;) { + if (addr_ntop(&addr, daddr, sizeof(daddr)) != 0) { + badaddr: + error("Invalid address %s", host); + return; + } + debug("CIDR expand: address %s", daddr); + do_one_host(daddr); + if (addr_cmp(&addr, &end_addr) == 0) + break; + addr_increment(&addr); + }; + } +} + void sshfatal(const char *file, const char *func, int line, int showfunc, LogLevel level, const char *suffix, const char *fmt, ...) @@ -647,9 +701,8 @@ static void usage(void) { fprintf(stderr, - "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist]\n", - __progname); + "usage: ssh-keyscan [-46cDHv] [-f file] [-O option] [-p port] [-T timeout]\n" + " [-t type] [host | addrlist namelist]\n"); exit(1); } @@ -675,7 +728,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -715,6 +768,14 @@ main(int argc, char **argv) optarg = NULL; argv[fopt_count++] = optarg; break; + case 'O': + /* Maybe other misc options in the future too */ + if (strncmp(optarg, "hashalg=", 8) != 0) + fatal("Unsupported -O option"); + if ((hashalg = ssh_digest_alg_by_name( + optarg + 8)) == -1) + fatal("Unsupported hash algorithm"); + break; case 't': get_keytypes = 0; tname = strtok(optarg, ","); @@ -756,7 +817,6 @@ main(int argc, char **argv) case '6': IPv4or6 = AF_INET6; break; - case '?': default: usage(); } diff --git a/gsi_openssh/source/ssh-keysign.c b/gsi_openssh/source/ssh-keysign.c index c52321e220..b989f5e941 100644 --- a/gsi_openssh/source/ssh-keysign.c +++ b/gsi_openssh/source/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.70 2022/01/06 22:00:18 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.71 2022/08/01 11:09:26 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -155,9 +155,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, char **pkalgp, debug3_f("fail %d", fail); - if (fail) - sshkey_free(key); - else { + if (!fail) { if (ret != NULL) { *ret = key; key = NULL; diff --git a/gsi_openssh/source/ssh-pkcs11-client.c b/gsi_openssh/source/ssh-pkcs11-client.c index 9e4f02b479..8a345f0c80 100644 --- a/gsi_openssh/source/ssh-pkcs11-client.c +++ b/gsi_openssh/source/ssh-pkcs11-client.c @@ -225,8 +225,50 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, static RSA_METHOD *helper_rsa; #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) static EC_KEY_METHOD *helper_ecdsa; + +int +is_ecdsa_pkcs11(EC_KEY *ecdsa) +{ + const EC_KEY_METHOD *meth; + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) = NULL; + + meth = EC_KEY_get_method(ecdsa); + EC_KEY_METHOD_get_sign(meth, NULL, NULL, &sign_sig); + if (sign_sig == ecdsa_do_sign) + return 1; + return 0; +} #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +static int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); + +static int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +{ + return meth->rsa_priv_enc; +} +#endif + +int +is_rsa_pkcs11(RSA *rsa) +{ + const RSA_METHOD *meth; + int (*priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) = NULL; + + meth = RSA_get_method(rsa); + priv_enc = RSA_meth_get_priv_enc(meth); + if (priv_enc == rsa_encrypt) + return 1; + return 0; +} + /* redirect private key crypto operations to the ssh-pkcs11-helper */ static void wrap_key(struct sshkey *k) diff --git a/gsi_openssh/source/ssh-pkcs11-helper.8 b/gsi_openssh/source/ssh-pkcs11-helper.8 index 6a592b1f36..5edc98507e 100644 --- a/gsi_openssh/source/ssh-pkcs11-helper.8 +++ b/gsi_openssh/source/ssh-pkcs11-helper.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.6 2019/11/30 07:07:59 jmc Exp $ +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.7 2022/04/29 03:24:30 djm Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 30 2019 $ +.Dd $Mdocdate: April 29 2022 $ .Dt SSH-PKCS11-HELPER 8 .Os .Sh NAME @@ -26,12 +26,14 @@ .Sh DESCRIPTION .Nm is used by -.Xr ssh-agent 1 +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 to access keys provided by a PKCS#11 token. .Pp .Nm -is not intended to be invoked by the user, but from -.Xr ssh-agent 1 . +is not intended to be invoked directly by the user. .Pp A single option is supported: .Bl -tag -width Ds @@ -47,17 +49,20 @@ options increase the verbosity. The maximum is 3. .Pp Note that -.Xr ssh-agent 1 +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 will automatically pass the .Fl v flag to .Nm -when it has itself been placed in debug mode. +when they have themselves been placed in debug mode. .El .Sh SEE ALSO .Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 .Sh HISTORY .Nm first appeared in diff --git a/gsi_openssh/source/ssh-pkcs11.c b/gsi_openssh/source/ssh-pkcs11.c index 720ae2aac3..28ec707903 100644 --- a/gsi_openssh/source/ssh-pkcs11.c +++ b/gsi_openssh/source/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.55 2021/11/18 21:11:01 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.56 2023/03/08 05:33:53 tb Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -673,7 +673,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, BIGNUM *r = NULL, *s = NULL; if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) { - ossl_error("EC_KEY_get_key_method_data failed for ec"); + ossl_error("EC_KEY_get_ex_data failed for ec"); return (NULL); } @@ -695,7 +695,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, goto done; } if (siglen < 64 || siglen > 132 || siglen % 2) { - ossl_error("d2i_ECDSA_SIG failed"); + error_f("bad signature length: %lu", (u_long)siglen); goto done; } bnlen = siglen/2; @@ -705,7 +705,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, } if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { - ossl_error("d2i_ECDSA_SIG failed"); + ossl_error("BN_bin2bn failed"); ECDSA_SIG_free(ret); ret = NULL; goto done; @@ -776,8 +776,24 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, return (0); } + +int +is_ecdsa_pkcs11(EC_KEY *ecdsa) +{ + if (EC_KEY_get_ex_data(ecdsa, ec_key_idx) != NULL) + return 1; + return 0; +} #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ +int +is_rsa_pkcs11(RSA *rsa) +{ + if (RSA_get_ex_data(rsa, rsa_idx) != NULL) + return 1; + return 0; +} + /* remove trailing spaces */ static void rmspace(u_char *buf, size_t len) @@ -1744,10 +1760,8 @@ pkcs11_initialize_provider(struct pkcs11_uri *uri, struct pkcs11_provider **prov error("dlopen %s failed: %s", provider_module, dlerror()); goto fail; } - if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { - error("dlsym(C_GetFunctionList) failed: %s", dlerror()); - goto fail; - } + if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) + fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); p->module->handle = handle; /* setup the pkcs11 callbacks */ diff --git a/gsi_openssh/source/ssh-pkcs11.h b/gsi_openssh/source/ssh-pkcs11.h index feaf74defb..baa401b22a 100644 --- a/gsi_openssh/source/ssh-pkcs11.h +++ b/gsi_openssh/source/ssh-pkcs11.h @@ -39,6 +39,11 @@ struct sshkey * u_int32_t *); #endif +#ifdef HAVE_EC_KEY_METHOD_NEW +int is_ecdsa_pkcs11(EC_KEY *ecdsa); +#endif +int is_rsa_pkcs11(RSA *rsa); + #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) #undef ENABLE_PKCS11 #endif diff --git a/gsi_openssh/source/ssh-rsa.c b/gsi_openssh/source/ssh-rsa.c index 8de563fca0..acb6392a4a 100644 --- a/gsi_openssh/source/ssh-rsa.c +++ b/gsi_openssh/source/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.67 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.79 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -23,12 +23,18 @@ #include #include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif +#include + +#include "fips_mode_replacement.h" #include #include #include "sshbuf.h" -#include "compat.h" #include "ssherr.h" #define SSHKEY_INTERNAL #include "sshkey.h" @@ -37,7 +43,295 @@ #include "openbsd-compat/openssl-compat.h" +# if OPENSSL_VERSION_NUMBER >= 0x30000000L static int openssh_RSA_verify(int, const u_char *, size_t, u_char *, size_t, EVP_PKEY *); +# else +static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); +# endif + +static u_int +ssh_rsa_size(const struct sshkey *key) +{ + const BIGNUM *rsa_n; + + if (key->rsa == NULL) + return 0; + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); + return BN_num_bits(rsa_n); +} + +static int +ssh_rsa_alloc(struct sshkey *k) +{ + if ((k->rsa = RSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +static void +ssh_rsa_cleanup(struct sshkey *k) +{ + RSA_free(k->rsa); + k->rsa = NULL; +} + +static int +ssh_rsa_equal(const struct sshkey *a, const struct sshkey *b) +{ + const BIGNUM *rsa_e_a, *rsa_n_a; + const BIGNUM *rsa_e_b, *rsa_n_b; + + if (a->rsa == NULL || b->rsa == NULL) + return 0; + RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); + RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); + if (rsa_e_a == NULL || rsa_e_b == NULL) + return 0; + if (rsa_n_a == NULL || rsa_n_b == NULL) + return 0; + if (BN_cmp(rsa_e_a, rsa_e_b) != 0) + return 0; + if (BN_cmp(rsa_n_a, rsa_n_b) != 0) + return 0; + return 1; +} + +static int +ssh_rsa_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *rsa_n, *rsa_e; + + if (key->rsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); + if ((r = sshbuf_put_bignum2(b, rsa_e)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_n)) != 0) + return r; + + return 0; +} + +static int +ssh_rsa_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; + + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); + + if (!sshkey_is_cert(key)) { + /* Note: can't reuse ssh_rsa_serialize_public: e, n vs. n, e */ + if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_e)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, rsa_d)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_q)) != 0) + return r; + + return 0; +} + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int +ssh_rsa_generate(struct sshkey *k, int bits) +{ + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *res = NULL; + BIGNUM *f4 = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_KEY_LENGTH; + + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL + || (f4 = BN_new()) == NULL || !BN_set_word(f4, RSA_F4)) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (EVP_PKEY_keygen_init(ctx) <= 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0) { + ret = SSH_ERR_KEY_LENGTH; + goto out; + } + + if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, f4) <= 0) + goto out; + + if (EVP_PKEY_keygen(ctx, &res) <= 0) { + if (FIPS_mode()) + logit_f("the key length might be unsupported by FIPS mode approved key generation method"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + /* This function is deprecated in OpenSSL 3.0 but OpenSSH doesn't worry about it*/ + k->rsa = EVP_PKEY_get1_RSA(res); + if (k->rsa) { + ret = 0; + } else { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + out: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(res); + BN_free(f4); + return ret; +} +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_rsa_generate(struct sshkey *k, int bits) +{ + RSA *private = NULL; + BIGNUM *f4 = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_KEY_LENGTH; + if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!BN_set_word(f4, RSA_F4) || + !RSA_generate_key_ex(private, bits, f4, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + k->rsa = private; + private = NULL; + ret = 0; + out: + RSA_free(private); + BN_free(f4); + return ret; +} +# endif + +static int +ssh_rsa_copy_public(const struct sshkey *from, struct sshkey *to) +{ + const BIGNUM *rsa_n, *rsa_e; + BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + RSA_get0_key(from->rsa, &rsa_n, &rsa_e, NULL); + if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || + (rsa_e_dup = BN_dup(rsa_e)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!RSA_set0_key(to->rsa, rsa_n_dup, rsa_e_dup, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n_dup = rsa_e_dup = NULL; /* transferred */ + /* success */ + r = 0; + out: + BN_clear_free(rsa_n_dup); + BN_clear_free(rsa_e_dup); + return r; +} + +static int +ssh_rsa_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + BIGNUM *rsa_n = NULL, *rsa_e = NULL; + + if (sshbuf_get_bignum2(b, &rsa_e) != 0 || + sshbuf_get_bignum2(b, &rsa_n) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n = rsa_e = NULL; /* transferred */ + if ((ret = sshkey_check_rsa_length(key, 0)) != 0) + goto out; +#ifdef DEBUG_PK + RSA_print_fp(stderr, key->rsa, 8); +#endif + /* success */ + ret = 0; + out: + BN_clear_free(rsa_n); + BN_clear_free(rsa_e); + return ret; +} + +static int +ssh_rsa_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; + BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; + + /* Note: can't reuse ssh_rsa_deserialize_public: e, n vs. n, e */ + if (!sshkey_is_cert(key)) { + if ((r = sshbuf_get_bignum2(b, &rsa_n)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_e)) != 0) + goto out; + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n = rsa_e = NULL; /* transferred */ + } + if ((r = sshbuf_get_bignum2(b, &rsa_d)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_iqmp)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_p)) != 0 || + (r = sshbuf_get_bignum2(b, &rsa_q)) != 0) + goto out; + if (!RSA_set0_key(key->rsa, NULL, NULL, rsa_d)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_d = NULL; /* transferred */ + if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_p = rsa_q = NULL; /* transferred */ + if ((r = sshkey_check_rsa_length(key, 0)) != 0) + goto out; + if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) + goto out; + if (RSA_blinding_on(key->rsa, NULL) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + /* success */ + r = 0; + out: + BN_clear_free(rsa_n); + BN_clear_free(rsa_e); + BN_clear_free(rsa_d); + BN_clear_free(rsa_p); + BN_clear_free(rsa_q); + BN_clear_free(rsa_iqmp); + return r; +} static const char * rsa_hash_alg_ident(int hash_alg) @@ -53,16 +347,6 @@ rsa_hash_alg_ident(int hash_alg) return NULL; } -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -static int RSA_bits(const RSA *r); - -static int -RSA_bits(const RSA *r) -{ - return BN_num_bits(r->n); -} -#endif - /* * Returns the hash algorithm ID for a given algorithm identifier as used * inside the signature blob, @@ -100,6 +384,23 @@ rsa_hash_id_from_keyname(const char *alg) return -1; } +# if OPENSSL_VERSION_NUMBER < 0x30000000L +static int +rsa_hash_alg_nid(int type) +{ + switch (type) { + case SSH_DIGEST_SHA1: + return NID_sha1; + case SSH_DIGEST_SHA256: + return NID_sha256; + case SSH_DIGEST_SHA512: + return NID_sha512; + default: + return -1; + } +} +# endif + int ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) { @@ -154,10 +455,13 @@ ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) return r; } +# if OPENSSL_VERSION_NUMBER >= 0x30000000L /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ -int -ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, const char *alg_ident) +static int +ssh_rsa_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { EVP_PKEY *pkey = NULL; u_char *sig = NULL; @@ -170,10 +474,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (sigp != NULL) *sigp = NULL; - if (alg_ident == NULL || strlen(alg_ident) == 0) + if (alg == NULL || strlen(alg) == 0) hash_alg = SSH_DIGEST_SHA1; else - hash_alg = rsa_hash_id_from_keyname(alg_ident); + hash_alg = rsa_hash_id_from_keyname(alg); if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA) @@ -182,9 +486,18 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) return SSH_ERR_KEY_LENGTH; - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) - return SSH_ERR_ALLOC_FAIL; +#ifdef ENABLE_PKCS11 + if (is_rsa_pkcs11(key->rsa)) { + if ((pkey = EVP_PKEY_new()) == NULL || + EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) + return SSH_ERR_ALLOC_FAIL; + } else { +#endif + if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0) + return ret; +#ifdef ENABLE_PKCS11 + } +#endif ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data, datalen); EVP_PKEY_free(pkey); @@ -225,11 +538,99 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, sshbuf_free(b); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ +static int +ssh_rsa_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) +{ + const BIGNUM *rsa_n; + u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; + size_t slen = 0; + u_int hlen, len; + int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; -int + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (alg == NULL || strlen(alg) == 0) + hash_alg = SSH_DIGEST_SHA1; + else + hash_alg = rsa_hash_id_from_keyname(alg); + if (key == NULL || key->rsa == NULL || hash_alg == -1 || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + slen = RSA_size(key->rsa); + if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) + return SSH_ERR_INVALID_ARGUMENT; + + /* hash the data */ + nid = rsa_hash_alg_nid(hash_alg); + if ((hlen = ssh_digest_bytes(hash_alg)) == 0) + return SSH_ERR_INTERNAL_ERROR; + if ((ret = ssh_digest_memory(hash_alg, data, datalen, + digest, sizeof(digest))) != 0) + goto out; + + if ((sig = malloc(slen)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (RSA_sign(nid, digest, hlen, sig, &len, key->rsa) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (len < slen) { + size_t diff = slen - len; + memmove(sig + diff, sig, len); + explicit_bzero(sig, diff); + } else if (len > slen) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, rsa_hash_alg_ident(hash_alg))) != 0 || + (ret = sshbuf_put_string(b, sig, slen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + ret = 0; + out: + explicit_bzero(digest, sizeof(digest)); + freezero(sig, slen); + sshbuf_free(b); + return ret; +} +# endif + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +static int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen, - const char *alg) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { EVP_PKEY *pkey = NULL; char *sigtype = NULL; @@ -264,7 +665,8 @@ ssh_rsa_verify(const struct sshkey *key, ret = SSH_ERR_INVALID_ARGUMENT; goto out; } - if (hash_alg != want_alg) { + if (hash_alg != want_alg && want_alg != SSH_DIGEST_SHA1) { + debug_f("Unexpected digest algorithm: got %d, wanted %d", hash_alg, want_alg); ret = SSH_ERR_SIGNATURE_INVALID; goto out; } @@ -295,12 +697,10 @@ ssh_rsa_verify(const struct sshkey *key, len = modlen; } - if ((pkey = EVP_PKEY_new()) == NULL || - EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) { - ret = SSH_ERR_ALLOC_FAIL; + if ((ret = ssh_create_evp_rsa(key, &pkey)) != 0) goto out; - } - ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey); + + ret = openssh_RSA_verify(hash_alg, data, dlen, sigblob, len, pkey); EVP_PKEY_free(pkey); out: @@ -310,17 +710,179 @@ ssh_rsa_verify(const struct sshkey *key, explicit_bzero(digest, sizeof(digest)); return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +ssh_rsa_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) +{ + const BIGNUM *rsa_n; + char *sigtype = NULL; + int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; + size_t len = 0, diff, modlen, hlen; + struct sshbuf *b = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + + if ((b = sshbuf_from(sig, siglen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + /* + * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for + * legacy reasons, but otherwise the signature type should match. + */ + if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { + if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (hash_alg != want_alg) { + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + } + if (sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + /* RSA_verify expects a signature of RSA_size */ + modlen = RSA_size(key->rsa); + if (len > modlen) { + ret = SSH_ERR_KEY_BITS_MISMATCH; + goto out; + } else if (len < modlen) { + diff = modlen - len; + osigblob = sigblob; + if ((sigblob = realloc(sigblob, modlen)) == NULL) { + sigblob = osigblob; /* put it back for clear/free */ + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + memmove(sigblob + diff, sigblob, len); + explicit_bzero(sigblob, diff); + len = modlen; + } + if ((hlen = ssh_digest_bytes(hash_alg)) == 0) { + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((ret = ssh_digest_memory(hash_alg, data, dlen, + digest, sizeof(digest))) != 0) + goto out; + + ret = openssh_RSA_verify(hash_alg, digest, hlen, sigblob, len, + key->rsa); + out: + freezero(sigblob, len); + free(sigtype); + sshbuf_free(b); + explicit_bzero(digest, sizeof(digest)); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER < 0x30000000L +/* + * See: + * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ + * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn + */ + +/* + * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + * oiw(14) secsig(3) algorithms(2) 26 } + */ +static const u_char id_sha1[] = { + 0x30, 0x21, /* type Sequence, length 0x21 (33) */ + 0x30, 0x09, /* type Sequence, length 0x09 */ + 0x06, 0x05, /* type OID, length 0x05 */ + 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ + 0x05, 0x00, /* NULL */ + 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ +}; + +/* + * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) + * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) + * id-sha256(1) } + */ +static const u_char id_sha256[] = { + 0x30, 0x31, /* type Sequence, length 0x31 (49) */ + 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ + 0x06, 0x09, /* type OID, length 0x09 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */ + 0x05, 0x00, /* NULL */ + 0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */ +}; + +/* + * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) + * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) + * id-sha256(3) } + */ +static const u_char id_sha512[] = { + 0x30, 0x51, /* type Sequence, length 0x51 (81) */ + 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ + 0x06, 0x09, /* type OID, length 0x09 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */ + 0x05, 0x00, /* NULL */ + 0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */ +}; +static int +rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) +{ + switch (hash_alg) { + case SSH_DIGEST_SHA1: + *oidp = id_sha1; + *oidlenp = sizeof(id_sha1); + break; + case SSH_DIGEST_SHA256: + *oidp = id_sha256; + *oidlenp = sizeof(id_sha256); + break; + case SSH_DIGEST_SHA512: + *oidp = id_sha512; + *oidlenp = sizeof(id_sha512); + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} +# endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L static int openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen, u_char *sigbuf, size_t siglen, EVP_PKEY *pkey) { size_t rsasize = 0; - const RSA *rsa; int ret; - rsa = EVP_PKEY_get0_RSA(pkey); - rsasize = RSA_size(rsa); + rsasize = EVP_PKEY_get_size(pkey); if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || siglen == 0 || siglen > rsasize) { ret = SSH_ERR_INVALID_ARGUMENT; @@ -333,4 +895,228 @@ openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen, done: return ret; } +# else +/* Original function in OpenSSH Portable 9.3p1 */ +static int +openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, + u_char *sigbuf, size_t siglen, RSA *rsa) +{ + size_t rsasize = 0, oidlen = 0, hlen = 0; + int ret, len, oidmatch, hashmatch; + const u_char *oid = NULL; + u_char *decrypted = NULL; + + if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) + return ret; + ret = SSH_ERR_INTERNAL_ERROR; + hlen = ssh_digest_bytes(hash_alg); + if (hashlen != hlen) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + rsasize = RSA_size(rsa); + if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || + siglen == 0 || siglen > rsasize) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } + if ((decrypted = malloc(rsasize)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, + RSA_PKCS1_PADDING)) < 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto done; + } + if (len < 0 || (size_t)len != hlen + oidlen) { + ret = SSH_ERR_INVALID_FORMAT; + goto done; + } + oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; + hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; + if (!oidmatch || !hashmatch) { + ret = SSH_ERR_SIGNATURE_INVALID; + goto done; + } + ret = 0; +done: + freezero(decrypted, rsasize); + return ret; +} +# endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +int +ssh_create_evp_rsa(const struct sshkey *k, EVP_PKEY **pkey) +{ + OSSL_PARAM_BLD *param_bld = NULL; + EVP_PKEY_CTX *ctx = NULL; + int ret = 0; + const BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL; + const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + + if (k == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL || + (param_bld = OSSL_PARAM_BLD_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + + RSA_get0_key(k->rsa, &n, &e, &d); + RSA_get0_factors(k->rsa, &p, &q); + RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp); + + if (n != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (e != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (d != NULL && + OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, d) != 1) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + if ((*pkey = sshkey_create_evp(param_bld, ctx)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + /* setting this to param_build makes the creation process fail */ + if (p != NULL && + EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, p) != 1) { + debug2_f("failed to add 'p' param"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (q != NULL && + EVP_PKEY_set_bn_param(*pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, q) != 1) { + debug2_f("failed to add 'q' param"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (dmp1 != NULL && + EVP_PKEY_set_bn_param(*pkey, + OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) != 1) { + debug2_f("failed to add 'dmp1' param"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (dmq1 != NULL && + EVP_PKEY_set_bn_param(*pkey, + OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) != 1) { + debug2_f("failed to add 'dmq1' param"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (iqmp != NULL && + EVP_PKEY_set_bn_param(*pkey, + OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp) != 1) { + debug2_f("failed to add 'iqmp' param"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + +out: + OSSL_PARAM_BLD_free(param_bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} +# endif + +static const struct sshkey_impl_funcs sshkey_rsa_funcs = { + /* .size = */ ssh_rsa_size, + /* .alloc = */ ssh_rsa_alloc, + /* .cleanup = */ ssh_rsa_cleanup, + /* .equal = */ ssh_rsa_equal, + /* .ssh_serialize_public = */ ssh_rsa_serialize_public, + /* .ssh_deserialize_public = */ ssh_rsa_deserialize_public, + /* .ssh_serialize_private = */ ssh_rsa_serialize_private, + /* .ssh_deserialize_private = */ ssh_rsa_deserialize_private, + /* .generate = */ ssh_rsa_generate, + /* .copy_public = */ ssh_rsa_copy_public, + /* .sign = */ ssh_rsa_sign, + /* .verify = */ ssh_rsa_verify, +}; + +const struct sshkey_impl sshkey_rsa_impl = { + /* .name = */ "ssh-rsa", + /* .shortname = */ "RSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_RSA, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; + +const struct sshkey_impl sshkey_rsa_cert_impl = { + /* .name = */ "ssh-rsa-cert-v01@openssh.com", + /* .shortname = */ "RSA-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_RSA_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; + +/* SHA2 signature algorithms */ + +const struct sshkey_impl sshkey_rsa_sha256_impl = { + /* .name = */ "rsa-sha2-256", + /* .shortname = */ "RSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_RSA, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 1, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; + +const struct sshkey_impl sshkey_rsa_sha512_impl = { + /* .name = */ "rsa-sha2-512", + /* .shortname = */ "RSA", + /* .sigalg = */ NULL, + /* .type = */ KEY_RSA, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 1, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; + +const struct sshkey_impl sshkey_rsa_sha256_cert_impl = { + /* .name = */ "rsa-sha2-256-cert-v01@openssh.com", + /* .shortname = */ "RSA-CERT", + /* .sigalg = */ "rsa-sha2-256", + /* .type = */ KEY_RSA_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 1, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; + +const struct sshkey_impl sshkey_rsa_sha512_cert_impl = { + /* .name = */ "rsa-sha2-512-cert-v01@openssh.com", + /* .shortname = */ "RSA-CERT", + /* .sigalg = */ "rsa-sha2-512", + /* .type = */ KEY_RSA_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 1, + /* .keybits = */ 0, + /* .funcs = */ &sshkey_rsa_funcs, +}; #endif /* WITH_OPENSSL */ diff --git a/gsi_openssh/source/ssh-sk-helper.8 b/gsi_openssh/source/ssh-sk-helper.8 index 3c53da1ec7..e9b2ae12b1 100644 --- a/gsi_openssh/source/ssh-sk-helper.8 +++ b/gsi_openssh/source/ssh-sk-helper.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $ +.\" $OpenBSD: ssh-sk-helper.8,v 1.4 2022/04/29 03:24:30 djm Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 21 2019 $ +.Dd $Mdocdate: April 29 2022 $ .Dt SSH-SK-HELPER 8 .Os .Sh NAME @@ -26,12 +26,14 @@ .Sh DESCRIPTION .Nm is used by -.Xr ssh-agent 1 +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 to access keys provided by a FIDO authenticator. .Pp .Nm -is not intended to be invoked by the user, but from -.Xr ssh-agent 1 . +is not intended to be invoked directly by the user. .Pp A single option is supported: .Bl -tag -width Ds @@ -47,17 +49,20 @@ options increase the verbosity. The maximum is 3. .Pp Note that -.Xr ssh-agent 1 +.Xr ssh 1 , +.Xr ssh-agent 1 , +and +.Xr ssh-keygen 1 will automatically pass the .Fl v flag to .Nm -when it has itself been placed in debug mode. +when they have themselves been placed in debug mode. .El .Sh SEE ALSO .Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 .Sh HISTORY .Nm first appeared in diff --git a/gsi_openssh/source/ssh-sk-helper.c b/gsi_openssh/source/ssh-sk-helper.c index b1d22631f2..9857b632bf 100644 --- a/gsi_openssh/source/ssh-sk-helper.c +++ b/gsi_openssh/source/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.12 2021/10/28 02:54:18 djm Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.14 2022/12/04 11:03:11 dtucker Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -43,7 +43,6 @@ #include "sshbuf.h" #include "msg.h" #include "uidswap.h" -#include "sshkey.h" #include "ssherr.h" #include "ssh-sk.h" @@ -265,6 +264,7 @@ process_load_resident(struct sshbuf *req) sshsk_free_resident_keys(srks, nsrks); sshbuf_free(kbuf); free(provider); + free(device); if (pin != NULL) freezero(pin, strlen(pin)); return resp; diff --git a/gsi_openssh/source/ssh-sk.c b/gsi_openssh/source/ssh-sk.c index a1ff5cc485..fbeb393209 100644 --- a/gsi_openssh/source/ssh-sk.c +++ b/gsi_openssh/source/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.38 2022/01/14 03:35:10 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.39 2022/07/20 03:29:14 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -127,10 +127,11 @@ sshsk_open(const char *path) ret->sk_enroll = ssh_sk_enroll; ret->sk_sign = ssh_sk_sign; ret->sk_load_resident_keys = ssh_sk_load_resident_keys; + return ret; #else error("internal security key support not enabled"); + goto fail; #endif - return ret; } if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { error("Provider \"%s\" dlopen failed: %s", path, dlerror()); @@ -353,6 +354,8 @@ skerr_to_ssherr(int skerr) return SSH_ERR_KEY_WRONG_PASSPHRASE; case SSH_SK_ERR_DEVICE_NOT_FOUND: return SSH_ERR_DEVICE_NOT_FOUND; + case SSH_SK_ERR_CREDENTIAL_EXISTS: + return SSH_ERR_KEY_BAD_PERMISSIONS; case SSH_SK_ERR_GENERAL: default: return SSH_ERR_INVALID_FORMAT; diff --git a/gsi_openssh/source/ssh-xmss.c b/gsi_openssh/source/ssh-xmss.c index 7bd3a96a3b..b3aec0f72d 100644 --- a/gsi_openssh/source/ssh-xmss.c +++ b/gsi_openssh/source/ssh-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-xmss.c,v 1.4 2020/10/19 22:49:23 dtucker Exp $*/ +/* $OpenBSD: ssh-xmss.c,v 1.14 2022/10/28 00:44:44 djm Exp $*/ /* * Copyright (c) 2017 Stefan-Lukas Gazdag. * Copyright (c) 2017 Markus Friedl. @@ -22,8 +22,10 @@ #include #include +#include #include #include +#include #include #include "log.h" @@ -35,9 +37,169 @@ #include "xmss_fast.h" -int -ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static void +ssh_xmss_cleanup(struct sshkey *k) +{ + freezero(k->xmss_pk, sshkey_xmss_pklen(k)); + freezero(k->xmss_sk, sshkey_xmss_sklen(k)); + sshkey_xmss_free_state(k); + free(k->xmss_name); + free(k->xmss_filename); + k->xmss_pk = NULL; + k->xmss_sk = NULL; + k->xmss_name = NULL; + k->xmss_filename = NULL; +} + +static int +ssh_xmss_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a->xmss_pk == NULL || b->xmss_pk == NULL) + return 0; + if (sshkey_xmss_pklen(a) != sshkey_xmss_pklen(b)) + return 0; + if (memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) != 0) + return 0; + return 1; +} + +static int +ssh_xmss_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->xmss_name == NULL || key->xmss_pk == NULL || + sshkey_xmss_pklen(key) == 0) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) + return r; + + return 0; +} + +static int +ssh_xmss_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->xmss_name == NULL) + return SSH_ERR_INVALID_ARGUMENT; + /* Note: can't reuse ssh_xmss_serialize_public because of sk order */ + if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshbuf_put_string(b, key->xmss_sk, + sshkey_xmss_sklen(key))) != 0 || + (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) + return r; + + return 0; +} + +static int +ssh_xmss_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r = SSH_ERR_INTERNAL_ERROR; + u_int32_t left; + size_t pklen; + + if ((r = sshkey_xmss_init(to, from->xmss_name)) != 0) + return r; + if (from->xmss_pk == NULL) + return 0; /* XXX SSH_ERR_INTERNAL_ERROR ? */ + + if ((pklen = sshkey_xmss_pklen(from)) == 0 || + sshkey_xmss_pklen(to) != pklen) + return SSH_ERR_INTERNAL_ERROR; + if ((to->xmss_pk = malloc(pklen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(to->xmss_pk, from->xmss_pk, pklen); + /* simulate number of signatures left on pubkey */ + left = sshkey_xmss_signatures_left(from); + if (left) + sshkey_xmss_enable_maxsign(to, left); + return 0; +} + +static int +ssh_xmss_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + size_t len = 0; + char *xmss_name = NULL; + u_char *pk = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) + goto out; + if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) + goto out; + if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) + goto out; + if (len == 0 || len != sshkey_xmss_pklen(key)) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->xmss_pk = pk; + pk = NULL; + if (!sshkey_is_cert(key) && + (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) + goto out; + /* success */ + ret = 0; + out: + free(xmss_name); + freezero(pk, len); + return ret; +} + +static int +ssh_xmss_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + char *xmss_name = NULL; + size_t pklen = 0, sklen = 0; + u_char *xmss_pk = NULL, *xmss_sk = NULL; + + /* Note: can't reuse ssh_xmss_deserialize_public because of sk order */ + if ((r = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0 || + (r = sshbuf_get_string(b, &xmss_pk, &pklen)) != 0 || + (r = sshbuf_get_string(b, &xmss_sk, &sklen)) != 0) + goto out; + if (!sshkey_is_cert(key) && + (r = sshkey_xmss_init(key, xmss_name)) != 0) + goto out; + if (pklen != sshkey_xmss_pklen(key) || + sklen != sshkey_xmss_sklen(key)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->xmss_pk = xmss_pk; + key->xmss_sk = xmss_sk; + xmss_pk = xmss_sk = NULL; + /* optional internal state */ + if ((r = sshkey_xmss_deserialize_state_opt(key, b)) != 0) + goto out; + /* success */ + r = 0; + out: + free(xmss_name); + freezero(xmss_pk, pklen); + freezero(xmss_sk, sklen); + return r; +} + +static int +ssh_xmss_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { u_char *sig = NULL; size_t slen = 0, len = 0, required_siglen; @@ -109,10 +271,11 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, return r; } -int +static int ssh_xmss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; char *ktype = NULL; @@ -126,14 +289,14 @@ ssh_xmss_verify(const struct sshkey *key, sshkey_type_plain(key->type) != KEY_XMSS || key->xmss_pk == NULL || sshkey_xmss_params(key) == NULL || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; if ((r = sshkey_xmss_siglen(key, &required_siglen)) != 0) return r; - if (datalen >= INT_MAX - required_siglen) + if (dlen >= INT_MAX - required_siglen) return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) @@ -150,23 +313,23 @@ ssh_xmss_verify(const struct sshkey *key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if (datalen >= SIZE_MAX - len) { + if (dlen >= SIZE_MAX - len) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } - smlen = len + datalen; + smlen = len + dlen; mlen = smlen; if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(sm, sigblob, len); - memcpy(sm+len, data, datalen); + memcpy(sm+len, data, dlen); if ((ret = xmss_sign_open(m, &mlen, sm, smlen, key->xmss_pk, sshkey_xmss_params(key))) != 0) { debug2_f("xmss_sign_open failed: %d", ret); } - if (ret != 0 || mlen != datalen) { + if (ret != 0 || mlen != dlen) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } @@ -182,4 +345,43 @@ ssh_xmss_verify(const struct sshkey *key, free(ktype); return r; } + +static const struct sshkey_impl_funcs sshkey_xmss_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_xmss_cleanup, + /* .equal = */ ssh_xmss_equal, + /* .ssh_serialize_public = */ ssh_xmss_serialize_public, + /* .ssh_deserialize_public = */ ssh_xmss_deserialize_public, + /* .ssh_serialize_private = */ ssh_xmss_serialize_private, + /* .ssh_deserialize_private = */ ssh_xmss_deserialize_private, + /* .generate = */ sshkey_xmss_generate_private_key, + /* .copy_public = */ ssh_xmss_copy_public, + /* .sign = */ ssh_xmss_sign, + /* .verify = */ ssh_xmss_verify, +}; + +const struct sshkey_impl sshkey_xmss_impl = { + /* .name = */ "ssh-xmss@openssh.com", + /* .shortname = */ "XMSS", + /* .sigalg = */ NULL, + /* .type = */ KEY_XMSS, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_xmss_funcs, +}; + +const struct sshkey_impl sshkey_xmss_cert_impl = { + /* .name = */ "ssh-xmss-cert-v01@openssh.com", + /* .shortname = */ "XMSS-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_XMSS_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_xmss_funcs, +}; #endif /* WITH_XMSS */ diff --git a/gsi_openssh/source/ssh.1 b/gsi_openssh/source/ssh.1 index 100765a8a6..0edc06c93f 100644 --- a/gsi_openssh/source/ssh.1 +++ b/gsi_openssh/source/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.430 2022/03/31 17:27:27 naddy Exp $ -.Dd $Mdocdate: March 31 2022 $ +.\" $OpenBSD: ssh.1,v 1.433 2022/11/28 01:37:36 djm Exp $ +.Dd $Mdocdate: November 28 2022 $ .Dt SSH 1 .Os .Sh NAME @@ -159,7 +159,8 @@ slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the configuration files; see the .Cm Compression -option. +option in +.Xr ssh_config 5 . .Pp .It Fl c Ar cipher_spec Selects the cipher specification for encrypting the session. @@ -434,7 +435,9 @@ A comma-separated list of MAC (message authentication code) algorithms, specified in order of preference. See the .Cm MACs -keyword for more information. +keyword in +.Xr ssh_config 5 +for more information. .Pp .It Fl N Do not execute a remote command. @@ -521,6 +524,7 @@ For full details of the options listed below, and their possible values, see .It ControlPersist .It DynamicForward .It EnableSSHKeysign +.It EnableEscapeCommandline .It EscapeChar .It ExitOnForwardFailure .It FingerprintHash diff --git a/gsi_openssh/source/ssh.c b/gsi_openssh/source/ssh.c index 855cf72796..bcf37dba2a 100644 --- a/gsi_openssh/source/ssh.c +++ b/gsi_openssh/source/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.574 2022/03/30 04:33:09 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -77,6 +77,7 @@ #include #include #endif +#include #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" #include "fips_mode_replacement.h" @@ -252,6 +253,7 @@ static struct addrinfo * resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strport[NI_MAXSERV]; + const char *errstr = NULL; struct addrinfo hints, *res; int gaierr; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; @@ -277,7 +279,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) return NULL; } if (cname != NULL && res->ai_canonname != NULL) { - if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + if (!valid_domain(res->ai_canonname, 0, &errstr)) { + error("ignoring bad CNAME \"%s\" for host \"%s\": %s", + res->ai_canonname, name, errstr); + } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) { error_f("host \"%s\" cname \"%s\" too long (max %lu)", name, res->ai_canonname, (u_long)clen); if (clen > 0) @@ -661,7 +666,7 @@ main(int ac, char **av) struct ssh *ssh = NULL; int i, r, opt, exit_status, use_syslog, direct, timeout_ms; int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0; - char *p, *cp, *line, *argv0, *logfile, *host_arg; + char *p, *cp, *line, *argv0, *logfile; char cname[NI_MAXHOST], thishost[NI_MAXHOST]; struct stat st; struct passwd *pw; @@ -712,7 +717,7 @@ main(int ac, char **av) * writable only by the owner, which is ok for all files for which we * don't set the modes explicitly. */ - umask(022); + umask(022 | umask(077)); msetlocale(); @@ -825,6 +830,7 @@ main(int ac, char **av) else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "key-sig") == 0 || + strcasecmp(optarg, "CASignatureAlgorithms") == 0 || strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */ strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 || strcasecmp(optarg, "HostKeyAlgorithms") == 0 || @@ -925,8 +931,7 @@ main(int ac, char **av) case 'V': fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION); - if (opt == 'V') - exit(0); + exit(0); break; case 'w': if (options.tun_open == -1) @@ -1152,7 +1157,7 @@ main(int ac, char **av) if (!host) usage(); - host_arg = xstrdup(host); + options.host_arg = xstrdup(host); /* Initialize the command to execute on remote host. */ if ((command = sshbuf_new()) == NULL) @@ -1179,6 +1184,8 @@ main(int ac, char **av) } } + ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + /* * Initialize "log" output. Since we are the client all output * goes to stderr unless otherwise specified by -y or -E. @@ -1198,7 +1205,7 @@ main(int ac, char **av) logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION); /* Parse the configuration files */ - process_config_files(host_arg, pw, 0, &want_final_pass); + process_config_files(options.host_arg, pw, 0, &want_final_pass); if (want_final_pass) debug("configuration requests final Match pass"); @@ -1267,7 +1274,7 @@ main(int ac, char **av) debug("re-parsing configuration"); free(options.hostname); options.hostname = xstrdup(host); - process_config_files(host_arg, pw, 1, NULL); + process_config_files(options.host_arg, pw, 1, NULL); /* * Address resolution happens early with canonicalisation * enabled and the port number may have changed since, so @@ -1424,10 +1431,10 @@ main(int ac, char **av) xasprintf(&cinfo->uidstr, "%llu", (unsigned long long)pw->pw_uid); cinfo->keyalias = xstrdup(options.host_key_alias ? - options.host_key_alias : host_arg); + options.host_key_alias : options.host_arg); cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host, cinfo->portstr, options.user); - cinfo->host_arg = xstrdup(host_arg); + cinfo->host_arg = xstrdup(options.host_arg); cinfo->remhost = xstrdup(host); cinfo->remuser = xstrdup(options.user); cinfo->homedir = xstrdup(pw->pw_dir); @@ -1608,8 +1615,8 @@ main(int ac, char **av) timeout_ms = options.connection_timeout * 1000; /* Open a connection to the remote host. */ - if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port, - options.connection_attempts, + if (ssh_connect(ssh, host, options.host_arg, addrs, &hostaddr, + options.port, options.connection_attempts, &timeout_ms, options.tcp_keep_alive) != 0) exit(255); @@ -1630,9 +1637,11 @@ main(int ac, char **av) sensitive_data.nkeys = 0; sensitive_data.keys = NULL; if (options.hostbased_authentication) { + int loaded = 0; + sensitive_data.nkeys = 10; sensitive_data.keys = xcalloc(sensitive_data.nkeys, - sizeof(struct sshkey)); + sizeof(*sensitive_data.keys)); /* XXX check errors? */ #define L_PUBKEY(p,o) do { \ @@ -1640,18 +1649,22 @@ main(int ac, char **av) fatal_f("pubkey out of array bounds"); \ check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ &(sensitive_data.keys[o]), p, "pubkey"); \ - if (sensitive_data.keys[o] != NULL) \ + if (sensitive_data.keys[o] != NULL) { \ debug2("hostbased key %d: %s key from \"%s\"", o, \ sshkey_ssh_name(sensitive_data.keys[o]), p); \ + loaded++; \ + } \ } while (0) #define L_CERT(p,o) do { \ if ((o) >= sensitive_data.nkeys) \ fatal_f("cert out of array bounds"); \ check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), \ &(sensitive_data.keys[o]), p, "cert"); \ - if (sensitive_data.keys[o] != NULL) \ + if (sensitive_data.keys[o] != NULL) { \ debug2("hostbased key %d: %s cert from \"%s\"", o, \ sshkey_ssh_name(sensitive_data.keys[o]), p); \ + loaded++; \ + } \ } while (0) if (options.hostbased_authentication == 1) { @@ -1665,6 +1678,9 @@ main(int ac, char **av) L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); + if (loaded == 0) + debug("HostbasedAuthentication enabled but no " + "local public host keys could be loaded."); } } @@ -1716,7 +1732,6 @@ main(int ac, char **av) options.num_system_hostfiles); tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); - ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ ssh_signal(SIGCHLD, main_sigchld_handler); /* Log into the remote system. Never returns if the login fails. */ @@ -1900,7 +1915,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) } static void -client_cleanup_stdio_fwd(struct ssh *ssh, int id, void *arg) +client_cleanup_stdio_fwd(struct ssh *ssh, int id, int force, void *arg) { debug("stdio forwarding: done"); cleanup_exit(0); @@ -2086,7 +2101,7 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) char *proto = NULL, *data = NULL; if (!success) - return; /* No need for error message, channels code sens one */ + return; /* No need for error message, channels code sends one */ display = getenv("DISPLAY"); if (display == NULL && options.forward_x11) diff --git a/gsi_openssh/source/ssh_config.5 b/gsi_openssh/source/ssh_config.5 index 54c413f3cf..22dc97185a 100644 --- a/gsi_openssh/source/ssh_config.5 +++ b/gsi_openssh/source/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $ -.Dd $Mdocdate: March 31 2022 $ +.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $ +.Dd $Mdocdate: March 10 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -62,7 +62,7 @@ system-wide configuration file .Pq Pa /etc/ssh/ssh_config .El .Pp -For each parameter, the first obtained value +Unless noted otherwise, for each parameter, the first obtained value will be used. The configuration files contain sections separated by .Cm Host @@ -643,6 +643,12 @@ will act as a SOCKS server. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.It Cm EnableEscapeCommandline +Enables the command line option in the +.Cm EscapeChar +menu for interactive sessions (default +.Ql ~C ) . +By default, the command line is disabled. .It Cm EnableSSHKeysign Setting this option to .Cm yes @@ -987,6 +993,17 @@ to prefer their algorithms. .Pp The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . +.Pp +The proposed +.Cm HostKeyAlgorithms +during KEX are limited to the set of algorithms that is defined in +.Cm PubkeyAcceptedAlgorithms +and therefore they are indirectly affected by system-wide +.Xr crypto_policies 7 . +.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so +would break the order given by the +.Pa known_hosts +file. .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -1061,6 +1078,10 @@ section. .It Cm IdentityFile Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. +You can also specify a public key file to use the corresponding +private key that is loaded in +.Xr ssh-agent 1 +when the private key file is not present locally. The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , @@ -1562,6 +1583,9 @@ built-in openssh default set. .Pp The list of available signature algorithms may also be obtained using .Qq ssh -Q PubkeyAcceptedAlgorithms . +.Pp +This option affects also +.Cm HostKeyAlgorithms .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be @@ -1577,9 +1601,9 @@ extension required for restricted .Xr ssh-agent 1 forwarding. .It Cm RekeyLimit -Specifies the maximum amount of data that may be transmitted before the -session key is renegotiated, optionally followed by a maximum amount of -time that may pass before the session key is renegotiated. +Specifies the maximum amount of data that may be transmitted or received +before the session key is renegotiated, optionally followed by a maximum +amount of time that may pass before the session key is renegotiated. The first argument is specified in bytes and may have a suffix of .Sq K , .Sq M , @@ -2000,6 +2024,11 @@ the tokens described in the section and environment variables as described in the .Sx ENVIRONMENT VARIABLES section. +A value of +.Cm none +causes +.Xr ssh 1 +to ignore any user-specific known hosts files. The default is .Pa ~/.ssh/known_hosts , .Pa ~/.ssh/known_hosts2 . @@ -2179,7 +2208,9 @@ accepts the tokens %% and %h. accepts all tokens. .Pp .Cm ProxyCommand -accepts the tokens %%, %h, %n, %p, and %r. +and +.Cm ProxyJump +accept the tokens %%, %h, %n, %p, and %r. .Sh ENVIRONMENT VARIABLES Arguments to some keywords can be expanded at runtime from environment variables on the client by enclosing them in diff --git a/gsi_openssh/source/sshbuf-getput-basic.c b/gsi_openssh/source/sshbuf-getput-basic.c index 9803fb5ed9..5c71b0e535 100644 --- a/gsi_openssh/source/sshbuf-getput-basic.c +++ b/gsi_openssh/source/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.11 2020/06/05 03:25:35 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.13 2022/05/25 06:03:44 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * diff --git a/gsi_openssh/source/sshbuf-getput-crypto.c b/gsi_openssh/source/sshbuf-getput-crypto.c index 2e61d3bcd8..56ffdd8615 100644 --- a/gsi_openssh/source/sshbuf-getput-crypto.c +++ b/gsi_openssh/source/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.8 2019/11/15 06:00:20 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * diff --git a/gsi_openssh/source/sshbuf.c b/gsi_openssh/source/sshbuf.c index 368ba7980b..d7f4e4ab65 100644 --- a/gsi_openssh/source/sshbuf.c +++ b/gsi_openssh/source/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.19 2022/12/02 04:40:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -15,7 +15,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define SSHBUF_INTERNAL #include "includes.h" #include @@ -25,9 +24,33 @@ #include #include "ssherr.h" +#define SSHBUF_INTERNAL #include "sshbuf.h" #include "misc.h" +#ifdef SSHBUF_DEBUG +# define SSHBUF_TELL(what) do { \ + printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ + __FILE__, __LINE__, __func__, what, \ + buf->size, buf->alloc, buf->off, buf->max_size); \ + fflush(stdout); \ + } while (0) +#else +# define SSHBUF_TELL(what) +#endif + +struct sshbuf { + u_char *d; /* Data */ + const u_char *cd; /* Const data */ + size_t off; /* First available byte is buf->d + buf->off */ + size_t size; /* Last byte is buf->d + buf->size - 1 */ + size_t max_size; /* Maximum size of buffer */ + size_t alloc; /* Total bytes allocated to buf->d */ + int readonly; /* Refers to external, const data */ + u_int refcount; /* Tracks self and number of child buffers */ + struct sshbuf *parent; /* If child, pointer to parent */ +}; + static inline int sshbuf_check_sanity(const struct sshbuf *buf) { @@ -109,6 +132,8 @@ sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent) if ((r = sshbuf_check_sanity(child)) != 0 || (r = sshbuf_check_sanity(parent)) != 0) return r; + if (child->parent != NULL && child->parent != parent) + return SSH_ERR_INTERNAL_ERROR; child->parent = parent; child->parent->refcount++; return 0; @@ -177,7 +202,8 @@ sshbuf_reset(struct sshbuf *buf) buf->off = buf->size; return; } - (void) sshbuf_check_sanity(buf); + if (sshbuf_check_sanity(buf) != 0) + return; buf->off = buf->size = 0; if (buf->alloc != SSHBUF_SIZE_INIT) { if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT, @@ -186,7 +212,7 @@ sshbuf_reset(struct sshbuf *buf) buf->alloc = SSHBUF_SIZE_INIT; } } - explicit_bzero(buf->d, SSHBUF_SIZE_INIT); + explicit_bzero(buf->d, buf->alloc); } size_t diff --git a/gsi_openssh/source/sshbuf.h b/gsi_openssh/source/sshbuf.h index d0ad00f8da..8fd8c9ace6 100644 --- a/gsi_openssh/source/sshbuf.h +++ b/gsi_openssh/source/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.25 2022/01/22 00:43:43 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -33,22 +33,7 @@ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ -/* - * NB. do not depend on the internals of this. It will be made opaque - * one day. - */ -struct sshbuf { - u_char *d; /* Data */ - const u_char *cd; /* Const data */ - size_t off; /* First available byte is buf->d + buf->off */ - size_t size; /* Last byte is buf->d + buf->size - 1 */ - size_t max_size; /* Maximum size of buffer */ - size_t alloc; /* Total bytes allocated to buf->d */ - int readonly; /* Refers to external, const data */ - int dont_free; /* Kludge to support sshbuf_init */ - u_int refcount; /* Tracks self and number of child buffers */ - struct sshbuf *parent; /* If child, pointer to parent */ -}; +struct sshbuf; /* * Create a new sshbuf buffer. @@ -394,12 +379,6 @@ u_int sshbuf_refcount(const struct sshbuf *buf); # endif # ifdef SSHBUF_DEBUG -# define SSHBUF_TELL(what) do { \ - printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ - __FILE__, __LINE__, __func__, what, \ - buf->size, buf->alloc, buf->off, buf->max_size); \ - fflush(stdout); \ - } while (0) # define SSHBUF_DBG(x) do { \ printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ printf x; \ @@ -407,7 +386,6 @@ u_int sshbuf_refcount(const struct sshbuf *buf); fflush(stdout); \ } while (0) # else -# define SSHBUF_TELL(what) # define SSHBUF_DBG(x) # endif #endif /* SSHBUF_INTERNAL */ diff --git a/gsi_openssh/source/sshconnect.c b/gsi_openssh/source/sshconnect.c index f952048633..717e0fb04e 100644 --- a/gsi_openssh/source/sshconnect.c +++ b/gsi_openssh/source/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.356 2021/12/19 22:10:24 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,7 +54,6 @@ #include "ssh.h" #include "sshbuf.h" #include "packet.h" -#include "compat.h" #include "sshkey.h" #include "sshconnect.h" #include "log.h" @@ -388,7 +387,7 @@ ssh_create_socket(struct addrinfo *ai) error("socket: %s", strerror(errno)); return -1; } - fcntl(sock, F_SETFD, FD_CLOEXEC); + (void)fcntl(sock, F_SETFD, FD_CLOEXEC); if (options.tcp_rcv_buf > 0) ssh_set_socket_recvbuf(sock); @@ -843,7 +842,7 @@ other_hostkeys_message(const char *host, const char *ip, system_hostfiles, num_system_hostfiles, &othernames, &num_othernames); if (num_othernames == 0) - return xstrdup("This key is not known by any other names"); + return xstrdup("This key is not known by any other names."); xasprintf(&ret, "This host key is known by the following other " "names/addresses:"); @@ -962,7 +961,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -987,6 +986,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, return 0; } + /* + * Don't ever try to write an invalid name to a known hosts file. + * Note: do this before get_hostfile_hostname_ipaddr() to catch + * '[' or ']' in the name before they are added. + */ + if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + /* * Prepare the hostname and address strings used for hostkey lookup. * In some cases, these will have a port number appended. @@ -1292,8 +1302,11 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, } /* The host key has changed. */ warn_changed_key(host_key); - error("Add correct host key in %.100s to get rid of this message.", - user_hostfiles[0]); + if (num_user_hostfiles > 0 || num_system_hostfiles > 0) { + error("Add correct host key in %.100s to get rid " + "of this message.", num_user_hostfiles > 0 ? + user_hostfiles[0] : system_hostfiles[0]); + } error("Offending %s key in %s:%lu", sshkey_type(host_found->key), host_found->file, host_found->line); @@ -1361,7 +1374,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, if (options.exit_on_forward_failure && cancelled_forwarding) fatal("Error: forwarding disabled due to host key " "check failure"); - + /* * XXX Should permit the user to change to use the new id. * This could be done by converting the host key to an diff --git a/gsi_openssh/source/sshconnect2.c b/gsi_openssh/source/sshconnect2.c index fa30b95991..6a3a13a1d6 100644 --- a/gsi_openssh/source/sshconnect2.c +++ b/gsi_openssh/source/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.356 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.366 2023/03/09 07:11:05 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -45,6 +45,7 @@ #include #endif +#include #include "fips_mode_replacement.h" #include "openbsd-compat/sys-queue.h" @@ -58,7 +59,6 @@ #include "cipher.h" #include "sshkey.h" #include "kex.h" -#include "myproposal.h" #include "sshconnect.h" #include "authfile.h" #include "dh.h" @@ -77,6 +77,7 @@ #include "utf8.h" #include "ssh-sk.h" #include "sk-api.h" +#include "myproposal.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -230,10 +231,8 @@ void ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, const struct ssh_conn_info *cinfo) { - char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s, *all_key; - char *hostkeyalgs = NULL, *pkalg = NULL; - char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; + char *myproposal[PROPOSAL_MAX]; + char *s, *all_key, *hkalgs = NULL, *filtered_algs = NULL; int r, use_known_hosts_order = 0; #if defined(GSSAPI) && defined(WITH_OPENSSL) @@ -247,6 +246,10 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, xxx_hostaddr = hostaddr; xxx_conn_info = cinfo; + if (options.rekey_limit || options.rekey_interval) + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, + options.rekey_interval); + /* * If the user has not specified HostkeyAlgorithms, or has only * appended or removed algorithms from that list then prefer algorithms @@ -266,30 +269,25 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, s); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = - compat_cipher_proposal(ssh, options.ciphers); - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = - (char *)compression_alg_list(options.compression); - myproposal[PROPOSAL_MAC_ALGS_CTOS] = - myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; - if (use_known_hosts_order) { - /* Query known_hosts and prefer algorithms that appear there */ - if ((hostkeyalgs = order_hostkeyalgs(host, hostaddr, port, cinfo)) == NULL) - fatal_f("order_hostkeyalgs"); - pkalg = match_filter_allowlist(hostkeyalgs, options.pubkey_accepted_algos); - free(hostkeyalgs); - } else { - /* Use specified HostkeyAlgorithms */ - pkalg = match_filter_allowlist(options.hostkeyalgorithms, options.pubkey_accepted_algos); + + if (use_known_hosts_order) + hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); + + filtered_algs = hkalgs ? match_filter_allowlist(hkalgs, options.pubkey_accepted_algos) + : match_filter_allowlist(options.hostkeyalgorithms, + options.pubkey_accepted_algos); + if (filtered_algs == NULL) { + if (hkalgs) + fatal_f("No match between algorithms for %s (host %s) and pubkey accepted algorithms %s", + hkalgs, host, options.pubkey_accepted_algos); + else + fatal_f("No match between host key algorithms %s and pubkey accepted algorithms %s", + options.hostkeyalgorithms, options.pubkey_accepted_algos); } - if (pkalg == NULL) - fatal_f("match_filter_allowlist"); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = - compat_pkalg_proposal(ssh, pkalg); - free(pkalg); + + kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, + options.macs, compression_alg_list(options.compression), + filtered_algs); #if defined(GSSAPI) && defined(WITH_OPENSSL) if (options.gss_keyex) { @@ -332,9 +330,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, } #endif - if (options.rekey_limit || options.rekey_interval) - ssh_packet_set_rekey_limits(ssh, options.rekey_limit, - options.rekey_interval); + free(hkalgs); + free(filtered_algs); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) @@ -378,6 +375,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); /* remove ext-info from the KEX proposals for rekeying */ + free(myproposal[PROPOSAL_KEX_ALGS]); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, options.kex_algorithms); #if defined(GSSAPI) && defined(WITH_OPENSSL) @@ -401,10 +399,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send packet"); #endif - /* Free only parts of proposal that were dynamically allocated here. */ - free(prop_kex); - free(prop_enc); - free(prop_hostkey); + kex_proposal_free_entries(myproposal); } /* @@ -652,7 +647,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, } } -/* ARGSUSED */ static int input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) { @@ -684,7 +678,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) return r; } -/* ARGSUSED */ static int input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) { @@ -729,7 +722,6 @@ userauth(struct ssh *ssh, char *authlist) } } -/* ARGSUSED */ static int input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { @@ -737,7 +729,6 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) return 0; } -/* ARGSUSED */ static int input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { @@ -757,7 +748,6 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) return r; } -/* ARGSUSED */ static int input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) { @@ -790,7 +780,6 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) } #endif -/* ARGSUSED */ static int input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) { @@ -851,7 +840,6 @@ format_identity(Identity *id) return ret; } -/* ARGSUSED */ static int input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) { @@ -1087,7 +1075,6 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) return status; } -/* ARGSUSED */ static int input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) { @@ -1132,7 +1119,6 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) return r; } -/* ARGSUSED */ static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { @@ -1165,7 +1151,6 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) return r; } -/* ARGSUSED */ static int input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) { @@ -1200,7 +1185,6 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) return 0; } -/* ARGSUSED */ static int input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) { @@ -1349,7 +1333,6 @@ userauth_passwd(struct ssh *ssh) /* * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST */ -/* ARGSUSED */ static int input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) { @@ -1485,7 +1468,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat, const char *alg) { struct sshkey *sign_key = NULL, *prv = NULL; - int retried = 0, r = SSH_ERR_INTERNAL_ERROR; + int is_agent = 0, retried = 0, r = SSH_ERR_INTERNAL_ERROR; struct notifier_ctx *notifier = NULL; char *fp = NULL, *pin = NULL, *prompt = NULL; @@ -1505,6 +1488,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, if (id->key != NULL && (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) { sign_key = id->key; + is_agent = 1; } else { /* Load the private key from the file. */ if ((prv = load_identity_file(id)) == NULL) @@ -1516,37 +1500,42 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, goto out; } sign_key = prv; - if (sshkey_is_sk(sign_key)) { - if ((sign_key->sk_flags & - SSH_SK_USER_VERIFICATION_REQD)) { + } retry_pin: - xasprintf(&prompt, "Enter PIN for %s key %s: ", - sshkey_type(sign_key), id->filename); - pin = read_passphrase(prompt, 0); - } - if ((sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { - /* XXX should batch mode just skip these? */ - if ((fp = sshkey_fingerprint(sign_key, - options.fingerprint_hash, - SSH_FP_DEFAULT)) == NULL) - fatal_f("fingerprint failed"); - notifier = notify_start(options.batch_mode, - "Confirm user presence for key %s %s", - sshkey_type(sign_key), fp); - free(fp); - } - } + /* Prompt for touch for non-agent FIDO keys that request UP */ + if (!is_agent && sshkey_is_sk(sign_key) && + (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { + /* XXX should batch mode just skip these? */ + if ((fp = sshkey_fingerprint(sign_key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) + fatal_f("fingerprint failed"); + notifier = notify_start(options.batch_mode, + "Confirm user presence for key %s %s", + sshkey_type(sign_key), fp); + free(fp); } if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, alg, options.sk_provider, pin, compat)) != 0) { debug_fr(r, "sshkey_sign"); - if (pin == NULL && !retried && sshkey_is_sk(sign_key) && + if (!retried && pin == NULL && !is_agent && + sshkey_is_sk(sign_key) && r == SSH_ERR_KEY_WRONG_PASSPHRASE) { notify_complete(notifier, NULL); notifier = NULL; + xasprintf(&prompt, "Enter PIN for %s key %s: ", + sshkey_type(sign_key), id->filename); + pin = read_passphrase(prompt, 0); retried = 1; goto retry_pin; } + if ((r == SSH_ERR_LIBCRYPTO_ERROR) && strcmp("ssh-rsa", alg)) { + char rsa_safe_alg[] = "rsa-sha2-512"; + debug3_f("trying to fallback to algorithm %s", rsa_safe_alg); + + if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, + rsa_safe_alg, options.sk_provider, pin, compat)) != 0) + debug_fr(r, "sshkey_sign - RSA fallback"); + } goto out; } @@ -2121,20 +2110,6 @@ pubkey_reset(Authctxt *authctxt) id->tried = 0; } -static int -try_identity(struct ssh *ssh, Identity *id) -{ - if (!id->key) - return (0); - if (sshkey_type_plain(id->key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - debug("Skipped %s key %s for RSA/MD5 server", - sshkey_type(id->key), id->filename); - return (0); - } - return 1; -} - static int userauth_pubkey(struct ssh *ssh) { @@ -2155,7 +2130,7 @@ userauth_pubkey(struct ssh *ssh) * private key instead */ if (id->key != NULL) { - if (try_identity(ssh, id)) { + if (id->key != NULL) { ident = format_identity(id); debug("Offering public key: %s", ident); free(ident); @@ -2165,7 +2140,7 @@ userauth_pubkey(struct ssh *ssh) debug("Trying private key: %s", id->filename); id->key = load_identity_file(id); if (id->key != NULL) { - if (try_identity(ssh, id)) { + if (id->key != NULL) { id->isprivate = 1; sent = sign_and_send_pubkey(ssh, id); } @@ -2336,7 +2311,8 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, if (dup2(sock, STDERR_FILENO + 1) == -1) fatal_f("dup2: %s", strerror(errno)); sock = STDERR_FILENO + 1; - fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ + if (fcntl(sock, F_SETFD, 0) == -1) /* keep the socket on exec */ + debug3_f("fcntl F_SETFD: %s", strerror(errno)); closefrom(sock + 1); debug3_f("[child] pid=%ld, exec %s", diff --git a/gsi_openssh/source/sshd.8 b/gsi_openssh/source/sshd.8 index fa7f33fa83..8b5bfd4a3e 100644 --- a/gsi_openssh/source/sshd.8 +++ b/gsi_openssh/source/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.318 2022/03/31 17:27:27 naddy Exp $ -.Dd $Mdocdate: March 31 2022 $ +.\" $OpenBSD: sshd.8,v 1.324 2023/02/10 06:39:27 jmc Exp $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSHD 8 .Os .Sh NAME @@ -43,7 +43,7 @@ .Sh SYNOPSIS .Nm sshd .Bk -words -.Op Fl 46DdeiqTt +.Op Fl 46DdeGiqTtV .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file .Op Fl E Ar log_file @@ -154,6 +154,15 @@ The default is .Pa /etc/ssh/sshd_config . .Nm refuses to start if there is no configuration file. +.It Fl G +Parse and print configuration file. +Check the validity of the configuration file, output the effective configuration +to stdout and then exit. +Optionally, +.Cm Match +rules may be applied by specifying the connection parameters using one or more +.Fl C +options. .It Fl g Ar login_grace_time Gives the grace time for clients to authenticate themselves (default 120 seconds). @@ -208,6 +217,11 @@ Optionally, rules may be applied by specifying the connection parameters using one or more .Fl C options. +This is similar to the +.Fl G +flag, but it includes the additional testing performed by the +.Fl t +flag. .It Fl t Test mode. Only check the validity of the configuration file and sanity of the keys. @@ -217,7 +231,7 @@ reliably as configuration options may change. .It Fl u Ar len This option is used to specify the size of the field in the -.Li utmp +.Vt utmp structure that holds the remote host name. If the resolved host name is longer than .Ar len , @@ -245,6 +259,8 @@ USER@HOST pattern in .Cm AllowUsers or .Cm DenyUsers . +.It Fl V +Display the version number and exit. .El .Sh AUTHENTICATION The OpenSSH SSH daemon supports SSH protocol 2 only. @@ -534,8 +550,9 @@ controlled via the option. .It Cm expiry-time="timespec" Specifies a time after which the key will not be accepted. -The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time -in the system time-zone. +The time may be specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time. +Dates and times will be interpreted in the system time zone unless suffixed +by a Z character, in which case they will be interpreted in the UTC time zone. .It Cm from="pattern-list" Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be present in the @@ -813,7 +830,6 @@ names to their hashed representations. An example ssh_known_hosts file: .Bd -literal -offset 3n # Comments allowed at start of line -closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= # A hashed hostname |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa diff --git a/gsi_openssh/source/sshd.c b/gsi_openssh/source/sshd.c index 399d1360fa..cc5db938ac 100644 --- a/gsi_openssh/source/sshd.c +++ b/gsi_openssh/source/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.585 2022/03/18 04:04:11 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.600 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -81,6 +81,7 @@ #include #include #include +#include #include "openbsd-compat/openssl-compat.h" #endif #include "fips_mode_replacement.h" @@ -110,7 +111,6 @@ #include "digest.h" #include "sshkey.h" #include "kex.h" -#include "myproposal.h" #include "authfile.h" #include "pathnames.h" #include "atomicio.h" @@ -311,7 +311,6 @@ close_startup_pipes(void) * the server key). */ -/*ARGSUSED*/ static void sighup_handler(int sig) { @@ -341,7 +340,6 @@ sighup_restart(void) /* * Generic signal handler for terminating signals in the master daemon. */ -/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -352,7 +350,6 @@ sigterm_handler(int sig) * SIGCHLD handler. This is called whenever a child dies. This will then * reap any zombies left by exited children. */ -/*ARGSUSED*/ static void main_sigchld_handler(int sig) { @@ -369,7 +366,6 @@ main_sigchld_handler(int sig) /* * Signal handler for the alarm after the login grace period has expired. */ -/*ARGSUSED*/ static void grace_alarm_handler(int sig) { @@ -976,7 +972,7 @@ usage(void) { fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION); fprintf(stderr, -"usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n" +"usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n" " [-E log_file] [-f config_file] [-g login_grace_time]\n" " [-h host_key_file] [-o option] [-p port] [-u len]\n" ); @@ -1012,14 +1008,10 @@ send_rexec_state(int fd, struct sshbuf *conf) * string filename * string contents * } - * string rng_seed (if required) */ if ((r = sshbuf_put_stringb(m, conf)) != 0 || (r = sshbuf_put_stringb(m, inc)) != 0) fatal_fr(r, "compose config"); -#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_send_rng_seed(m); -#endif if (ssh_msg_send(fd, 0, m) == -1) error_f("ssh_msg_send failed"); @@ -1052,10 +1044,6 @@ recv_rexec_state(int fd, struct sshbuf *conf) (r = sshbuf_get_stringb(m, inc)) != 0) fatal_fr(r, "parse config"); -#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_recv_rng_seed(m); -#endif - if (conf != NULL && (r = sshbuf_put(conf, cp, len))) fatal_fr(r, "sshbuf_put"); @@ -1350,8 +1338,12 @@ server_accept_loop(struct ssh *ssh, int *sock_in, int *sock_out, int *newsock, i usleep(100 * 1000); continue; } - if (unset_nonblock(*newsock) == -1 || - pipe(startup_p) == -1) { + if (unset_nonblock(*newsock) == -1) { + close(*newsock); + continue; + } + if (pipe(startup_p) == -1) { + error_f("pipe(startup_p): %s", strerror(errno)); close(*newsock); continue; } @@ -1613,7 +1605,7 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg, if ((buf = sshbuf_new()) == NULL) fatal_f("could not allocate buffer"); if ((r = sshkey_private_serialize(key, buf)) != 0) - fatal_fr(r, "decode key"); + fatal_fr(r, "encode %s key", sshkey_ssh_name(key)); if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0) fatal_f("ssh_digest_update"); sshbuf_reset(buf); @@ -1631,6 +1623,21 @@ prepare_proctitle(int ac, char **av) return ret; } +static void +print_config(struct ssh *ssh, struct connection_info *connection_info) +{ + /* + * If no connection info was provided by -C then use + * use a blank one that will cause no predicate to match. + */ + if (connection_info == NULL) + connection_info = get_connection_info(ssh, 0, 0); + connection_info->test = 1; + parse_server_match_config(&options, &includes, connection_info); + dump_config(&options); + exit(0); +} + /* * Main program for the daemon. */ @@ -1640,7 +1647,7 @@ main(int ac, char **av) struct ssh *ssh = NULL; extern char *optarg; extern int optind; - int r, opt, on = 1, already_daemon, remote_port; + int r, opt, on = 1, do_dump_cfg = 0, already_daemon, remote_port; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip, *rdomain; char *fp, *line, *laddr, *logfile = NULL; @@ -1653,13 +1660,17 @@ main(int ac, char **av) int keytype; Authctxt *authctxt; struct connection_info *connection_info = NULL; + sigset_t sigmask; + int forbid_ssh_rsa = 0; #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); - OpenSSL_add_all_algorithms(); + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; @@ -1680,14 +1691,12 @@ main(int ac, char **av) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - seed_rng(); - /* Initialize configuration options to their default values. */ initialize_server_options(&options); /* Parse command-line arguments. */ while ((opt = getopt(ac, av, - "C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")) != -1) { + "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) { switch (opt) { case '4': options.address_family = AF_INET; @@ -1712,6 +1721,9 @@ main(int ac, char **av) case 'D': no_daemon_flag = 1; break; + case 'G': + do_dump_cfg = 1; + break; case 'E': logfile = optarg; /* FALLTHROUGH */ @@ -1788,7 +1800,10 @@ main(int ac, char **av) exit(1); free(line); break; - case '?': + case 'V': + fprintf(stderr, "%s, %s\n", + SSH_VERSION, SSH_OPENSSL_VERSION); + exit(0); default: usage(); break; @@ -1796,13 +1811,15 @@ main(int ac, char **av) } if (rexeced_flag || inetd_flag) rexec_flag = 0; - if (!test_flag && rexec_flag && !path_absolute(av[0])) + if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0])) fatal("sshd re-exec requires execution with an absolute path"); if (rexeced_flag) closefrom(REEXEC_MIN_FREE_FD); else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); + seed_rng(); + /* If requested, redirect the logs to the specified logfile. */ if (logfile != NULL) log_redirect_stderr_to(logfile); @@ -1917,6 +1934,9 @@ main(int ac, char **av) debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION); + if (do_dump_cfg) + print_config(ssh, connection_info); + /* Store privilege separation user for later use if required. */ privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1964,6 +1984,33 @@ main(int ac, char **av) key = NULL; continue; } + if (key && (sshkey_type_plain(key->type) == KEY_RSA || sshkey_type_plain(key->type) == KEY_RSA_CERT)) { + size_t sign_size = 0; + u_char *tmp = NULL; + u_char data[] = "Test SHA1 vector"; + int res; + + res = sshkey_sign(key, &tmp, &sign_size, data, sizeof(data), NULL, NULL, NULL, 0); + free(tmp); + if (res == SSH_ERR_LIBCRYPTO_ERROR) { + verbose_f("sshd: SHA1 in signatures is disabled for RSA keys"); + forbid_ssh_rsa = 1; + } + } + if (key && (sshkey_type_plain(key->type) == KEY_DSA || sshkey_type_plain(key->type) == KEY_DSA_CERT)) { + size_t sign_size = 0; + u_char *tmp = NULL; + u_char data[] = "Test SHA1 vector"; + int res; + + res = sshkey_sign(key, &tmp, &sign_size, data, sizeof(data), NULL, NULL, NULL, 0); + free(tmp); + if (res == SSH_ERR_LIBCRYPTO_ERROR) { + logit_f("sshd: ssh-dss is disabled, skipping key file %s", options.host_key_files[i]); + key = NULL; + continue; + } + } if (sshkey_is_sk(key) && key->sk_flags & SSH_SK_USER_PRESENCE_REQD) { debug("host key %s requires user presence, ignoring", @@ -2107,17 +2154,8 @@ main(int ac, char **av) "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } - if (test_flag > 1) { - /* - * If no connection info was provided by -C then use - * use a blank one that will cause no predicate to match. - */ - if (connection_info == NULL) - connection_info = get_connection_info(ssh, 0, 0); - connection_info->test = 1; - parse_server_match_config(&options, &includes, connection_info); - dump_config(&options); - } + if (test_flag > 1) + print_config(ssh, connection_info); /* Configuration looks good, so exit if in test mode. */ if (test_flag) @@ -2240,17 +2278,21 @@ main(int ac, char **av) if (rexec_flag) { debug("rexec start in %d out %d newsock %d pipe %d sock %d", sock_in, sock_out, newsock, startup_pipe, config_s[0]); - dup2(newsock, STDIN_FILENO); - dup2(STDIN_FILENO, STDOUT_FILENO); + if (dup2(newsock, STDIN_FILENO) == -1) + debug3_f("dup2 stdin: %s", strerror(errno)); + if (dup2(STDIN_FILENO, STDOUT_FILENO) == -1) + debug3_f("dup2 stdout: %s", strerror(errno)); if (startup_pipe == -1) close(REEXEC_STARTUP_PIPE_FD); else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) { - dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); + if (dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD) == -1) + debug3_f("dup2 startup_p: %s", strerror(errno)); close(startup_pipe); startup_pipe = REEXEC_STARTUP_PIPE_FD; } - dup2(config_s[1], REEXEC_CONFIG_PASS_FD); + if (dup2(config_s[1], REEXEC_CONFIG_PASS_FD) == -1) + debug3_f("dup2 config_s: %s", strerror(errno)); close(config_s[1]); ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */ @@ -2294,9 +2336,13 @@ main(int ac, char **av) check_ip_options(ssh); + if (forbid_ssh_rsa) + ssh->compat |= SSH_RH_RSASIGSHA; + /* Prepare the channels layer */ channel_init_channels(ssh); channel_set_af(ssh, options.address_family); + process_channel_timeouts(ssh, &options); process_permitopen(ssh, &options); /* Set SO_KEEPALIVE if requested. */ @@ -2537,10 +2583,9 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, static void do_ssh2_kex(struct ssh *ssh) { - char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; + char *hkalgs = NULL, *myproposal[PROPOSAL_MAX]; + const char *compression = NULL; struct kex *kex; - char *hostkey_types = NULL; - char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; int r; if (options.none_enabled == 1) @@ -2548,27 +2593,18 @@ do_ssh2_kex(struct ssh *ssh) if (options.nonemac_enabled == 1) debug("WARNING: None MAC enabled"); - myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, - options.kex_algorithms); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = - compat_cipher_proposal(ssh, options.ciphers); - myproposal[PROPOSAL_MAC_ALGS_CTOS] = - myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; - - if (options.compression == COMP_NONE) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } - if (options.rekey_limit || options.rekey_interval) ssh_packet_set_rekey_limits(ssh, options.rekey_limit, options.rekey_interval); - hostkey_types = list_hostkey_types(); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = - compat_pkalg_proposal(ssh, hostkey_types); - free(hostkey_types); + if (options.compression == COMP_NONE) + compression = "none"; + hkalgs = list_hostkey_types(); + + kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms, + options.ciphers, options.macs, compression, hkalgs); + + free(hkalgs); #if defined(GSSAPI) && defined(WITH_OPENSSL) { @@ -2663,9 +2699,7 @@ do_ssh2_kex(struct ssh *ssh) (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send test"); #endif - free(prop_kex); - free(prop_enc); - free(prop_hostkey); + kex_proposal_free_entries(myproposal); debug("KEX done"); } diff --git a/gsi_openssh/source/sshd_config b/gsi_openssh/source/sshd_config index bb0b1f4d20..70e2a9d751 100644 --- a/gsi_openssh/source/sshd_config +++ b/gsi_openssh/source/sshd_config @@ -88,7 +88,7 @@ AuthorizedKeysFile .ssh/authorized_keys # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. diff --git a/gsi_openssh/source/sshd_config.5 b/gsi_openssh/source/sshd_config.5 index 4cb4013681..eeb849e5fd 100644 --- a/gsi_openssh/source/sshd_config.5 +++ b/gsi_openssh/source/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.340 2022/03/31 17:58:44 naddy Exp $ -.Dd $Mdocdate: March 31 2022 $ +.\" $OpenBSD: sshd_config.5,v 1.348 2023/03/03 04:36:20 djm Exp $ +.Dd $Mdocdate: March 3 2023 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -48,7 +48,7 @@ reads configuration data from .Fl f on the command line). The file contains keyword-argument pairs, one per line. -For each keyword, the first obtained value will be used. +Unless noted otherwise, for each keyword, the first obtained value will be used. Lines starting with .Ql # and empty lines are interpreted as comments. @@ -120,6 +120,9 @@ The allow/deny groups directives are processed in the following order: See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm AllowStreamLocalForwarding Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. The available options are @@ -177,6 +180,9 @@ The allow/deny users directives are processed in the following order: See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. @@ -391,6 +397,75 @@ from the default set instead of replacing them. .Pp Certificates signed using other algorithms will not be accepted for public key or host-based authentication. +.It Cm ChannelTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close inactive channels. +Timeouts are specified as one or more +.Dq type=interval +pairs separated by whitespace, where the +.Dq type +must be a channel type name (as described in the table below), optionally +containing wildcard characters. +.Pp +The timeout value +.Dq interval +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +For example, +.Dq session:*=5m +would cause all sessions to terminate after five minutes of inactivity. +Specifying a zero value disables the inactivity timeout. +.Pp +The available channel types include: +.Bl -tag -width Ds +.It Cm agent-connection +Open connections to +.Xr ssh-agent 1 . +.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have +been established from a +.Xr ssh 1 +local forwarding, i.e.\& +.Cm LocalForward +or +.Cm DynamicForward . +.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have been +established to a +.Xr sshd 8 +listening on behalf of a +.Xr ssh 1 +remote forwarding, i.e.\& +.Cm RemoteForward . +.It Cm session:command +Command execution sessions. +.It Cm session:shell +Interactive shell sessions. +.It Cm session:subsystem:... +Subsystem sessions, e.g. for +.Xr sftp 1 , +which could be identified as +.Cm session:subsystem:sftp . +.It Cm x11-connection +Open X11 forwarding sessions. +.El +.Pp +Note that in all the above cases, terminating an inactive session does not +guarantee to remove all resources associated with the session, e.g. shell +processes or X11 clients relating to the session may continue to execute. +.Pp +Moreover, terminating an inactive channel or session does not necessarily +close the SSH connection, nor does it prevent a client from +requesting another channel of the same type. +In particular, expiring an inactive forwarding session does not prevent +another identical forwarding from being subsequently created. +See also +.Cm UnusedConnectionTimeout , +which may be used in conjunction with this option. +.Pp +The default is not to expire channels of any type for inactivity. .It Cm ChrootDirectory Specifies the pathname of a directory to .Xr chroot 2 @@ -554,6 +629,9 @@ The allow/deny groups directives are processed in the following order: See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm DenyUsers This keyword can be followed by a list of user name patterns, separated by spaces. @@ -572,6 +650,9 @@ The allow/deny users directives are processed in the following order: See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm DisableForwarding Disables all forwarding features, including X11, .Xr ssh-agent 1 , @@ -846,7 +927,7 @@ should ignore the user's during .Cm HostbasedAuthentication and use only the system-wide known hosts file -.Pa /etc/ssh/known_hosts . +.Pa /etc/ssh/ssh_known_hosts . The default is .Dq no . .It Cm Include @@ -1222,6 +1303,7 @@ Available keywords are .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm CASignatureAlgorithms , +.Cm ChannelTimeout , .Cm ChrootDirectory , .Cm ClientAliveCountMax , .Cm ClientAliveInterval , @@ -1262,6 +1344,7 @@ Available keywords are .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , +.Cm UnusedConnectionTimeout , .Cm X11DisplayOffset , .Cm X11MaxDisplays , .Cm X11Forwarding @@ -1595,9 +1678,9 @@ Specifies whether public key authentication is allowed. The default is .Cm yes . .It Cm RekeyLimit -Specifies the maximum amount of data that may be transmitted before the -session key is renegotiated, optionally followed by a maximum amount of -time that may pass before the session key is renegotiated. +Specifies the maximum amount of data that may be transmitted or received +before the session key is renegotiated, optionally followed by a maximum +amount of time that may pass before the session key is renegotiated. The first argument is specified in bytes and may have a suffix of .Sq K , .Sq M , @@ -1768,6 +1851,33 @@ for authentication using .Cm TrustedUserCAKeys . For more details on certificates, see the CERTIFICATES section in .Xr ssh-keygen 1 . +.It Cm UnusedConnectionTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close client connections with no open channels. +Open channels include active shell, command execution or subsystem +sessions, connected network, socket, agent or X11 forwardings. +Forwarding listeners, such as those from the +.Xr ssh 1 +.Fl R +flag, are not considered as open channels and do not prevent the timeout. +The timeout value +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +.Pp +Note that this timeout starts when the client connection completes +user authentication but before the client has an opportunity to open any +channels. +Caution should be used when using short timeout values, as they may not +provide sufficient time for the client to request and open its channels +before terminating the connection. +.Pp +The default +.Cm none +is to never expire connections for having no open channels. +This option may be useful in conjunction with +.Cm ChannelTimeout . .It Cm UseDNS Specifies whether .Xr sshd 8 diff --git a/gsi_openssh/source/sshd_config_redhat b/gsi_openssh/source/sshd_config_redhat index b9fd5cc7bc..920b7bb64c 100644 --- a/gsi_openssh/source/sshd_config_redhat +++ b/gsi_openssh/source/sshd_config_redhat @@ -1,10 +1,3 @@ -# This system is following system-wide crypto policy. The changes to -# crypto properties (Ciphers, MACs, ...) will not have any effect in -# this or following included files. To override some configuration option, -# write it before this block or include it before this file. -# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). -Include /etc/crypto-policies/back-ends/opensshserver.config - SyslogFacility AUTHPRIV ChallengeResponseAuthentication no diff --git a/gsi_openssh/source/sshd_config_redhat_cp b/gsi_openssh/source/sshd_config_redhat_cp new file mode 100644 index 0000000000..1d592d13f4 --- /dev/null +++ b/gsi_openssh/source/sshd_config_redhat_cp @@ -0,0 +1,7 @@ +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, +# write it before this block or include it before this file. +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). +Include /etc/crypto-policies/back-ends/opensshserver.config + diff --git a/gsi_openssh/source/sshkey-xmss.c b/gsi_openssh/source/sshkey-xmss.c index f5235ef2fb..818aba9059 100644 --- a/gsi_openssh/source/sshkey-xmss.c +++ b/gsi_openssh/source/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.11 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.12 2022/10/28 00:39:29 djm Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -365,7 +365,7 @@ sshkey_xmss_deserialize_pk_info(struct sshkey *k, struct sshbuf *b) } int -sshkey_xmss_generate_private_key(struct sshkey *k, u_int bits) +sshkey_xmss_generate_private_key(struct sshkey *k, int bits) { int r; const char *name; diff --git a/gsi_openssh/source/sshkey-xmss.h b/gsi_openssh/source/sshkey-xmss.h index 32a12be620..ab8b9c905a 100644 --- a/gsi_openssh/source/sshkey-xmss.h +++ b/gsi_openssh/source/sshkey-xmss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.h,v 1.3 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: sshkey-xmss.h,v 1.4 2022/10/28 00:39:29 djm Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -34,7 +34,7 @@ size_t sshkey_xmss_pklen(const struct sshkey *); size_t sshkey_xmss_sklen(const struct sshkey *); int sshkey_xmss_init(struct sshkey *, const char *); void sshkey_xmss_free_state(struct sshkey *); -int sshkey_xmss_generate_private_key(struct sshkey *, u_int); +int sshkey_xmss_generate_private_key(struct sshkey *, int); int sshkey_xmss_serialize_state(const struct sshkey *, struct sshbuf *); int sshkey_xmss_serialize_state_opt(const struct sshkey *, struct sshbuf *, enum sshkey_serialize_rep); diff --git a/gsi_openssh/source/sshkey.c b/gsi_openssh/source/sshkey.c index 0563ab924e..be7be22b73 100644 --- a/gsi_openssh/source/sshkey.c +++ b/gsi_openssh/source/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.120 2022/01/06 22:05:42 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.134 2022/10/28 02:47:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -34,6 +34,11 @@ #include #include #include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif +#include #endif #include "fips_mode_replacement.h" @@ -96,112 +101,210 @@ static int sshkey_from_blob_internal(struct sshbuf *buf, struct sshkey **keyp, int allow_cert); /* Supported key types */ -struct keytype { - const char *name; - const char *shortname; - const char *sigalg; - int type; - int nid; - int cert; - int sigonly; -}; -static const struct keytype keytypes[] = { - { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, - { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, - KEY_ED25519_CERT, 0, 1, 0 }, -#ifdef ENABLE_SK - { "sk-ssh-ed25519@openssh.com", "ED25519-SK", NULL, - KEY_ED25519_SK, 0, 0, 0 }, - { "sk-ssh-ed25519-cert-v01@openssh.com", "ED25519-SK-CERT", NULL, - KEY_ED25519_SK_CERT, 0, 1, 0 }, -#endif -#ifdef WITH_XMSS - { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, - { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, - KEY_XMSS_CERT, 0, 1, 0 }, -#endif /* WITH_XMSS */ +extern const struct sshkey_impl sshkey_ed25519_impl; +extern const struct sshkey_impl sshkey_ed25519_cert_impl; +extern const struct sshkey_impl sshkey_ed25519_sk_impl; +extern const struct sshkey_impl sshkey_ed25519_sk_cert_impl; #ifdef WITH_OPENSSL - { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 }, - { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 }, # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256", "ECDSA", NULL, - KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, - { "ecdsa-sha2-nistp384", "ECDSA", NULL, - KEY_ECDSA, NID_secp384r1, 0, 0 }, -# ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521", "ECDSA", NULL, - KEY_ECDSA, NID_secp521r1, 0, 0 }, -# endif /* OPENSSL_HAS_NISTP521 */ # ifdef ENABLE_SK - { "sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL, - KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 0 }, - { "webauthn-sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL, - KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 1 }, +extern const struct sshkey_impl sshkey_ecdsa_sk_impl; +extern const struct sshkey_impl sshkey_ecdsa_sk_cert_impl; +extern const struct sshkey_impl sshkey_ecdsa_sk_webauthn_impl; # endif /* ENABLE_SK */ +extern const struct sshkey_impl sshkey_ecdsa_nistp256_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp256_cert_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp384_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp384_cert_impl; +# ifdef OPENSSL_HAS_NISTP521 +extern const struct sshkey_impl sshkey_ecdsa_nistp521_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp521_cert_impl; +# endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ - { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, - KEY_RSA_CERT, 0, 1, 0 }, - { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, - { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, - { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, - KEY_DSA_CERT, 0, 1, 0 }, +extern const struct sshkey_impl sshkey_rsa_impl; +extern const struct sshkey_impl sshkey_rsa_cert_impl; +extern const struct sshkey_impl sshkey_rsa_sha256_impl; +extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl; +extern const struct sshkey_impl sshkey_rsa_sha512_impl; +extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl; +extern const struct sshkey_impl sshkey_dss_impl; +extern const struct sshkey_impl sshkey_dsa_cert_impl; +#endif /* WITH_OPENSSL */ +#ifdef WITH_XMSS +extern const struct sshkey_impl sshkey_xmss_impl; +extern const struct sshkey_impl sshkey_xmss_cert_impl; +#endif + +static int ssh_gss_equal(const struct sshkey * arg1, const struct sshkey * arg2) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_serialize_public(const struct sshkey * arg1, struct sshbuf * arg2, + enum sshkey_serialize_rep arg3) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_deserialize_public(const char * arg1, struct sshbuf * arg2, + struct sshkey * arg3) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_serialize_private(const struct sshkey * arg1, struct sshbuf * arg2, + enum sshkey_serialize_rep arg3) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_deserialize_private(const char * arg1, struct sshbuf * arg2, + struct sshkey * arg3) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_copy_public(const struct sshkey * arg1, struct sshkey * arg2) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static int ssh_gss_verify(const struct sshkey * arg1, const u_char * arg2, size_t arg3, + const u_char * arg4, size_t arg5, const char * arg6, u_int arg7, + struct sshkey_sig_details ** arg8) +{ + return SSH_ERR_FEATURE_UNSUPPORTED; +} + +static const struct sshkey_impl_funcs sshkey_gss_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ NULL, + /* .equal = */ ssh_gss_equal, + /* .ssh_serialize_public = */ ssh_gss_serialize_public, + /* .ssh_deserialize_public = */ ssh_gss_deserialize_public, + /* .ssh_serialize_private = */ ssh_gss_serialize_private, + /* .ssh_deserialize_private = */ ssh_gss_deserialize_private, + /* .generate = */ NULL, + /* .copy_public = */ ssh_gss_copy_public, + /* .sign = */ NULL, + /* .verify = */ ssh_gss_verify, +}; + +/* The struct is intentionally dummy and has no gss calls */ +static const struct sshkey_impl sshkey_gss_kex_impl = { + /* .name = */ "null", + /* .shortname = */ "null", + /* .sigalg = */ NULL, + /* .type = */ KEY_NULL, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 0, /* FIXME */ + /* .funcs = */ &sshkey_gss_funcs, +}; + +const struct sshkey_impl * const keyimpls[] = { + &sshkey_ed25519_impl, + &sshkey_ed25519_cert_impl, +#ifdef ENABLE_SK + &sshkey_ed25519_sk_impl, + &sshkey_ed25519_sk_cert_impl, +#endif +#ifdef WITH_OPENSSL # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, - { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, + &sshkey_ecdsa_nistp256_impl, + &sshkey_ecdsa_nistp256_cert_impl, + &sshkey_ecdsa_nistp384_impl, + &sshkey_ecdsa_nistp384_cert_impl, # ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, + &sshkey_ecdsa_nistp521_impl, + &sshkey_ecdsa_nistp521_cert_impl, # endif /* OPENSSL_HAS_NISTP521 */ # ifdef ENABLE_SK - { "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, - KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, + &sshkey_ecdsa_sk_impl, + &sshkey_ecdsa_sk_cert_impl, + &sshkey_ecdsa_sk_webauthn_impl, # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ + &sshkey_dss_impl, + &sshkey_dsa_cert_impl, + &sshkey_rsa_impl, + &sshkey_rsa_cert_impl, + &sshkey_rsa_sha256_impl, + &sshkey_rsa_sha256_cert_impl, + &sshkey_rsa_sha512_impl, + &sshkey_rsa_sha512_cert_impl, #endif /* WITH_OPENSSL */ - { "null", "null", NULL, KEY_NULL, 0, 0, 0 }, - { NULL, NULL, NULL, -1, -1, 0, 0 } +#ifdef WITH_XMSS + &sshkey_xmss_impl, + &sshkey_xmss_cert_impl, +#endif + &sshkey_gss_kex_impl, + NULL }; +static const struct sshkey_impl * +sshkey_impl_from_type(int type) +{ + int i; + + for (i = 0; keyimpls[i] != NULL; i++) { + if (keyimpls[i]->type == type) + return keyimpls[i]; + } + return NULL; +} + +static const struct sshkey_impl * +sshkey_impl_from_type_nid(int type, int nid) +{ + int i; + + for (i = 0; keyimpls[i] != NULL; i++) { + if (keyimpls[i]->type == type && + (keyimpls[i]->nid == 0 || keyimpls[i]->nid == nid)) + return keyimpls[i]; + } + return NULL; +} + +static const struct sshkey_impl * +sshkey_impl_from_key(const struct sshkey *k) +{ + if (k == NULL) + return NULL; + return sshkey_impl_from_type_nid(k->type, k->ecdsa_nid); +} + const char * sshkey_type(const struct sshkey *k) { - const struct keytype *kt; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == k->type) - return kt->shortname; - } - return "unknown"; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return "unknown"; + return impl->shortname; } static const char * sshkey_ssh_name_from_type_nid(int type, int nid) { - const struct keytype *kt; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) - return kt->name; - } - return "ssh-unknown"; + if ((impl = sshkey_impl_from_type_nid(type, nid)) == NULL) + return "ssh-unknown"; + return impl->name; } int sshkey_type_is_cert(int type) { - const struct keytype *kt; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == type) - return kt->cert; - } - return 0; + if ((impl = sshkey_impl_from_type(type)) == NULL) + return 0; + return impl->cert; } const char * @@ -220,13 +323,15 @@ sshkey_ssh_name_plain(const struct sshkey *k) int sshkey_type_from_name(const char *name) { - const struct keytype *kt; + int i; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { + for (i = 0; keyimpls[i] != NULL; i++) { + impl = keyimpls[i]; /* Only allow shortname matches for plain key types */ - if ((kt->name != NULL && strcmp(name, kt->name) == 0) || - (!kt->cert && strcasecmp(kt->shortname, name) == 0)) - return kt->type; + if ((impl->name != NULL && strcmp(name, impl->name) == 0) || + (!impl->cert && strcasecmp(impl->shortname, name) == 0)) + return impl->type; } return KEY_UNSPEC; } @@ -247,13 +352,14 @@ key_type_is_ecdsa_variant(int type) int sshkey_ecdsa_nid_from_name(const char *name) { - const struct keytype *kt; + int i; - for (kt = keytypes; kt->type != -1; kt++) { - if (!key_type_is_ecdsa_variant(kt->type)) + for (i = 0; keyimpls[i] != NULL; i++) { + if (!key_type_is_ecdsa_variant(keyimpls[i]->type)) continue; - if (kt->name != NULL && strcmp(name, kt->name) == 0) - return kt->nid; + if (keyimpls[i]->name != NULL && + strcmp(name, keyimpls[i]->name) == 0) + return keyimpls[i]->nid; } return -1; } @@ -285,14 +391,15 @@ char * sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; - size_t nlen, rlen = 0; - const struct keytype *kt; + size_t i, nlen, rlen = 0; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->type == KEY_NULL) + for (i = 0; keyimpls[i] != NULL; i++) { + impl = keyimpls[i]; + if (impl->name == NULL || impl->type == KEY_NULL) continue; if (FIPS_mode()) { - switch (kt->type) { + switch (impl->type) { case KEY_ED25519: case KEY_ED25519_SK: case KEY_ED25519_CERT: @@ -303,19 +410,19 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) break; } } - if (!include_sigonly && kt->sigonly) + if (!include_sigonly && impl->sigonly) continue; - if ((certs_only && !kt->cert) || (plain_only && kt->cert)) + if ((certs_only && !impl->cert) || (plain_only && impl->cert)) continue; if (ret != NULL) ret[rlen++] = sep; - nlen = strlen(kt->name); + nlen = strlen(impl->name); if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { free(ret); return NULL; } ret = tmp; - memcpy(ret + rlen, kt->name, nlen + 1); + memcpy(ret + rlen, impl->name, nlen + 1); rlen += nlen; } return ret; @@ -325,8 +432,8 @@ int sshkey_names_valid2(const char *names, int allow_wildcard) { char *s, *cp, *p; - const struct keytype *kt; - int type; + const struct sshkey_impl *impl; + int i, type; if (names == NULL || strcmp(names, "") == 0) return 0; @@ -342,12 +449,15 @@ sshkey_names_valid2(const char *names, int allow_wildcard) * If any has a positive or negative match then * the component is accepted. */ - for (kt = keytypes; kt->type != -1; kt++) { - if (match_pattern_list(kt->name, - p, 0) != 0) + impl = NULL; + for (i = 0; keyimpls[i] != NULL; i++) { + if (match_pattern_list( + keyimpls[i]->name, p, 0) != 0) { + impl = keyimpls[i]; break; + } } - if (kt->type != -1) + if (impl != NULL) continue; } free(s); @@ -361,56 +471,24 @@ sshkey_names_valid2(const char *names, int allow_wildcard) u_int sshkey_size(const struct sshkey *k) { -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *dsa_p; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - if (k->rsa == NULL) - return 0; - RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); - return BN_num_bits(rsa_n); - case KEY_DSA: - case KEY_DSA_CERT: - if (k->dsa == NULL) - return 0; - DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL); - return BN_num_bits(dsa_p); - case KEY_ECDSA: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - return sshkey_curve_nid_to_bits(k->ecdsa_nid); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - case KEY_XMSS: - case KEY_XMSS_CERT: - return 256; /* XXX */ - } - return 0; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return 0; + if (impl->funcs->size != NULL) + return impl->funcs->size(k); + return impl->keybits; } static int sshkey_type_is_valid_ca(int type) { - switch (type) { - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - case KEY_ECDSA_SK: - case KEY_ED25519: - case KEY_ED25519_SK: - case KEY_XMSS: - return 1; - default: + const struct sshkey_impl *impl; + + if ((impl = sshkey_impl_from_type(type)) == NULL) return 0; - } + /* All non-certificate types may act as CAs */ + return !impl->cert; } int @@ -491,20 +569,46 @@ sshkey_type_plain(int type) } } +/* Return the cert equivalent to a plain key type */ +static int +sshkey_type_certified(int type) +{ + switch (type) { + case KEY_RSA: + return KEY_RSA_CERT; + case KEY_DSA: + return KEY_DSA_CERT; + case KEY_ECDSA: + return KEY_ECDSA_CERT; + case KEY_ECDSA_SK: + return KEY_ECDSA_SK_CERT; + case KEY_ED25519: + return KEY_ED25519_CERT; + case KEY_ED25519_SK: + return KEY_ED25519_SK_CERT; + case KEY_XMSS: + return KEY_XMSS_CERT; + default: + return -1; + } +} + #ifdef WITH_OPENSSL +# if OPENSSL_VERSION_NUMBER >= 0x30000000L int sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp, int *lenp, const u_char *data, size_t datalen) { EVP_MD_CTX *ctx = NULL; u_char *sig = NULL; - int ret, slen, len; + int ret, slen; + size_t len; if (sigp == NULL || lenp == NULL) { return SSH_ERR_INVALID_ARGUMENT; } - slen = EVP_PKEY_size(pkey); + slen = EVP_PKEY_get_size(pkey); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) return SSH_ERR_INVALID_ARGUMENT; @@ -517,9 +621,10 @@ sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp, ret = SSH_ERR_ALLOC_FAIL; goto error; } - if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 || - EVP_SignUpdate(ctx, data, datalen) <= 0 || - EVP_SignFinal(ctx, sig, &len, pkey) <= 0) { + if (EVP_DigestSignInit(ctx, NULL, ssh_digest_to_md(hash_alg), + NULL, pkey) != 1 || + EVP_DigestSignUpdate(ctx, data, datalen) != 1 || + EVP_DigestSignFinal(ctx, sig, &len) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto error; } @@ -546,12 +651,13 @@ sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data, if ((ctx = EVP_MD_CTX_new()) == NULL) { return SSH_ERR_ALLOC_FAIL; } - if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 || - EVP_VerifyUpdate(ctx, data, datalen) <= 0) { + if (EVP_DigestVerifyInit(ctx, NULL, ssh_digest_to_md(hash_alg), + NULL, pkey) != 1 || + EVP_DigestVerifyUpdate(ctx, data, datalen) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto done; } - ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey); + ret = EVP_DigestVerifyFinal(ctx, sigbuf, siglen); switch (ret) { case 1: ret = 0; @@ -568,6 +674,7 @@ sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data, EVP_MD_CTX_free(ctx); return ret; } +# endif /* XXX: these are really begging for a table-driven approach */ int @@ -697,63 +804,23 @@ struct sshkey * sshkey_new(int type) { struct sshkey *k; -#ifdef WITH_OPENSSL - RSA *rsa; - DSA *dsa; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl = NULL; + + if (type != KEY_UNSPEC && + (impl = sshkey_impl_from_type(type)) == NULL) + return NULL; + /* All non-certificate types may act as CAs */ if ((k = calloc(1, sizeof(*k))) == NULL) return NULL; k->type = type; - k->ecdsa = NULL; k->ecdsa_nid = -1; - k->dsa = NULL; - k->rsa = NULL; - k->cert = NULL; - k->ed25519_sk = NULL; - k->ed25519_pk = NULL; - k->xmss_sk = NULL; - k->xmss_pk = NULL; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - if ((rsa = RSA_new()) == NULL) { - free(k); - return NULL; - } - k->rsa = rsa; - break; - case KEY_DSA: - case KEY_DSA_CERT: - if ((dsa = DSA_new()) == NULL) { + if (impl != NULL && impl->funcs->alloc != NULL) { + if (impl->funcs->alloc(k) != 0) { free(k); return NULL; } - k->dsa = dsa; - break; - case KEY_ECDSA: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - /* Cannot do anything until we know the group */ - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - case KEY_XMSS: - case KEY_XMSS_CERT: - /* no need to prealloc */ - break; - case KEY_UNSPEC: - break; - default: - free(k); - return NULL; } - if (sshkey_is_cert(k)) { if ((k->cert = cert_new()) == NULL) { sshkey_free(k); @@ -764,73 +831,37 @@ sshkey_new(int type) return k; } +/* Frees common FIDO fields */ void -sshkey_free(struct sshkey *k) +sshkey_sk_cleanup(struct sshkey *k) +{ + free(k->sk_application); + sshbuf_free(k->sk_key_handle); + sshbuf_free(k->sk_reserved); + k->sk_application = NULL; + k->sk_key_handle = k->sk_reserved = NULL; +} + +static void +sshkey_free_contents(struct sshkey *k) { + const struct sshkey_impl *impl; + if (k == NULL) return; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: - RSA_free(k->rsa); - k->rsa = NULL; - break; - case KEY_DSA: - case KEY_DSA_CERT: - DSA_free(k->dsa); - k->dsa = NULL; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - free(k->sk_application); - sshbuf_free(k->sk_key_handle); - sshbuf_free(k->sk_reserved); - /* FALLTHROUGH */ - case KEY_ECDSA: - case KEY_ECDSA_CERT: - EC_KEY_free(k->ecdsa); - k->ecdsa = NULL; - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - free(k->sk_application); - sshbuf_free(k->sk_key_handle); - sshbuf_free(k->sk_reserved); - /* FALLTHROUGH */ - case KEY_ED25519: - case KEY_ED25519_CERT: - freezero(k->ed25519_pk, ED25519_PK_SZ); - k->ed25519_pk = NULL; - freezero(k->ed25519_sk, ED25519_SK_SZ); - k->ed25519_sk = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - freezero(k->xmss_pk, sshkey_xmss_pklen(k)); - k->xmss_pk = NULL; - freezero(k->xmss_sk, sshkey_xmss_sklen(k)); - k->xmss_sk = NULL; - sshkey_xmss_free_state(k); - free(k->xmss_name); - k->xmss_name = NULL; - free(k->xmss_filename); - k->xmss_filename = NULL; - break; -#endif /* WITH_XMSS */ - case KEY_UNSPEC: - break; - default: - break; - } + if ((impl = sshkey_impl_from_type(k->type)) != NULL && + impl->funcs->cleanup != NULL) + impl->funcs->cleanup(k); if (sshkey_is_cert(k)) cert_free(k->cert); freezero(k->shielded_private, k->shielded_len); freezero(k->shield_prekey, k->shield_prekey_len); +} + +void +sshkey_free(struct sshkey *k) +{ + sshkey_free_contents(k); freezero(k, sizeof(*k)); } @@ -849,6 +880,17 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) return 1; } +/* Compares FIDO-specific pubkey fields only */ +int +sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a->sk_application == NULL || b->sk_application == NULL) + return 0; + if (strcmp(a->sk_application, b->sk_application) != 0) + return 0; + return 1; +} + /* * Compare public portions of key only, allowing comparisons between * certificates and plain keys too. @@ -856,84 +898,14 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) int sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) { -#if defined(WITH_OPENSSL) - const BIGNUM *rsa_e_a, *rsa_n_a; - const BIGNUM *rsa_e_b, *rsa_n_b; - const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; - const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; if (a == NULL || b == NULL || sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) return 0; - - switch (a->type) { -#ifdef WITH_OPENSSL - case KEY_RSA_CERT: - case KEY_RSA: - if (a->rsa == NULL || b->rsa == NULL) - return 0; - RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); - RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); - return BN_cmp(rsa_e_a, rsa_e_b) == 0 && - BN_cmp(rsa_n_a, rsa_n_b) == 0; - case KEY_DSA_CERT: - case KEY_DSA: - if (a->dsa == NULL || b->dsa == NULL) - return 0; - DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); - DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); - DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); - DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); - return BN_cmp(dsa_p_a, dsa_p_b) == 0 && - BN_cmp(dsa_q_a, dsa_q_b) == 0 && - BN_cmp(dsa_g_a, dsa_g_b) == 0 && - BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - if (a->sk_application == NULL || b->sk_application == NULL) - return 0; - if (strcmp(a->sk_application, b->sk_application) != 0) - return 0; - /* FALLTHROUGH */ - case KEY_ECDSA_CERT: - case KEY_ECDSA: - if (a->ecdsa == NULL || b->ecdsa == NULL || - EC_KEY_get0_public_key(a->ecdsa) == NULL || - EC_KEY_get0_public_key(b->ecdsa) == NULL) - return 0; - if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_group(b->ecdsa), NULL) != 0 || - EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), - EC_KEY_get0_public_key(a->ecdsa), - EC_KEY_get0_public_key(b->ecdsa), NULL) != 0) - return 0; - return 1; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if (a->sk_application == NULL || b->sk_application == NULL) - return 0; - if (strcmp(a->sk_application, b->sk_application) != 0) - return 0; - /* FALLTHROUGH */ - case KEY_ED25519: - case KEY_ED25519_CERT: - return a->ed25519_pk != NULL && b->ed25519_pk != NULL && - memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - return a->xmss_pk != NULL && b->xmss_pk != NULL && - sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) && - memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0; -#endif /* WITH_XMSS */ - default: + if ((impl = sshkey_impl_from_type(a->type)) == NULL) return 0; - } - /* NOTREACHED */ + return impl->funcs->equal(a, b); } int @@ -948,116 +920,49 @@ sshkey_equal(const struct sshkey *a, const struct sshkey *b) return sshkey_equal_public(a, b); } + +/* Serialise common FIDO key parts */ +int +sshkey_serialize_sk(const struct sshkey *key, struct sshbuf *b) +{ + int r; + + if ((r = sshbuf_put_cstring(b, key->sk_application)) != 0) + return r; + + return 0; +} + static int to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, enum sshkey_serialize_rep opts) { int type, ret = SSH_ERR_INTERNAL_ERROR; const char *typename; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; if (key == NULL) return SSH_ERR_INVALID_ARGUMENT; - if (sshkey_is_cert(key)) { + type = force_plain ? sshkey_type_plain(key->type) : key->type; + + if (sshkey_type_is_cert(type)) { if (key->cert == NULL) return SSH_ERR_EXPECTED_CERT; if (sshbuf_len(key->cert->certblob) == 0) return SSH_ERR_KEY_LACKS_CERTBLOB; + /* Use the existing blob */ + if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) + return ret; + return 0; } - type = force_plain ? sshkey_type_plain(key->type) : key->type; - typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); - - switch (type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK_CERT: - case KEY_RSA_CERT: -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: - case KEY_ED25519_SK_CERT: -#ifdef WITH_XMSS - case KEY_XMSS_CERT: -#endif /* WITH_XMSS */ - /* Use the existing blob */ - /* XXX modified flag? */ - if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) - return ret; - break; -#ifdef WITH_OPENSSL - case KEY_DSA: - if (key->dsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(key->dsa, &dsa_pub_key, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 || - (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0) - return ret; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_SK: - if (key->ecdsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_cstring(b, - sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || - (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) - return ret; - if (type == KEY_ECDSA_SK) { - if ((ret = sshbuf_put_cstring(b, - key->sk_application)) != 0) - return ret; - } - break; -# endif - case KEY_RSA: - if (key->rsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; - RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 || - (ret = sshbuf_put_bignum2(b, rsa_n)) != 0) - return ret; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_SK: - if (key->ed25519_pk == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_string(b, - key->ed25519_pk, ED25519_PK_SZ)) != 0) - return ret; - if (type == KEY_ED25519_SK) { - if ((ret = sshbuf_put_cstring(b, - key->sk_application)) != 0) - return ret; - } - break; -#ifdef WITH_XMSS - case KEY_XMSS: - if (key->xmss_name == NULL || key->xmss_pk == NULL || - sshkey_xmss_pklen(key) == 0) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (ret = sshbuf_put_string(b, - key->xmss_pk, sshkey_xmss_pklen(key))) != 0 || - (ret = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) - return ret; - break; -#endif /* WITH_XMSS */ - default: + if ((impl = sshkey_impl_from_type(type)) == NULL) return SSH_ERR_KEY_TYPE_UNKNOWN; - } - return 0; + + typename = sshkey_ssh_name_from_type_nid(type, key->ecdsa_nid); + if ((ret = sshbuf_put_cstring(b, typename)) != 0) + return ret; + return impl->funcs->serialize_public(key, b, opts); } int @@ -1443,16 +1348,18 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, static int peek_type_nid(const char *s, size_t l, int *nid) { - const struct keytype *kt; + const struct sshkey_impl *impl; + int i; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || strlen(kt->name) != l) + for (i = 0; keyimpls[i] != NULL; i++) { + impl = keyimpls[i]; + if (impl->name == NULL || strlen(impl->name) != l) continue; - if (memcmp(s, kt->name, l) == 0) { + if (memcmp(s, impl->name, l) == 0) { *nid = -1; - if (key_type_is_ecdsa_variant(kt->type)) - *nid = kt->nid; - return kt->type; + if (key_type_is_ecdsa_variant(impl->type)) + *nid = impl->nid; + return impl->type; } } return KEY_UNSPEC; @@ -1470,29 +1377,8 @@ sshkey_read(struct sshkey *ret, char **cpp) if (ret == NULL) return SSH_ERR_INVALID_ARGUMENT; - - switch (ret->type) { - case KEY_UNSPEC: - case KEY_RSA: - case KEY_DSA: - case KEY_ECDSA: - case KEY_ECDSA_SK: - case KEY_ED25519: - case KEY_ED25519_SK: - case KEY_DSA_CERT: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK_CERT: - case KEY_RSA_CERT: - case KEY_ED25519_CERT: - case KEY_ED25519_SK_CERT: -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: -#endif /* WITH_XMSS */ - break; /* ok */ - default: + if (ret->type != KEY_UNSPEC && sshkey_impl_from_type(ret->type) == NULL) return SSH_ERR_INVALID_ARGUMENT; - } /* Decode type */ cp = *cpp; @@ -1559,107 +1445,15 @@ sshkey_read(struct sshkey *ret, char **cpp) break; } /* Fill in ret from parsed key */ - ret->type = type; - if (sshkey_is_cert(ret)) { - if (!sshkey_is_cert(k)) { - sshkey_free(k); - return SSH_ERR_EXPECTED_CERT; - } - if (ret->cert != NULL) - cert_free(ret->cert); - ret->cert = k->cert; - k->cert = NULL; - } - switch (sshkey_type_plain(ret->type)) { -#ifdef WITH_OPENSSL - case KEY_RSA: - RSA_free(ret->rsa); - ret->rsa = k->rsa; - k->rsa = NULL; -#ifdef DEBUG_PK - RSA_print_fp(stderr, ret->rsa, 8); -#endif - break; - case KEY_DSA: - DSA_free(ret->dsa); - ret->dsa = k->dsa; - k->dsa = NULL; -#ifdef DEBUG_PK - DSA_print_fp(stderr, ret->dsa, 8); -#endif - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - EC_KEY_free(ret->ecdsa); - ret->ecdsa = k->ecdsa; - ret->ecdsa_nid = k->ecdsa_nid; - k->ecdsa = NULL; - k->ecdsa_nid = -1; -#ifdef DEBUG_PK - sshkey_dump_ec_key(ret->ecdsa); -#endif - break; - case KEY_ECDSA_SK: - EC_KEY_free(ret->ecdsa); - ret->ecdsa = k->ecdsa; - ret->ecdsa_nid = k->ecdsa_nid; - ret->sk_application = k->sk_application; - k->ecdsa = NULL; - k->ecdsa_nid = -1; - k->sk_application = NULL; -#ifdef DEBUG_PK - sshkey_dump_ec_key(ret->ecdsa); - fprintf(stderr, "App: %s\n", ret->sk_application); -#endif - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - freezero(ret->ed25519_pk, ED25519_PK_SZ); - ret->ed25519_pk = k->ed25519_pk; - k->ed25519_pk = NULL; -#ifdef DEBUG_PK - /* XXX */ -#endif - break; - case KEY_ED25519_SK: - freezero(ret->ed25519_pk, ED25519_PK_SZ); - ret->ed25519_pk = k->ed25519_pk; - ret->sk_application = k->sk_application; - k->ed25519_pk = NULL; - k->sk_application = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - free(ret->xmss_pk); - ret->xmss_pk = k->xmss_pk; - k->xmss_pk = NULL; - free(ret->xmss_state); - ret->xmss_state = k->xmss_state; - k->xmss_state = NULL; - free(ret->xmss_name); - ret->xmss_name = k->xmss_name; - k->xmss_name = NULL; - free(ret->xmss_filename); - ret->xmss_filename = k->xmss_filename; - k->xmss_filename = NULL; -#ifdef DEBUG_PK - /* XXX */ -#endif - break; -#endif /* WITH_XMSS */ - default: - sshkey_free(k); - return SSH_ERR_INTERNAL_ERROR; - } - sshkey_free(k); + sshkey_free_contents(ret); + *ret = *k; + freezero(k, sizeof(*k)); /* success */ *cpp = cp; return 0; } - int sshkey_to_base64(const struct sshkey *key, char **b64p) { @@ -1742,126 +1536,26 @@ sshkey_cert_type(const struct sshkey *k) } } -#ifdef WITH_OPENSSL -# if OPENSSL_VERSION_NUMBER < 0x30000000L -/* Original function in OpenSSH Portable 9.0p1 */ -static int -rsa_generate_private_key(u_int bits, RSA **rsap) -{ - RSA *private = NULL; - BIGNUM *f4 = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (rsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) - return SSH_ERR_KEY_LENGTH; - *rsap = NULL; - if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!BN_set_word(f4, RSA_F4) || - !RSA_generate_key_ex(private, bits, f4, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - *rsap = private; - private = NULL; - ret = 0; - out: - RSA_free(private); - BN_free(f4); - return ret; -} -# else -/* Fedora version (requires OpenSSL 3.x) */ -static int -rsa_generate_private_key(u_int bits, RSA **rsap) -{ - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *res = NULL; - BIGNUM *f4 = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (rsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) - return SSH_ERR_KEY_LENGTH; - *rsap = NULL; - - if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) == NULL - || (f4 = BN_new()) == NULL || !BN_set_word(f4, RSA_F4)) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - - if (EVP_PKEY_keygen_init(ctx) <= 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0) { - ret = SSH_ERR_KEY_LENGTH; - goto out; - } - - if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, f4) <= 0) - goto out; - - if (EVP_PKEY_keygen(ctx, &res) <= 0) { - if (FIPS_mode()) - logit_f("the key length might be unsupported by FIPS mode approved key generation method"); - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - /* This function is deprecated in OpenSSL 3.0 but OpenSSH doesn't worry about it*/ - *rsap = EVP_PKEY_get1_RSA(res); - if (*rsap) { - ret = 0; - } else { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - out: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(res); - BN_free(f4); - return ret; -} -# endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ - -static int -dsa_generate_private_key(u_int bits, DSA **dsap) +int +sshkey_check_rsa_length(const struct sshkey *k, int min_size) { - DSA *private; - int ret = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL + const BIGNUM *rsa_n; + int nbits; - if (dsap == NULL) - return SSH_ERR_INVALID_ARGUMENT; - if (bits != 1024) + if (k == NULL || k->rsa == NULL || + (k->type != KEY_RSA && k->type != KEY_RSA_CERT)) + return 0; + RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); + nbits = BN_num_bits(rsa_n); + if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE || + (min_size > 0 && nbits < min_size)) return SSH_ERR_KEY_LENGTH; - if ((private = DSA_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - *dsap = NULL; - if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, - NULL, NULL) || !DSA_generate_key(private)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - *dsap = private; - private = NULL; - ret = 0; - out: - DSA_free(private); - return ret; +#endif /* WITH_OPENSSL */ + return 0; } +#ifdef WITH_OPENSSL # ifdef OPENSSL_HAS_ECC int sshkey_ecdsa_key_to_nid(EC_KEY *k) @@ -1906,167 +1600,72 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k) } return nids[i]; } +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ -# if OPENSSL_VERSION_NUMBER < 0x30000000L -/* Original function in OpenSSH Portable 9.0p1 */ -static int -ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) +int +sshkey_generate(int type, u_int bits, struct sshkey **keyp) { - EC_KEY *private; + struct sshkey *k; int ret = SSH_ERR_INTERNAL_ERROR; + const struct sshkey_impl *impl; - if (nid == NULL || ecdsap == NULL) + if (keyp == NULL || sshkey_type_is_cert(type)) return SSH_ERR_INVALID_ARGUMENT; - if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) - return SSH_ERR_KEY_LENGTH; - *ecdsap = NULL; - if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_generate_key(private) != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; + *keyp = NULL; + if ((impl = sshkey_impl_from_type(type)) == NULL) + return SSH_ERR_KEY_TYPE_UNKNOWN; + if (impl->funcs->generate == NULL) + return SSH_ERR_FEATURE_UNSUPPORTED; + if ((k = sshkey_new(KEY_UNSPEC)) == NULL) + return SSH_ERR_ALLOC_FAIL; + k->type = type; + if ((ret = impl->funcs->generate(k, bits)) != 0) { + sshkey_free(k); + return ret; } - EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); - *ecdsap = private; - private = NULL; - ret = 0; - out: - EC_KEY_free(private); - return ret; + /* success */ + *keyp = k; + return 0; } -# else -/* Fedora version (requires OpenSSL 3.x) */ -static int -ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) + +int +sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) { - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *res = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; + u_int i; + const struct sshkey_cert *from; + struct sshkey_cert *to; + int r = SSH_ERR_INTERNAL_ERROR; - if (nid == NULL || ecdsap == NULL) + if (to_key == NULL || (from = from_key->cert) == NULL) return SSH_ERR_INVALID_ARGUMENT; - if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) - return SSH_ERR_KEY_LENGTH; - *ecdsap = NULL; - if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; + if ((to = cert_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 || + (r = sshbuf_putb(to->critical, from->critical)) != 0 || + (r = sshbuf_putb(to->extensions, from->extensions)) != 0) goto out; - } - if (EVP_PKEY_keygen_init(ctx) <= 0 || EVP_PKEY_CTX_set_group_name(ctx, OBJ_nid2sn(*nid)) <= 0 - || EVP_PKEY_keygen(ctx, &res) <= 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; + to->serial = from->serial; + to->type = from->type; + if (from->key_id == NULL) + to->key_id = NULL; + else if ((to->key_id = strdup(from->key_id)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } - /* This function is deprecated in OpenSSL 3.0 but OpenSSH doesn't worry about it*/ - *ecdsap = EVP_PKEY_get1_EC_KEY(res); - if (*ecdsap) { - EC_KEY_set_asn1_flag(*ecdsap, OPENSSL_EC_NAMED_CURVE); - ret = 0; - } else { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - out: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(res); - return ret; -} -# endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - -int -sshkey_generate(int type, u_int bits, struct sshkey **keyp) -{ - struct sshkey *k; - int ret = SSH_ERR_INTERNAL_ERROR; - - if (keyp == NULL) - return SSH_ERR_INVALID_ARGUMENT; - *keyp = NULL; - if ((k = sshkey_new(KEY_UNSPEC)) == NULL) - return SSH_ERR_ALLOC_FAIL; - switch (type) { - case KEY_ED25519: - if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || - (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - break; - } - crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); - ret = 0; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - ret = sshkey_xmss_generate_private_key(k, bits); - break; -#endif /* WITH_XMSS */ -#ifdef WITH_OPENSSL - case KEY_DSA: - ret = dsa_generate_private_key(bits, &k->dsa); - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, - &k->ecdsa); - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - ret = rsa_generate_private_key(bits, &k->rsa); - break; -#endif /* WITH_OPENSSL */ - default: - ret = SSH_ERR_INVALID_ARGUMENT; - } - if (ret == 0) { - k->type = type; - *keyp = k; - } else - sshkey_free(k); - return ret; -} - -int -sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) -{ - u_int i; - const struct sshkey_cert *from; - struct sshkey_cert *to; - int r = SSH_ERR_INTERNAL_ERROR; - - if (to_key == NULL || (from = from_key->cert) == NULL) - return SSH_ERR_INVALID_ARGUMENT; - - if ((to = cert_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 || - (r = sshbuf_putb(to->critical, from->critical)) != 0 || - (r = sshbuf_putb(to->extensions, from->extensions)) != 0) - goto out; - - to->serial = from->serial; - to->type = from->type; - if (from->key_id == NULL) - to->key_id = NULL; - else if ((to->key_id = strdup(from->key_id)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - to->valid_after = from->valid_after; - to->valid_before = from->valid_before; - if (from->signature_key == NULL) - to->signature_key = NULL; - else if ((r = sshkey_from_private(from->signature_key, - &to->signature_key)) != 0) - goto out; - if (from->signature_type != NULL && - (to->signature_type = strdup(from->signature_type)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; + to->valid_after = from->valid_after; + to->valid_before = from->valid_before; + if (from->signature_key == NULL) + to->signature_key = NULL; + else if ((r = sshkey_from_private(from->signature_key, + &to->signature_key)) != 0) + goto out; + if (from->signature_type != NULL && + (to->signature_type = strdup(from->signature_type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) { @@ -2100,133 +1699,31 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) return r; } +int +sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to) +{ + /* Append security-key application string */ + if ((to->sk_application = strdup(from->sk_application)) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + int sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) { struct sshkey *n = NULL; int r = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e; - BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; - const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; - BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; - BIGNUM *dsa_pub_key_dup = NULL; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; *pkp = NULL; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return SSH_ERR_KEY_TYPE_UNKNOWN; if ((n = sshkey_new(k->type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - case KEY_DSA_CERT: - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(k->dsa, &dsa_pub_key, NULL); - if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || - (dsa_q_dup = BN_dup(dsa_q)) == NULL || - (dsa_g_dup = BN_dup(dsa_g)) == NULL || - (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ - if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key_dup = NULL; /* transferred */ - - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK: - case KEY_ECDSA_SK_CERT: - n->ecdsa_nid = k->ecdsa_nid; - n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (n->ecdsa == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (EC_KEY_set_public_key(n->ecdsa, - EC_KEY_get0_public_key(k->ecdsa)) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if (k->type != KEY_ECDSA_SK && k->type != KEY_ECDSA_SK_CERT) - break; - /* Append security-key application string */ - if ((n->sk_application = strdup(k->sk_application)) == NULL) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - case KEY_RSA_CERT: - RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); - if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || - (rsa_e_dup = BN_dup(rsa_e)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n_dup = rsa_e_dup = NULL; /* transferred */ - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if (k->ed25519_pk != NULL) { - if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); - } - if (k->type != KEY_ED25519_SK && - k->type != KEY_ED25519_SK_CERT) - break; - /* Append security-key application string */ - if ((n->sk_application = strdup(k->sk_application)) == NULL) - goto out; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) - goto out; - if (k->xmss_pk != NULL) { - u_int32_t left; - size_t pklen = sshkey_xmss_pklen(k); - if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((n->xmss_pk = malloc(pklen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(n->xmss_pk, k->xmss_pk, pklen); - /* simulate number of signatures left on pubkey */ - left = sshkey_xmss_signatures_left(k); - if (left) - sshkey_xmss_enable_maxsign(n, left); - } - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; + if ((r = impl->funcs->copy_public(k, n)) != 0) goto out; - } if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0) goto out; /* success */ @@ -2235,15 +1732,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) r = 0; out: sshkey_free(n); -#ifdef WITH_OPENSSL - BN_clear_free(rsa_n_dup); - BN_clear_free(rsa_e_dup); - BN_clear_free(dsa_p_dup); - BN_clear_free(dsa_q_dup); - BN_clear_free(dsa_g_dup); - BN_clear_free(dsa_pub_key_dup); -#endif - return r; } @@ -2365,14 +1853,38 @@ sshkey_shield_private(struct sshkey *k) return r; } +/* Check deterministic padding after private key */ +static int +private2_check_padding(struct sshbuf *decrypted) +{ + u_char pad; + size_t i; + int r; + + i = 0; + while (sshbuf_len(decrypted)) { + if ((r = sshbuf_get_u8(decrypted, &pad)) != 0) + goto out; + if (pad != (++i & 0xff)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + /* success */ + r = 0; + out: + explicit_bzero(&pad, sizeof(pad)); + explicit_bzero(&i, sizeof(i)); + return r; +} + int sshkey_unshield_private(struct sshkey *k) { struct sshbuf *prvbuf = NULL; - u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH]; + u_char *cp, keyiv[SSH_DIGEST_MAX_LENGTH]; struct sshcipher_ctx *cctx = NULL; const struct sshcipher *cipher; - size_t i; struct sshkey *kswap = NULL, tmp; int r = SSH_ERR_INTERNAL_ERROR; @@ -2434,16 +1946,9 @@ sshkey_unshield_private(struct sshkey *k) /* Parse private key */ if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0) goto out; - /* Check deterministic padding */ - i = 0; - while (sshbuf_len(prvbuf)) { - if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0) - goto out; - if (pad != (++i & 0xff)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } + + if ((r = private2_check_padding(prvbuf)) != 0) + goto out; /* Swap the parsed key back into place */ tmp = *kswap; @@ -2589,21 +2094,11 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) } int -sshkey_check_rsa_length(const struct sshkey *k, int min_size) +sshkey_deserialize_sk(struct sshbuf *b, struct sshkey *key) { -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n; - int nbits; - - if (k == NULL || k->rsa == NULL || - (k->type != KEY_RSA && k->type != KEY_RSA_CERT)) - return 0; - RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); - nbits = BN_num_bits(rsa_n); - if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE || - (min_size > 0 && nbits < min_size)) - return SSH_ERR_KEY_LENGTH; -#endif /* WITH_OPENSSL */ + /* Parse additional security-key application string */ + if (sshbuf_get_cstring(b, &key->sk_application, NULL) != 0) + return SSH_ERR_INVALID_FORMAT; return 0; } @@ -2612,18 +2107,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, int allow_cert) { int type, ret = SSH_ERR_INTERNAL_ERROR; - char *ktype = NULL, *curve = NULL, *xmss_name = NULL; + char *ktype = NULL; struct sshkey *key = NULL; - size_t len; - u_char *pk = NULL; struct sshbuf *copy; -#if defined(WITH_OPENSSL) - BIGNUM *rsa_n = NULL, *rsa_e = NULL; - BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; -# if defined(OPENSSL_HAS_ECC) - EC_POINT *q = NULL; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; #ifdef DEBUG_PK /* XXX */ sshbuf_dump(b, stderr); @@ -2644,203 +2131,23 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; goto out; } - switch (type) { -#ifdef WITH_OPENSSL - case KEY_RSA_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_RSA: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, &rsa_e) != 0 || - sshbuf_get_bignum2(b, &rsa_n) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n = rsa_e = NULL; /* transferred */ - if ((ret = sshkey_check_rsa_length(key, 0)) != 0) - goto out; -#ifdef DEBUG_PK - RSA_print_fp(stderr, key->rsa, 8); -#endif - break; - case KEY_DSA_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_DSA: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_bignum2(b, &dsa_p) != 0 || - sshbuf_get_bignum2(b, &dsa_q) != 0 || - sshbuf_get_bignum2(b, &dsa_g) != 0 || - sshbuf_get_bignum2(b, &dsa_pub_key) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p = dsa_q = dsa_g = NULL; /* transferred */ - if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key = NULL; /* transferred */ -#ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); -#endif - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_ECDSA: - case KEY_ECDSA_SK: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype); - if (sshbuf_get_cstring(b, &curve, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { - ret = SSH_ERR_EC_CURVE_MISMATCH; - goto out; - } - EC_KEY_free(key->ecdsa); - if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) - == NULL) { - ret = SSH_ERR_EC_CURVE_INVALID; - goto out; - } - if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa)) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), - q) != 0) { - ret = SSH_ERR_KEY_INVALID_EC_VALUE; - goto out; - } - if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { - /* XXX assume it is a allocation error */ - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -#ifdef DEBUG_PK - sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); -#endif - if (type == KEY_ECDSA_SK || type == KEY_ECDSA_SK_CERT) { - /* Parse additional security-key application string */ - if (sshbuf_get_cstring(b, &key->sk_application, - NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } -#ifdef DEBUG_PK - fprintf(stderr, "App: %s\n", key->sk_application); -#endif - } - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: - case KEY_ED25519_SK_CERT: - /* Skip nonce */ - if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - /* FALLTHROUGH */ - case KEY_ED25519: - case KEY_ED25519_SK: - if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) - goto out; - if (len != ED25519_PK_SZ) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (type == KEY_ED25519_SK || type == KEY_ED25519_SK_CERT) { - /* Parse additional security-key application string */ - if (sshbuf_get_cstring(b, &key->sk_application, - NULL) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } -#ifdef DEBUG_PK - fprintf(stderr, "App: %s\n", key->sk_application); -#endif - } - key->ed25519_pk = pk; - pk = NULL; - break; -#ifdef WITH_XMSS - case KEY_XMSS_CERT: - /* Skip nonce */ + if ((impl = sshkey_impl_from_type(type)) == NULL) { + ret = SSH_ERR_KEY_TYPE_UNKNOWN; + goto out; + } + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshkey_type_is_cert(type)) { + /* Skip nonce that preceeds all certificates */ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } - /* FALLTHROUGH */ - case KEY_XMSS: - if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) - goto out; - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) - goto out; - if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) - goto out; - if (len == 0 || len != sshkey_xmss_pklen(key)) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - key->xmss_pk = pk; - pk = NULL; - if (type != KEY_XMSS_CERT && - (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - case KEY_UNSPEC: - default: - ret = SSH_ERR_KEY_TYPE_UNKNOWN; - goto out; } + if ((ret = impl->funcs->deserialize_public(ktype, b, key)) != 0) + goto out; /* Parse certificate potion */ if (sshkey_is_cert(key) && (ret = cert_parse(b, key, copy)) != 0) @@ -2858,21 +2165,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, out: sshbuf_free(copy); sshkey_free(key); - free(xmss_name); free(ktype); - free(curve); - free(pk); -#if defined(WITH_OPENSSL) - BN_clear_free(rsa_n); - BN_clear_free(rsa_e); - BN_clear_free(dsa_p); - BN_clear_free(dsa_q); - BN_clear_free(dsa_g); - BN_clear_free(dsa_pub_key); -# if defined(OPENSSL_HAS_ECC) - EC_POINT_free(q); -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ return ret; } @@ -2960,17 +2253,19 @@ sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) const char * sshkey_sigalg_by_name(const char *name) { - const struct keytype *kt; + const struct sshkey_impl *impl; + int i; - for (kt = keytypes; kt->type != -1; kt++) { - if (strcmp(kt->name, name) != 0) + for (i = 0; keyimpls[i] != NULL; i++) { + impl = keyimpls[i]; + if (strcmp(impl->name, name) != 0) continue; - if (kt->sigalg != NULL) - return kt->sigalg; - if (!kt->cert) - return kt->name; + if (impl->sigalg != NULL) + return impl->sigalg; + if (!impl->cert) + return impl->name; return sshkey_ssh_name_from_type_nid( - sshkey_type_plain(kt->type), kt->nid); + sshkey_type_plain(impl->type), impl->nid); } return NULL; } @@ -3006,6 +2301,7 @@ sshkey_sign(struct sshkey *key, { int was_shielded = sshkey_is_shielded(key); int r2, r = SSH_ERR_INTERNAL_ERROR; + const struct sshkey_impl *impl; if (sigp != NULL) *sigp = NULL; @@ -3013,50 +2309,25 @@ sshkey_sign(struct sshkey *key, *lenp = 0; if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; - if ((r = sshkey_unshield_private(key)) != 0) - return r; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_DSA: - r = ssh_dss_sign(key, sigp, lenp, data, datalen, compat); - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - case KEY_RSA: - r = ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); - break; - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if (FIPS_mode()) { + if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) { logit_f("Ed25519 keys are not allowed in FIPS mode"); return SSH_ERR_INVALID_ARGUMENT; } /* Fallthrough */ - case KEY_ECDSA_SK_CERT: - case KEY_ECDSA_SK: + if ((impl = sshkey_impl_from_key(key)) == NULL) + return SSH_ERR_KEY_TYPE_UNKNOWN; + if ((r = sshkey_unshield_private(key)) != 0) + return r; + if (sshkey_is_sk(key)) { r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen, compat, sk_pin); - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - r = ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; - break; + } else { + if (impl->funcs->sign == NULL) + r = SSH_ERR_SIGN_ALG_UNSUPPORTED; + else { + r = impl->funcs->sign(key, sigp, lenp, data, datalen, + alg, sk_provider, sk_pin, compat); + } } if (was_shielded && (r2 = sshkey_shield_private(key)) != 0) return r2; @@ -3073,47 +2344,20 @@ sshkey_verify(const struct sshkey *key, const u_char *data, size_t dlen, const char *alg, u_int compat, struct sshkey_sig_details **detailsp) { + const struct sshkey_impl *impl; + if (detailsp != NULL) *detailsp = NULL; if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - case KEY_DSA: - return ssh_dss_verify(key, sig, siglen, data, dlen, compat); -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: - return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); - case KEY_ECDSA_SK_CERT: - case KEY_ECDSA_SK: - return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, - compat, detailsp); -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - case KEY_RSA: - return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if (FIPS_mode()) { + if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) { logit_f("Ed25519 keys are not allowed in FIPS mode"); return SSH_ERR_INVALID_ARGUMENT; } - return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, - compat, detailsp); -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - return ssh_xmss_verify(key, sig, siglen, data, dlen, compat); -#endif /* WITH_XMSS */ - default: + if ((impl = sshkey_impl_from_key(key)) == NULL) return SSH_ERR_KEY_TYPE_UNKNOWN; - } + return impl->funcs->verify(key, sig, siglen, data, dlen, + alg, compat, detailsp); } /* Convert a plain key to their _CERT equivalent */ @@ -3122,35 +2366,8 @@ sshkey_to_certified(struct sshkey *k) { int newtype; - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - newtype = KEY_RSA_CERT; - break; - case KEY_DSA: - newtype = KEY_DSA_CERT; - break; - case KEY_ECDSA: - newtype = KEY_ECDSA_CERT; - break; - case KEY_ECDSA_SK: - newtype = KEY_ECDSA_SK_CERT; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519_SK: - newtype = KEY_ED25519_SK_CERT; - break; - case KEY_ED25519: - newtype = KEY_ED25519_CERT; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - newtype = KEY_XMSS_CERT; - break; -#endif /* WITH_XMSS */ - default: + if ((newtype = sshkey_type_certified(k->type)) == -1) return SSH_ERR_INVALID_ARGUMENT; - } if ((k->cert = cert_new()) == NULL) return SSH_ERR_ALLOC_FAIL; k->type = newtype; @@ -3175,15 +2392,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, const char *sk_provider, const char *sk_pin, sshkey_certify_signer *signer, void *signer_ctx) { + const struct sshkey_impl *impl; struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; size_t i, ca_len, sig_len; int ret = SSH_ERR_INTERNAL_ERROR; struct sshbuf *cert = NULL; char *sigtype = NULL; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; -#endif /* WITH_OPENSSL */ if (k == NULL || k->cert == NULL || k->cert->certblob == NULL || ca == NULL) @@ -3192,6 +2407,8 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, return SSH_ERR_KEY_TYPE_UNKNOWN; if (!sshkey_type_is_valid_ca(ca->type)) return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return SSH_ERR_INTERNAL_ERROR; /* * If no alg specified as argument but a signature_type was set, @@ -3219,73 +2436,16 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, goto out; /* -v01 certs put nonce first */ - arc4random_buf(&nonce, sizeof(nonce)); - if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) - goto out; - - /* XXX this substantially duplicates to_blob(); refactor */ - switch (k->type) { -#ifdef WITH_OPENSSL - case KEY_DSA_CERT: - DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(k->dsa, &dsa_pub_key, NULL); - if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 || - (ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0) - goto out; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA_SK_CERT: - if ((ret = sshbuf_put_cstring(cert, - sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || - (ret = sshbuf_put_ec(cert, - EC_KEY_get0_public_key(k->ecdsa), - EC_KEY_get0_group(k->ecdsa))) != 0) - goto out; - if (k->type == KEY_ECDSA_SK_CERT) { - if ((ret = sshbuf_put_cstring(cert, - k->sk_application)) != 0) - goto out; - } - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: - RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); - if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 || - (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0) - goto out; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: - case KEY_ED25519_SK_CERT: - if ((ret = sshbuf_put_string(cert, - k->ed25519_pk, ED25519_PK_SZ)) != 0) - goto out; - if (k->type == KEY_ED25519_SK_CERT) { - if ((ret = sshbuf_put_cstring(cert, - k->sk_application)) != 0) - goto out; - } - break; -#ifdef WITH_XMSS - case KEY_XMSS_CERT: - if (k->xmss_name == NULL) { - ret = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((ret = sshbuf_put_cstring(cert, k->xmss_name)) || - (ret = sshbuf_put_string(cert, - k->xmss_pk, sshkey_xmss_pklen(k))) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - default: - ret = SSH_ERR_INVALID_ARGUMENT; + arc4random_buf(&nonce, sizeof(nonce)); + if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) + goto out; + + /* Public key next */ + if ((ret = impl->funcs->serialize_public(k, cert, + SSHKEY_SERIALIZE_DEFAULT)) != 0) goto out; - } + /* Then remaining cert fields */ if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) @@ -3481,6 +2641,21 @@ sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) return strlcpy(s, ret, l); } +/* Common serialization for FIDO private keys */ +int +sshkey_serialize_private_sk(const struct sshkey *key, struct sshbuf *b) +{ + int r; + + if ((r = sshbuf_put_cstring(b, key->sk_application)) != 0 || + (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || + (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) + return r; + + return 0; +} + int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep opts) @@ -3488,185 +2663,28 @@ sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, int r = SSH_ERR_INTERNAL_ERROR; int was_shielded = sshkey_is_shielded(key); struct sshbuf *b = NULL; -#ifdef WITH_OPENSSL - const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; - const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key; -#endif /* WITH_OPENSSL */ + const struct sshkey_impl *impl; + if ((impl = sshkey_impl_from_key(key)) == NULL) + return SSH_ERR_INTERNAL_ERROR; if ((r = sshkey_unshield_private(key)) != 0) return r; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) goto out; - switch (key->type) { -#ifdef WITH_OPENSSL - case KEY_RSA: - RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); - RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); - RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); - if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_e)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_q)) != 0) - goto out; - break; - case KEY_RSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); - RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); - RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, rsa_q)) != 0) - goto out; - break; - case KEY_DSA: - DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); - DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key); - if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_q)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_g)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) - goto out; - break; - case KEY_DSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - DSA_get0_key(key->dsa, NULL, &dsa_priv_key); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) - goto out; - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if ((r = sshbuf_put_cstring(b, - sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || - (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || - (r = sshbuf_put_bignum2(b, - EC_KEY_get0_private_key(key->ecdsa))) != 0) - goto out; - break; - case KEY_ECDSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, - EC_KEY_get0_private_key(key->ecdsa))) != 0) - goto out; - break; - case KEY_ECDSA_SK: - if ((r = sshbuf_put_cstring(b, - sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || - (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || - (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || - (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) - goto out; - break; - case KEY_ECDSA_SK_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || - (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - if ((r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_sk, - ED25519_SK_SZ)) != 0) - goto out; - break; - case KEY_ED25519_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_sk, - ED25519_SK_SZ)) != 0) - goto out; - break; - case KEY_ED25519_SK: - if ((r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || - (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) - goto out; - break; - case KEY_ED25519_SK_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_string(b, key->ed25519_pk, - ED25519_PK_SZ)) != 0 || - (r = sshbuf_put_cstring(b, key->sk_application)) != 0 || - (r = sshbuf_put_u8(b, key->sk_flags)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 || - (r = sshbuf_put_stringb(b, key->sk_reserved)) != 0) - goto out; - break; -#ifdef WITH_XMSS - case KEY_XMSS: - if (key->xmss_name == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (r = sshbuf_put_string(b, key->xmss_pk, - sshkey_xmss_pklen(key))) != 0 || - (r = sshbuf_put_string(b, key->xmss_sk, - sshkey_xmss_sklen(key))) != 0 || - (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) - goto out; - break; - case KEY_XMSS_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0 || - key->xmss_name == NULL) { + if (sshkey_is_cert(key)) { + if (key->cert == NULL || + sshbuf_len(key->cert->certblob) == 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || - (r = sshbuf_put_string(b, key->xmss_pk, - sshkey_xmss_pklen(key))) != 0 || - (r = sshbuf_put_string(b, key->xmss_sk, - sshkey_xmss_sklen(key))) != 0 || - (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0) goto out; - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; } + if ((r = impl->funcs->serialize_private(key, b, opts)) != 0) + goto out; + /* * success (but we still need to append the output to buf after * possibly re-shielding the private key) @@ -3689,24 +2707,33 @@ sshkey_private_serialize(struct sshkey *key, struct sshbuf *b) SSHKEY_SERIALIZE_DEFAULT); } +/* Shared deserialization of FIDO private key components */ +int +sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k) +{ + int r; + + if ((k->sk_key_handle = sshbuf_new()) == NULL || + (k->sk_reserved = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(buf, &k->sk_application, NULL)) != 0 || + (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || + (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) + return r; + + return 0; +} + int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) { - char *tname = NULL, *curve = NULL, *xmss_name = NULL; + const struct sshkey_impl *impl; + char *tname = NULL; char *expect_sk_application = NULL; + u_char *expect_ed25519_pk = NULL; struct sshkey *k = NULL; - size_t pklen = 0, sklen = 0; int type, r = SSH_ERR_INTERNAL_ERROR; - u_char *ed25519_pk = NULL, *ed25519_sk = NULL; - u_char *expect_ed25519_pk = NULL; - u_char *xmss_pk = NULL, *xmss_sk = NULL; -#ifdef WITH_OPENSSL - BIGNUM *exponent = NULL; - BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; - BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; - BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; - BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; -#endif /* WITH_OPENSSL */ if (kp != NULL) *kp = NULL; @@ -3739,227 +2766,21 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) expect_ed25519_pk = k->ed25519_pk; k->sk_application = NULL; k->ed25519_pk = NULL; + /* XXX xmss too or refactor */ } else { if ((k = sshkey_new(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } } - switch (type) { -#ifdef WITH_OPENSSL - case KEY_DSA: - if ((r = sshbuf_get_bignum2(buf, &dsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, &dsa_q)) != 0 || - (r = sshbuf_get_bignum2(buf, &dsa_g)) != 0 || - (r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0) - goto out; - if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_p = dsa_q = dsa_g = NULL; /* transferred */ - if (!DSA_set0_key(k->dsa, dsa_pub_key, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_pub_key = NULL; /* transferred */ - /* FALLTHROUGH */ - case KEY_DSA_CERT: - if ((r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0) - goto out; - if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - dsa_priv_key = NULL; /* transferred */ - break; -# ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) - goto out; - if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { - r = SSH_ERR_EC_CURVE_MISMATCH; - goto out; - } - k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (k->ecdsa == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0) - goto out; - /* FALLTHROUGH */ - case KEY_ECDSA_CERT: - if ((r = sshbuf_get_bignum2(buf, &exponent)) != 0) - goto out; - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa))) != 0 || - (r = sshkey_ec_validate_private(k->ecdsa)) != 0) - goto out; - break; - case KEY_ECDSA_SK: - if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) - goto out; - if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { - r = SSH_ERR_EC_CURVE_MISMATCH; - goto out; - } - if ((k->sk_key_handle = sshbuf_new()) == NULL || - (k->sk_reserved = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); - if (k->ecdsa == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || - (r = sshbuf_get_cstring(buf, &k->sk_application, - NULL)) != 0 || - (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) - goto out; - if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa))) != 0) - goto out; - break; - case KEY_ECDSA_SK_CERT: - if ((k->sk_key_handle = sshbuf_new()) == NULL || - (k->sk_reserved = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &k->sk_application, - NULL)) != 0 || - (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) - goto out; - if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa))) != 0) - goto out; - break; -# endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - if ((r = sshbuf_get_bignum2(buf, &rsa_n)) != 0 || - (r = sshbuf_get_bignum2(buf, &rsa_e)) != 0) - goto out; - if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, NULL)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_n = rsa_e = NULL; /* transferred */ - /* FALLTHROUGH */ - case KEY_RSA_CERT: - if ((r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 || - (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0) - goto out; - if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_d = NULL; /* transferred */ - if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - rsa_p = rsa_q = NULL; /* transferred */ - if ((r = sshkey_check_rsa_length(k, 0)) != 0) - goto out; - if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) - goto out; - break; -#endif /* WITH_OPENSSL */ - case KEY_ED25519: - case KEY_ED25519_CERT: - if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) - goto out; - if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->ed25519_pk = ed25519_pk; - k->ed25519_sk = ed25519_sk; - ed25519_pk = ed25519_sk = NULL; /* transferred */ - break; - case KEY_ED25519_SK: - case KEY_ED25519_SK_CERT: - if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0) - goto out; - if (pklen != ED25519_PK_SZ) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((k->sk_key_handle = sshbuf_new()) == NULL || - (k->sk_reserved = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_get_cstring(buf, &k->sk_application, - NULL)) != 0 || - (r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || - (r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) - goto out; - k->ed25519_pk = ed25519_pk; - ed25519_pk = NULL; /* transferred */ - break; -#ifdef WITH_XMSS - case KEY_XMSS: - case KEY_XMSS_CERT: - if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || - (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) - goto out; - if (type == KEY_XMSS && - (r = sshkey_xmss_init(k, xmss_name)) != 0) - goto out; - if (pklen != sshkey_xmss_pklen(k) || - sklen != sshkey_xmss_sklen(k)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->xmss_pk = xmss_pk; - k->xmss_sk = xmss_sk; - xmss_pk = xmss_sk = NULL; - /* optional internal state */ - if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) - goto out; - break; -#endif /* WITH_XMSS */ - default: - r = SSH_ERR_KEY_TYPE_UNKNOWN; + if ((impl = sshkey_impl_from_type(type)) == NULL) { + r = SSH_ERR_INTERNAL_ERROR; goto out; } -#ifdef WITH_OPENSSL - /* enable blinding */ - switch (k->type) { - case KEY_RSA: - case KEY_RSA_CERT: - if (RSA_blinding_on(k->rsa, NULL) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - break; - } -#endif /* WITH_OPENSSL */ + if ((r = impl->funcs->deserialize_private(tname, buf, k)) != 0) + goto out; + + /* XXX xmss too or refactor */ if ((expect_sk_application != NULL && (k->sk_application == NULL || strcmp(expect_sk_application, k->sk_application) != 0)) || (expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || @@ -3975,27 +2796,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) } out: free(tname); - free(curve); -#ifdef WITH_OPENSSL - BN_clear_free(exponent); - BN_clear_free(dsa_p); - BN_clear_free(dsa_q); - BN_clear_free(dsa_g); - BN_clear_free(dsa_pub_key); - BN_clear_free(dsa_priv_key); - BN_clear_free(rsa_n); - BN_clear_free(rsa_e); - BN_clear_free(rsa_d); - BN_clear_free(rsa_p); - BN_clear_free(rsa_q); - BN_clear_free(rsa_iqmp); -#endif /* WITH_OPENSSL */ sshkey_free(k); - freezero(ed25519_pk, pklen); - freezero(ed25519_sk, sklen); - free(xmss_name); - freezero(xmss_pk, pklen); - freezero(xmss_sk, sklen); free(expect_sk_application); free(expect_ed25519_pk); return r; @@ -4283,9 +3084,9 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, explicit_bzero(salt, sizeof(salt)); if (key != NULL) freezero(key, keylen + ivlen); - if (pubkeyblob != NULL) + if (pubkeyblob != NULL) freezero(pubkeyblob, pubkeylen); - if (b64 != NULL) + if (b64 != NULL) freezero(b64, strlen(b64)); return r; } @@ -4512,31 +3313,6 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, return r; } -/* Check deterministic padding after private key */ -static int -private2_check_padding(struct sshbuf *decrypted) -{ - u_char pad; - size_t i; - int r = SSH_ERR_INTERNAL_ERROR; - - i = 0; - while (sshbuf_len(decrypted)) { - if ((r = sshbuf_get_u8(decrypted, &pad)) != 0) - goto out; - if (pad != (++i & 0xff)) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - } - /* success */ - r = 0; - out: - explicit_bzero(&pad, sizeof(pad)); - explicit_bzero(&i, sizeof(i)); - return r; -} - static int sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) @@ -5111,3 +3887,29 @@ sshkey_set_filename(struct sshkey *k, const char *filename) return 0; } #endif /* WITH_XMSS */ + +#ifdef WITH_OPENSSL +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +EVP_PKEY * +sshkey_create_evp(OSSL_PARAM_BLD *param_bld, EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *ret = NULL; + OSSL_PARAM *params = NULL; + if (param_bld == NULL || ctx == NULL) { + debug2_f("param_bld or ctx is NULL"); + return NULL; + } + if ((params = OSSL_PARAM_BLD_to_param(param_bld)) == NULL) { + debug2_f("Could not build param list"); + return NULL; + } + if (EVP_PKEY_fromdata_init(ctx) != 1 || + EVP_PKEY_fromdata(ctx, &ret, EVP_PKEY_KEYPAIR, params) != 1) { + debug2_f("EVP_PKEY_fromdata failed"); + OSSL_PARAM_free(params); + return NULL; + } + return ret; +} +# endif +#endif /* WITH_OPENSSL */ diff --git a/gsi_openssh/source/sshkey.h b/gsi_openssh/source/sshkey.h index 398877e521..d44be1ab72 100644 --- a/gsi_openssh/source/sshkey.h +++ b/gsi_openssh/source/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.51 2022/01/06 22:05:42 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.61 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -31,6 +31,11 @@ #ifdef WITH_OPENSSL #include #include +#include +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +#include +# endif # ifdef OPENSSL_HAS_ECC # include # include @@ -165,6 +170,41 @@ struct sshkey_sig_details { uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */ }; +struct sshkey_impl_funcs { + u_int (*size)(const struct sshkey *); /* optional */ + int (*alloc)(struct sshkey *); /* optional */ + void (*cleanup)(struct sshkey *); /* optional */ + int (*equal)(const struct sshkey *, const struct sshkey *); + int (*serialize_public)(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); + int (*deserialize_public)(const char *, struct sshbuf *, + struct sshkey *); + int (*serialize_private)(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); + int (*deserialize_private)(const char *, struct sshbuf *, + struct sshkey *); + int (*generate)(struct sshkey *, int); /* optional */ + int (*copy_public)(const struct sshkey *, struct sshkey *); + int (*sign)(struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, + const char *, const char *, u_int); /* optional */ + int (*verify)(const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, const char *, u_int, + struct sshkey_sig_details **); +}; + +struct sshkey_impl { + const char *name; + const char *shortname; + const char *sigalg; + int type; + int nid; + int cert; + int sigonly; + int keybits; + const struct sshkey_impl_funcs *funcs; +}; + struct sshkey *sshkey_new(int); void sshkey_free(struct sshkey *); int sshkey_equal_public(const struct sshkey *, @@ -293,41 +333,31 @@ int sshkey_private_serialize_maxsign(struct sshkey *key, void sshkey_sig_details_free(struct sshkey_sig_details *); +#ifdef WITH_OPENSSL +# if OPENSSL_VERSION_NUMBER >= 0x30000000L +EVP_PKEY *sshkey_create_evp(OSSL_PARAM_BLD *, EVP_PKEY_CTX *); +int ssh_create_evp_dss(const struct sshkey *, EVP_PKEY **); +int ssh_create_evp_rsa(const struct sshkey *, EVP_PKEY **); +int ssh_create_evp_ec(EC_KEY *, int, EVP_PKEY **); +# endif +#endif /* WITH_OPENSSL */ + #ifdef SSHKEY_INTERNAL -int ssh_rsa_sign(const struct sshkey *key, - u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *ident); -int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen, - const char *alg); -int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, - struct sshkey_sig_details **detailsp); -int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, - struct sshkey_sig_details **detailsp); -int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_xmss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); +int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b); +void sshkey_sk_cleanup(struct sshkey *k); +int sshkey_serialize_sk(const struct sshkey *key, struct sshbuf *b); +int sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to); +int sshkey_deserialize_sk(struct sshbuf *b, struct sshkey *key); +int sshkey_serialize_private_sk(const struct sshkey *key, + struct sshbuf *buf); +int sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k); +#ifdef WITH_OPENSSL +int check_rsa_length(const RSA *rsa); /* XXX remove */ +#endif +#endif + +#ifdef ENABLE_PKCS11 +int pkcs11_get_ecdsa_idx(void); #endif #if !defined(WITH_OPENSSL) diff --git a/gsi_openssh/source/sshlogin.c b/gsi_openssh/source/sshlogin.c index 82dd848191..06a7b381ad 100644 --- a/gsi_openssh/source/sshlogin.c +++ b/gsi_openssh/source/sshlogin.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include diff --git a/gsi_openssh/source/sshsig.c b/gsi_openssh/source/sshsig.c index 49d18db868..eb2a931e9c 100644 --- a/gsi_openssh/source/sshsig.c +++ b/gsi_openssh/source/sshsig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */ +/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) { char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH]; ssize_t n, total = 0; - struct ssh_digest_ctx *ctx; + struct ssh_digest_ctx *ctx = NULL; int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR; struct sshbuf *b = NULL; @@ -514,8 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) continue; oerrno = errno; error_f("read: %s", strerror(errno)); - ssh_digest_free(ctx); - ctx = NULL; errno = oerrno; r = SSH_ERR_SYSTEM_ERROR; goto out; @@ -550,9 +548,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) /* success */ r = 0; out: + oerrno = errno; sshbuf_free(b); ssh_digest_free(ctx); explicit_bzero(hash, sizeof(hash)); + errno = oerrno; return r; } diff --git a/gsi_openssh/source/umac.c b/gsi_openssh/source/umac.c index a710424ce0..d5958babfd 100644 --- a/gsi_openssh/source/umac.c +++ b/gsi_openssh/source/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.22 2022/01/01 05:55:06 jsg Exp $ */ +/* $OpenBSD: umac.c,v 1.23 2023/03/07 01:30:52 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -233,7 +233,8 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) explicit_bzero(buf, sizeof(buf)); } -static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) +static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], + UINT8 buf[UMAC_OUTPUT_LEN]) { /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes * of the AES output. If last time around we returned the ndx-1st diff --git a/gsi_openssh/source/verify.c b/gsi_openssh/source/verify.c deleted file mode 100644 index 1671a4132c..0000000000 --- a/gsi_openssh/source/verify.c +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Author: Daniel J. Bernstein - * Copied from nacl-20110221/crypto_verify/32/ref/verify.c - */ - -#include "includes.h" - -#include "crypto_api.h" - -int crypto_verify_32(const unsigned char *x,const unsigned char *y) -{ - unsigned int differentbits = 0; -#define F(i) differentbits |= x[i] ^ y[i]; - F(0) - F(1) - F(2) - F(3) - F(4) - F(5) - F(6) - F(7) - F(8) - F(9) - F(10) - F(11) - F(12) - F(13) - F(14) - F(15) - F(16) - F(17) - F(18) - F(19) - F(20) - F(21) - F(22) - F(23) - F(24) - F(25) - F(26) - F(27) - F(28) - F(29) - F(30) - F(31) - return (1 & ((differentbits - 1) >> 8)) - 1; -} diff --git a/gsi_openssh/source/version.h b/gsi_openssh/source/version.h index b974dffd12..1cc7687f2c 100644 --- a/gsi_openssh/source/version.h +++ b/gsi_openssh/source/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.94 2022/04/04 22:45:25 djm Exp $ */ +/* $OpenBSD: version.h,v 1.97 2023/03/15 21:19:57 djm Exp $ */ -#define SSH_VERSION "OpenSSH_9.0" +#define SSH_VERSION "OpenSSH_9.3" #ifdef GSI #define GSI_VERSION " GSI" diff --git a/gsi_openssh/source/xmss_hash.c b/gsi_openssh/source/xmss_hash.c index 50a5779439..db0e5fa365 100644 --- a/gsi_openssh/source/xmss_hash.c +++ b/gsi_openssh/source/xmss_hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmss_hash.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */ /* hash.c version 20160722 Andreas Hülsing @@ -19,9 +19,6 @@ Public domain. #endif #include #include -#include -#include -#include int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *, unsigned int, const unsigned char *, unsigned long long, unsigned int); diff --git a/gsi_openssh/version.m4 b/gsi_openssh/version.m4 index e90e0d259d..01a6068b3b 100644 --- a/gsi_openssh/version.m4 +++ b/gsi_openssh/version.m4 @@ -1 +1 @@ -m4_define([gsissh_version], [9.0p1c]) +m4_define([gsissh_version], [9.3p1c])